search

jenkinsci / docker-plugin

Jenkins cloud plugin that uses Docker
https://plugins.jenkins.io/docker-plugin/
MIT License
486 stars 322 forks source link

Unable to mount directory rw #880

Closed Bitals closed 2 years ago

Bitals commented 2 years ago

Jenkins and plugins versions report

Jenkins: 2.332.2 OS: Linux - 5.10.0-13-amd64

ace-editor:1.1 analysis-model-api:10.9.4 ant:1.13 antisamy-markup-formatter:2.7 apache-httpcomponents-client-4-api:4.5.13-1.0 authentication-tokens:1.4 bootstrap4-api:4.6.0-3 bootstrap5-api:5.1.3-6 bouncycastle-api:2.25 branch-api:2.1044.v2c007e51b_87f build-name-setter:2.2.0 build-timeout:1.20 built-on-column:1.1 caffeine-api:2.9.2-29.v717aac953ff3 checks-api:1.7.2 cloudbees-folder:6.714.v79e858ef76a_2 command-launcher:1.6 conditional-buildstep:1.4.2 config-file-provider:3.9.0 configuration-as-code:1414.v878271fc496f copyartifact:1.46.3 credentials:1087.v16065d268466 credentials-binding:1.27.1 dashboard-view:2.19 data-tables-api:1.11.4-4 display-url-api:2.3.6 docker-commons:1.19 docker-java-api:3.1.5.2 docker-plugin:1.2.7 durable-task:495.v29cd95ec10f2 echarts-api:5.3.0-2 email-ext:2.87 emailext-template:1.4 envinject:2.847.vb_fa_18490fa_d6 envinject-api:1.192.va_13643e71792 external-monitor-job:191.v363d0d1efdf8 font-awesome-api:6.0.0-1 forensics-api:1.12.0 git:4.11.0 git-client:3.11.0 git-parameter:0.9.15 git-server:1.10 github:1.34.3 github-api:1.301-378.v9807bd746da5 github-branch-source:1598.v91207e9f9b4a handlebars:3.0.8 jackson2-api:2.13.2-260.v43d711474c77 javadoc:217.v905b_86277a2a javax-activation-api:1.2.0-2 javax-mail-api:1.6.2-5 jaxb:2.3.0.1 jdk-tool:1.5 jenkins-multijob-plugin:1.36 jjwt-api:0.11.2-9.c8b45b8bb173 jnr-posix-api:3.1.7-3 jquery:1.12.4-1 jquery3-api:3.6.0-2 jsch:0.1.55.2 junit:1.58 ldap:2.8 lockable-resources:2.14 mailer:408.vd726a_1130320 matrix-auth:3.1 matrix-project:758.v7a_ea_491852f3 maven-plugin:3.18 momentjs:1.1.1 okhttp-api:4.9.3-105.vb96869f8ac3a pam-auth:1.7 parameterized-trigger:2.44 pipeline-build-step:2.16 pipeline-github-lib:36.v4c01db_ca_ed16 pipeline-graph-analysis:188.v3a01e7973f2c pipeline-input-step:446.vf27b_0b_83500e pipeline-milestone-step:100.v60a_03cd446e1 pipeline-model-api:2.2075.vce74e77b_ce40 pipeline-model-definition:2.2075.vce74e77b_ce40 pipeline-model-extensions:2.2075.vce74e77b_ce40 pipeline-rest-api:2.23 pipeline-stage-step:291.vf0a8a7aeeb50 pipeline-stage-tags-metadata:2.2075.vce74e77b_ce40 pipeline-stage-view:2.23 plain-credentials:1.8 plugin-util-api:2.16.0 popper-api:1.16.1-2 popper2-api:2.11.4-1 prism-api:1.26.0-2 publish-over:0.22 publish-over-ssh:1.24 rebuild:1.33 resource-disposer:0.18 role-strategy:3.2.0 run-condition:1.5 scm-api:595.vd5a_df5eb_0e39 script-security:1145.vb_cf6cf6ed960 snakeyaml-api:1.29.1 ssh:2.6.1 ssh-agent:1.24.1 ssh-credentials:1.19 ssh-slaves:1.806.v2253cedd3295 sshd:3.1.0 structs:308.v852b473a2b8c throttle-concurrents:2.7 timestamper:1.17 token-macro:285.vff7645a_56ff0 trilead-api:1.0.13 warnings-ng:9.11.1 windows-slaves:1.8 workflow-aggregator:2.7 workflow-api:1143.v2d42f1e9dea_5 workflow-basic-steps:941.vdfe1b_a_132c64 workflow-cps:2686.v7c37e0578401 workflow-cps-global-lib:564.ve62a_4eb_b_e039 workflow-durable-task-step:1128.v8c259d125340 workflow-job:1174.vdcbd054cf74a workflow-multibranch:711.vdfef37cda_816 workflow-scm-step:2.13 workflow-step-api:622.vb_8e7c15bc95a workflow-support:817.v58126df57338 ws-cleanup:0.41

What Operating System are you using (both controller, and any agents involved in the problem)?

Debian 11 host, Alpine in Jenkins container, Alpine and Arch in slave containers.

Reproduction steps

  1. Configure Clouds -> Docker Agent Templates
  2. Write an rw mount as per Docker wiki, for example type=bind,source=/source-on-host,target=/target-inside-container,readonly=false Also tried ro=false, readonly=0, ro=0 With rw container crashes telling about unknown parameter 'rw', which is to be expected.
  3. With any of the above mount is readonly, no process inside container is able to write to it.

Expected Results

Mount has write permissions

Actual Results

Mount has readonly permissions

Anything else?

Jenkins is in Docker container (jenkins/jenkins:lts-alpine). Docker host runs Jenkins container and is used as a Docker Cloud by that Jenkins. Owner of the parent directory, directory itself and all files inside has the same UID and GID on host and inside slave container, but different username and groupname, which should not matter though and never did in my experience. If I manually run the same image from Debian shell or Portainer, I am able to mount anything rw, including the needed directory.

pjdarton commented 2 years ago

R/W is what you get by default. Omit any mention of readonly and you get a read-write mount. That works fine IME. IME you only ever get a readonly mount if you ask for readonly.

I've checked the code and it looks like the parsing of that string interprets any "readonly=..." as a request to set the readonly flag to true, ignoring anything after the = Looks like it'd be fairly simple to fix - DockerTemplateBase's parseMountsString method would need to check "if we have something after the = then parse that value, otherwise assume we're setting it to true" instead of just assuming true.

A PR to fix this (and add a unit-test for it) would be welcomed.

Bitals commented 2 years ago

R/W is what you get by default. Omit any mention of readonly and you get a read-write mount. That works fine IME. IME you only ever get a readonly mount if you ask for readonly.

I could swear this didn't work for me yesterday and that was the reason I even started to explicitly define ro=false in the first place. Thank you for your answer and your magic, it works now. But following syntax from the wiki article that is linked in the fields help popup still seems like a good idea.