commit ce022a132e5f60f9fb6126d8abc84100b2f38adb
parent 3bfb2349da1c17ff1937a40b4879e6b33905ff5f
Author: Andreas Gruhler <agruhl@gmx.ch>
Date: Sun, 10 Aug 2025 20:36:28 +0200
feat(jenkins-agent): revert to docker and vfs storage
The podman-docker emulation failed due to missing tun filesystems etc..
even though I mounted /dev/fuse and /dev/net/tun from the host via Nomad
podman driver "devices":
* https://developers.redhat.com/articles/2024/12/02/enable-nested-containers-openshift-dev-spaces-user-namespaces
* https://developer.hashicorp.com/nomad/plugins/drivers/podman#devices
Diffstat:
3 files changed, 16 insertions(+), 21 deletions(-)
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -1,6 +1,17 @@
@Library('in0rdr-jenkins-lib@master') _
+//def buildahbud = new BuildahBud(this)
+//def buildahpush = new BuildahPush(this)
+
node('podman'){
checkout scm
gitleaks()
+
+ // build with image context and name
+ //buildahbud.execute(
+ // [uid: 1312, gid: 1312],
+ // 'docker/docker-jenkins-inbound-agent',
+ // 'jenkins-inbound-agent',
+ // '3327.v868139a_d00e0-v4')
+ //buildahpush.execute('jenkins-inbound-agent', '3327.v868139a_d00e0-v4')
}
diff --git a/docker/docker-jenkins-inbound-agent/Dockerfile b/docker/docker-jenkins-inbound-agent/Dockerfile
@@ -69,31 +69,19 @@ USER root
# We emulate docker command for docker-workflow Jenkins plugin
# and install buildah to build and push containers.
-# Install configure fuse-overlayfs as mount_program
-RUN apk add --no-cache podman-docker buildah fuse-overlayfs fuse
+RUN apk add --no-cache docker buildah netavark
# Set up environment variables to note that this is not starting with user
# namespace and default to isolate the filesystem with chroot.
# https://developers.redhat.com/blog/2019/08/14/best-practices-for-running-buildah-in-a-container
ENV _BUILDAH_STARTED_IN_USERNS="" BUILDAH_ISOLATION=chroot
-# 'overlay' is not supported over overlayfs without fuse-overlayfs
-# VFS would be the alternative
+# 'overlay' is not supported over overlayfs without fuse-overlayfs. VFS is the alternative.
# - https://docs.gitlab.com/ci/docker/using_docker_build/#buildah-example
# - https://wiki.alpinelinux.org/wiki/Podman
# - https://github.com/containers/storage/blob/main/docs/containers-storage.conf.5.md
# - https://docs.podman.io/en/latest/markdown/podman.1.html#environment-variables
-ENV STORAGE_DRIVER=overlay
-
-# Configure fuse-overlayfs
-# https://docs.podman.io/en/latest/markdown/podman.1.html#note-unsupported-file-systems-in-rootless-mode
-RUN sed -i 's/#mount_program/mount_program/' /etc/containers/storage.conf
-
-# Configure fuse and tun modules at boot
-# https://wiki.alpinelinux.org/wiki/Podman
-RUN mkdir -p /etc/modules.load.d
-RUN echo fuse > /etc/modules.load.d/fuse.conf
-RUN echo tun > /etc/modules.load.d/tun.conf
+ENV STORAGE_DRIVER=vfs
# Configure missing subuid/subgids for rootless podman builds
# https://docs.podman.io/en/latest/markdown/podman.1.html#rootless-mode
diff --git a/hcl/default/jenkins/templates/jenkins.yaml.tmpl b/hcl/default/jenkins/templates/jenkins.yaml.tmpl
@@ -102,16 +102,12 @@ jenkins:
"/etc/containers/registries.conf:/etc/containers/registries.conf",
"/home/jenkins/workspace:/home/jenkins/workspace"
],
- "devices": [
- "/dev/fuse"
- ],
"force_pull": true,
- "image": "127.0.0.1:5000/jenkins-inbound-agent:3327.v868139a_d00e0-v2"
+ "image": "127.0.0.1:5000/jenkins-inbound-agent:3327.v868139a_d00e0-v4"
},
"Env": {
"REMOTING_OPTS": "-url http://{{ env "NOMAD_ADDR_jenkins" }} -name %WORKER_NAME% -secret %WORKER_SECRET% -tunnel {{ env "NOMAD_ADDR_jnlp" }}",
- "DOCKER_HOST": "unix:///home/jenkins/agent/podman.sock",
- "DOCKER_OPTS": "--insecure-registry=\"haproxy.lan:5000\""
+ "DOCKER_HOST": "unix:///home/jenkins/agent/podman.sock"
},
"Resources": {
"CPU": 500,
