Add Windows image packaging scripts

[slide]

This adds Windows image with SSH support. I can add tests if desired.

[BlueAndi]

I built the image and pushed it to a local registry (stefanscherer/registry-windows). After that I configured jenkins with SSH key injection.
Remote file system root is set to "c:\Users\jenkins".
User is set to "jenkins".

Anything else I need to know regarding configuration in jenkins?

Because of short test results in
"Could not find the file /root in container ..."

[slide]

While testing it locally I didn't see that issue. Can you post a full log? Do you have any env variables set in Jenkins global configuration?

[BlueAndi]

Here is the current log. Its jenkins LTS with the current docker plugin 1.1.7 and SSH slaves plugin 1.30.1 running as master itself in a docker container. The master requests to for the win-ssh-agent (based on your files) image via docker daemon on a windows 10 pc. The windows 10 pc contains docker desktop (CE) edition with windows containers.

Aug 13, 2019 12:59:25 PM INFO com.nirima.jenkins.plugins.docker.DockerCloud provision
Asked to provision 1 slave(s) for: win-ssh-agent
Aug 13, 2019 12:59:25 PM INFO com.nirima.jenkins.plugins.docker.DockerCloud canAddProvisionedSlave
Provisioning 'localhost:5000/win-ssh-agent' number 1 (of 1) on 'windows docker cloud'; Total containers: 0 (of 4)
Aug 13, 2019 12:59:25 PM INFO com.nirima.jenkins.plugins.docker.DockerCloud provision
Will provision 'localhost:5000/win-ssh-agent', for label: 'win-ssh-agent', in cloud: 'windows docker cloud'
Aug 13, 2019 12:59:25 PM INFO hudson.slaves.NodeProvisioner$StandardStrategyImpl apply
Started provisioning Image of localhost:5000/win-ssh-agent from windows docker cloud with 1 executors. Remaining excess workload: 0
Aug 13, 2019 12:59:25 PM INFO com.nirima.jenkins.plugins.docker.DockerTemplate pullImage
Pulling image 'localhost:5000/win-ssh-agent:latest'. This may take awhile...
Aug 13, 2019 12:59:25 PM INFO io.jenkins.docker.client.DockerAPI getOrMakeClient
Cached connection io.jenkins.docker.client.DockerAPI$SharableDockerClient@41f0787 to DockerClientParameters{dockerUri=tcp://lp13007:2375, credentialsId=null, readTimeoutInMsOrNull=300000, connectTimeoutInMsOrNull=60000}
Aug 13, 2019 12:59:26 PM INFO com.nirima.jenkins.plugins.docker.DockerTemplate pullImage
Finished pulling image 'localhost:5000/win-ssh-agent:latest', took 987 ms
Aug 13, 2019 12:59:26 PM INFO com.nirima.jenkins.plugins.docker.DockerTemplate doProvisionNode
Trying to run container for localhost:5000/win-ssh-agent
Aug 13, 2019 12:59:26 PM INFO com.nirima.jenkins.plugins.docker.DockerTemplate doProvisionNode
Trying to run container for node win-ssh-agent-0000vofz0qwso from image: localhost:5000/win-ssh-agent
Aug 13, 2019 12:59:26 PM INFO com.nirima.jenkins.plugins.docker.DockerTemplate doProvisionNode
Started container ID 2919d3af76f178f5e7b27920d83bd846617d78dc9309cb356833ecc5b83d59bc for node win-ssh-agent-0000vofz0qwso from image: localhost:5000/win-ssh-agent
Aug 13, 2019 12:59:26 PM SEVERE com.github.dockerjava.core.async.ResultCallbackTemplate onError
Error during callback
com.github.dockerjava.api.exception.NotFoundException: {"message":"Could not find the file /root in container 2919d3af76f178f5e7b27920d83bd846617d78dc9309cb356833ecc5b83d59bc"}

	at com.github.dockerjava.netty.handler.HttpResponseHandler.channelRead0(HttpResponseHandler.java:103)
	at com.github.dockerjava.netty.handler.HttpResponseHandler.channelRead0(HttpResponseHandler.java:33)
	at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:105)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
	at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:86)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
	at io.netty.handler.logging.LoggingHandler.channelRead(LoggingHandler.java:241)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
	at io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireChannelRead(CombinedChannelDuplexHandler.java:438)
	at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:310)
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:284)
	at io.netty.channel.CombinedChannelDuplexHandler.channelRead(CombinedChannelDuplexHandler.java:253)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
	at io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:287)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926)
	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134)
	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644)
	at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:579)
	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:496)
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458)
	at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858)
	at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:138)
	at java.lang.Thread.run(Thread.java:748)

