s2i cli doesn't work well with origin-jenkins

[ckavili]

Hi,

I've been using quay.io/openshift/origin-jenkins image with OpenShift s2i build successfully. However, when I try to run it with s2i cli, it doesn't work as expected. When I run the below s2i command, it triggers assemble script but it doesn't do much - instead it tries to start up Jenkins itself.

$ s2i build https://github.com/rht-labs/s2i-config-jenkins.git quay.io/openshift/origin-jenkins:latest jenkins --loglevel 1

Running S2I version "v1.3.1-dirty"
Preparing to build jenkins
I0811 21:40:25.793731   63115 clone.go:37] Downloading "https://github.com/rht-labs/s2i-config-jenkins.git" ...
I0811 21:40:26.586503   63115 clone.go:57] Checked out "HEAD"
I0811 21:40:26.914981   63115 clone.go:63] Updated submodules for "HEAD"
Clean build will be performed
Running "assemble" in "jenkins"
2021/08/11 19:40:27 [go-init] No pre-start command defined, skip
2021/08/11 19:40:27 [go-init] Main command launched : /usr/libexec/s2i/run
CONTAINER_MEMORY_IN_MB='8796093022207', using /usr/lib/jvm/java-11-openjdk-11.0.12.0.7-0.el8_4.x86_64/bin/java and /usr/lib/jvm/java-11-openjdk-11.0.12.0.7-0.el8_4.x86_64/bin/javac
Generating kubernetes-plugin configuration (/opt/openshift/configuration/config.xml.tpl) ...
Can't open /run/secrets/kubernetes.io/serviceaccount/ca.crt for reading, No such file or directory
140214944536384:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/run/secrets/kubernetes.io/serviceaccount/ca.crt','r')
140214944536384:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
unable to load certificate
The file referenced by the KUBE_CA environment variable does not have a valid x509 certificate.
You will need to manually configure the server certificate used by the kubernetes-plugin.
Generating administrative monitor configuration (/opt/openshift/configuration/config.xml.tpl) ...
Copying Jenkins configuration to /var/lib/jenkins ...
Copying 109 files to /var/lib/jenkins ...
Creating initial Jenkins 'admin' user ...
config.xml
Picked up JAVA_TOOL_OPTIONS: -XX:+UnlockExperimentalVMOptions -Dsun.zip.disableMemoryMapping=true
Administrative monitors that contact the update center will remain active
Picked up JAVA_TOOL_OPTIONS: -XX:+UnlockExperimentalVMOptions -Dsun.zip.disableMemoryMapping=true
Migrating slave image configuration to current version tag ...
error: Missing or incomplete configuration info.  Please point to an existing, complete config file:

  1. Via the command-line flag --kubeconfig
  2. Via the KUBECONFIG environment variable
  3. In your home directory as ~/.kube/config

To view or setup config directly use the 'config' command.
/usr/libexec/s2i/run: line 574: [: ==: unary operator expected
error: Missing or incomplete configuration info.  Please point to an existing, complete config file:

  1. Via the command-line flag --kubeconfig
  2. Via the KUBECONFIG environment variable
  3. In your home directory as ~/.kube/config

To view or setup config directly use the 'config' command.
Using JENKINS_SERVICE_NAME=jenkins
Generating jenkins.model.JenkinsLocationConfiguration.xml using (/var/lib/jenkins/jenkins.model.JenkinsLocationConfiguration.xml.tpl) ...
Jenkins URL set to: https:// in file: /var/lib/jenkins/jenkins.model.JenkinsLocationConfiguration.xml
+ exec java -XX:+UseParallelGC -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dfile.encoding=UTF8 -Djavamelody.displayed-counters=log,error -Djava.util.logging.config.file=/var/lib/jenkins/logging.properties -Djdk.http.auth.tunneling.disabledSchemes= -Djdk.http.auth.proxying.disabledSchemes= -Duser.home=/var/lib/jenkins -Djavamelody.application-name=jenkins -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true -Djenkins.install.runSetupWizard=false -jar /usr/lib/jenkins/jenkins.war
Picked up JAVA_TOOL_OPTIONS: -XX:+UnlockExperimentalVMOptions -Dsun.zip.disableMemoryMapping=true
Running from: /usr/lib/jenkins/jenkins.war
webroot: EnvVars.masterEnvVars.get("JENKINS_HOME")
2021-08-11 19:40:31 INFO    org.eclipse.jetty.util.log.Log initialized Logging initialized @767ms to org.eclipse.jetty.util.log.JavaUtilLog
2021-08-11 19:40:31 INFO    winstone.Logger logInternal Beginning extraction from war file
2021-08-11 19:40:33 WARNING org.eclipse.jetty.server.handler.ContextHandler setContextPath Empty contextPath
2021-08-11 19:40:33 INFO    org.eclipse.jetty.server.Server doStart jetty-9.4.41.v20210516; built: 2021-05-16T23:56:28.993Z; git: 98607f93c7833e7dc59489b13f3cb0a114fb9f4c; jvm 11.0.12+7-LTS
2021-08-11 19:40:33 INFO    org.eclipse.jetty.webapp.StandardDescriptorProcessor visitServlet NO JSP Support for /, did not find org.eclipse.jetty.jsp.JettyJspServlet
2021-08-11 19:40:33 INFO    org.eclipse.jetty.server.session.DefaultSessionIdManager doStart DefaultSessionIdManager workerName=node0
2021-08-11 19:40:33 INFO    org.eclipse.jetty.server.session.DefaultSessionIdManager doStart No SessionScavenger set, using defaults
2021-08-11 19:40:33 INFO    org.eclipse.jetty.server.session.HouseKeeper startScavenging node0 Scavenging every 600000ms
2021-08-11 19:40:34 INFO    hudson.WebAppMain contextInitialized Jenkins home directory: /var/lib/jenkins found at: EnvVars.masterEnvVars.get("JENKINS_HOME")
2021-08-11 19:40:34 INFO    org.eclipse.jetty.server.handler.ContextHandler doStart Started w.@61f80d55{Jenkins v2.289.2,/,file:///var/lib/jenkins/war/,AVAILABLE}{/var/lib/jenkins/war}
2021-08-11 19:40:34 INFO    org.eclipse.jetty.server.AbstractConnector doStart Started ServerConnector@61fe30{HTTP/1.1, (http/1.1)}{0.0.0.0:8080}
2021-08-11 19:40:34 INFO    org.eclipse.jetty.server.Server doStart Started @4022ms
2021-08-11 19:40:34 INFO    winstone.Logger logInternal Winstone Servlet Engine running: controlPort=disabled
2021-08-11 19:40:35 INFO    jenkins.InitReactorRunner$1 onAttained Started initialization
2021-08-11 19:40:35 INFO    hudson.PluginManager loadDetachedPlugins Upgrading Jenkins. The last running version was 2.89.2. This Jenkins is version 2.289.2.
2021-08-11 19:40:35 INFO    hudson.PluginManager loadDetachedPlugins Upgraded Jenkins from version 2.89.2 to version 2.289.2. Loaded detached plugins (and dependencies): [jdk-tool.hpi, sshd.hpi, jaxb.hpi]
2021-08-11 19:40:36 WARNING hudson.ClassicPluginStrategy createClassJarFromWebInfClasses Created /var/lib/jenkins/plugins/job-dsl/WEB-INF/lib/classes.jar; update plugin to a version created with a newer harness
2021-08-11 19:40:36 INFO    hudson.PluginManager considerDetachedPlugin Loading a detached plugin as a dependency: /var/lib/jenkins/plugins/command-launcher.jpi
2021-08-11 19:40:37 WARNING hudson.ClassicPluginStrategy createClassJarFromWebInfClasses Created /var/lib/jenkins/plugins/oauth-credentials/WEB-INF/lib/classes.jar; update plugin to a version created with a newer harness
2021-08-11 19:40:37 INFO    hudson.PluginManager considerDetachedPlugin Loading a detached plugin as a dependency: /var/lib/jenkins/plugins/windows-slaves.jpi
2021-08-11 19:40:37 INFO    hudson.PluginManager considerDetachedPlugin Loading a detached plugin as a dependency: /var/lib/jenkins/plugins/antisamy-markup-formatter.jpi
....

If you look at the running container during the s2i command, it runs a tar command under /tmp, but there is nothing there as well.

$  docker exec -it af9a38990e24 /bin/bash
bash-4.4$ ps -ef 
UID        PID  PPID  C STIME TTY          TIME CMD
1001         1     0  0 19:44 ?        00:00:00 /usr/bin/go-init -main /usr/libexec/s2i/run /bin/sh -c tar -C /tmp -xf - && /usr/libexec/s2i/assemble
1001        15     1 99 19:44 ?        00:02:45 java -XX:+UseParallelGC -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dfile.encoding=UTF8 -Djavamelody.displ
1001       516     0  0 19:45 pts/0    00:00:00 /bin/bash
1001       581   516  0 19:45 pts/0    00:00:00 ps -ef
bash-4.4$ 

When I try to create Dockerfile, instead of building the image, it gives me the right Dockerfile though.

$ s2i build --as-dockerfile Dockerfile  https://github.com/rht-labs/s2i-config-jenkins.git quay.io/openshift/origin-jenkins:latest test-jenkins --loglevel 1

$cat Dockerfile

FROM quay.io/openshift/origin-jenkins:latest

USER root
# Copying in source code
COPY upload/src /tmp/src
# Change file ownership to the assemble user. Builder image must support chown command.
RUN chown -R 1001:0 /tmp/src
USER 1001
# Assemble script sourced from builder image based on user input or image metadata.
# If this file does not exist in the image, the build will fail.
RUN /usr/libexec/s2i/assemble
# Run script sourced from builder image based on user input or image metadata.
# If this file does not exist in the image, the build will fail.
CMD /usr/libexec/s2i/run

openshift/jenkins-2 was working fine with s2i cli. Am I missing something here? Can you please guide me?

Thanks!

[akram]

@ckavili can you elaborate on what you want to achieve? This part of the jenkins on openshift code has been quite old, and our s2i integration was meant to be able to extend the jenkins image by specifying a set of additional plugins for it. Maybe, not all s2i features have been implementent fully.

It seems that you have found a workaround for it. If it is an easy fix for us that worth implementing it we can have a look. Otherwise, let me know if we can close the issue.

wdyt?

[ckavili]

hey @akram , thanks for the reply! We have some configs to customize/extend Jenkins for our needs and we use s2i cli with GitHub actions to build and store this customized Jenkins image. It was working fine with openshift/jenkins-2-centos7 but when we switched to quay.io/openshift/origin-jenkins, it seems, s2i process cannot actually trigger assemble script (or cannot override ENTRYPOINT). Like you said, we've found a workaround for ourselves and s2i build process works fine with OpenShift build - I just wanted to check if there's anything we are missing or an easy fix. It'd be great if it can work directly with s2i build..., so that I can use Red Hat s2i GH action but yeah, the workaround is fine for us so you can close the issue if you want :)

[akram]

@ckavili mmm, could it be related to the fact that we use an ENTRYPOINT with args ? https://github.com/openshift/jenkins/blob/master/2/Dockerfile.localdev#L97

[openshift-bot]

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

[openshift-bot]

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten /remove-lifecycle stale

[openshift-bot]

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen. Mark the issue as fresh by commenting /remove-lifecycle rotten. Exclude this issue from closing again by commenting /lifecycle frozen.

/close

[openshift-ci[bot]]

@openshift-bot: Closing this issue.

In response to [this](https://github.com/openshift/jenkins/issues/1313#issuecomment-1046279698): >Rotten issues close after 30d of inactivity. > >Reopen the issue by commenting `/reopen`. >Mark the issue as fresh by commenting `/remove-lifecycle rotten`. >Exclude this issue from closing again by commenting `/lifecycle frozen`. > >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.