I build a custom Jenkins master image from jenkins lts image. Nothing very fancy but just a few convenience changes made to enable ssh communication
USER root RUN usermod -u 105 jenkins && usermod -g nogroup jenkins RUN mkdir -p /var/cache/jenkins && chown -R jenkins:nogroup /var/cache/jenkins && mkdir -p /var/log/jenkins && chown -R jenkins:nogroup /var/log/jenkins RUN mkdir -p /home/jenkins/.ssh/ COPY id_rsa* /var/jenkins_home/.ssh/ RUN chmod 600 /var/jenkins_home/.ssh/id_rsa* RUN chown -R jenkins:nogroup /home/jenkins/.ssh && chown -R jenkins:nogroup /var/jenkins_home USER jenkins There are reasons(limitations) with the build and test infrastructure that needed changing user id for jenkins user from 1000 (on the jenkins lts image) to 105. There are two volumes jenkinsHome and jenkinsLog that are mounted to the Jenkins master at `/var/jenkins_home` and `/var/log/jenkins`, respectively. When starting the Jenkins master based on a custom image (with above changes) using `docker run` command `/var/jenkins_home` folder has right permissions and volume gets mounted successfully. jenkins@012696fe9af6:/$ ls -la /var/ total 56 .. .. drwxr-xr-x 31 jenkins jenkins 12288 Jan 3 18:42 jenkins_home However, when I start the jenkins master using docker-compose /var/jenkins_home has owner set to 1000. Since there is no user with id 1000 on the master image, jenkins fails to start since the permissions on the jenkins_home are jenkins@012696fe9af6:/$ ls -la /var/ total 56 .. .. drwxr-xr-x 31 1000 jenkins 12288 Jan 3 18:42 jenkins_home QUESTIONS: - Can someone please help me figure out why or how the owner for the jenkins_home folder seems to be different when starting the service using docker run vs docker compose ? - It is not clear whether some how the entrypoint command for the lts image is changing the permissions. I feel it is unlikely because I explicitly set permissions on that folder `/var/jenkins_home` in the custom image that I use for spinning up the Jenkins master ? FWIW - I have tried running the docker run command with the `--user 105:nogroup` flag and docker-compose with `user: 105:nogroup` to enforce users that are starting the container(docker run) and/or service(docker-compose). Also, a user with id 105 does exist on the host VM. DOCKER RUN COMMAND docker run --user 105:65534 -dit --log-opt max-size=10m --log-opt max-file=3 --restart unless-stopped -p 12345:8080 -t --name=master -p 50000:50000 --volumes-from=daas-jenkins-data -e JENKINS_OPTS="-Dhudson.plugins.sshslaves.SSHLauncher.trackCredentials=false --logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war --handlerCountMax=300" -e JAVA_OPTS="-Duser.timezone=America/New_York -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 -Xmx4096m" jenkins-custom-master DOCKER COMPOSE FILE version: '3.5' services: jenkins: image: jenkins-custom-master container_name: jenkins-master-svc volumes: - type: volume source: jenkinsHome target: /var/jenkins_home - type: volume source: jenkinsLog target: /var/log/jenkins ports: - "12345:8080" - "50000:50000" environment: - JENKINS_OPTS=-Dhudson.plugins.sshslaves.SSHLauncher.trackCredentials=false --logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war --handlerCountMax=300 - JAVA_OPTS=-Duser.timezone=America/New_York -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 -Xmx4096m user: 105:65534 networks: - jenkins-network nginx: image: nginx-custom container_name: jenkins-nginx-svc ports: - "443:443" - "80:80" networks: - jenkins-network networks: jenkins-network: name: jenkins-network volumes: jenkinsHome: external: true jenkinsLog: external: true -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/e53073a6-84d6-45a3-b261-5a76c7263210%40googlegroups.com.