Created
August 29, 2019 15:27
-
-
Save labaneilers/780cc67f9a8b5b9ebc4f106afc74ba65 to your computer and use it in GitHub Desktop.
Bug: Running podman inside jenkins on openshift
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM registry.access.redhat.com/dotnet/dotnet-22-rhel7:2.2-8 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Dynamically create a "jenkins" user when the container starts | |
# tha maps to the uid that OpenShift has assigned to the container | |
userid=$(id -u) | |
username="jenkins" | |
if ! whoami &> /dev/null; then | |
if [ -w /etc/passwd ]; then | |
echo "${username}:x:${userid}:0:${username}:/usr/sbin:/usr/sbin/nologin" >> /etc/passwd | |
fi | |
fi | |
echo "devkit-build-tools version: $TAG" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM quay.io/podman/stable | |
USER root | |
RUN yum update -y | |
RUN yum install -y jq | |
RUN yum install -y gettext | |
RUN yum install -y findutils | |
RUN yum install -y which | |
# Install oc and kubectl | |
RUN mkdir -p /install | |
RUN curl https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux-4.1.11.tar.gz -o /install/openshift-client.tar.gz | |
RUN tar xvfz /install/openshift-client.tar.gz -C /usr/local/bin | |
# Install docker shim | |
COPY docker /usr/bin/docker | |
RUN chmod +x /usr/bin/docker | |
# Add user namespace mappings so podman can run rootless | |
RUN echo "jenkins:1000000000:999999" | tee /etc/subuid | |
RUN echo "jenkins:1000000000:999999" | tee /etc/subgid | |
# Ensure files can be read/written by the jenkins (runtime) user | |
RUN chgrp -R 0 /etc/subuid && chmod g=u /etc/subuid | |
RUN chgrp -R 0 /etc/subgid && chmod g=u /etc/subgid | |
# Ensure that we can add an entry for the Jenkins user on startup | |
RUN chmod g=u /etc/passwd | |
RUN chmod -R 777 /home | |
# Setup docker registry configuration for podman | |
COPY registries.conf /etc/containers/registries.conf | |
RUN chgrp -R 0 /etc/containers/registries.conf && chmod g=u /etc/containers/registries.conf | |
COPY init.sh /init.sh | |
RUN chmod 777 /init.sh | |
# Store the tag/version for this container for debugging | |
ARG TAG | |
ENV TAG=${TAG} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
node { | |
podTemplate( | |
label: "devkit-pod-inline", | |
containers: [ | |
containerTemplate( | |
name: "devkit-container-inline", | |
image: "${image}", | |
ttyEnabled: true, | |
privileged: false, | |
command: "tail", | |
args: "-f /dev/null" | |
)], | |
imagePullSecrets: [ "${imageSecret}" ] | |
) { | |
node("devkit-pod-inline") { | |
container ("devkit-container-inline") { | |
// sh "echo \"\$(whoami):\$(whoami):65536\" | tee /etc/subuid" | |
// sh "echo \"\$(whoami):\$(whoami):65536\" | tee /etc/subgid" | |
stage("checkout") { | |
checkout scm | |
} | |
stage("Build") { | |
bash """ | |
/init.sh | |
echo "CAP_SETUID: \$CAP_SETUID" | |
echo "CAP_SETGID: \$CAP_SETGID" | |
whoami | |
docker info | |
echo "subuid:" | |
cat /etc/subuid | |
echo "subgid:" | |
cat /etc/subgid | |
echo "password:" | |
cat /etc/passwd | |
exec ./bs/build.sh docker | |
""" | |
// Build deployment package | |
bash "exec ./bs/build-deploypkg.sh" | |
} | |
stage("Test") { | |
bash "podman build ." | |
} | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment