search

jenkinsci / docker-ssh-agent

Docker image for Jenkins agents connected over SSH
https://hub.docker.com/repository/docker/jenkins/ssh-agent
MIT License
179 stars 174 forks source link

jenkins/ssh-agent docker image error Missing privilege separation directory: /run/sshd #117

Open mahdidul opened 2 years ago

mahdidul commented 2 years ago

Jenkins and plugins versions report

Environment ```text Paste the output here ```

What Operating System are you using (both controller, and any agents involved in the problem)?

I'm trying to create jenkins ssh-agent on Google Autopilot cluster with this file jenkins-agent-android.yaml

---
###
# Jenkins SSH Agent - Android
###
apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins-agent-android
  namespace: jenkins
spec:
  replicas: 1
  selector:
    matchLabels:
      app: jenkins-agent-android
  template:
    metadata:
      namespace: jenkins
      labels:
        app: jenkins-agent-android
    spec:
      containers:
      - name: jenkins
        resources:
          limits:
            cpu: 8000m
            ephemeral-storage: 10Gi
            memory: 12Gi
          requests:
            cpu: 8000m
            ephemeral-storage: 1Gi
            memory: 12Gi
        env:
        - name: TZ
          value: Asia/Jakarta
        - name: JENKINS_AGENT_SSH_PUBKEY
          value: "ssh-rsa AAAA... jenkins"        
        image: jenkins/ssh-agent
        ports:
        - containerPort: 22

---
apiVersion: v1
kind: Service
metadata:
  name: jenkins-agent-android-service
  namespace: jenkins
spec:
  ports:
  - name: ssh
    port: 22
    targetPort: 22
    protocol: TCP
  selector:
    app: jenkins-agent-android

---

Reproduction steps

  1. kubectl apply -f jenkins-agent-android.yaml
  2. kubectl logs -f -n jenkins jenkins-agent-android-xxx

Expected Results

...
+ exec /usr/sbin/sshd -D -e
Server listening on ... port 22.

Actual Results

+ [[ ssh-rsa AAAA... jenkins == ssh-* ]]
+ write_key 'ssh-rsa AAAA... jenkins'
+ local ID_GROUP
++ stat -c %U:%G /home/jenkins
+ ID_GROUP=jenkins:jenkins
+ mkdir -p /home/jenkins/.ssh
+ echo 'ssh-rsa AAAA... jenkins'
+ chown -Rf jenkins:jenkins /home/jenkins/.ssh
+ chmod 0700 -R /home/jenkins/.ssh
+ [[ '' == ssh-* ]]
+ env
+ grep _
+ [[ 0 -gt 0 ]]
+ ssh-keygen -A
ssh-keygen: generating new host keys: DSA
+ exec /usr/sbin/sshd -D -e
Missing privilege separation directory: /run/sshd

Anything else?

No response

mahdidul commented 2 years ago

After rummaging through internets and friends for couple days then I decided to try the latest-alpine-jdk8 version and it works

+ exec /usr/sbin/sshd -D -e
Server listening on 0.0.0.0 port 22.
Server listening on :: port 22.

Also successfully connected to jenkins

<===[JENKINS REMOTING CAPACITY]===>channel started
Remoting version: 4.13
This is a Unix agent
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by jenkins.slaves.StandardOutputSwapper$ChannelSwapper to constructor java.io.FileDescriptor(int)
WARNING: Please consider reporting this to the maintainers of jenkins.slaves.StandardOutputSwapper$ChannelSwapper
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Evacuated stdout
Agent successfully connected and online