I've got build agent machine on Amazon Linux AMI. It has docker container jetbrains/teamcity-agent:latest. I can see build agent in TeamCity panel.
When I'm trying to run build with docker build/push commands I'm getting this error
Cannot login to registry docker.io (new); cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?; exit code 1 (Step: docker build (Docker))
What's wrong with teamcity-agent?
I guess that the jetbrains/teamcity-agent:latest will be running as a user that does not have docker permissions. Either the user that runs the commands in this image needs to be added to the group docker, or via ACLs be given permission to the docker socket /var/run/docker.sock. Note that this is root-equivalent.
Related
I am using gitlab-runner version 14.4.0 and docker version 20.10.11 on Ubuntu 18.04.6 LTS
The machine I am using for the runners is a powerful Supermicro server. Our Gitlab CI is on gitlab cloud (SAAS)
I have been receiving the following errors on Build stage jobs:
ERROR: Job failed (system failure): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? (exec.go:66:120s)
Error: Job failed (system failure): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? (docker.go:708:120s)
Preparation failed: adding cache volume: set volume permissions: create permission container for volume "runner-######-project-#####-concurrent-0-cache-##############": Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? (linux_set.go:90:120s)
ERROR: Job failed (system failure): prepare environment: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? (docker.go:708:120s). Check https://docs.gitlab.com/runner/shells/index.html#shell-profile-loading for more information
The solutions I have tried so far:
Added multi pull policy: pull_policy = ["always", "if-not-present"]
in config.toml for all runners
Gave permission to gitlab-runner user
for docker and sudo groups
Tried chmod 666 /var/run/docker.sock
systemctl docker enable & systemctl docker start
restarted gitlab-runner and reloaded daemon
Fresh installed the machine from scratch with Ubuntu 18.04.6 LTS, latest docker and gitlab-runner
Nothing seemed to have solved the issue. Usually just restarting the jobs after the error gets the jobs running. But that is not a solution.
I am new to this and any help is appreciated!
Thank you
The issue you're running into is that you're attempting to use the docker socket to build a container without actually exposing the docker socket inside your executor. You have three options for how to solve this issue:
Map the docker socket into the runner. To do this, where you're specifying volumes, add /var/run/docker.sock:/var/run/docker.sock to the array of mapped volumes.
Use docker-in-docker with a privileged container, which doesn't require you to map the docker socket, but requires you to be familiar with how DIND works and to follow the instructions here: https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-the-docker-executor-with-the-docker-image-docker-in-docker
Use something to build your container that doesn't require a docker socket. I'd highly recommend using Kaniko to build your docker container - it tends to be faster than docker and you can ignore the use of the docker socket altogether (which makes your builds more secure too): https://docs.gitlab.com/ee/ci/docker/using_kaniko.html#building-a-docker-image-with-kaniko
I am building a Docker Image into Jenkinsfile Groovy Script.
I'm facing below error while creating the Docker Image.
Since ,docker has been installed automatically by Jenkins, so can't start it manually.
any Idea how can i do this by Jenkins by Script or an other around..?
Are you installing jenkins on windows or linux?
If it is linux, you need to add user jenkins to the docker group
usermod -a -G docker jenkins
If it is windows, you need to go to serivces and log on jenkins as administrator.
Select tab logon --> Log in with a user with administrator rights
Then, restart service jenkins.
Objective:
I have 200+ projects using docker builds they run docker in their own docker daemon.To reduce cost i setup a central docker build server where i have to allow all projects to build docker images securely
Description
I created the setup with jenkins docker pipeline by installing docker plugin in jenkins and connected to my docker host via docker API.when i run build it launch docker host as jenkins slave container and allow to run docker build
Issue
Setup works fine for building docker image but my concern is with security
how to securely allow 200+ projects to connect docker daemon?
How to restrict access of each users based on roles?
How to forbidden docker run command in docker daemon? they are restricted to run docker run
Platform i use:
Jenkins running in redhatopenshift
docker host in a linux box
Can any suggest me the steps to fix this security hole
Regards
Ashif
I am trying to build an image with docker and then upload it to the docker hub, after passing the quality tests I receive the following error: docker: not found, how can I communicate my docker service (localhost) with the container of jenkins.
Important: I have docker desktop installed locally and I have installed jenkins in a local container also in windows 10 pro.
Error: https://imgur.com/q1SrKGe
Pipeline: https://imgur.com/nQWL1HR
You have 2 options to do this:
Install Docker inside your Jenkins Container and also add a bind mount for the Docker socket from your host. Otherwise your Docker Daemon inside your Container wont work. On Linux this socket is /var/run/docker.sock, so the bind mount would look like -v /var/run/docker.sock:/var/run/docker.sock.
Use a different slave agent for the Building Image Stage where you have docker installed. For e.g. you could use Docker-in-Docker (https://hub.docker.com/_/docker) as a Slave Agent for Jenkins (connected via ssh) and run your docker build inside this slave agent.
I am using Minikube to test everything I deploy in IBM Bluemix kubernetes service. I have my Macbook docker environment configured to use Minikube and I don't start standard basic Docker daemon/service in my MacBook. I just:
eval $(minikube docker-env)
It works great and I use same yaml files in Minikube than then I apply to Bluemix, as I use that Docker and Minikube image registry. Problem: when I try to login to BX CR to push an image from Minikube registry I get:
MacBook-Pro:Docker and Kubernetes icordoba$ bx cr login
Logging in to 'registry.ng.bluemix.net'...
FAILED
Failed to 'docker login' to 'registry.ng.bluemix.net' with error: Warning: failed to get default registry endpoint from daemon (Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?). Using system default: https://index.docker.io/v1/
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
.
It seems bx cr login command needs local docker host daemon running so I need to build image into Minkube registry, test in Minikube, shut it down, start Docker, build image again i docker registry, login to bx cr and push the image...
Can I make bx cr login command work with Minikube docker environment and not basic docker environment configured?
As mentioned in the comments the docker CLI is a pre-requirement for pushing to and pulling from the registry.
It should be possible to ssh into minikube using minikube ssh allowing you access to the docker daemon within minikube. You would then need to install the Bluemix cli and cr plugin. It should then be possible to push your images from there.
Alternatively you could install the IBM-Containers plugin found here. Then you can build your container in Bluemix and it will automatically push the image into the Container Registry for you to use with Kubernetes. This would allow you to build and push images without access to a docker daemon.
bx ic build -t registry.ng.bluemix.net/<namespace>/<image>:<tag> DOCKERFILE_PATH
(Adjust the registry region prefix based on which region you want your image to be pushed to)