sous-chefs / jenkins

Development repository for the jenkins cookbook
https://supermarket.chef.io/cookbooks/jenkins
Apache License 2.0
424 stars 635 forks source link

Permission denied error when installing plugin from update center #675

Closed cbou closed 4 years ago

cbou commented 6 years ago

Cookbook version

5.0.6

Chef-client version

13.2.20

Platform Details

Debian 9.3

Scenario:

When attempting to install plugins through jenkins_plugin I get an java.io.FileNotFoundException: /root/chef-repo/.chef/local-mode-cache/cache/display-url-api-1.0.plugin (Permission denied) error. Plugin file permissions are set like this by remote_file: -rw-r--r-- 1 jenkins jenkins 19K Jan 23 15:17 /root/chef-repo/.chef/local-mode-cache/cache/display-url-api-1.0.plugin

Make each folders (/root/chef-repo/.chef/local-mode-cache/cache) executable solves the problem.

Steps to Reproduce:

apt_package 'jenkins'
include_recipe "jenkins::master"
jenkins_plugin 'greenballs' do
  action :install
end

Expected Result:

Plugin installed.

Actual Result:

Installing a plugin from file:/root/chef-repo/.chef/local-mode-cache/cache/display-url-api-1.0.plugin

ERROR: Unexpected exception occurred while performing install-plugin command.
java.io.FileNotFoundException: /root/chef-repo/.chef/local-mode-cache/cache/display-url-api-1.0.plugin (Permission denied)
    at java.io.FileInputStream.open0(Native Method)
    at java.io.FileInputStream.open(FileInputStream.java:195)
    at java.io.FileInputStream.<init>(FileInputStream.java:138)
    at java.io.FileInputStream.<init>(FileInputStream.java:93)
    at sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90)
    at sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188)
    at java.net.URL.openStream(URL.java:1045)
    at hudson.FilePath.copyFrom(FilePath.java:889)
    at hudson.cli.InstallPluginCommand.run(InstallPluginCommand.java:127)
    at hudson.cli.CLICommand.main(CLICommand.java:274)
    at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:95)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:922)
    at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:896)
    at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:853)
    at hudson.remoting.UserRequest.perform(UserRequest.java:207)
    at hudson.remoting.UserRequest.perform(UserRequest.java:53)
    at hudson.remoting.Request$2.run(Request.java:358)
    at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
    at hudson.cli.CliManagerImpl$1.call(CliManagerImpl.java:66)
    at hudson.remoting.CallableDecoratorAdapter.call(CallableDecoratorAdapter.java:18)
    at hudson.remoting.CallableDecoratorList$1.call(CallableDecoratorList.java:21)
    at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
cbou commented 6 years ago

The plugin should be saved somewhere else, e.g. in /tmp.

nuclearsandwich commented 6 years ago

I ran into this as well. Based on the path, it is possible this only affects users running in chef local mode (like chef-solo). I was able to work around it by specifying a file_cache_path in /tmp in my solo.rb config file.

nuclearsandwich commented 6 years ago

Also this looks like a dupe of #659

espoelstra commented 6 years ago

A simple workaround is to add a default umask to your client.rb if you need things altered by chef to be accessible by non-root users or you can set the file mode and ownership on individual items that require users other than root to have access. Typically chef runs as root, so if you are running as non-root you need to do some additional workarounds.

slashpai commented 5 years ago

I was facing a similar issue, deleting the /var/chef directory and re-running chef-client fixed the issue

github-actions[bot] commented 4 years ago

Marking stale due to inactivity. Remove stale label or comment or this will be closed in 7 days. Alternatively drop by the #sous-chefs channel on the Chef Community Slack and we'll be happy to help! Thanks, Sous-Chefs.

github-actions[bot] commented 4 years ago

Closing due to inactivity. If this is still an issue please reopen or open another issue. Alternatively drop by the #sous-chefs channel on the Chef Community Slack and we'll be happy to help! Thanks, Sous-Chefs.