Aug 13, 2019 12:59:26 PM SEVERE com.nirima.jenkins.plugins.docker.DockerCloud$1 run
Error in provisioning; template='DockerTemplate{configVersion=2, labelString='win-ssh-agent', connector=io.jenkins.docker.connector.DockerComputerSSHConnector@7f369995, remoteFs='C:\Users\jenkins', instanceCap=1, mode=NORMAL, retentionStrategy=com.nirima.jenkins.plugins.docker.strategy.DockerOnceRetentionStrategy@2b65f1cf, dockerTemplateBase=DockerTemplateBase{image='localhost:5000/win-ssh-agent', pullCredentialsId='', registry=DockerRegistryEndpoint[null;credentialsId=null], dockerCommand='', hostname='', dnsHosts=[], network='', volumes=[], volumesFrom2=[], environment=[], bindPorts='', bindAllPorts=false, memoryLimit=null, memorySwap=null, cpuShares=null, shmSize=null, privileged=false, tty=false, macAddress='null', extraHosts=[]}, removeVolumes=false, pullStrategy=PULL_ALWAYS, nodeProperties=[], disabled=BySystem,0 ms,4 min 59 sec,Template provisioning failed.}' for cloud='windows docker cloud'
com.github.dockerjava.api.exception.NotFoundException: {"message":"Could not find the file /root in container 2919d3af76f178f5e7b27920d83bd846617d78dc9309cb356833ecc5b83d59bc"}

	at com.github.dockerjava.netty.handler.HttpResponseHandler.channelRead0(HttpResponseHandler.java:103)
	at com.github.dockerjava.netty.handler.HttpResponseHandler.channelRead0(HttpResponseHandler.java:33)
	at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:105)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
	at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:86)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
	at io.netty.handler.logging.LoggingHandler.channelRead(LoggingHandler.java:241)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
	at io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireChannelRead(CombinedChannelDuplexHandler.java:438)
	at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:310)
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:284)
	at io.netty.channel.CombinedChannelDuplexHandler.channelRead(CombinedChannelDuplexHandler.java:253)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
	at io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:287)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926)
	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134)
	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644)
	at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:579)
	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:496)
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458)
	at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858)
	at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:138)
	at java.lang.Thread.run(Thread.java:748)

[BlueAndi]

What might be interesting too is, that starting the container with docker run -d win-ssh-agent, it starts and quits after some seconds (I guess it shouldn't).

docker logs shows

WARNING: Waiting for service 'OpenSSH SSH Server (sshd)' to start...
PS C:\Users\jenkins>

[slide]

Jenkins docker plugins don't support Windows containers for agents. You'd need to spin up the agent container manually until that changes. Also, when running manually, if you use -it it won't exit. It's something I have been trying to figure out since sshd is running as a service.

[BlueAndi]

Jenkins docker plugins don't support Windows containers for agents. You'd need to spin up the agent container manually until that changes.

I feared something like that. Hmm ... have to think about. Thanks Alex for your help.

[BlueAndi]

@slide Any good hint/example how to do it manually without docker-plugin?

[slide]

I just ran the container manually on my server. That is not ideal obviously. I don't have a better solution at this point.

[jetersen]

Perhaps enabling Tls12 could be upstreamed?

Here is a PowerShell script version of it, could be converted to Docker run :)

#requires -runasadministrator

# set strong cryptography on 64 bit .Net Framework
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v2.0.50727' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v2.0.50727' -Name 'SystemDefaultTlsVersions' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SystemDefaultTlsVersions' -Value '1' -Type DWord

# set strong cryptography on 32 bit .Net Framework
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727' -Name 'SystemDefaultTlsVersions' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SystemDefaultTlsVersions' -Value '1' -Type DWord

[jetersen]

@BlueAndi I'll see if I can get around to upstreaming our fix to docker plugin that adds support for Windows sadly it kinda depends on Git client plugin v3 which is still in beta.

This is needed for Windows OpenSSH
jenkinsci/git-client-plugin#371

[BlueAndi]

@BlueAndi I'll see if I can get around to upstreaming our fix to docker plugin that adds support for Windows sadly it kinda depends on Git client plugin v3 which is still in beta.

@Casz That would be great! You are everywhere, from JCasC to here ... cool ... don't forget to sleep between. ;-)

[MarkEWaite]

jenkinsci/git-client-plugin#371 has been released in git client plugin 2.8.1

[ndeloof]

I have 0 experience with Windows cointainers so can't offer a significant advise on this PR.

