将 Snap 应用程序与 Jenkins 一起使用
Using Snap applications with Jenkins
我正尝试按照他们网站上的建议设置 hugo site using Jenkins on an Ubuntu 16.04 server. I've installed hugo using snap 的持续部署。我已经能够让网站在我的主要用户帐户上运行,但是当我尝试让 Jenkins 这样做时,它遇到了这个错误:
cannot create user data directory: /var/lib/jenkins/snap/hugo/1766: Permission denied
这似乎有点奇怪,因为 Jenkins 具有对该文件夹的写入权限,如果我正确读取权限的话:
jenkins@computer: ~$ ls -al /var/lib/jenkins/snap/hugo/1766
total 8
drwxr-xr-x 2 jenkins jenkins 4096 May 11 01:33 .
drwxr-xr-x 4 jenkins jenkins 4096 May 11 01:33 ..
我是不是漏掉了什么?我还需要做其他事情吗?
when I try to have Jenkins do it
确保 Jenkins 作业实际上是 运行 作为 jenkins:在您的作业中添加一个步骤来打印 id -a。
可能是:它不是 运行 作为 Jenkins,而是作为您的主帐户,它没有在该文件夹中写入的权限。
"cannot create user data directory": 1766可能是作为用户创建的用户账号的id。
检查使用 chmod 777(用于测试)创建(作为您的主帐户)1766 文件夹是否有帮助。
注意 hugo issue 3143 提到:
Snaps are read-only for security. We want to prevent a hostile party from sneakily changing the software on your machine, so you cannot modify a snap that is installed on your system. This also means you can always check the signature on the snap, even long after you installed it, to make sure it is still exactly the software you intended. If you want to modify a snap, you can usually build your own version of it, especially if it is open source.
So where can a snap write data? Each snap gets its own set of writable directories which have specific properties. There are two directories which the snap can write to independent of the user. One of these is versioned - each time the snap is upgraded the data is saved and the new snap revision can upgrade its copy. The other ‘common’ data directory is not versioned and is used for big blobs of data that you don’t want to duplicate across revisions of the snap:
/var/snap/<name>/current/ ← $SNAP_DATA is the versioned snap data directory
/var/snap/<name>/common/ ← $SNAP_COMMON will not be versioned on upgrades
Typically, configuration is stored in one of these, along with system-wide data for the snap.
There are also an equivalent two writable directories for each snap in the user home, which can be used to store snap data that is specific to one user or another, separately:
~/snap/<name>/current/ ← $SNAP_USER_DATA that can be rolled back
~/snap/<name>/common/ ← $SNAP_USER_COMMON unversioned user-specific data
You can use the snap edition of Hugo to write (i.e. run hugo new site etc.) anywhere inside your $HOME directory, say ~/tmp/htest, but not in the system-wide /tmp directory.
匹配 "Hugo Install from snap" section:
Hugo-as-a-snap can write only inside the user’s $HOME directory—and gvfs-mounted directories owned by the user—because of Snaps’ confinement and security model.
Use sudo snap install hugo --classic to disable the default security model if you want hugo to be able to have write access in other paths besides the user’s $HOME directory.
我最终通过以下方式解决了这个问题:
- 使用
sudo apt-get remove --purge jenkins 卸载 Jenkins
- 正在创建一个名为
jenkins 的标准用户帐户
- 重新安装 Jenkins 和
- 将 Jenkins 工作区根目录设置为
/home/jenkins/workspace/${ITEM_FULL_NAME}
也可以通过创建 Jenkins 配置文件
拥有的目录 /home/jenkins 来解决
我正尝试按照他们网站上的建议设置 hugo site using Jenkins on an Ubuntu 16.04 server. I've installed hugo using snap 的持续部署。我已经能够让网站在我的主要用户帐户上运行,但是当我尝试让 Jenkins 这样做时,它遇到了这个错误:
cannot create user data directory: /var/lib/jenkins/snap/hugo/1766: Permission denied
这似乎有点奇怪,因为 Jenkins 具有对该文件夹的写入权限,如果我正确读取权限的话:
jenkins@computer: ~$ ls -al /var/lib/jenkins/snap/hugo/1766
total 8
drwxr-xr-x 2 jenkins jenkins 4096 May 11 01:33 .
drwxr-xr-x 4 jenkins jenkins 4096 May 11 01:33 ..
我是不是漏掉了什么?我还需要做其他事情吗?
when I try to have Jenkins do it
确保 Jenkins 作业实际上是 运行 作为 jenkins:在您的作业中添加一个步骤来打印 id -a。
可能是:它不是 运行 作为 Jenkins,而是作为您的主帐户,它没有在该文件夹中写入的权限。
"cannot create user data directory": 1766可能是作为用户创建的用户账号的id。
检查使用 chmod 777(用于测试)创建(作为您的主帐户)1766 文件夹是否有帮助。
注意 hugo issue 3143 提到:
Snaps are read-only for security. We want to prevent a hostile party from sneakily changing the software on your machine, so you cannot modify a snap that is installed on your system. This also means you can always check the signature on the snap, even long after you installed it, to make sure it is still exactly the software you intended. If you want to modify a snap, you can usually build your own version of it, especially if it is open source.
So where can a snap write data? Each snap gets its own set of writable directories which have specific properties. There are two directories which the snap can write to independent of the user. One of these is versioned - each time the snap is upgraded the data is saved and the new snap revision can upgrade its copy. The other ‘common’ data directory is not versioned and is used for big blobs of data that you don’t want to duplicate across revisions of the snap:
/var/snap/<name>/current/ ← $SNAP_DATA is the versioned snap data directory
/var/snap/<name>/common/ ← $SNAP_COMMON will not be versioned on upgrades
Typically, configuration is stored in one of these, along with system-wide data for the snap.
There are also an equivalent two writable directories for each snap in the user home, which can be used to store snap data that is specific to one user or another, separately:
~/snap/<name>/current/ ← $SNAP_USER_DATA that can be rolled back
~/snap/<name>/common/ ← $SNAP_USER_COMMON unversioned user-specific data
You can use the snap edition of Hugo to write (i.e. run
hugo new siteetc.) anywhere inside your$HOMEdirectory, say~/tmp/htest, but not in the system-wide/tmpdirectory.
匹配 "Hugo Install from snap" section:
Hugo-as-a-snap can write only inside the user’s $HOME directory—and gvfs-mounted directories owned by the user—because of Snaps’ confinement and security model.
Use
sudo snap install hugo --classicto disable the default security model if you wanthugoto be able to have write access in other paths besides the user’s$HOMEdirectory.
我最终通过以下方式解决了这个问题:
- 使用
sudo apt-get remove --purge jenkins 卸载 Jenkins
- 正在创建一个名为
jenkins 的标准用户帐户
- 重新安装 Jenkins 和
- 将 Jenkins 工作区根目录设置为
/home/jenkins/workspace/${ITEM_FULL_NAME}
也可以通过创建 Jenkins 配置文件
拥有的目录/home/jenkins 来解决