I have installed docker on my RHEL slaves
and have given permissions to "tomcat" user
sudo usermod -aG docker tomcat
I am able to run this command "docker run hello-world" as tomcat user on the box directly, but when I am running the same through Jenkins its failing
Running Prebuild steps
[docker-test] $ /bin/sh -xe /tmp/jenkins5880049234473840635.sh
+ whoami
tomcat
+ docker -v
Docker version 1.12.6, build 96d83a5/1.12.6
+ docker run hello-world
/usr/bin/docker-current: Cannot connect to the Docker daemon. Is the docker daemon running on this host?.
See '/usr/bin/docker-current run --help'.
Build step 'Execute shell' marked build as failure
you give the permission to "tomcat" user..
Is it your jenkins ssh user? (user used to connect on slave?)
if yes, you must restart your jenkins (i had this problem)
else you must give permission to the user used to connect on slave and restart your jenkins
Related
I want to run docker build command in Jenkins shell prompt.
Have already installed docker and add Jenkins user in docker usergroup.
But when i hit docker build command it shows me permission denied issue and when i am using sudo prefix it ask for password with -S argument.
I am running all commands on Jenkins master, earlier i used on other node server not master.
So what is best way to resolve this.
We are running a Kubernetes cluster for building Jenkins jobs. For the pods we are using the odavid/jenkins-jnlp-slave JNLP docker image. I mounted the /var/run/docker.sock to the pod container and added jenkins(uid=1000) user to the docker group on the host systems.
When running a shell script job in Jenkins with e.g. docker ps it fails with error docker: not found.
$ /bin/sh -xe /tmp/jenkins6501091583256440803.sh
+ id
uid=1000(jenkins) gid=1000(jenkins) groups=1000(jenkins)
+ docker ps
/tmp/jenkins2079497433467634278.sh: 8: /tmp/jenkins2079497433467634278.sh: docker: not found
Build step 'Execute shell' marked build as failure
Finished: FAILURE
The interesting thing is that when connecting into the pod manually and executing docker commands directly in the container as jenkins user, it works:
kubectl exec -it jenkins-worker-XXX -- /bin/bash
~$ su - jenkins
~$ id
uid=1000(jenkins) gid=1000(jenkins) groups=1000(jenkins),1000(jenkins)
~$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS
What is doing Jenkins in its job differently? Same user, same container, only groups=1000(jenkins),1000(jenkins) lists 1000(jenkins) as group 2 times when connecting manually. What am i missing?
/var/run/docker.sock is just the host socket that allows docker client to run docker commands from the container.
What you are missing is the docker client in your container.
Download the docker client manually and place it on a persistent volume and ensure that he docker client is in the system path. Also, ensure that the docker client is executable.
This command will do it for you. You may have to get the right version of the docker client for your environment
curl -fsSLO https://get.docker.com/builds/Linux/x86_64/docker-17.03.1-ce.tgz &&
tar --strip-components=1 -xvzf docker-17.03.1-ce.tgz -C /usr/local/bin
You may even be able to install the docker using the package manager for your image.
I have been working through the docker book and I am now learning about CI. I tried to run this script within the execute shell of my build:
# Build the image to be used for this job.
IMAGE=$(sudo docker build . | tail -1 | awk '{ print $NF }')
# Build the directory to be mounted into Docker.
MNT="$WORKSPACE/.."
# Execute the build inside Docker.
CONTAINER=$(sudo docker run -d -v $MNT:/opt/project/ $IMAGE /bin/ bash -c 'cd /opt/project/workspace; rake spec')
# Attach to the container so that we can see the output.
sudo docker attach $CONTAINER
# Get its exit code as soon as the container stops.
RC=$(sudo docker wait $CONTAINER)
# Delete the container we've just used.
sudo docker rm $CONTAINER
# Exit with the same value as that with which the process exited.
exit $RC
Running this script ends in the build failing. It shows these two errors:
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
and
sudo docker run -d -v /private/var/jenkins_home/jobs/${Docker_test_job}/workspace/..:/opt/project/ /bin/ bash -c cd /opt/project/workspace; rake spec
docker: invalid reference format.
See 'docker run --help'.
