Jenkins error on OpenShift: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied

3/25/2019

I have an OpenShift origin (OKD) environment setup on AWS. I am trying to deploy jenkins-persistent image to bring up jenkins pod in an openshift project. For persistent storage, I am using Persistent Volume and Persistent Volume claims based on Kubernetes documentation.

[root@ip-10-0-0-7 BookStore]# oc get pv
NAME           CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS    CLAIM               STORAGECLASS   REASON    AGE
jenkins        5Gi        RWO            Retain           Bound     cicd/jenkins        manual                   1h
jenkins-data   5Gi        RWO            Retain           Bound     cicd/jenkins-data   manual                   3h
[root@ip-10-0-0-7 BookStore]# oc get pvc
NAME           STATUS    VOLUME         CAPACITY   ACCESS MODES   STORAGECLASS   AGE
jenkins        Bound     jenkins        5Gi        RWO            manual         1h
jenkins-data   Bound     jenkins-data   5Gi        RWO            manual         3h

I gave access permissions based on OpenShift docs. Now, whenever I try to deploy this image, I see error Copying Jenkins configuration to /var/lib/jenkins ... cp: cannot create regular file ‘/var/lib/jenkins/config.xml’: Permission denied

Error Log:

OPENSHIFT_JENKINS_JVM_ARCH='', CONTAINER_MEMORY_IN_MB='512', using /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.i386/jre/bin/java and /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.i386/bin/javac
Picked up JAVA_TOOL_OPTIONS: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Dsun.zip.disableMemoryMapping=true
mkdir: cannot create directory ‘/var/lib/jenkins/logs’: Permission denied
/usr/libexec/s2i/run: line 306: /var/lib/jenkins/image-version: Permission denied
Generating kubernetes-plugin configuration (/opt/openshift/configuration/config.xml.tpl) ...
Generating administrative monitor configuration (/opt/openshift/configuration/config.xml.tpl) ...
Generating kubernetes-plugin credentials (/var/lib/jenkins/credentials.xml.tpl) ...
Copying Jenkins configuration to /var/lib/jenkins ...
cp: cannot create regular file ‘/var/lib/jenkins/config.xml’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/config.xml.tpl’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/credentials.xml’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/credentials.xml.tpl’: Permission denied
cp: cannot create directory ‘/var/lib/jenkins/init.groovy.d’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/jenkins.CLI.xml’: Permission denied
cp: cannot create directory ‘/var/lib/jenkins/jobs’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/org.jenkinsci.main.modules.sshd.SSHD.xml’: Permission denied
cp: cannot create directory ‘/var/lib/jenkins/users’: Permission denied
mkdir: cannot create directory ‘/var/lib/jenkins/plugins’: Permission denied
Copying 104 files to /var/lib/jenkins ...
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
cp: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
Creating initial Jenkins 'admin' user ...
ls: cannot access /var/lib/jenkins/users: No such file or directory
ls: cannot access /var/lib/jenkins/users/: No such file or directory
sed: can't read /var/lib/jenkins/users//config.xml: No such file or directory
/usr/libexec/s2i/run: line 23: /var/lib/jenkins/password: Permission denied
touch: cannot touch ‘/var/lib/jenkins/configured’: Permission denied
Administrative monitors that contact the update center will remain active
Migrating slave image configuration to current version tag ...
sed: can't read /var/lib/jenkins/config.xml: No such file or directory
sed: can't read /var/lib/jenkins/config.xml: No such file or directory
sed: can't read /var/lib/jenkins/config.xml: No such file or directory
sed: can't read /var/lib/jenkins/config.xml: No such file or directory
sed: can't read /var/lib/jenkins/config.xml: No such file or directory
sed: can't read /var/lib/jenkins/config.xml: No such file or directory
sed: can't read /var/lib/jenkins/config.xml: No such file or directory
sed: can't read /var/lib/jenkins/config.xml: No such file or directory
+ exec java -XX:+UseParallelGC -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Xmx256m -Dfile.encoding=UTF8 -Djavamelody.displayed-counters=log,error -Duser.home=/var/lib/jenkins -Djavamelody.application-name=JENKINS -jar /usr/lib/jenkins/jenkins.war
Picked up JAVA_TOOL_OPTIONS: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Dsun.zip.disableMemoryMapping=true
OpenJDK Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N
Running from: /usr/lib/jenkins/jenkins.war
webroot: EnvVars.masterEnvVars.get("JENKINS_HOME")
Mar 25, 2019 6:04:16 AM org.eclipse.jetty.util.log.Log initialized
INFO: Logging initialized @971ms to org.eclipse.jetty.util.log.JavaUtilLog
Mar 25, 2019 6:04:16 AM winstone.Logger logInternal
INFO: Beginning extraction from war file
Mar 25, 2019 6:04:16 AM winstone.Logger logInternal
INFO: Jetty shutdown successfully
java.io.FileNotFoundException: /var/lib/jenkins/war/META-INF/MANIFEST.MF (No such file or directory)
    at java.io.FileOutputStream.open0(Native Method)
    at java.io.FileOutputStream.open(FileOutputStream.java:270)
    at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
    at java.io.FileOutputStream.<init>(FileOutputStream.java:162)
    at winstone.HostConfiguration.getWebRoot(HostConfiguration.java:278)
    at winstone.HostConfiguration.<init>(HostConfiguration.java:81)
    at winstone.HostGroup.initHost(HostGroup.java:66)
    at winstone.HostGroup.<init>(HostGroup.java:45)
    at winstone.Launcher.<init>(Launcher.java:169)
    at winstone.Launcher.main(Launcher.java:354)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at Main._main(Main.java:344)
    at Main.main(Main.java:160)
Mar 25, 2019 6:04:16 AM winstone.Logger logInternal
SEVERE: Container startup failed
java.io.FileNotFoundException: /var/lib/jenkins/war/META-INF/MANIFEST.MF (No such file or directory)
    at java.io.FileOutputStream.open0(Native Method)
    at java.io.FileOutputStream.open(FileOutputStream.java:270)
    at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
    at java.io.FileOutputStream.<init>(FileOutputStream.java:162)
    at winstone.HostConfiguration.getWebRoot(HostConfiguration.java:278)
    at winstone.HostConfiguration.<init>(HostConfiguration.java:81)
    at winstone.HostGroup.initHost(HostGroup.java:66)
    at winstone.HostGroup.<init>(HostGroup.java:45)
    at winstone.Launcher.<init>(Launcher.java:169)
    at winstone.Launcher.main(Launcher.java:354)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at Main._main(Main.java:344)
    at Main.main(Main.java:160)
-- Jadda
jenkins
kubernetes
openshift
openshift-origin

