Using GCE feature 'deploying-containers' fails because of missing Java on host

[SchulteMarkus]

This plugin supports using GCE instance templates for provisioning a new Jenkins SSH slave.

I created a new instance template in Google compute engine, which uses the GCE feature deploy containers. As the Container-image, I am using openjdk:11-jre-slim.

When using this plugin, a new VM is booted up by my Jenkins job, but Jenkins master fails to connect to it.

From Jenkins log:

May 03, 2019 9:13:31 AM INFO com.google.jenkins.plugins.computeengine.ComputeEngineCloud log

Connecting to 35.209.XXX.YY on port 22, with timeout 10000.

May 03, 2019 9:13:35 AM INFO com.google.jenkins.plugins.computeengine.ComputeEngineCloud log

Connected via SSH.

May 03, 2019 9:13:35 AM INFO com.google.jenkins.plugins.computeengine.ComputeEngineCloud log

connect fresh as root

May 03, 2019 9:13:35 AM INFO com.google.jenkins.plugins.computeengine.ComputeEngineCloud log

Connecting to 35.209.254.68 on port 22, with timeout 10000.

May 03, 2019 9:13:35 AM INFO com.google.jenkins.plugins.computeengine.ComputeEngineCloud log

Connected via SSH.

May 03, 2019 9:13:35 AM INFO com.google.jenkins.plugins.computeengine.ComputeEngineCloud log

Copying agent.jar to: /tmp

May 03, 2019 9:13:35 AM INFO com.google.jenkins.plugins.computeengine.ComputeEngineCloud log

Verifying: java -fullversion

May 03, 2019 9:13:35 AM WARNING com.google.jenkins.plugins.computeengine.ComputeEngineCloud log

Java is not installed.

Well, this failure seems quite obvious to me. There is no Java installed on the machine/host with the (external) IP 35.209.XXX.YY. There would be / is a docker image openjdk:11-jre-slim available on this machine, which could/should be used for executing Java.

Please let this plugin support the feature 'deploying-containers'

PS: This is a follow-up of https://issues.jenkins-ci.org/browse/JENKINS-52251

[rachely3n]

Thanks for bringing this up. Didn't realize it wasn't trivial to be running containers on GCE instances with the plugin when I first commented on the JIRA issue.

Right now, as you may know, the plugin SSH's directly to the VM. We programmatically insert a security key to the compute engine vm's instance metadata and have the other key when we SSH. Consequently, we won't be able to reach the container running on the VM.

However, this is an interesting use case. I can't guarantee we will implement it, but I will label it as a feature request.

[SchulteMarkus]

Thanks for the update, Rachel. In my opinion, this is THE usecase for the google-compute-engine-plugin. Using https://cloud.google.com/container-optimized-os/ in combination with https://jenkins.io/doc/book/pipeline/docker/ as Jenkins slave would be awesome.

[rachely3n]

Thanks for the extra information!

[craigdbarber]

@SchulteMarkus thanks for the feedback. Fyi, the work to support this is non-trivial, so it will merit some further consideration. In the mean time, have you considered using the k8s plugin and running workloads in GKE? Running containers is what GKE excels at. We have a great solutions article which covers this use case here: https://cloud.google.com/solutions/jenkins-on-kubernetes-engine-tutorial

[SchulteMarkus]

@craigatgoogle thanks for the feedback. I see that it won't be trivial to support the requirement from the plugins point of view. I had see the k8s plugin. I had hoped being able to avoid it, as it adds another layer of complexity, compared to a solution, that runs only in GCE VM instances.

I created kind of workaround for my requirement: I am using Packer/Packer Google Compute Builder to extend the CoreOS (stable) image, which is already present at GCE image marketplace. I am using CoreOS here, because in contrast to ContainerOptimizedOS, I am able to install binaries (though not recommended). I am installing OpenJDK11 into this image, and using the created custom image for my Jenkins slave. The final VM instance is capable of OpenJDK11 and Docker (only). Perfect for https://jenkins.io/doc/book/pipeline/docker/. You can find the packer image template at https://gist.github.com/SchulteMarkus/4221cfa6059b9e4827c073017a9bac35

[craigdbarber]

@SchulteMarkus thanks for sharing. I think in the interim, highlighting this workaround in the plugin docs could provide value to other users who share a similar requirement.

[craigdbarber]

@SchulteMarkus may we use your JSON template in our documentation for a workaround?

[SchulteMarkus]

Sure

Craig Barber notifications@github.com schrieb am Mo., 13. Mai 2019, 21:56:

@SchulteMarkus https://github.com/SchulteMarkus may we use your JSON template is our documentation for a workaround?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jenkinsci/google-compute-engine-plugin/issues/89?email_source=notifications&email_token=AAO3YDB2GPXIQRBESI3TZ2TPVHBU7A5CNFSM4HKSMMJ2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODVJMFSY#issuecomment-491963083, or mute the thread https://github.com/notifications/unsubscribe-auth/AAO3YDHHRFC73FIOQDQHFHDPVHBU7ANCNFSM4HKSMMJQ .

[mohammadidinani]

@SchulteMarkus were you able to get this working? if yes how?

[SchulteMarkus]

@SchulteMarkus were you able to get this working? if yes how?

I wasn't able to get this working.

[mohammadidinani]

i was able to get it to pass java issue but not able to redirect stdin to the container so that agent can come up. basically i am passing below init script to vm and wait for the image to load, once it is loaded, i run agent.jar, but jenkins to write stdin to remote agent to start it which i do not know how to achieve.

cat > /tmp/java <<'EOF'
#!/bin/bash

if [ "$1" == "-fullversion" ]; then
  echo $@
else
  while ! docker ps | grep IMAGE_NAME; do
    sleep 5
    docker ps
  done
  docker exec -it $(docker ps | grep IMAGE_NAME | cut -d ' ' -f 1 | tr -s ' ') 'java -jar /tmp/agent.jar'
fi
EOF