[BlueAndi]

I have 0 experience with Windows cointainers so can't offer a significant advise on this PR.

I will give it a try in the next days.

[BlueAndi]

@Casz Did you upstream the fix to the docker plugin with windows support?

[jetersen]

There is PR open but I haven't been able to get around to it: jenkinsci/docker-workflow-plugin#184

You should be able to test it with this: https://ci.jenkins.io/job/Plugins/job/docker-workflow-plugin/job/PR-184/1/artifact/org/jenkins-ci/plugins/docker-workflow/1.20-rc400.6982db7f7860/docker-workflow-1.20-rc400.6982db7f7860.hpi

[BlueAndi]

@Casz As a first feedback, it looks good and I got it running. This means the container is remotely created, started and stopped again. I will do some more tests. The windows container base on this PR, but not with the latest modifications.

[BlueAndi]

@slide After the container is started, I try to connect via ssh jenkins@localhost for test. But I get permission denied. A look into the containers sshd logs shows:

Bad owner on C:/Users/jenkins/.ssh/authorized_keys

I checked the file access:

PS C:\Users\jenkins\.ssh> icacls .\authorized_keys
.\authorized_keys NT AUTHORITY\SYSTEM:(I)(F)
                  BUILTIN\Administrators:(I)(F)
                  S-1-5-83-1-1482282251-1114986178-557466766-4202154842:(I)(F)
                  BUILTIN\Users:(I)(RX)

Any hint?

[slide]

@BlueAndi Not sure why you would use localhost unless you are passing port 22 through?

[BlueAndi]

I am on the same machine, where the docker container is running. Its just for the test. I get the same problem, connecting from a different machine. The sshd in the container aborts with the bad ownership log. Today I took a look to the openssh documentation and there they said only SYSTEM, Administrators and the owner shall have access. Not sure about the additional SID, see above.

BTW port 22 is mapped. Tried a mapping to 2222 too, just to be sure, but same behaviour.

[slide]

The SID you see should be the jenkins user account SID. I'll try and look at this later today.

[jetersen]

This is the patch I did for git client plugin for it to work with Openssh: jenkinsci/git-client-plugin#447

[slide]

@BlueAndi I am unable to reproduce your issue. I am running the container as follows:

 docker run -p 2022:22 jenkins4eval/ssh-agent:test-windows "MYPUBLICKEYHERE"

Then I am ssh'ing with the following:

ssh -i path\to\private\key jenkins@localhost -p 2022

This is working for me just fine.

[BlueAndi]

Client: Docker Engine - Community
Version: 19.03.2
API version: 1.40
Go version: go1.12.8
Git commit: 6a30dfc
Built: Thu Aug 29 05:26:49 2019
OS/Arch: windows/amd64
Experimental: false

Server: Docker Engine - Community
Engine:
Version: 19.03.2
API version: 1.40 (minimum version 1.24)
Go version: go1.12.8
Git commit: 6a30dfc
Built: Thu Aug 29 05:39:49 2019
OS/Arch: windows/amd64
Experimental: true

[slide]

I'll see if I can find a Windows 10 system that I can put docker on.

[slide]

I tried running on a Windows 10 system. I had to use a different tag to build the image, then I was able to SSH into the system using the key just fine. No error about bad ownership on the key. Can you provide all the steps you are using to try and get this working?

[BlueAndi]

The steps with your image:

• Open a windows console.

• docker pull jenkins4eval/ssh-agent:latest-windows

• ssh-keygen -t rsa, entering no passphrase and storing it in the user directory (%USERPROFILE%\.ssh)

• docker run -p 2022:22 jenkins4eval/ssh-agent:latest-windows "ssh-rsa XXXXXXXXXXXXX" using the public key from %USERPROFILE%\.ssh\id_rsa.pub

• Open a 2nd windows console.

• del %USERPROFILE%\.ssh\known_hosts to ensure a new fingerprint will be created.

• ssh -i %USERPROFILE%\.ssh\id_rsa jenkins@localhost -p 2022

• Confirm with "yes" to continue connecting, because of missing fingerprint.

• Result: Permission denied (publickey). and in the container sshd log, the Bad owner ...

Which tag did you have to use?

[slide]

My Windows 10 version required me to use 1709 for the WINDOWS_DOCKER_TAG arg. You have to match the Windows version of the container to the Windows version of the host machine.

