文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >Jenkins启动在AWS ECS上失败,原因是机密-管理器-凭据提供者-插件

Jenkins启动在AWS ECS上失败,原因是机密-管理器-凭据提供者-插件
EN

Stack Overflow用户
提问于 2021-07-07 13:52:27
回答 1查看 368关注 0票数 1

我正在使用AWS机密管理器凭据提供者插件,这似乎导致Jenkins在启动时失败。

我遵循了这里的故障排除步骤,我做的最后一件事就是把IAM过程分开。

我正在AWS ECS上运行Jenkins/Jenkins:lts坞映像,并使用AWS描述我的堆栈。我从码头映像中使用/usr/local/bin/install-plugins.sh安装了插件。

当我在EC2服务器启动上运行相同的停靠映像时是成功的,但是通过ECS,我得到了这个错误。

代码语言:javascript
复制
java.lang.NullPointerException
    at io.jenkins.plugins.credentials.secretsmanager.AwsSecretSource.reveal(AwsSecretSource.java:35)
    at io.jenkins.plugins.casc.SecretSourceResolver$ConfigurationContextStringLookup.lambda$lookup$ad236547$1(SecretSourceResolver.java:141)
    at io.vavr.CheckedFunction0.lambda$unchecked$52349c75$1(CheckedFunction0.java:247)
    at io.jenkins.plugins.casc.SecretSourceResolver$ConfigurationContextStringLookup.lambda$lookup$0(SecretSourceResolver.java:141)
    at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
    at java.base/java.util.ArrayList$ArrayListSpliterator.tryAdvance(ArrayList.java:1632)
    at java.base/java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:127)
    at java.base/java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:502)
    at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:488)
    at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
    at java.base/java.util.stream.FindOps$FindOp.evaluateSequential(FindOps.java:150)
    at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
    at java.base/java.util.stream.ReferencePipeline.findFirst(ReferencePipeline.java:543)
    at io.jenkins.plugins.casc.SecretSourceResolver$ConfigurationContextStringLookup.lookup(SecretSourceResolver.java:143)
    at org.apache.commons.text.lookup.InterpolatorStringLookup.lookup(InterpolatorStringLookup.java:144)
    at org.apache.commons.text.StringSubstitutor.resolveVariable(StringSubstitutor.java:1067)
    at org.apache.commons.text.StringSubstitutor.substitute(StringSubstitutor.java:1433)
    at org.apache.commons.text.StringSubstitutor.substitute(StringSubstitutor.java:1308)
    at org.apache.commons.text.StringSubstitutor.replaceIn(StringSubstitutor.java:1019)
    at io.jenkins.plugins.casc.SecretSourceResolver.resolve(SecretSourceResolver.java:109)
    at io.jenkins.plugins.casc.impl.configurators.PrimitiveConfigurator.configure(PrimitiveConfigurator.java:44)
    at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:159)
    at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.instance(DataBoundConfigurator.java:76)
    at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:267)
    at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.configure(DataBoundConfigurator.java:82)
    at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$doConfigure$16668e2$1(HeteroDescribableConfigurator.java:277)
    at io.vavr.CheckedFunction0.lambda$unchecked$52349c75$1(CheckedFunction0.java:247)
    at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.doConfigure(HeteroDescribableConfigurator.java:277)
    at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$configure$2(HeteroDescribableConfigurator.java:86)
    at io.vavr.control.Option.map(Option.java:392)
    at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$configure$3(HeteroDescribableConfigurator.java:86)
    at io.vavr.Tuple2.apply(Tuple2.java:238)
    at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:83)
    at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:55)
    at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.tryConstructor(DataBoundConfigurator.java:151)
    at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.instance(DataBoundConfigurator.java:76)
    at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:267)
    at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.check(DataBoundConfigurator.java:100)
    at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:344)
    at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:287)
    at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:351)
    at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:287)
    at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$8(ConfigurationAsCode.java:777)
    at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:713)
    at io.jenkins.plugins.casc.ConfigurationAsCode.checkWith(ConfigurationAsCode.java:777)
    at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:762)
    at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:638)
    at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:307)
    at io.jenkins.plugins.casc.ConfigurationAsCode.init(ConfigurationAsCode.java:299)
Caused: java.lang.reflect.InvocationTargetException
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:104)
Caused: java.lang.Error
    at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:110)
    at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:175)
    at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
    at jenkins.model.Jenkins$5.runTask(Jenkins.java:1129)
    at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
    at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
    at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at java.base/java.lang.Thread.run(Thread.java:829)
Caused: org.jvnet.hudson.reactor.ReactorException
    at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:282)
    at jenkins.InitReactorRunner.run(InitReactorRunner.java:49)
    at jenkins.model.Jenkins.executeReactor(Jenkins.java:1162)
    at jenkins.model.Jenkins.<init>(Jenkins.java:960)
    at hudson.model.Hudson.<init>(Hudson.java:86)
    at hudson.model.Hudson.<init>(Hudson.java:82)
    at hudson.WebAppMain$3.run(WebAppMain.java:295)
Caused: hudson.util.HudsonFailedToLoad
    at hudson.WebAppMain$3.run(WebAppMain.java:312)

我也提出了一个问题。https://github.com/jenkinsci/aws-secrets-manager-credentials-provider-plugin/issues/117#issue-938932773

jenkins
jenkins-plugins
amazon-iam
amazon-ecs
EN

回答 1

Stack Overflow用户

发布于 2022-01-28 07:29:47

编辑:在就像你的问题中有一个更简单的解决方案:使用AWS_REGION。我使用的是AWS_DEFAULT_REGION,它不起作用。

这是我的简化解决方案。

代码语言:javascript
复制
# install aws cli
ARG AWS_ACCESS_KEY_ID
ARG AWS_SECRET_ACCESS_KEY
ARG AWS_REGION
ENV AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
    AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
    AWS_REGION=${AWS_REGION}
RUN wget "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -O "awscliv2.zip" \
    && unzip -q awscliv2.zip \
    && ./aws/install \
    && rm awscliv2.zip

为了完整起见,下面是make命令

代码语言:javascript
复制
build:
    echo -e $(shell getent group docker | cut -d: -f3)
    docker build -t $(PROJ):$(VERSION) --build-arg DOCKER_GID=$(shell getent group docker | cut -d: -f3) \
    --build-arg AWS_ACCESS_KEY_ID=$(shell aws configure get aws_access_key_id --profile=default) \
    --build-arg AWS_SECRET_ACCESS_KEY=$(shell aws configure get aws_secret_access_key --profile=default) \
    --build-arg AWS_REGION=$(shell aws configure get region --profile=default) \
    -f Dockerfile .

旧答案:

看起来Hudson使用了来自~/.aws的凭据和配置,$JENKINS_HOME是卷(我在这里学到了),而不是文件夹。您不能从Dockerfile中创建文件夹。

幸运的是你可以改变那些托拉斯的位置

下面是解决这个问题的Dockerfile的一部分:

代码语言:javascript
复制
ARG AWS_ACCESS_KEY_ID
ARG AWS_SECRET_ACCESS_KEY
ARG AWS_DEFAULT_REGION
ENV AWS_CONFIG_FOLDER=/opt/.aws
ENV AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
    AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
    AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION} \
    AWS_CONFIG_FILE=$AWS_CONFIG_FOLDER/config \
    AWS_SHARED_CREDENTIALS_FILE=$AWS_CONFIG_FOLDER/credentials
RUN wget "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -O "awscliv2.zip" \
    && unzip -q awscliv2.zip \
    && ./aws/install \
    && rm awscliv2.zip \
    && mkdir $AWS_CONFIG_FOLDER \
    && aws --profile default configure set aws_access_key_id "$AWS_ACCESS_KEY_ID" \
    && aws --profile default configure set aws_secret_access_key "$AWS_SECRET_ACCESS_KEY" \
    && aws --profile default configure set region "$AWS_DEFAULT_REGION" \
    && chown -R jenkins:jenkins $AWS_CONFIG_FOLDER
票数 -1
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/68287374

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档