Run shell command in jenkins as root user? - linux

I have recently started using Jenkins for integration. All was well until I was running jobs on master node without shell command but I have to run jobs on master as well as slave node which contains shell commands to. I am not able to run those shell commands as root user. I have tried
Using SSH Keys.
Setting user name in shell commands.
Using sudo.
I am getting permission denied error every time I use any of the above methods.

I would suggest against running the jenkins user as root. This could expose the operating system and all of the repo's which jenkins can build.
Running any script as root is a security risk, but a slightly safer method would be to grant the jenkins user sudo access to only run the one script, without needing a password.
sudo visudo
and add the following:
jenkins ALL = NOPASSWD: /var/lib/jenkins/jobs/[job name]/workspace/script
Double check your path via the console log of a failed build script. The one shown here is the default.
Now within the jenkins task you can call sudo $WORKSPACE/your script

You need to modify the permission for jenkins user so that you can run the shell commands.
You can install the jenkins as as service (download the rpm package), You might need to change the ports because by default it runs http on 8080 and AJP on 8009 port.
Following process is for CentOS
1. Open up the this script (using VIM or other editor):
vim /etc/sysconfig/jenkins
2. Find this $JENKINS_USER and change to “root”:
$JENKINS_USER="root"
3. Then change the ownership of Jenkins home, webroot and logs:
chown -R root:root /var/lib/jenkins
chown -R root:root /var/cache/jenkins
chown -R root:root /var/log/jenkins
4) Restart Jenkins and check the user has been changed:
service jenkins restart
ps -ef | grep jenkins
Now you should be able to run the Jenkins jobs as the root user and all the shell command will be executed as root.

For Linux try to follow these steps:-
This worked for me.
Change Jenkins user: sudo vi /etc/default/jenkins
Change user root or your user that you use to access to your files:
$JENKINS_USER="root"
Execute using the user that you setup before:
sudo chown -R root:root /var/lib/jenkins
sudo chown -R root:root /var/cache/jenkins
sudo chown -R root:root /var/log/jenkins
Run as a services:
service jenkins restart
Or
systemctl jenkins restart
You can execute jenkins has a process and disable headless mode for Linux with UI.
/etc/alternatives/java -Djava.awt.headless=false -DJENKINS_HOME=/var/lib/jenkins -jar /usr/lib/jenkins/jenkins.war --logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war --httpPort=8080 --debug=5 --handlerCountMax=100 --handlerCountMaxIdle=20
Validate Jenkins is running currently:
ps -ef | grep jenkins

Another option is to set up a jenkins "Slave" that is actually running as root on the master and restrict it to tied jobs, then point your job at that slave. Far from ideal but certainly a quick solution.

Or you can change the permission of docker.sock. Make sure your docker container is running the user as root
docker exec <jenkinsContainerID> chmod 777 /var/run/docker.sock

You just need to run the shell command on Linux machine using Root privileges from Jenkins.
Steps :
1) sudo vi /etc/sudoers
2) Add line :
jenkins ALL=NOPASSWD:/path of script/
3) From Jenkins,run the script on remote shell using sudo .
for eg : sudo ps -ef
4) Build Jenkins job now.
This job runs the script on Linux machine using root privileges.

Related

On EC2: sudo pm2 ls command not found, but pm2 ls without sudo is ok

Problem: When I run "pm2 ls" under ec2-user, it runs perfectly.
When I run "pm2 ls" after sudo -i, it gives -bash: pm2: command not found.
for safety reasons, sudo typically runs under a different environment. for example, an administrator could configure sudo to use a secure PATH rather than inheriting the caller's PATH.
you have a few options:
preserve the caller's PATH using --preserve-env, e.g. sudo -E "PATH=$PATH" env.
modify the sudoers policy to set PATH to include pm2's parent directory.
move pm2 to a directory that's already in the secure path.
lastly, you can reconsider if pm2 really needs root permissions.

