Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-20082

"Operation not permitted" failure to clean up Docker runner build directory

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Low Low
    • 7.2.0
    • 6.6.2
    • Docker Runner
    • None

      Summary

      Bamboo has the facility to run a Job within a Docker context.
      If the Job creates a directory that is not world writable that contains a file then the agent is unable to clean the directory if requested.

      Bamboo currently tries to workaround this issue by prepending a "umask 000" command to any script task. Unfortunately, this does not prevent the user from creating directories that are not world writable.

      The owner of any file created within a Docker runner job will default to being owned by the owner of the docker daemon. This is usually NOT the same user that is running the Bamboo agent.
      When the "Clean working directory after each job" is ticked the bamboo agent will attempt to remove all the files in the Build directory. It first attempts to change the permissions on the files and directories so that they are writable. This will fail outside the docker environment because the Bamboo agent does not own the file.

      Environment

      Job runs in a Docker environment.
      "Clean working directory after each job" enabled.

      Steps to Reproduce

      1. create Job and specify to run job in Docker container. use "ubuntu" image.
      2. create script task to create a file in a directory. 
        mkdir dir
chmod 755 dir
touch dir/file

      Expected Results

      The Job is successful and the directory cleaned up.

      Actual Results

      The Job is successful and the directory is NOT cleaned up.

      Could not remove working directory for plan 'PROJ-PLAN-JOB': /home/bamboo/bamboo-agent-home/xml-data/build-dir/PROJ-PLAN-JOB/dir: Operation not permitted
java.nio.file.FileSystemException: /home/bamboo/bamboo-agent-home/xml-data/build-dir//home/bamboo/bamboo-agent-home/xml-data/build-dir/PROJ-PLAN-JOB/dir: Operation not permitted
	at sun.nio.fs.UnixException.translateToIOException(UnixException.java:91)
	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
	at sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:238)
	at sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:260)
	at com.atlassian.bamboo.utils.BambooPathUtils$1.preVisitDirectory(BambooPathUtils.java:111)
	at com.atlassian.bamboo.utils.BambooPathUtils$1.preVisitDirectory(BambooPathUtils.java:91)
	at java.nio.file.Files.walkFileTree(Files.java:2677)
	at java.nio.file.Files.walkFileTree(Files.java:2742)
	at com.atlassian.bamboo.utils.BambooPathUtils.cleanDirectory(BambooPathUtils.java:80)
	at com.atlassian.bamboo.util.BambooFileUtils.cleanDirectory(BambooFileUtils.java:639)
	at com.atlassian.bamboo.build.pipeline.tasks.ExecuteBuildTask.cleanWorkingDirectory(ExecuteBuildTask.java:113)
	at com.atlassian.bamboo.build.pipeline.tasks.ExecuteBuildTask.call(ExecuteBuildTask.java:90)
	at com.atlassian.bamboo.v2.build.agent.DefaultBuildAgent.executeBuildPhase(DefaultBuildAgent.java:203)
	at com.atlassian.bamboo.v2.build.agent.DefaultBuildAgent.build(DefaultBuildAgent.java:175)
	at com.atlassian.bamboo.v2.build.agent.BuildAgentControllerImpl.lambda$waitAndPerformBuild$0(BuildAgentControllerImpl.java:122)
	at com.atlassian.bamboo.variable.CustomVariableContextImpl.withVariableSubstitutor(CustomVariableContextImpl.java:185)
	at com.atlassian.bamboo.v2.build.agent.BuildAgentControllerImpl.waitAndPerformBuild(BuildAgentControllerImpl.java:117)
	at com.atlassian.bamboo.v2.build.agent.DefaultBuildAgent$1.run(DefaultBuildAgent.java:126)
	at com.atlassian.bamboo.utils.BambooRunnables$1.run(BambooRunnables.java:48)
	at com.atlassian.bamboo.security.ImpersonationHelper.runWith(ImpersonationHelper.java:26)
	at com.atlassian.bamboo.security.ImpersonationHelper.runWithSystemAuthority(ImpersonationHelper.java:17)
	at com.atlassian.bamboo.security.ImpersonationHelper$1.run(ImpersonationHelper.java:41)
	at java.lang.Thread.run(Thread.java:748)

      Notes

      Bamboo remote agent should try to remove the files from within the Docker context as it may not be have permissions to remove them outside the Docker context.

      Workaround

      If no artifacts are generated you can use a final Script task that removes all the files.

      find . ! \( -name "." -o -name ".." \) -delete

              mgardias Marcin Gardias
              cberry@atlassian.com Chris Berry (Inactive)
              Votes:
              11 Vote for this issue
              Watchers:
              24 Start watching this issue

                Created:
                Updated:
                Resolved: