Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jenkins/ssh-agent docker image error Missing privilege separation directory: /run/sshd #117

Open
mahdidul opened this issue Apr 30, 2022 · 1 comment
Open

jenkins/ssh-agent docker image error Missing privilege separation directory: /run/sshd #117

mahdidul opened this issue Apr 30, 2022 · 1 comment
Labels
bug

Comments

@mahdidul
Copy link

Jenkins and plugins versions report

Environment 
Paste the output here

What Operating System are you using (both controller, and any agents involved in the problem)?

I'm trying to create jenkins ssh-agent on Google Autopilot cluster with this file jenkins-agent-android.yaml

---
###
# Jenkins SSH Agent - Android
###
apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins-agent-android
  namespace: jenkins
spec:
  replicas: 1
  selector:
    matchLabels:
      app: jenkins-agent-android
  template:
    metadata:
      namespace: jenkins
      labels:
        app: jenkins-agent-android
    spec:
      containers:
      - name: jenkins
        resources:
          limits:
            cpu: 8000m
            ephemeral-storage: 10Gi
            memory: 12Gi
          requests:
            cpu: 8000m
            ephemeral-storage: 1Gi
            memory: 12Gi
        env:
        - name: TZ
          value: Asia/Jakarta
        - name: JENKINS_AGENT_SSH_PUBKEY
          value: "ssh-rsa AAAA... jenkins"        
        image: jenkins/ssh-agent
        ports:
        - containerPort: 22

---
apiVersion: v1
kind: Service
metadata:
  name: jenkins-agent-android-service
  namespace: jenkins
spec:
  ports:
  - name: ssh
    port: 22
    targetPort: 22
    protocol: TCP
  selector:
    app: jenkins-agent-android

---

Reproduction steps

  1. kubectl apply -f jenkins-agent-android.yaml
  2. kubectl logs -f -n jenkins jenkins-agent-android-xxx

Expected Results

...
+ exec /usr/sbin/sshd -D -e
Server listening on ... port 22.

Actual Results

+ [[ ssh-rsa AAAA... jenkins == ssh-* ]]
+ write_key 'ssh-rsa AAAA... jenkins'
+ local ID_GROUP
++ stat -c %U:%G /home/jenkins
+ ID_GROUP=jenkins:jenkins
+ mkdir -p /home/jenkins/.ssh
+ echo 'ssh-rsa AAAA... jenkins'
+ chown -Rf jenkins:jenkins /home/jenkins/.ssh
+ chmod 0700 -R /home/jenkins/.ssh
+ [[ '' == ssh-* ]]
+ env
+ grep _
+ [[ 0 -gt 0 ]]
+ ssh-keygen -A
ssh-keygen: generating new host keys: DSA
+ exec /usr/sbin/sshd -D -e
Missing privilege separation directory: /run/sshd

Anything else?

No response
@mahdidul mahdidul added the bug label Apr 30, 2022
@mahdidul
Copy link
Author

mahdidul commented May 1, 2022
edited

After rummaging through internets and friends for couple days then I decided to try the latest-alpine-jdk8 version and it works

+ exec /usr/sbin/sshd -D -e
Server listening on 0.0.0.0 port 22.
Server listening on :: port 22.

Also successfully connected to jenkins

<===[JENKINS REMOTING CAPACITY]===>channel started
Remoting version: 4.13
This is a Unix agent
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by jenkins.slaves.StandardOutputSwapper$ChannelSwapper to constructor java.io.FileDescriptor(int)
WARNING: Please consider reporting this to the maintainers of jenkins.slaves.StandardOutputSwapper$ChannelSwapper
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Evacuated stdout
Agent successfully connected and online

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mahdidul