jenkins is running in a Docker container.
Docker is using in a Mac OS. So I marked out these lines in jenkins.yml:
# mount docker sock and binary for docker in docker (only works on linux)
#- /var/run/docker.sock:/var/run/docker.sock
#- /usr/bin/docker:/usr/bin/docker
in Jenkinsfile which is generated by JHipster and includes two tasks int he pipeline:
Perform the build in a Docker container
Analyze code with Sonar
List item
node {
stage('checkout') {
checkout scm
}
docker.image('openjdk:8').inside('-u root -e MAVEN_OPTS="-Duser.home=./"') {
stage('check java') {
sh "java -version"
}
checkout from bitbucket was successful. the pipeline stopped and got an error at docker "pull openjdk:8". Console Output is:
[AAAAApp] Running shell script
+ docker inspect -f . openjdk:8
/var/jenkins_home/workspace/GeneticsDB#tmp/durable-21459aca/script.sh:
2: /var/jenkins_home/workspace/GeneticsDB#tmp/durable-21459aca/script.sh: docker: not found
[Pipeline] sh
[AAAAApp] Running shell script
+ docker pull openjdk:8
/var/jenkins_home/workspace/GeneticsDB#tmp/durable-d5590370/script.sh:
2: /var/jenkins_home/workspace/GeneticsDB#tmp/durable-d5590370/script.sh: docker: not found
but this command could be run successfully in the command line, like below:
docker pull openjdk:8
8: Pulling from library/openjdk
Digest: sha256:18c9622a8dc67b608a2dd0178b4c5aebc0e2da9a656072c6e799cfc46cb96422
Status: Image is up to date for openjdk:8
I know there is a similar question: Docker not found when building docker image using Docker Jenkins container pipeline
But my docker is running in Mac OS.
The problem actually is How to run Docker inside a container running on Docker for Mac. It is fixed by
brew install docker
and update jenkins.yml to
# mount docker sock and binary for docker in docker
- /var/run/docker.sock:/var/run/docker.sock
- /usr/local/bin/docker:/usr/local/bin/docker
got an error:
Warning: failed to get default registry endpoint from daemon (Got
permission denied while trying to connect to the Docker daemon socket
at unix:///var/run/docker.sock: Get
http://%2Fvar%2Frun%2Fdocker.sock/v1.35/info: dial unix
/var/run/docker.sock: connect: permission denied). Using system
default: https://index.docker.io/v1/
Got permission denied while trying to connect to the Docker daemon
socket at unix:///var/run/docker.sock: Post
http://%2Fvar%2Frun%2Fdocker.sock/v1.35/images/create?
fromImage=openjdk&tag=8: dial unix /var/run/docker.sock: connect:
permission denied
Solution: update the access permission of /var/run/docker.sock in docker container.
find the container of Jenkins: docker container ps -a
login the container: docker exec -it -u root ec379335d599 /bin/bash
upadte permission: chmod 777 /var/run/docker.sock
If your jenkins is running inside of a docker container, then I'd recommend:
installing docker inside that container
mounting the docker socket so it can run docker commands from inside the container
dynamically adjusting group permissions of the jenkins user in an entrypoint.sh of the jenkins container, so you don't need to change permissions of the docker socket or try to match the host group to the container group
The last part I do with an entrypoint that runs as root, runs a groupmod to adjust the gid of the user's group, and then drops permissions to that user with an exec + gosu which replaces pid 1 with the jenkins server running as the jenkins user. All the code needed to do this is up in the following git repo: https://github.com/sudo-bmitch/jenkins-docker
Related
I want to run a Postman collection from a Docker image in a Gitlab CI pipeline. The Docker socket file is already mounted for the gitlab-ci-runner so the runner has access to the docker server.
Here's the job definition from .gitlab-ci.yaml
postman:
image: docker:20.10.14
stage: schedule
only:
- schedules
before_script: []
script:
- env
- docker run -t -v $CI_PROJECT_DIR:/etc/newman postman/newman run postman_collection.json
The console output of the gitlab CI runner looks like this:
$ docker run -t -v $CI_PROJECT_DIR:/etc/newman postman/newman run postman_collection.json
error: collection could not be loaded
unable to read data from file "postman_collection.json"
ENOENT: no such file or directory, open 'postman_collection.json'
The file exists. I even tried
docker run --rm -it -v $PWD:/etc/newman --entrypoint sh postman/newman
from my localhost console and ran it manually. It's all there. What am I missing?
List item
The Docker socket file is already mounted for the gitlab-ci-runner
The problem here is that in the scenario where you are talking to the host docker daemon (i.e., when the host docker socket in mounted in the job), when you pass the volume argument to docker run like -v /source/path:/container/path the /source/path part of the argument refers to the host filesystem not the filesystem of the job container.
Think about it like this: the host docker daemon doesn't know that its socket is mounted inside the job container. So when you run docker commands this way, it's as if you're running the docker command on the runner host!
Because $PWD and $CI_PROJECT_DIR in your job command evaluates to a path in the job container (and this path isn't on the runner host filesystem) the volume mount will not work as expected.
