Tech/Podman as a Jenkins "cloud" provider

From ~esantoro
Revision as of 16:51, 29 June 2025 by Esantoro (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

I moved to a new job a few months ago and I now have to learn Jenkins as I'll be taking over management of the company Jenkins instance, along with the fleet of executors.

In order to have a private playground, I set up a small Jenkins instance at home.

In this article I'll be describing how I configured (rootless) podman to act as a "cloud" provider for jenkins, in order to run Jenkins job ("steps") into podman containers.

I just started learning Jenkins, so be forgiving if what I write in this article is not yet 100% ideal :-)

Preface

I already have an unprivileged user on my system that's running Jenkins and other services as rootless containers.

I did not want to share that same podman instance with Jenkins as i did not want Jenkins jobs to pollute the environment where other services run as well.

Besides that, sharing the same podman instance would have meant that (in theory) jenkins jobs could have accessed other services and the same jenkins instance as well.

Even if this is my own private system at home, I still want to have a bit of decency :)

System configuration

After that, I created an unprivileged system users called jcontainers (short for "Jenkins Containers").

In/for the jcontainers user the following configurations are needed:

  • Let jcontainers process linger: loginctl enable-linger jcontainers
  • Configure a systemd user session:
    • mkdir -p $HOME/.config/systemd/user
    • export XDG_RUNTIME_DIR=/run/user/$UID
    • echo "export XDG_RUNTIME_DIR=/run/user/$UID" >> ~/.bashrc
    • echo "export XDG_RUNTIME_DIR=/run/user/$UID" >> ~/.profile

Now we configure the podman socket to be exposed via TCP:

$ cat ~/.config/systemd/user/podman.socket
[Unit]
Description=Podman API Socket
Documentation=man:podman-system-servi
[Socket]
ListenStream=127.0.0.1:8510
SocketMode=0660
Service=podman.service
[Install]
WantedBy=sockets.target

And finally we can enable the newly-created podman socket:

  • systemctl --user enable --now podman.service
  • systemctl --user enable --now podman.socket

At this point you can check that a rootless podman is running by making a request to its socket:

$ curl --silent -XGET http://127.0.0.1:8510/version | jq .
{
  "Platform": {
  "Name": "linux/amd64/rocky-9.5"
  "Components": [
    "Name": "Podman Engine",
    "Version": "5.2.2",
    "Details": {
    "APIVersion": "5.2.2",
    "Arch": "amd64"
    "BuildTime": "2025-05-06T18:28:55+02:00",
    "Experimental": "false"
    "GitCommit": ""
    "GoVersion": "go1.23.2 (Red Hat 1.23.2-1.el9)".
    "KernelVersion": "5.14.0-503.40.1.e19_5.x86_64'
    "MinAPIVersion": "4.0.0",
    "Os": "linux"
  }
[... more stuff past this ...]

Jenkins configuration

Essentially you need to install and configure the Jenkins Docker plugin

Jenkins configuration needed to use Podman as a cloud provider
Jenkins configuration needed to use Podman as a cloud provider


As you can see it's not much different than configuring a Docker engine.

The rest (agent templates and etc) it's pretty much the same.

Retrieved from "https://santoro.tk/w/index.php?title=Tech/Podman_as_a_Jenkins_%22cloud%22_provider&oldid=246"