commit cd2d654d41f655c97413125d8155dfa81249f45b parent 9c9604283b110c474ad149e147a5c9d72e362c75 Author: Andreas Gruhler <agruhl@gmx.ch> Date: Sat, 4 Oct 2025 16:18:00 +0200 fix(nomad): podman socket lingering for jenkins Diffstat:
| M | nomad.sh | | | 41 | +++++++++++++++++++++++++++++------------ |
1 file changed, 29 insertions(+), 12 deletions(-)
diff --git a/nomad.sh b/nomad.sh @@ -206,22 +206,39 @@ tar -C /opt/cni/bin -xzf cni-plugins.tgz # Prepare a Jenkins user for Jenkins agents and workload # https://code.in0rdr.ch/nomad/file/docker/docker-jenkins-inbound-agent/README.html -groupadd -g $NOMAD_JENKINS_GID jenkins -useradd -m -s /bin/bash -u $NOMAD_JENKINS_UID -g $NOMAD_JENKINS_GID jenkins - -# keep my podman.socket enabled even if no jenkins user is logged in -loginctl enable-linger jenkins - -# https://www.freedesktop.org/software/systemd/man/latest/systemctl.html#-M -systemctl --user -M jenkins@ start podman.socket -systemctl --user -M jenkins@ enable podman.socket +/usr/sbin/groupadd -g $NOMAD_JENKINS_GID jenkins +/usr/sbin/useradd -m -s /bin/bash -u $NOMAD_JENKINS_UID -g $NOMAD_JENKINS_GID jenkins + +# Keep my podman socket enabled even if no jenkins user is logged in. "loginctl +# enable-linger jenkins" command does not work when systemd is not booted with +# init system. Configuring KillUserProcesses directly in the user service as +# alternative. +# https://www.freedesktop.org/software/systemd/man/latest/logind.conf.html#KillUserProcesses= +mkdir -p /home/jenkins/.config/systemd/user/sockets.target.wants +cat << EOF >> /home/jenkins/.config/systemd/user/sockets.target.wants/podman.socket +[Unit] +Description=Podman API Socket +Documentation=man:podman-system-service(1) + +[Socket] +ListenStream=%t/podman/podman.sock +SocketMode=0660 + +[Install] +WantedBy=sockets.target + +[Login] +KillUserProcesses=no +EOF # create the mountpoint for the workspaces, podman does not create it for us -sudo -u jenkins mkdir /home/jenkins/workspace +mkdir /home/jenkins/workspace # move Nomad server truststore -sudo mv $TLS_DIR/nomad-agent-ca.p12 /home/jenkins/ -sudo chown jenkins: /home/jenkins/nomad-agent-ca.p12 +mv $TLS_DIR/nomad-agent-ca.p12 /home/jenkins/ + +# set ownership +chown -R jenkins: /home/jenkins fi # endif NOMAD_CLIENT