This limitation is noted in the limitations of Docker socket binding documentation:
Sharing files and directories from the source repository into containers may not work as expected. Volume mounting is done in the context of the host machine, not the build container
The easiest workaround here would likely be to use postman/newman as your image: instead of docker.
myjob:
image:
name: postman/newman
entrypoint: [""]
script:
- newman run postman_collection.json
I have Jenkins on Docker, both Jenkins master and slave are Docker containers, with mounted var/run/docker.sock. There is proper connection between them, but when I try to run simple docker "hello-world" as a test (using a Pipeline script), I got famous:
Got permission denied while trying to connect to the Docker daemon
socket at unix:///var/run/docker.sock: Get
http://%2Fvar%2Frun%2Fdocker.sock/v1.39/containers/json?all=1: dial
unix /var/run/docker.sock: connect: permission denied
I've read many times, that my Jenkins user should belong to docker group, then everything shoud work just fine. But apparently, this happens:
jenkins#7401675c7c9e:~$ groups
jenkins docker
jenkins#7401675c7c9e:~$ docker ps -a
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.39/containers/json?all=1: dial unix /var/run/docker.sock: connect: permission denied
Now I completely don't know what am I doing wrong, I've tried everything:
adding RUN usermod -a -G docker jenkins to both Dockerfiles (for
master and slave images)
adding DOCKER_OPTS=' -G jenkins' to /etc/default/docker
adding privileged: true to docker-compose
manually entering containers and using usermod -aG docker jenkins, and relogging later.
No matter what I do, pipeline can't just access docker socket. I am jenkins user, I am in docker group and I still can't do anything with docker daemon. Jenkinsfile is really simple:
pipeline{
agent{
node{
label 'swarm'
}
}
stages {
stage("Just checking"){
steps{
sh 'whoami'
sh 'groups jenkins'
}
}
stage("Hello world!"){
steps{
sh 'docker run hello-world'
}
} ...
And results are:
+ whoami
jenkins
+ groups jenkins
jenkins : jenkins docker
+ docker run hello-world
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.35/containers/create: dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.
script returned exit code 126
I'm just starting to use docker and jenkins and I have no idea what I am doing wrong, does anybody see any obvious mistake?
we are getting this error while trying to run docker commands. E.g.:
$ docker image ls
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.38/images/json: dial unix /var/run/docker.sock: connect: permission denied
So we followed the steps here but the problem remains. Then we saw this question where it is advised
You have to restart the docker daemon, otherwise it won't let members
of the docker group to control the docker daemon
but are having trouble restarting the service
$ sudo service docker restart
Failed to restart docker.service: Unit docker.service not found.
we are using
$ docker -v
Docker version 18.06.1-ce, build e68fc7a
on
$ uname -a
Linux jnj 4.15.0-1036-azure #38-Ubuntu SMP Fri Dec 7 02:47:47 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
the docker group has been successfully created and we are member of it
$ grep docker /etc/group
docker:x:1001:siddjain
Also we did log out and log back in. we are able to run docker commands with sudo. Also
$ sudo snap services
Service Startup Current Notes
docker.dockerd enabled active -
can anyone help us?
The solution was to restart docker daemon using snap (since that is how we installed docker)
siddjain#jnj:~$ sudo snap stop docker
Stopped.
siddjain#jnj:~$ snap start docker
error: access denied (try with sudo)
siddjain#jnj:~$ sudo snap start docker
Started.
After that we are able to run docker commands without having to sudo
siddjain#jnj:~$ docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
siddjain#jnj:~$
Our joy was shortlived as we immediately ran into another error after this one when we tried to run another container.
mkdir /var/lib/docker: read-only file system
To fix it we had to uninstall and reinstall docker again - this time from the official documentation as described here
I'm using packer docker builder with ansible to create docker image (https://www.packer.io/docs/builders/docker.html)
I have a machine(client) which is meant to run build scripts. The packer docker is executed with ansible from this machine. This machine has docker client. It's connected to a remote docker daemon. The environment variable DOCKER_HOST is set to point to the remote docker host. I'm able to test the connectivity and things are working good.
Now the problem is, when I execute packer docker to build the image, it errors out saying:
docker: Run command: docker run -v /root/.packer.d/tmp/packer-docker612435850:/packer-files -d -i -t ubuntu:latest /bin/bash
==> docker: Error running container: Docker exited with a non-zero exit status.
==> docker: Stderr: docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.
==> docker: See 'docker run --help'.
It seems the packer docker is stuck looking at local daemon.
Workaround: I renamed docker binary and introduced a script called "docker" which sets DOCKER_HOST and invokes the original docker binary with parameters passed on.
Is there a better way to deal this?
Packers Docker builder doesn't work with remote hosts since packer uses the /packer-files volume mount to communicate with the container. This is vaguely expressed in the docs with:
The Docker builder must run on a machine that has Docker installed.
And explained in Overriding the host directory.
I am attempting to build a docker image from a Dockerfile using a declarative pipeline in Jenkins. I've successfully added the 'jenkins' user to the docker group, and can run 'docker run hello-world' as the jenkins user manually. However, when I attempt to build through the pipeline, I can't even run 'docker run hello-world':
From the pipeline:
[workspace] Running shell script
+ whoami
jenkins
[workspace] Running shell script
+ groups jenkins
jenkins : jenkins docker
[workspace] Running shell script
+ docker run hello-world
docker: Got permission denied while trying to connect to the Docker
daemon socket at unix:///var/run/docker.sock: Post
http://%2Fvar%2Frun%2Fdocker.sock/v1.30/containers/create: dial unix
/var/run/docker.sock: connect: permission denied.
Manually sshing into Jenkins and switching to the 'jenkins' user:
*********#auto-jenkins-01:~$ sudo su - jenkins -s/bin/bash
jenkins#auto-jenkins-01:~$ docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://cloud.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/engine/userguide/
Some other useful information: Jenkins is running from a VM.
Needed to give jenkins user group privileges to docker unix socket by editing /etc/default/docker and adding:
DOCKER_OPTS=' -G jenkins'