+ CONTAINER=
Build step 'Execute shell' marked build as failure
Recording test results
ERROR: Step ‘Publish JUnit test result report’ failed: No test report files were found. Configuration error?
Finished: FAILURE
I don't understand how to fix it as I've been following the instructions in the book. I tried using $PWD to try and fix my issue but that didn't work either.
Actaully the jenkins user does not have the permission to run docker command. To do this, add your jenkins user to the docker group:
sudo usermod -aG docker jenkins
Then restart your jenkins server to refresh the group.
Please be informed that ther is a warning "The docker group grants privileges equivalent to the root user. For details on how this impacts security in your system."
So I'm working with a slightly strange infrastructure: I have a openshift container platform that has a jenkins image from docker running inside it using the image openshift3/jenkins-2-rhel7
I'm trying to run docker build . command's within a jenkins pipeline and i'm getting a "Cannot connect to the Docker daemon" error. I don't understand why docker is installed on the machine yet not running and I don't currently have access to the openshift server other than cli and via the console. Does anyone have recommendations on how to get the docker build . command to run successfully for jenkins either with or without utilizing slaves?
node("master"){
withEnv(["PATH=${tool 'docker'}/bin:${env.PATH}"]) {
docker.withRegistry( 'dockertest') {
git url: "https://github.com/mydockertag/example.git", credentialsId: 'dockertest'
stage "build"
sh "docker build -t mydockertag/example -f ./Dockerfile ."
stage "publish"
}
}
After running the build command i get the following error:
+ docker build -t mydockertag/example -f ./Dockerfile .
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the
docker daemon running?
There can be two reasons for the error "Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?".
Docker is running but the user executing the docker command does not have privileges to talk to '/var/run/docker.sock'. Try using 'sudo docker build'. If you do not wish to use 'sudo' everytime, you can add your user to the docker group by following the post docker installation steps here (https://docs.docker.com/install/linux/linux-postinstall/#manage-docker-as-a-non-root-user).
The docker daemon is not up and running at all. You will have to start the docker daemon manually.
By default, OpenShift Container Platform runs containers using an arbitrarily assigned user ID. For an image to support running as an arbitrary user, directories and files that may be written to by processes in the image should be owned by the root group and be read/writable by that group. Files to be executed should also have group execute permissions.
Adding the following to your Dockerfile sets the directory and file permissions to allow users in the root group to access them in the built image:
RUN useradd -g root -G sudo -u 1001 user && \
chown -R user:root /some/directory && \
chgrp -R 0 /some/directory && \
chmod -R g=u /some/directory
#Specify the user with UID
USER 1001
Refer section "Support Arbitrary User IDs" on the Guideline from Openshift
I would like to run Docker shell commands on Jenkins like:
docker ps
Is it possible to do it with out using any plugins? Since Jenkins isn't a user, but a service account how can I add to docker group?
First execute
sudo groupadd docker
Then execute
sudo usermod -aG docker $USER
Then logout its important to logout because your group membership is re-evaluated
Login and try again
docker ps
It works!
Following approach worked for me to run docker commands without any plugins
Rather than adding jenkins user to docker group, allowed jenkins user to run sudo commands with out prompting for password and then created an alias to avoid sudo in Dockerfile for jenkins slave. I had to install docker client in the container which connects to daemon running in the host machine.
## allowing jenkins user to run sudo commands
RUN echo "jenkins ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
## avoid typing sudo in command line
RUN echo "alias docker='sudo docker '" >> /home/jenkins/.bashrc
(Taken from this answer: https://askubuntu.com/a/477554)
If you run on Ubuntu and Jenkins runs directly on the host machine (i.e. not inside a Docker container):
Add the docker group if it doesn't already exist:
sudo groupadd docker
Add the user "jenkins" to the docker group:
sudo gpasswd -a jenkins docker
Restart the Docker daemon:
sudo service docker restart
Either do a newgrp docker or log out/in to activate the changes to groups.
I had the issue when I was running from jenkins pipeline. I added jenkins user to docker group, restarted the docker engine and rebooted the machine as well. However I still get the same error dial unix /var/run/docker.sock: connect: permission denied.
Finally I added jenkins to root group and it resolved my issue (ubuntu 18.04) (VM on Azure)
sudo gpasswd -a jenkins root
sudo service docker restart