1 Answer

3/26/2019

Finally, I figured out the issue. This was due to the fact the Persistent volumes created are not accessible as they present on AWS and not created through OpenShift commands. Execute step 1 and 2 before deploying the cluster and rest of the steps after that

  1. Add following content to inventory or hosts files. Make sure openshift_clusterid is unique for simplicity you can use same name as cloud formation stack name
openshift_clusterid=egis
# AWS (Using API Credentials)
openshift_cloudprovider_kind=aws
openshift_cloudprovider_aws_access_key=<key>
openshift_cloudprovider_aws_secret_key=<key secret>
openshift_master_bootstrap_auto_approve=true

it will create and installs required config files

  1. Add Cluster Id (Stack Name) as a tag to all instances(nodes), VPC, Security groups and Subnets

Key = kubernetes.io/cluster/egis Value = owned

  1. Now create persistent volume using following format and replace volumeID with available and free volume id from ec2 volumes jenkins-persistent-volume.yml
apiVersion: "v1"
kind: "PersistentVolume"
metadata:
  name: "jenkins"
spec:
  storageClassName: manual
  capacity:
    storage: "8Gi"
  accessModes:
    - "ReadWriteOnce"
  awsElasticBlockStore:
    fsType: "ext4"
    volumeID: "<>"
  1. Create a persistent volume claim file with the following template jenkins-persistent-volume-claim.yml
apiVersion: "v1"
kind: "PersistentVolumeClaim"
metadata:
  name: "jenkins"
spec:
  storageClassName: manual
  accessModes:
    - "ReadWriteOnce"
  resources:
    requests:
      storage: "8Gi"
  volumeName: "jenkins"
  1. Create persistent volume on openshift master using following command
oc create -f jenkins-persistent-volume.yml
  1. Create persistent volume claim on openshift master using the following command
oc create -f jenkins-persistent-volume-claim.yml
-- Jadda
Source: StackOverflow