-1

I have a custom ubuntu docker image where I install some packages and set environment variables so I can use it in jenkins to build a project

FROM ubuntu:focal

# Set environment 
ENV DEBIAN_FRONTEND=noninteractive
ENV PATH="${PATH}:/usr/local/bin" 
ENV DB_PATH="/var/database"
ENV DB_TYPE=SQLITE
ENV CONAN_USER_HOME=/var/conan

VOLUME ${DB_PATH}

RUN dpkg --add-architecture i386 \
    && apt-get update \
    && apt-get upgrade -y \
    && apt-get install -y \ 
        jq \
        lld \
        git \
        curl \
        libncurses5 \
        cmake \
        lsb-release \
        binutils \
        autoconf \
        pkg-config \
        subversion \
        ninja-build \
        python3 \
        python3-pip \
        python3-dev \
        python-dev-is-python3 \
        libudev-dev \
        libgtk2.0-dev \
        libgtk-3-dev \
        autotools-dev \
        openjdk-11-jdk \
        libwebkit2gtk-4.0-dev \
        gcc-multilib \
        g++-multilib \
        libdbus-1-dev:i386 \
        libgtk-3-dev:i386 \
    && apt-get autoclean \
    && rm -rf \
        /var/lib/apt/lists/* \
        /var/tmp/* \
        /tmp/*

RUN mkdir -p ${CONAN_USER_HOME} 

RUN pip install conan

When I tell my jenkins pipeline to use this image to build my project it throws an error about not being able to access /var/conan

$ docker run -t -d -u 1000:1000 -w /home/jenkins/workspace/Conan -v /home/jenkins/workspace/Conan:/home/jenkins/workspace/Conan:rw,z -v /home/jenkins/workspace/Conan@tmp:/home/jenkins/workspace/Conan@tmp:rw,z -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** git.example.com:8444/devops/docker-environments/ubuntu:focal cat
$ docker top 30052002a0f00f32e8f42901ba82a36867874ef29c17c5d20cbf564e5e20723c -eo pid,comm
[Pipeline] {
[Pipeline] stage
[Pipeline] { (export)
[Pipeline] sh
+ python scripts/export2local.py
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/conans/util/files.py", line 193, in save
    os.makedirs(dir_path)
  File "/usr/lib/python3.8/os.py", line 223, in makedirs
    mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: '/var/conan/.conan/hooks'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/conans/client/command.py", line 2216, in run
    method(args[0][1:])
  File "/usr/local/lib/python3.8/dist-packages/conans/client/command.py", line 1115, in export
    return self._conan.export(path=args.path,
  File "/usr/local/lib/python3.8/dist-packages/conans/client/conan_api.py", line 93, in wrapper
    return f(api, *args, **kwargs)
  File "/usr/local/lib/python3.8/dist-packages/conans/client/conan_api.py", line 879, in export
    cmd_export(self.app, conanfile_path, name, version, user, channel, keep_source,
  File "/usr/local/lib/python3.8/dist-packages/conans/client/cmd/export.py", line 112, in cmd_export
    hook_manager.execute("pre_export", conanfile=conanfile, conanfile_path=conanfile_path,
  File "/usr/local/lib/python3.8/dist-packages/conans/client/hook_manager.py", line 52, in execute
    save(self._attribute_checker_path, attribute_checker_hook)
  File "/usr/local/lib/python3.8/dist-packages/conans/util/files.py", line 196, in save
    raise OSError("The folder {} does not exist and could not be created ({})."
OSError: The folder /var/conan/.conan/hooks does not exist and could not be created (Permission denied).

When I look into this further it appears to be that it's running the container with a custom uid and gid -u 1000:1000 rather then as root. When I unset the environment variable to for Conan home it just defaults to / and gives the same error. Is there a way I can make a directory have write permissions for all users since the jenkins user doesn't exist at build time for this container?

WilliamB
  • 65
  • 5
  • Why does Jenkins use 1000? Why don't you ensure that the user exists? – Ulrich Eckhardt Jul 27 '22 at 20:15
  • @UlrichEckhardt 1000 is the uid and gid given to the jenkins user in the [dockerized jenkins controller](https://github.com/jenkinsci/docker-ssh-agent). Also I can't as when the container is built and pushed to the registry docker the idea of jenkins doesn't exist – WilliamB Jul 27 '22 at 20:18
  • You can run `adduser` when building the container image. – Ulrich Eckhardt Jul 27 '22 at 20:20
  • Why are you using ``CONAN_USER_HOME=/var/conan``? Conan is designed to work at the user/developer level, not at the system level. Having the Conan home in the user home, or in a user folder, for that specific user, is the recommended way. Recall also that the Conan cache is not concurrent, so different parallel jobs should define their own cache. – drodri Jul 28 '22 at 11:35
  • @drodri I'm setting it because if I don't then it'll default to root and just give me the same error, I was hoping for a way to give all users access to that folder instead of root – WilliamB Jul 28 '22 at 13:11
  • I see, do you really need to use the ``root`` user? We use docker in all the builds in ConanCenter, and we create a ``USER conan`` and ``WORKDIR /home/conan``. Of course I don't know about your constraints, are you using the container concurrently by many users, or every user spin its own container from the image? – drodri Jul 29 '22 at 16:29

1 Answers1

0

I was unaware that creating a new user in the container would have jenkins default to that user, I had assumed the arguments it passed were always the same.

WilliamB
  • 65
  • 5