Permission command not working in ubuntu during deployment stage

I am Using AWS codepipeline for deployment of my app.During codedeploy stage there is an after_install.sh script which runs command inside the server. I have added below command
sudo chown ubuntu:www-data -R $basePath/backend
cd $basePath/backend
sudo chmod -R 0777 storage/
php artisan optimize:clear
php artisan optimize
composer dump-autoload
sudo chmod -R 0777 storage/
Rest all command works, but issue is that the chmod command doesnot recursively changes permissions, each time I have to go manually inside the server and hit the command.I troubleshooted it but I am unable to find and fix for it.

Gitlab-ci installed and running as a root

I've installed gitlab-ci using manual of the gitlab-ci site on centos 6.7, for some reason everytime my computer has a reboot the process is being run from root using gitlab-runner user.
And every time I kill the process and launch it back from my local user,
Is there a way to cause the process to run on local user instead of root permanently , where can I change that?
When doing ps -ef |grep gitlab you get the following:
/usr/bin/gitlab-ci-multi-runner run --working-directory /home/gitlab-runner --config /etc/gitlab-runner/config.toml --service gitlab-runner --syslog --user gitlab-runner
Thanks

How do you use pm2 startup with a non-root user?

According to the documentation here: http://pm2.keymetrics.io/docs/usage/startup/#startup-systems-support
You can use the command pm2 startup ubuntu -u nodeapps to resurrect all saved pm2 jobs on server startup.
I ran this command as the nodeapps user. Then I was given a sudo su command to run. I logged out of nodeapps, used sudo su to log into the system as root, and ran the command:
sudo su -c "env PATH=$PATH:/usr/bin pm2 startup ubuntu -u nodapps --hp /home/nodeapps"
The processes did not restart on server restart. I found this question on Stack Overflow: Ubuntu 14.04 - pm2 startup not starting after reboot.
In the script /etc/init.d/pm2-init.sh I found the line that question recommended addressing:
export PATH=/usr/bin:$PATH
export PM2_HOME="/home/nodeapps/.pm2"
But it looks correct to me so I didn't change anything.
I then found this question: pm2 Startup not starting up on Ubuntu
and in my boot logs I find the following line:
Starting pm2
/usr/bin/env: node: No such file or directory
I know that 'node' on Ubuntu is actually 'nodejs'. Could this be the reason?
If it is, what can I do to make the startup command look for nodejs instead of node.
Alternatively, could this be a $PATH problem? If it is, how can I add the correct path to root (at least I think it should be added to root)
I don't know if it will help you but I use in this way:
As a non-root user
pm2 startup -u <YOUR_NON_ROOT_USER>
Copy line showed like
env PATH=$PATH:/usr/bin pm2 startup systemd -u delivery --hp /home/delivery
As a root execute
env PATH=$PATH:/usr/bin pm2 startup systemd -u delivery --hp /home/delivery
Back to non root user and type:
pm2 start <YOUR /PATH/TO/INDEX.JS> --name <YOU_APPLICATION_NAME>
As a non-root type:
pm2 save
reboot
sudo reboot
As a non-root user type the commando bellow to check if it works
pm2 status
PS: Change as needed.
I hope it will be useful for you or someone.
(Posted on behalf of the OP).
In fact that was the problem. Fixed via creating a symlink (as root):
ln -s /usr/bin/nodejs /usr/sbin/node

Docker install in user home

I have access to Grid5000 and would like to use Docker containers on it. Tutorial says, that users should install the tools in the user home. And add the user home to Path environment parameter.
How can I install it without use of ap-get command? My user isn't in sudoers group also.
As far as I know there's no way to install the docker daemon without root permissions. You can have your user added to the docker group to control the docker daemon once it's installed without having to be root. https://docs.docker.com/engine/installation/linux/ubuntulinux/#create-a-docker-group
You can also have docker-machine installed in your user home to control a docker daemon on a different machine without being root.
You should download ot and add necessary permissions like above:
curl -sSL -O https://get.docker.com/builds/Linux/x86_64/docker-1.10.3 > /home/docker && chmod +x /home/docker
After that you should add your home folder to PATH variable.

Resources