search

jenkinsci / helm-charts

Jenkins helm charts
https://artifacthub.io/packages/helm/jenkinsci/jenkins
Apache License 2.0
568 stars 892 forks source link

Error while deploying on OpenShift: AccessDeniedException: /.cache #506

Open sturivny opened 2 years ago

sturivny commented 2 years ago

Describe the bug Getting an error while deploying Helm charts to the OpenShift Error (Jenkins init pod):

Retrieving update center information
java.io.UncheckedIOException: java.nio.file.AccessDeniedException: /.cache
    at io.jenkins.tools.pluginmanager.impl.CacheManager.createCache(CacheManager.java:57)
    at io.jenkins.tools.pluginmanager.impl.PluginManager.getUCJson(PluginManager.java:801)
    at io.jenkins.tools.pluginmanager.impl.PluginManager.start(PluginManager.java:207)
    at io.jenkins.tools.pluginmanager.impl.PluginManager.start(PluginManager.java:171)
    at io.jenkins.tools.pluginmanager.cli.Main.main(Main.java:70)
Caused by: java.nio.file.AccessDeniedException: /.cache
    at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90)
    at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
    at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116)
    at java.base/sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:389)
    at java.base/java.nio.file.Files.createDirectory(Files.java:690)
    at io.jenkins.tools.pluginmanager.impl.CacheManager.createCache(CacheManager.java:50)
    ... 4 more
java.nio.file.AccessDeniedException: /.cache

Version of Helm and Kubernetes:

Helm Version:

$ helm version
version.BuildInfo{Version:"v3.5.0+6.el8", GitCommit:"77fb4bd2415712e8bfebe943389c404893ad53ce", GitTreeState:"clean", GoVersion:"go1.14.12"}

OpenShift/Kubernetes Version:

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.3", GitCommit:"06ad960bfd03b39c8310aaf92d1e7c12ce618213", GitTreeState:"clean", BuildDate:"2020-02-11T18:14:22Z", GoVersion:"go1.13.6", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.10+bbbc079", GitCommit:"c252961cae6d88fe6aae01264619dabf4552e8a5", GitTreeState:"clean", BuildDate:"2021-09-17T20:21:04Z", GoVersion:"go1.15.14", Compiler:"gc", Platform:"linux/amd64"}

Which version of the chart: CHART: jenkins-3.8.8 APP VERSION: 2.303.3

What happened: Got an error on OpenShift: AccessDeniedException: /.cache

What you expected to happen: App has been deployed successfully without any errors

How to reproduce it (as minimally and precisely as possible): Create a helm values file jenkins-helm.yaml:

controller:
  healthProbeLivenessInitialDelay: 180
  probes:
      startupProbe:
          failureThreshold: 120
  sidecars:
    configAutoReload:
      image: docker://docker.io/jenkins/jenkins:lts
      image: docker://docker.io/jenkins/jenkins:lts
  jenkinsUrl: ""
  usePodSecurityContext: false
  additionalPlugins:
    - 'jms-messaging'
    - 'oic-auth'
    - 'ircbot'
    - 'matrix-auth'
    - 'throttle-concurrents'
    - 'pipeline-utility-steps'
    - 'ws-cleanup'
    - 'prometheus'
    - 'saferestart'
    - 'notification'
  adminPassword: 'test1234'
  overwritePluginsFromImage: true
  # This Jenkins is configured and managed 'as code'.
  JCasC:
    configScripts:
        welcome-message: |
            jenkins:
                systemMessage: "Welcome to the server."
  resources:
    requests:
      cpu: "1000m"
      memory: "4096Mi"
    limits:
      cpu: "3000m"
      memory: "12288Mi"

Deploy it to OpenShift:

helm install -f jenkins-helm.yaml jenkins-test jenkinsci/jenkins

Anything else we need to know: Updated Docker file fixes the issue:

FROM docker://docker.io/jenkins/jenkins:lts

USER root
RUN mkdir /.cache && chmod -Rf g+ws /.cache

Now when I put the updated image as the image to the helm values file it works!

sturivny commented 2 years ago

Hi, any updates on this?

jonesbusy commented 2 years ago

Hi,

Not really a bug of the chart or jenkins image. Permission are just more strict on Openshift/OKD

You can use environment variable of the initContainer to be used by the plugin-installation-manager-tool to download and cache plugin to a writable location.

For example

  initContainerEnv:
    - name: CACHE_DIR
      value: "/tmp/cache"
    - name: PLUGIN_DIR
      value: "/tmp/plugins"

CF : https://github.com/jenkinsci/plugin-installation-manager-tool#advanced-configuration

Best regards,

Andrei-Stepanov commented 2 years ago

@jonesbusy Hi. This helps. Thank you for the solution. The issue can be closed.

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.