I'm facing the following problem: I created a Jenkins docker container, and linked the docker socket on the host, with the container. Like this:
docker run -v /var/run/docker.sock:/var/run/docker.sock -p 8080:8080 -p 50000:50000 -d --name jenkins --restart unless-stopped jenkins
Then when I try to create some jobs on jenkins I get the usual "permission denied" message:
Got permission denied while trying to connect to the Docker daemon
socket at unix:///var/run/docker.sock: Get
http://%2Fvar%2Frun%2Fdocker.sock/v1.29/images/json: dial unix
/var/run/docker.sock: connect: permission denied
But that problem doesn't happen if I attach to the container and run the command using the root user.
How can I fix this?
I can't add jenkins user to docker group on the host by running sudo gpasswd -a jenkins docker (because there is no jenkins user on the host, only in the container) and I also can't run this command inside the container (because the container doesn't know about any docker group). Any tips on how to solve this?
You can add the docker group inside the container. Do this in its bash:
groupadd -g <docker-group-id> docker
Find out the <docker-group-id> running this in the host:
ls -ln /var/run/docker.sock
Then add the jenkins user to the docker group:
gpasswd -a jenkins docker
Take into account any security issue that this could produce:
Warning: The docker group grants privileges equivalent to the root user. For details on how this impacts security in your system, see Docker Daemon Attack Surface.
Refer to the docs
Related
I'm binding the current user and a volume to a container using the following command.
docker run --user="$(id -u):$(id -g)" -v /var/run/docker.sock:/var/run/docker.sock ...
When I try to call docker ps inside the container, I'm getting /var/run/docker.sock: connect: permission denied error. Because /var/run/docker.sock has root ownership in the host (therewithal in the container).
Is there any way to run the container as a user and access the host docker daemon inside the container using the same user?
On my Redhat7linux docker host, i have created a jenkins container by pulling the jenkins official image from docker hub and i was able to bring the jenkins container up & running by executing the command:
docker run -d -p 50000:8080 -v $PWD/jenkins:/var/lib/jenkins -t jenkins_master
and i could see the jenkins is up when i checked the logs using the docker logs {containerID} but when i try to launch it in web browser with {hostip}:50000, I couldn't access it as it throws "The site cant be reached", and since my container is running inside a company network, should I either open/enable that port 50000 or do I need to set any proxy in the docker host?
Am I missing something here?
Here are the outputs of the docker command:
The official image provide the following command :
docker run -p 8080:8080 -p 50000:50000 -v /your/home:/var/jenkins_home jenkins
It seems that both ports 8080 and 50000 have to be exposed.
Execute the docker run command to run the container, check the status of your container.
docker container run -p [YOUR PORT]:8080 -v [YOUR
VOLUME]:/var/jenkins_home
--name jenkins-local jenkins/jenkins:lts
you can then access it using localhost:[YOUR PORT]
I’ve just run Dockerfile in jenkins setup then I get the following error:
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/build?buildargs=%7B%7D&cachefrom=%5B%5D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&labels=%7B%7D&memory=0&memswap=0&networkmode=default&rm=1&session=2quv9npfhvxjco1lqvt8aea9h&shmsize=0&t=testfile&target=&ulimits=null&version=1: dial unix /var/run/docker.sock: connect: permission denied
.
..
Dockerfile
WebApp.war
SSH: EXEC: completed after 404 ms
SSH: Disconnecting configuration [Docker] ...
SSH: Transferred 1 file(s)
Finished: SUCCESS
docker.deamon tell us this:
The Docker daemon binds to a Unix socket instead of a TCP port. By
default that Unix socket is owned by the user root and other users can
only access it using sudo. The Docker daemon always runs as the root
user.
If you don’t want to preface the docker command with sudo, create a
Unix group called docker and add users to it. When the Docker daemon
starts, it creates a Unix socket accessible by members of the docker
group.
Check if the docker group already exists:
cat /etc/group | grep docker
if it doesn't, create with this command:
sudo groupadd docker
add the jenkins user to docker group:
sudo usermod -a -G docker jenkins-user
newgrp docker
Check if is it worked...
$ cat /etc/group | grep docker
docker:x:***:jenkins-user
Restart the jenkins
logout, and login again
Or you can just try run the docker with sudo.
I mounted /var/run/docker.sock under the non-root user, and checked that the permission role was nobody. Why not the default root
The mount code is as follows
docker run -it --rm --entrypoint='' -v /var/run/docker.sock:/var/run/docker.sock controller:v1 bash
bash-5.0# ls /var/run/ -lh
total 0
srw-rw---- 1 nobody nobody 0 Feb 3 07:48 docker.sock
At this time, docker daemon cannot be connected by running docker command
bash-5.0# docker ps
Got permission denied while trying to connect to the Docker daemon socket at
unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.39/containers/json:
dial unix /var/run/docker.sock: connect: permission denied
I have granted the non-root user Docker permission with sudo usermod-ag Docker your-user
I hope to use Docker CLI in docker container to perform some operations, such as Docker Run, Docker Ps, Docker images and so on
I would appreciate it if you could tell me how to solve it?
I want to setup a rancher server and a rancher agent on the same server.
Here is what i have done for creating server:
docker run -d --restart=unless-stopped -p 8080:8080 rancher/server:stable
Then, I have opened my web-browser on 8080 port.
I have chosen a login/password and enabled access control.
Then i wanted to create a host (agent). Rancher web interface says me to type this command:
docker run -e CATTLE_AGENT_IP=x.x.x.x --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/rancher:/var/lib/rancher rancher/agent:v1.2.10 http://nsxxx.ovh.net:8080/v1/scripts/yyyy:1514678400000:zzzz
I have no error message, but I do not see any entry in host section (in rancher web interface).
So I tried to execute a shell on the agent docker container:
docker exec -ti xxxxx /bin/bash
I tried to manually run run.sh script and here is what I see:
Error: No such image or container: nsxxx
I suppose this is because docker containers cannot communicate together, but I have done exactly what is in the documentation...
Thanks for your help
For docker exec your need to replace the xxxxx string with the container id or the name of the container. Both you get from the docker ps command