I am trying to trigger a Jenkins job which is throwing below error.Jenkins is hosted on AWS ec2 instances
/tmp/jenkins7326195626020563202.sh: line 4: cd: /home/ec2-user: Permission denied
Build step 'Execute shell' marked build as failure
Finished: FAILURE
My Jenkins job has below shell command to execute:
export ANSIBLE_FORCE_COLOR=true
cd /home/ec2-user
ansible-playbook -i hosts /home/ec2-user/installapache.yml -vvvv
Please help here in what I need to fix for above error.
That issue happened when jenkins user doesnot have permission in /home/ec2-user.
So solution for this :
chmod -R 777 /home/ec2-user
OR add jenkins user to ec2-user group
OR grant jenkins user has a root permission.
Related
I am trying to run an ansible playbook from Execute Shell section of Jenkins,But I am getting below errors.I have already install Ansible plugin and configured in global tool configuration section.
+ ansible-playbook -i inventory installapache.yml -vvvv
/tmp/jenkins1596894985578146945.sh: line 4: ansible-playbook: command not found
Build step 'Execute shell' marked build as failure
Finished: FAILURE
I am using below commands:
export ANSIBLE_FORCE_COLOR=true
cd /home/ec2-user
ansible-playbook -i hosts /home/ec2-user/installapache.yml -vvvv
I'm getting a case of CrashLoopBackoff while my logs say:
"/abc.sh" permission denied.
This is my DockerFile:
FROM python:3.6.3
COPY abc.sh /abc.sh
CMD["/bin/bash","-c","/abc.sh"]
The entry point is given in deployment.yml file. After I apply the deployment.yml with the image created by above DockerFile, it shows:
/abc.sh permission denied.
Despite the fact that permissions are 755 on /abc.sh and /abc.sh is having owners as root:root.
I have already tried:
FROM python:3.6.3
COPY abc.sh /abc.sh
USER root
CMD["/bin/bash","-c","/abc.sh"]
and
FROM python:3.6.3
COPY abc.sh /abc.sh
USER root
CMD ["su","-","root","/bin/bash"]
CMD["/bin/bash","-c","/abc.sh"]
I want to start the pod with 2 scripts:
1)one is entry point which is in deployment file
2)other is in Dockerfile
You don't need to use root for this case. This is happening because your shell script is not permitted to execute or an executable. You need to run the following before you run the shell script:
chmod +x /abc.sh
Trying to install JFrog Xray on a CentOS machine, using the Docker installer.
I've created a /opt/xray directory, where I've downloaded the install file into.
Then ran chmod +x xray on this file.
When I try to install using sudo "./xray install", I get the following output:
[root#xray xray]# sudo ./xray install
INFO: Using XRAY_MOUNT_ROOT=/root/.jfrog/xray
Verifying Xray prerequisites ...
WARNING: Running with 3GB Total RAM
WARNING: Running with 1 CPU Cores
The System resources are not aligned with Xray minimal prerequisites, Do you want to proceed with the process? [Y
touch: cannot touch '/data/installer.info': Permission denied
Are you adding this node to an existing cluster? (not relevant for the first cluster node) [Y/n]: n
mkdir: cannot create directory '/xray_global_mount_root/xray': Permission denied
./wrapper.sh: line 583: /xray_global_mount_root/xray/ha/ha-node.properties: No such file or directory
./wrapper.sh: line 586: /data/installer.info: Permission denied
./wrapper.sh: line 589: /data/installer.info: Permission denied
./wrapper.sh: line 592: /data/installer.info: Permission denied
ERROR: Installation failed
Any ideas what may be causing this?
I had a similar issue on RHEL and it was selinux getting in the way. To fix it, change the following line in the xray script: -
XRAY_VOLUMES="-v ${XRAY_MOUNT_ROOT}/xray-installer:/data -v ${XRAY_MOUNT_ROOT}:/xray_global_mount_root"
To this: -
XRAY_VOLUMES="-v ${XRAY_MOUNT_ROOT}/xray-installer:/data:z -v ${XRAY_MOUNT_ROOT}:/xray_global_mount_root:z"
(basically adding :z to each volume).
