New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No way to override bundled plugin when using Docker #3974
Comments
@chriswhelix --- You are right about the bundled plugin behaviour. On server boot up it first loads the bundled plugins and then the external plugin. Only way I can see is,
docker run --name go-server -d -p8153:8153 -p8154:8154 -v <PATH_TO_DATA_DIR>:/godata gocd/gocd-server:v17.11.0
wget -O gocd-yaml-config-plugin.jar https://github.com/tomzo/gocd-yaml-config-plugin/releases/download/0.6.0/yaml-config-plugin-0.6.0.jar
docker restart go-server |
I recall @arvindsv talking on gitter that this is legacy behavior that should be removed. It used to be that bundled plugins had move quality testing and hence their priority when loading. |
I agree with this argument. I'll defer to @arvindsv for the final vote to confirm this behavior. @bdpiparva just pointed me to this method that seems to be in the way, and it the current behavior (that bundled overrides external) seems by design. https://github.com/bdpiparva/gocd/blob/fcbfd6443f6e9edc24df7fb49ad651a78bc9dac3/plugin-infra/go-plugin-infra/src/com/thoughtworks/go/plugin/infra/listeners/DefaultPluginJarChangeListener.java#L120-L124. According to @bdpiparva, looking at the old "cruise" code does not provide any historical context either. |
Yes, this needs to change. Currently, it's too dependent on the filesystem and the order the directories are considered. How about we use these principles?
|
This issue has been automatically marked as stale because it has not had activity in the last 90 days. |
This is a pain :( |
Just curious @Stono - which bundled plugin are you looking to override? |
The yum repo one. The version of I'll likely raise a PR to "fix" it and backwards compatible support older and newer In the spirit of "cattle rather than pets" - I strive to have as much as possible in the The "dirty" way i've got working is this in our
In this example; you'll note a few things.
In our entrypoint script, which will run on the cluster, we symlink the
And this gives us what we want, plugins that are entirely populated as part of the build process, statically promoted through environments. It would be awesome to not have to do all of this, because I'm sure you can agree, it's dirty! |
Thanks for sharing @Stono - yes that is indeed troublesome.
It doesn't get at the root of your problem, but it does occur to me that the yum repo poller is a little "different" to the other bundled plugins. While not having used it before, I wonder why it is bundled and perhaps whether it shouldn't be - given its coupling to behaviour of other tools (such as
If you are just talking about this line you possibly don't need to change this. It's a |
I mean really, I don't think the concept of bundled plugins needs to exist at all. Let users add the plugins that are important to them. Appreciate this might be somewhat of a big change so perhaps it could be configurable, For example in our case we use the
I had to change that line to get it to compile against the version of java that our GoCD server runs (11 LTS). The newer target required Java 13, and we only use LTS versions in prod. |
Bundling the JSON and YAML config plugins made it a lot easier for people to adopt pipelines as code and get important features running out-of-the-box, including some options to improve security posture and allow source controlling secrets such as file-based secrets. Personally as a user I appreciated that for the config plugins. Less so yum or ldap authn. :) Also keep in mind ldap authz was commercial for a long time making its usage more fringe. But I see where you are coming from.
Ahh, yes. Personally I think it would have been better to only target LTS versions, in retrospect. Hope to have things working against Java 17 soon, but we can possibly drop the release target back to 11. I contemplated doing it for 21.4, but didn't get a chance to discuss with others. |
Yeah, it's a bit of a problem for us upgrading GoCD at the moment! We produce hardened/signed off "base" images for core languages. They integrate quite tightly into our platform too - so the more versions we support the more overhead on the core platform team. As a result, there's little desire for us to support non-LTS versions. But like anything, it's a balancing act. Not being able to upgrade GoCD means we have issues like the one above, and CVEs like this. It'd be great if you support 17 in the next release, or failing that, 11. |
Hi @Stono - just to follow up on this, while it doesn't resolve this bundled plugin issue, nor your
|
It doesn't solve the root issue here, but the yum repo plugin is no longer bundled as of |
Issue Type
Bug Report
Summary
The latest GoCD server version (17.11.0) does not come bundled with the latest YAML config plugin version (0.6.0). When using the official GoCD Docker image to run the server, there is no way to override the bundled plugin.
Environment
Using a Dockerfile that looks like:
Desired Results
GoCD uses plugin version 0.6.0.
Actual Results
GoCD uses bundled plugin version 0.5.0. Note, this is as per documentation; the behavior is expected, but deeply frustrating.
On a persistent server, I could remove the bundled plugin, or install the new version over it, then restart GoCD. But because we're using Docker to manage plugin installation, all plugin installation activities occur before the first run of the server. So whatever I might do in the Dockerfile, as soon as the server boots up, it writes out its bundled plugins, overriding my desired versions.
Possible Fix
My immediate problem would be solved by bundling the latest version of the plugin (CC/ @tomzo).
However, it also seems to me there should be some way, as a user of GoCD via Docker, to disable or replace bundled plugins. I would view it as a defect that, in the context of Docker, certain plugins have been made mandatory and can not be upgraded or disabled (unless I'm missing something).
The text was updated successfully, but these errors were encountered: