Drone stack with Bitbucket not working with DRONE_ADMIN [solved]

majestic · January 22, 2018, 9:47pm

Hi Guys,

I am having a bit of a problem trying to get my bitbucket user to have admin rights to DRONE. What am I doing wrong? when I goto my url i.e. https://drone.exmaple.com it auto sends me to bitbucket to login. After this is done I get the drone UI. However it seems I am a user not admin as I get no extra features on repo section to enable me to use docker volumes.

So my question is, how does one who uses bitbucket for auth (oauth) give themselfs admin access? my bitbucket login is: majestic@example.com

---
version: '3.3'

networks:
  backend:
    external: true

services:
  drone-server:
    image: drone/drone:0.8.2
    volumes:
      - /var/lib/docker/ceph/volumes/drone:/var/lib/drone/
    networks:
      - backend
    deploy:
      endpoint_mode: dnsrr
      replicas: 1
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
        window: 120s
      placement:
        constraints:
          - node.role != manager
    environment:
      - DRONE_HOST=https://drone.example.com
      - DRONE_BITBUCKET=true
      - DRONE_BITBUCKET_CLIENT=**************
      - DRONE_BITBUCKET_SECRET=********************
      - DRONE_SECRET=****************
      - DRONE_DEBUG=true
      - DRONE_ADMIN=majestic@example.com

  drone-agent:
    image: drone/agent:0.8.2
    command: agent
    depends_on:
      - drone-server
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - backend
    deploy:
      endpoint_mode: dnsrr
      mode: global
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
        window: 120s
      placement:
        constraints:
          - node.role != manager
    environment:
      - DRONE_SERVER=drone-9000.service.consul:9000
      - DRONE_SECRET=********
      - DRONE_DEBUG=true

Kind Regards,

Majestic

bradrydzewski · January 22, 2018, 9:51pm

DRONE_ADMIN should be your Bitbucket username, not email address.

majestic · January 23, 2018, 4:44am

Thank you. I changed it to the email address because thats what I login as on bitbucket. However I also have tried just the username and even the teams name and neither works.

Any other ideas?

Kind Regards,

Majestic

bradrydzewski · January 23, 2018, 4:47am

I can confirm DRONE_ADMIN works as expected. The only known root cause for DRONE_ADMIN not working is when you do not use the correct, case-sensitive, username.

majestic · January 23, 2018, 4:52am

Mines all lowercase and thats what I used. Will try again and get back to you, thank you.

majestic · January 23, 2018, 4:57am

I have even tried to login directly with bitbucket with only username and it says:

You can no longer log in with a username. Use your Atlassian account email address (majestic@example.com) instead.

The only other thing it might be is that I have 2FA enabled on my account, could this be the cause?

bradrydzewski · January 23, 2018, 5:21am

I login with my email, but I still have a username. https://bitbucket.org/brydzewski

If you are unsure your exact username, you can login to Drone and then visit /api/user. This endpoint will return a payload that will include your username:

{"id":1,"login":"brydzewski","email":"..."

Before we proceed any further, please paste the results of this endpoint to this thread.

majestic · January 23, 2018, 5:52am

Thanks very much. Will do after I’m at work as I’m traveling right now. ETA an hour.

majestic · January 23, 2018, 6:55am

I can confirm it matches with the latest config. As you can see it is seeing me as admin, I think I now know what the problem is, I am not running the container in privileged mode because its not directly supported with stack configs. Will switch this to “cap_add” (shown below) which is an overkill but it might work. Will report later when I got a few minutes to test.

Thanks for the URL BTW as without it, I would still be thinking its not been set.

cap_add:
  - ALL

|id|1|
|---|---|
|login|"majestic"|
|email|""|
|avatar_url|"https://bitbucket.org/account/majestic/avatar/32/"|
|active|false|
|synced|1516656317|
|admin|true|

Kind Regards,

Majestic

majestic · January 23, 2018, 6:31pm

Good news, after doing some more research, ive got the admin part sorted. It seems that docker swarm mode can’t create privileged containers (at this time). However there is a work around…

In short, I had to re-create my docker swarm network (backend) to allow me to manually attach. Then I did the good old docker-compose version of the stack file and manually brought up the containers for server and agents on the relevant machines.

Then I found I could tick trusted under settings. This then allowed the volumes to mount.