This makes sure the folder is labelled to be used by multiple containers in selinux.
I'm using gitlab on a rasberry pi model 3 B. Following some information about my setup (sudo gitlab-rake gitlab:env:info):
System information
System: Raspbian 8.0
Current User: git
Using RVM: no
Ruby Version: 2.3.6p384
Gem Version: 2.6.13
Bundler Version:1.13.7
Rake Version: 12.3.0
Redis Version: 3.2.11
Git Version: 2.14.3
Sidekiq Version:5.0.5
Go Version: go1.3.3 linux/arm
GitLab information
Version: 10.6.0-rc3
Revision: 52fa89e
Directory: /opt/gitlab/embedded/service/gitlab-rails
DB Adapter: postgresql
URL: http://gitlab.example.com
HTTP Clone URL: http://gitlab.example.com/some-group/some-project.git
SSH Clone URL: git#gitlab.example.com:some-group/some-project.git
Using LDAP: no
Using Omniauth: no
GitLab Shell
Version: 6.0.3
Repository storage paths:
- default: /mnt/SeagateExpansion/GitLab/repositories
Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks
Git: /opt/gitlab/embedded/bin/git
After the gitlab update to version 10.6.0 I need to change the url again but when I do the necessary changes in /etc/gitlab/gitlab.rb and run sudo nano gitlab-ctl reconfigure I get the following error messages:
========================================================================
Error executing action `run` on resource 'ruby_block[directory resource:
/mnt/SeagateExpansion/GitLab]'
========================================================================
and
============================================================================
Error executing action `create` on resource
'storage_directory[/mnt/SeagateExpansion/GitLab]'
============================================================================
The result message says:
There was an error running gitlab-ctl reconfigure:
storage_directory[/mnt/SeagateExpansion/GitLab] (gitlab::gitlab-rails line 42) had an error: Mixlib::ShellOut::ShellCommandFailed: ruby_block[directory resource: /mnt/SeagateExpansion/GitLab] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/package/resources/storage_directory.rb line 33) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
---- Begin output of chmod 00700 /mnt/SeagateExpansion/GitLab ----
STDOUT:
STDERR: chmod: changing permissions of ‘/mnt/SeagateExpansion/GitLab’: Operation not permitted
---- End output of chmod 00700 /mnt/SeagateExpansion/GitLab ----
Ran chmod 00700 /mnt/SeagateExpansion/GitLab returned 1
So the problem seems to be, that the execution of the run and create command on the resource storage (GitLab folder on the external HDD [HDD = SeagateExpansion]) expects the permissions to be 700, right?
According to this errors I tried to change the permission of
the external HDD folder /mnt/SeagateExpansion/GitLab see the ls -l output:
drwxrwxrwx 1 root GitLabUser 0 Jan 4 17:55 GitLab
With the help of this post I tried to change the permission with the command:
sudo find /mnt/SeagateExpansion/GitLab -type d -exec chmod 700 {} \;
to the required permission 700. But the changes don't take affect. I also tried chmod -R 700 /mnt/SeagateExpansion/GitLab and executed the commands as root but the changes don't take effect. Even after restarting the raspberry pi. What am I doing wrong?
I also tried to change the options settings/flag of the HDD in /etc/fstab to user but this doesn't help ether.
I'm thankful for every hint and answer :).
Best regards,
Bredjo
I finally figured it out. The solution is to change the mount settings in the /etc/fstab. Because if you have the wrong options settings (see: https://en.wikipedia.org/wiki/Fstab) you are not able to change the permissions because its a ntfs filesystem.
So my old fstab entry was this:
UUID=FE820568820526AD /mnt/SeagateExpansion ntfs defaults,gid=GitLabUser 0 0
And the new entry is this:
UUID=FE820568820526AD /mnt/SeagateExpansion ntfs-3g permissions 0 0
Note that you need to install ntfs-3g to use it in fstab. And the permissions options only comes with ntfs-3g. See: https://www.tuxera.com/community/ntfs-3g-advanced/ownership-and-permissions/
After this change I executed again:
sudo gitlab-ctl reconfigure
Now the error disappeared and the permission 700 of the folder /mnt/SeagateExpansion/GitLab could be set. I also noticed that the owner of the GitLab folder was also changed to user git after the reconfiguration:
drwx------ 1 git root 0 Jan 4 17:55 GitLab
That's because I don't need the option gid=GitLabUserany more.
Now everything works again :).
So I want to be able to cap:deploy without having to type any passwords. I have setup all private keys so I can get to the remote servers fine, and am now using svn over ssh, so no passwords there.
I have one last problem, I need to be able to restart nginx. Right now I have sudo /etc/init.d/nginx reload. That is a problem b/c it uses the capistrano password, the one I just removed b/c I am using keys. Any ideas on how to restart nginx w\out a password?
I just spent a good hour looking at sudoer wildcards and the like trying to solve this exact problem. In truth, all you really need is a root executable script that restarts nginx.
Add this to the /etc/sudoers file
username hostname ALL=NOPASSWD: /path/to/script
Write script as root
#! /bin/bash
/bin/kill -HUP `cat /var/run/nginx.pid`
Make the script executable
Test.
sudo /path/to/script
There is a better answer on Stack Overflow that does not involve writing a custom script:
The best practice is to use /etc/sudoers.d/myusername
The /etc/sudoers.d/ folder can contain multiple files that allow users
to call stuff using sudo without being root.
The file usually contains a user and a list of commands that the user
can run without having to specify a password.
Instructions:
In all commands, replace myusername with the name of your user that you want to use to restart nginx without sudo.
Open sudoers file for your user:
$ sudo visudo -f /etc/sudoers.d/myusername
Editor will open. There you paste the following line. This will allow that user to run nginx start, restart, and stop:
myusername ALL=(ALL) NOPASSWD: /usr/sbin/service nginx start,/usr/sbin/service nginx stop,/usr/sbin/service nginx restart
Save by hitting ctrl+o. It will ask where you want to save, simply press enter to confirm the default. Then exit out of the editor with ctrl+x.
Now you can restart (and start and stop) nginx without password. Let's try it.
Open new session (otherwise, you might simply not be asked for your sudo password because it has not timed out):
$ ssh myusername#myserver
Stop nginx
$ sudo /usr/sbin/service nginx stop
Confirm that nginx has stopped by checking your website or running ps aux | grep nginx
Start nginx
$ sudo /usr/sbin/service nginx start
Confirm that nginx has started by checking your website or running ps aux | grep nginx
PS: Make sure to use sudo /usr/sbin/service nginx start|restart|stop, and not sudo service nginx start|restart|stop.
Run sudo visudo
Append with below lines (in this example you can add multiple scripts and services after comma)
# Run scripts without asking for pass
<your-user> ALL=(root) NOPASSWD: /opt/fixdns.sh,/usr/sbin/service nginx *,/usr/sbin/service docker *
Save and exit with :wq
Create a rake task in Rails_App/lib/capistrano/tasks/nginx.rake and paste below code.
namespace :nginx do
%w(start stop restart reload).each do |command|
desc "#{command.capitalize} Nginx"
task command do
on roles(:app) do
execute :sudo, "service nginx #{command}"
end
end
end
end
Then ssh to your remote server and open file
sudo vi /etc/sudoers
and the paste this line (after line %sudo ALL=(ALL:ALL) ALL)
deploy ALL=(ALL:ALL) NOPASSWD: /usr/sbin/service nginx *
Or, as in your case,
deploy ALL=(ALL:ALL) NOPASSWD: /etc/init.d/nginx *
Here I am assuming your deployment user is deploy.
You can add here other commands too for which you dont require to enter password. For example
deploy ALL=(ALL:ALL) NOPASSWD: /usr/sbin/service nginx *, /etc/init.d/mysqld, /etc/init.d/apache2