[BlueAndi]

We use a 1903 ... funny is, that the 1809 runs on a 1903, but only with the latest updates from Microsoft. openJDK provides right now no image with 1903, so I have to build first a openJDK image with 1903. But that could be the key.

Regarding NAT, it was no problem. We didn't have to change something.

But lets try with 1903 and I will send feedback about the result.

[slide]

Yeah, I removed the NAT portion of my comment because I realized my network was setup weird on that system. Once I tried with a normal network setup I was able to use localhost no problem.

[BlueAndi]

In the meanwhile I built a openJDK image with
FROM mcr.microsoft.com/windows/servercore:1903
and used this as base for. But ... without success ... same problem. argh

Lets stop here now. I will continue the investigation next week.

Anyway again thank you very much!!!! Without your help and suggestions it would be much harder.

[slide]

@ndeloof Are you planning on continuing to maintain this repo? If not, would it be ok if I added myself to the committer list via the ircbot?

[BlueAndi]

FYI
I searched in the openSSH sourcecode for "Bad owner on ..." to find out whats the problem in detail.
The code checks the SID:

	if (!IsWellKnownSid(owner_sid, WinBuiltinAdministratorsSid) &&
		!IsWellKnownSid(owner_sid, WinLocalSystemSid) &&
		!EqualSid(owner_sid, user_sid)) {
		debug3("Bad owner on %S", path_utf16);
		ret = -1;
		goto cleanup;
	}

[slide]

I would assume its failing on the following:

!EqualSid(owner_sid, user_sid))

[BlueAndi]

It's working now, but I am not sure whether I understand it.

• First I created a local user "jenkins" on the host system.
• In the Dockerfile I removed VOLUME "${JENKINS_AGENT_HOME}" "C:\Users\${user}\AppData\Local\Temp".
• Rebuilt the image.
• Now inside the container the ./.ssid directory and the authorized_keys file have the correct permissions without any strange SID. And I can successful connect with ssh.

Do you have a local "jenkins" user on your host system?
And I found the notes especially for windows container volumes: https://docs.docker.com/v17.09/engine/reference/builder/#volume

Volumes on Windows-based containers: When using Windows-based containers, the destination of a volume inside the container must be one of:

a non-existing or empty directory
a drive other than C:

[slide]

No, I do not have a local jenkins user on the host system.

[BlueAndi]

If I use VOLUME "${JENKINS_AGENT_HOME}" "C:\Users\${user}\AppData\Local\Temp", the problem raises up again, independed of a existing jenkins user on the host system. Try to do tomorrow some more tests.

[slide]

We can definitely change it to another location inside the image. Maybe this is a difference between Docker CE and Docker EE?

[slide]

According to this, the VOLUME stuff is no longer an issue on Windows Server 2019. https://blog.sixeyed.com/what-you-can-do-with-docker-in-windows-server-2019-that-you-couldnt-do-in-windows-server-2016/. I'm not sure if Windows 10 would be considered to be more like Windows Server 2016 or Windows Server 2019, but that could be the root of the issues you are seeing.

[BlueAndi]

But you tested it on windows 10 as well and without an existing jenkins user. Did you use there docker EE?

[slide]

No, I did not use EE.

[slide]

I pushed a version of the image based on this PR to jenkins4eval/ssh-agent:test-windows . Please try it out and let me know if it works.

[BlueAndi]

Same problem. Can you please create additional the user "jenkins" in the host system, before you build the image? Ensure that the user directory exists.

See again the Hyper-V related SID:

PS C:\Users\jenkins\.ssh> icacls.exe .\authorized_keys
.\authorized_keys NT AUTHORITY\SYSTEM:(I)(F)
                  BUILTIN\Administrators:(I)(F)
                  S-1-5-83-1-2115873755-1246499530-1890222465-4150819093:(I)(F)
                  BUILTIN\Users:(I)(RX)

[slide]

That is a problem because there won't necessarily be a enkins user on the systems when this is built in automated builds.

[BlueAndi]

That is true. BTW the VOLUME "${JENKINS_AGENT_HOME}" "C:\Users\${user}\AppData\Local\Temp" in the Dockerfile assumes there is a jenkins user on the host system, where the container is running.

[slide]

I believe that line is creating two volume mount points.

Dockerfile's VOLUME specify one or more volumes given container-side paths. But it does not allow the image author to specify a host path. On the host-side, the volumes are created with a very long ID-like name inside the Docker root.

[slide]

Is there any additional feedback on this, or can it get merged? I don't have access to merge in this repo.

[BlueAndi]

Nothing from my side.