Issue
I'm using helm Jenkins chart
Pod template for agent
jenkins:
clouds:
- kubernetes:
name: "kubernetes"
serverUrl: "https://kubernetes.default"
skipTlsVerify: true
namespace: "jenkins"
jenkinsUrl: "http://jenkins:8080"
jenkinsTunnel: "jenkins-agent:50000"
containerCapStr: 42
maxRequestsPerHostStr: 64
retentionTimeout: 5
connectTimeout: 10
readTimeout: 20
templates:
- name: "test"
label: "jenkins-agent"
# Enable whether the POD Yaml is displayed in each build log or not, `true` by default.
showRawYaml: true
volumes:
- hostPathVolume:
mountPath: "/var/run/docker.sock"
hostPath: "/var/run/docker.sock"
containers:
- name: "backend"
image: "mycustomimage"
privileged: true
alwaysPullImage: true
command: "/bin/sh -c"
args: "cat"
workingDir: "/home/jenkins/agent"
ttyEnabled: true
resourceRequestCpu: "500m"
resourceRequestMemory: "1Gi"
resourceLimitCpu: "2000m"
resourceLimitMemory: "2Gi"
imagePullSecrets:
- name: "registrysecret"
in the end of my dockerfile for "mycustomimage"
base image is debian:buster
RUN useradd -u $JENKINS_USER_UID $JENKINS_USER -m -d $JENKINS_HOME -G docker
USER $JENKINS_USER
RUN mkdir $JENKINS_HOME/.ssh && ssh-keyscan ssh.github.com > $JENKINS_HOME/.ssh/known_hosts
RUN echo "Host github.com\n Hostname ssh.github.com\n Port 443\n User git" > $JENKINS_HOME/.ssh/config
Issue is really tricky.
- If I'm using pipeline from SCM Jenkins can easily obtain JenkinsFile from the repo(that checkout is going through jenkins-master pod for sure) Than inside JenkinsFile I have next
pipeline {
agent {
node { label 'jenkins-agent'}
}
....
stage('Source Code Checkout') {
steps {
container('backend') {
git branch: 'main',
credentialsId: 'git_user_ssh',
url: '[email protected]:org/repo.git'
Jenkins always returns
[2022-08-27T22:03:06.716Z] stderr: ssh: connect to host github.com port 22: Connection timed out
[2022-08-27T22:03:06.716Z] fatal: Could not read from remote repository.
[2022-08-27T22:03:06.716Z]
[2022-08-27T22:03:06.716Z] Please make sure you have the correct access rights
[2022-08-27T22:03:06.716Z] and the repository exists.
Checking user in container
as you can see ssh command obtains config and it is trying to clone repo using 443 port(not 22 as jenkins). Then I put private key in .ssh folder and clone works perfectly. That means there isn't network issue.
- Trying to clone in "Pipeline script" with git command in sh
stage('Source Code Checkout') {
steps {
container('backend') {
script{
sh "git clone [email protected]:org/repo.git"
- Trying to clone via GitSCM plugin in "Pipeline script"
stage('Source Code Checkout') {
steps {
container('backend') {
git branch: 'main',
credentialsId: 'git_user_ssh',
url: '[email protected]:org/repo.git'
Could someone please explain to me the cause of problem? Or how to specify port while cloning repo through Jenkins. Thanks in advance.
Jenkins home as was requested
container('backend') {
script{
sh "cd $JENKINS_HOME || true"
sh """cd ~
pwd
ls -la
"""
Solution
I detected that next warning appears sometime
warning: JENKINS-30600: special launcher org.csanchez.jenkins.plugins.kubernetes.pipeline.ContainerExecDecorator$1@49c426f3; decorates RemoteLauncher[hudson.remoting.Channel@456b185:JNLP4-connect connection from 172.26.80.22/172.26.80.22:57964] will be ignored (a typical symptom is the Git executable not being run inside a designated container
So I decided to rebuild base jenkins/inbound-agent image with the following
FROM jenkins/inbound-agent:4.13-2-jdk11
ARG JENKINS_HOME=/home/jenkins
ENV JENKINS_HOME=$JENKINS_HOME
USER jenkins
RUN mkdir $JENKINS_HOME/.ssh && ssh-keyscan ssh.github.com > $JENKINS_HOME/.ssh/known_hosts
RUN echo "Host github.com\n Hostname ssh.github.com\n Port 443\n User git" > $JENKINS_HOME/.ssh/config
and.. git checkout is working for now. I don't understand how jnlp container influences on checkout inside another container based on my "mycustomimage" image.
Answered By - Артем Черемісін
Answer Checked By - Marilyn (JavaFixing Volunteer)