The exact config I used is this:

drone-agent

---
version: '3.4'

networks:
  backend:
    external: true

services:
  drone_agent:
    container_name: drone_agent
    image: drone/agent:0.8.2
    command: agent
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - backend
    privileged: true
    environment:
      - DRONE_SERVER=drone-9000.service.consul:9000
      - DRONE_SECRET=****************************
      - DRONE_DEBUG=true

drone-server

---
version: '3.4'

networks:
  backend:
    external: true

services:
  drone_server:
    container_name: drone_server
    image: drone/drone:0.8.2
    volumes:
      - /var/lib/docker/ceph/volumes/drone:/var/lib/drone/
    networks:
      - backend
    privileged: true
    environment:
      - DRONE_HOST=https://drone.example.com
      - DRONE_BITBUCKET=true
      - DRONE_BITBUCKET_CLIENT=***********
      - DRONE_BITBUCKET_SECRET=***************
      - DRONE_SECRET=*********************
      - DRONE_DEBUG=true
      - DRONE_ADMIN=majestic

I am not sure if you only need privileged on just the agent which is kind of what I would expect so if you or anyone could confirm that its only needed their, ile update the config.

The only thing I am now having issues with is I now get this when trying to build a dockerfile.

Build ****/docker-*****
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.33/build?buildargs=%7B%7D&cachefrom=%5B%5D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&labels=%7B%7D&memory=0&memswap=0&networkmode=default&rm=1&session=66201d8f706a2f279c39d5794e2b063c34334c90e79c73cd3212ae8f54acfe13&shmsize=0&t=******%2Fdocker-******-tmp&target=&ulimits=null: dial unix /var/run/docker.sock: connect: permission denied

Could this be something to do with my image im using for building dockerfiles? what image would anyone suggest to just simply build/compile a Dockerfile in X repo then push it up to dockerhub if all successful? later on like that to auto-deploy but baby steps.

Also if anyones intrested how to re-create network, this is what I did (taken from my own notes)

First of remove the default ingres network which is used to link all servers togeter and is used for the public network.

docker network rm ingress

Replace with ‘frontend’ ingres network

docker network create \
  --driver overlay \
  --opt encrypted \
  --ingress \
  --subnet=10.172.0.0/16 \
  --gateway=10.172.0.1 \
  --opt com.docker.network.driver.overlay.vxlanid_list=4096 \
  frontend

Create ‘backend’ swarm backend network

docker network create -d overlay --attachable --opt encrypted --opt com.docker.network.swarm.name=backend backend --subnet 10.30.0.0/16

You only really need to do the backend network but as I forgot to encrypt mine originally when I created the swarm network, I took the time to do that at the same time.

I hope some of this info is helpful to others whos having issues with swarm. If anyone has any solutins to the permissions issue please let me know. Below is the .drone.yml file that im currently messing with…

pipeline:
  build:
    image: plugin/docker
    repo: example/project
    action: build
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

publish:
  docker:
    repo: example/project
    when:
branch: master

If someone knows a better image or way to just simply build a dockerfile then push to a repo, I would be really greatful if you could share.

Thanks.

Kind Regards,

Majestic

update* fixed drone.yml image

It seems you need to use plugin/docker as the image, now it builds sucessfully.

tonglil · January 24, 2018, 4:44am

Hi, is this issue related to “Drone stack with Bitbucket not working with DRONE_ADMIN”?

If not, could you open a new issue with a more clear description of the error you are facing?

Thanks.

majestic · January 24, 2018, 4:45am

My apologies, will do.

tonglil · January 24, 2018, 4:50am

No worries, just want to be able to wrap up resolved topics!

majestic · January 24, 2018, 4:51am

No worries, totally understand.

Topic		Replies	Views
Update swarm service in publish pipeline Drone Support	7	1999	September 5, 2018
[SOLVED]: How to get Drone working in Docker (Swarm Mode) with docker stack deploy Drone Support	14	5958	January 1, 2018
Docker run --network="host" as plugin Drone Support	3	1053	February 26, 2018
Insufficient privileges to use volumes Drone Support	7	1756	November 30, 2018
Admin doesn't have full rights Drone Support	0	400	February 19, 2018

Drone stack with Bitbucket not working with DRONE_ADMIN [solved]

First of remove the default ingres network which is used to link all servers togeter and is used for the public network.

Replace with ‘frontend’ ingres network

Create ‘backend’ swarm backend network

update* fixed drone.yml image

Related topics