我想在 ECS 上运行 Jenkins 和 Jenkins 代理。 原始的 Dockerfile 在这里,我们组织一直在使用它,但它没有 Python。
我的目标是尽可能多地使用现有设置,只添加 Python,这样我们就可以运行我们的脚本。
原始 Dockerfile
https://github.com/base2Services/ciinabox-containers/blob/master/jenkins-slave/Dockerfile
新创建的Dockerfile如下:
# Use an official Jenkins agent image as a parent image
FROM jenkins/agent:latest
# Set the maintainer label
LABEL maintainer="xyz"
# Set environment variables
ENV DEBIAN_FRONTEND noninteractive
# Run all operations as root
USER root
# Update and install necessary packages
RUN apt-get update && apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
gnupg2 \
lxc \
iptables \
git \
bison \
build-essential \
zlib1g-dev \
libssl-dev \
libxml2-dev \
git-core \
git-flow \
python3 \
python3-pip \
npm \
locales \
unzip \
awscli \
openssh-server
# Configure SSH daemon with a dedicated user (more secure)
RUN mkdir -p /etc/sudoers.d \
&& echo "jenskins ALL=(ALL) NOPASSWD: /usr/local/bin/jenkins-agent" > /etc/sudoers.d/jenkins \
&& rm -f /etc/ssh/ssh_host_*_key /etc/ssh/ssh_host_*_key.pub \
&& ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' \
&& ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' \
&& ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' \
&& ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' \
&& sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config \
&& sed -i 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' /etc/pam.d/sshd
# Configure locale
RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \
locale-gen en_US.UTF-8 && \
update-locale LANG=en_US.UTF-8
# Environment settings for locale
ENV LC_ALL=en_US.UTF-8
ENV LANG=en_US.UTF-8
ENV LANGUAGE=en_US.UTF-8
# Install Git LFS
RUN curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash && \
apt-get install -y git-lfs && \
git lfs install
# Install ChefDK
RUN curl -L https://packages.chef.io/files/stable/chefdk/4.13.3/debian/10/chefdk_4.13.3-1_amd64.deb > /tmp/chefdk.deb && \
dpkg -i /tmp/chefdk.deb && \
rm /tmp/chefdk.deb
RUN curl -L https://releases.hashicorp.com/packer/1.7.8/packer_1.7.8_linux_amd64.zip > /tmp/packer.zip && \
unzip /tmp/packer.zip -d /usr/local/bin && \
rm /tmp/packer.zip
# Node.js and Azure CLI
RUN if [ ! -f /usr/bin/node ]; then ln -s /usr/bin/nodejs /usr/bin/node; fi && \
npm install -g azure-cli
# Ensure the /etc/sudoers.d/ directory exists and configure sudoers for Jenkins user
RUN mkdir -p /etc/sudoers.d/ && \
echo "jenkins ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/jenkins
# Install Docker using the convenient script
# Docker installation
RUN curl -sSL https://get.docker.com/ | sh
# Docker permissions
ADD wrapdocker /usr/local/bin/wrapdocker
# Add wrapdocker to the image
ADD wrapdocker /usr/local/bin/wrapdocker
RUN chmod +x /usr/local/bin/wrapdocker
# Add user Jenkins to the docker group
RUN usermod -a -G docker jenkins
# Add the Jenkins slave startup script and set it as the entrypoint
ADD jenkins-slave-startup.sh /jenkins-slave-startup.sh
RUN chmod +x /jenkins-slave-startup.sh
# Switch to Jenkins user
USER jenkins
# Set volume for Jenkins home
VOLUME /home/jenkins
# Expose SSH port
EXPOSE 22
USER jenkins
RUN ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
# Reset user to root
USER root
EXPOSE 22
CMD ["/usr/sbin/sshd","-D"]
ENTRYPOINT ["/jenkins-slave-startup.sh"]
但是,当我运行图像时,出现如下错误:
docker logs 88
日志输出:
docker run -d temp
4dd00647e8219af1093c961ab98ec34f990f502896deaf2e99bf609ea86e2db7
[root@ip-10-150-2-56 jenkins-slave]# docker logs 4d
+ /usr/sbin/sshd -D
+ '[' '!' -z /usr/sbin/sshd ']'
+ /usr/local/bin/wrapdocker
Missing privilege separation directory: /run/sshd
您需要将
sshd
作为服务运行:
CMD ["systemctl", "start", "sshd.service"]