Starting Jenkins in Docker Container - jenkins

I want to run Jenkins in a Docker Container on Centos7.
I saw the official documentation of Jenkins:
First, pull the official jenkins image from Docker repository.
docker pull jenkins
Next, run a container using this image and map data directory from the container to the host; e.g in the example below /var/jenkins_home from the container is mapped to jenkins/ directory from the current path on the host. Jenkins 8080 port is also exposed to the host as 49001.
docker run -d -p 49001:8080 -v $PWD/jenkins:/var/jenkins_home -t jenkins
But when I try to run the docker container I get the following error:
/usr/local/bin/jenkins.sh: line 25: /var/jenkins_home/copy_reference_file.log: Permission denied
Can someone tell me how to fix this problem?

The official Jenkins Docker image documentation says regarding volumes:
docker run -p 8080:8080 -p 50000:50000 -v /your/home:/var/jenkins_home jenkins
This will store the jenkins data in /your/home on the host. Ensure that /your/home is accessible by the jenkins user in container (jenkins user - uid 1000) or use -u some_other_user parameter with docker run.
This information is also found in the Dockerfile.
So all you need to do is to ensure that the directory $PWD/jenkins is own by UID 1000:
mkdir jenkins
chown 1000 jenkins
docker run -d -p 49001:8080 -v $PWD/jenkins:/var/jenkins_home -t jenkins

The newest Jenkins documentation says to use Docker 'volumes'.
Docker is kinda tricky on this, the difference between the two is a full path name with the -v option for bind mount and just a name for volumes.
docker run -d -p 49001:8080 -v jenkins-data:/var/jenkins_home -t jenkins
This command will create a docker volume named "jenkins-data" and you will no longer see the error.
Link to manage volumes:
https://docs.docker.com/storage/volumes/

Related

Cannot copy file from jenkins container to host through jenkins pipeline

working on zsh (mac1), I have used this docker run command:
- docker run --name container2 --link container1:alias -v /Users/omerboucris/Desktop/Devops_Final_Project/jenkins-data:/var/jenkins_home -p 8090:8080 -d jenkins/jenkins:lts
I have upload the Jenkins job and Im trying to docker cp some local file which created in /workspace/job1/file.txt to my vm host path:
/Users/omerboucris/Desktop/Devops_Final_Project/jenkins-data
why I have no access to my vm ? the jenkins runs on root only.. If I print 'pwd' on my job: /var/jenkins_home/workspace/MonitorJob
so how I can use the docker cp ?
this command not helpful:
docker cp d6dac560c25b:/var/jenkins_home/workspace/FinalProject_Devops/OurLandPage.jsp <HOME>/Desktop
even If Im trying to cd my Desktop I cant
thanks!

Jenkins Docker image, to use bind mounts or not?

I am reading through this bit of the Jenkins Docker README and there seems to be a section that contradicts itself from my current understanding.
https://github.com/jenkinsci/docker/blob/master/README.md
It seems to me that is says to NOT use a bind mount, and then says that using a bind mount is highly recommended?
NOTE: Avoid using a bind mount from a folder on the host machine into /var/jenkins_home, as this might result in file permission
issues (the user used inside the container might not have rights to
the folder on the host machine). If you really need to bind mount
jenkins_home, ensure that the directory on the host is accessible by
the jenkins user inside the container (jenkins user - uid 1000) or use
-u some_other_user parameter with docker run.
docker run -d -v jenkins_home:/var/jenkins_home -p 8080:8080 -p
50000:50000 jenkins/jenkins:lts this will run Jenkins in detached mode
with port forwarding and volume added. You can access logs with
command 'docker logs CONTAINER_ID' in order to check first login
token. ID of container will be returned from output of command above.
Backing up data
If you bind mount in a volume - you can simply back up
that directory (which is jenkins_home) at any time.
This is highly recommended. Treat the jenkins_home directory as you would a database - in Docker you would generally put a database on
a volume.
Do you use bind mounts? Would you recommend them? Why or why not? The documentation seems to be ambiguous.
As commented, the syntax used is for a volume:
docker run -d -v jenkins_home:/var/jenkins_home -n jenkins ...
That defines a Docker volume names jenkins_homes, which will be created in:
/var/lib/docker/volumes/jenkins_home.
The idea being that you can easily backup said volume:
$ mkdir ~/backup
$ docker run --rm --volumes-from jenkins -v ~/backup:/backup ubuntu bash -c “cd /var/jenkins_home && tar cvf /backup/jenkins_home.tar .”
And reload it to another Docker instance.
This differs from bind-mounts, which does involve building a new Docker image, in order to be able to mount a local folder owner by your local user (instrad of the default user defined in the official Jenkins image: 1000:1000)
FROM jenkins/jenkins:lts-jdk11
USER root
ENV JENKINS_HOME /var/lib/jenkins
ENV COPY_REFERENCE_FILE_LOG=/var/lib/jenkins/copy_reference_file.log
RUN groupmod -g <yourId>jenkins
RUN usermod -u <yourGid> jenkins
RUN mkdir "${JENKINS_HOME}"
RUN usermod -d "${JENKINS_HOME}" jenkins
RUN chown jenkins:jenkins "${JENKINS_HOME}"
VOLUME /var/lib/jenkins
USER jenkins
Note that you have to declare a new volume (here /var/lib/jenkins), because, as seen in jenkinsci/docker issue 112, the official /var/jenkins_home path is already declared as a VOLUME in the official Jenkins image, and you cannot chown or chmod it.
The advantage of that approach would be to see the content of Jenkins home without having to use Docker.
You would run it with:
docker run -d -p 8080:8080 -p 50000:50000 \
--mount type=bind,source=/my/local/host/jenkins_home_dev1,target=/var/lib/jenkins \
--name myjenkins \
myjenkins:lts-jdk11-2.190.3
sleep 3
docker logs --follow --tail 10 myjenkins

Use docker command in jenkins container

My centos version and docker version(install by yum)
Use docker common error in container
My docker run command:
docker run -it -d -u root --name jenkins3 -v /var/run/docker.sock:/var/run/docker.sock -v $(which docker):/usr/bin/docker docker.io/jenkins/jenkins
but,its error when I exec docker info in jenkins container
/usr/bin/docker: 2: .: Can't open /etc/sysconfig/docker
Exposing the host's docker socket to your jenkins container will work with
-v /var/run/docker.sock:/var/run/docker.sock
but you will need to have the docker executable installed in your jenkins image via a Dockerfile.
It is likely the example you are looking at is already using a docker image. A quick google search brings up https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/ whose example uses a docker image (already has the executable installed):
docker run -v /var/run/docker.sock:/var/run/docker.sock \
-ti docker
Also note from that same post your exact issue with mounting the binary:
Former versions of this post advised to bind-mount the docker binary from the host to the container. This is not reliable anymore, because the Docker Engine is no longer distributed as (almost) static libraries.

Docker container to use same Nexus volume?

I run the following:
mkdir /some/dir/nexus-data && chown -R 200 /some/dir/nexus-data
chown -R 200 /Users/user.name/dockerVolume/nexus
docker run -d -p 8081:8081 --name nexus -v /some/dir/nexus-data:/nexus-data sonatype/nexus3
Now lets say I upload an artifact to Nexus, and stop the nexus container.
If I want another Nexus container open, on port 8082, what Docker command do I run such that it uses the same volume as on port 8081 (so when I run this container, it already contains the artifact that I uploaded before)
Basically, I want both Nexus containers to use the same storage, so that if I upload an artifact to one port, the other port will also have it.
I ran this command, but it didn't seem to work:
docker run --name=nexus2 -p 8082:8081 --volumes-from nexus sonatype/nexus3
Bind mounts which is what you're using as a "volume" has limited functionality as compared to an explicit Docker volume.
I believe the --volumes-from flag only works with volumes managed by Docker.
In order to share the volume between containers with this flag you can have docker create a volume for you with your run command.
Example:
$ docker run -d -p 8081:8081 --name nexus -v nexus-volume:/nexus-data sonatype/nexus3
The above command will create a Docker managed volume for you with the name nexus-volume. You can view the details of the created volume with the command $ docker volume inspect nexus-volume.
Now when you want to run a second container with the same volume you can use the --volumes-from command as you desire.
So doing:
$ docker run --name=nexus2 -p 8082:8081 --volumes-from nexus sonatype/nexus3
Should give you your desired behaviour.

Could not find jenkins_home folder in Ubuntu after downloading the Docker Jenkins Image

I pulled Docker-Jenkins image from Docker central repository and run the below command
$ docker run -p 8080:8080 -p 50000:50000 Jenkins
In the middle of the installation, the below lines appeared.
*************************************************************************`
Jenkins initial setup is required. An admin user has been created and a password generated.
Please use the following password to proceed to installation:
xxxxxxxxxxxxxxxxxxxxxx
This may also be found at: /var/jenkins_home/secrets/initialAdminPassword
*************************************************************************`
But in my /var, no jenkins_home folder is present.
I am getting the following error and I couldn't access my Jenkins using localhost:8080
INFO: Jenkins is fully up and running
Oct 11, 2016 4:31:19 AM winstone.Logger logInternal
INFO: JVM is terminating. Shutting down Winstone
When the Admin password got generated, I was able to access the Jenkins Dashboard. But immediately, JVM is getting terminated and I can no longer access the Jenkins page.
After starting jenkins you have 2 choices:
docker run -p 8080:8080 -d -p 50000:50000 jenkins
(The -d option is to run the container in the background)
You can go inside the container and checking the initial admin passwd:
check running containers
[root#localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cc73eb6d6f75 jenkins "/bin/tini -- /usr/lo" 32 seconds ago Up 30 seconds 0.0.0.0:8080->8080/tcp, 0.0.0.0:50000->50000/tcp ecstatic_leakey
Go inside the container
docker exec -it cc73eb6d6f75 bash
And check the content of the adminpasswd
jenkins#cc73eb6d6f75:/$ cat /var/jenkins_home/secrets/initialAdminPassword
1c8be33b31904cacb5xxx
Or you create your own named docker volume:
[root#localhost ~]# docker volume create --name jenkins-volume
jenkins-volume
This volume is on your host in /var/lib/docker/volumes/jenkins-volume.
You can start your jenkins and connect it with the volume:
docker run -p 8080:8080 -d -p 50000:50000 -v jenkins-volume:/var/jenkins_home jenkins
All the data from /var/jenkins_volume inside your container will be mounted inside your named volume. hostpath is: /var/lib/docker/volumes/jenkins-volume/_data
So check on my host:
[root#localhost ~]# ls /var/lib/docker/volumes/jenkins-volume/_data
config.xml hudson.model.UpdateCenter.xml init.groovy.d jobs nodes secret.key updates war
copy_reference_file.log hudson.plugins.git.GitTool.xml jenkins.install.InstallUtil.lastExecVersion logs plugins secret.key.not-so-secret userContent workspace
credentials.xml identity.key.enc jenkins.install.UpgradeWizard.state nodeMonitors.xml queue.xml.bak secrets users
If you installed via the Jenkins Docker official instructions, the jenkins-data Docker volume gets automatically created in the run command. So to get the password:
sudo cat /var/lib/docker/volumes/jenkins-data/_data/secrets/initialAdminPassword
If you want to mount a host dir as jenkins_home you need to give the Jenkins user (UID 1000) ownership of that dir.
JENKINS_HOME=/home/$(whoami)/jenkins_home
mkdir $JENKINS_HOME
chown -R 1000 $JENKINS_HOME
Run Jenkins container:
docker run -d --name jenkins \
-p 8080:8080 -p 50000:50000 \
-v /home/$(whoami)/jenkins_home:/var/jenkins_home \
jenkins
You can find a detailed walkthrough here on how to run Jenkins CI from a container.

Resources