1

My Jenkins Docker image contains Docker itself. The reason is to have access to Docker during deployment jobs. This is just a solution that works very fine for me.

After starting the container, I can execute Jenkins jobs, e.g. to maven-build and then docker-build, tag and push images. Works great! To execute the docker commands, I included access to Docker Engine from within the container. Via the docker.sock I can access the Docker engine. The container runs in an existing Docker environment. Notice: alternatively, I could have added the Docker tooling later via the Jenkins GUI. This option runs for over a year well.

The problem I have is that the Docker engine cannot be accessed. The reason is that the /var/run/docker.sock has wrong permissions. So, after starting the Docker image (or container) I have to manually change (as a root user) the /var/run/docker permissions to 777.

How can I change the image to automatically have the right execution permissions for the /var/run/docker.sock? The container runs as a jenkins user.

This is my container: 

FROM jenkins/jenkins:lts
USER root

RUN mkdir -p /tmp/download && \
 curl -L https://download.docker.com/linux/static/stable/x86_64/docker-18.03.1-ce.tgz | tar -xz -C /tmp/download && \
 rm -rf /tmp/download/docker/dockerd && \
 mv /tmp/download/docker/docker* /usr/local/bin/ && \
 rm -rf /tmp/download && \
 curl -L "https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose && \
 chmod +x /usr/local/bin/docker-compose && \
 groupadd -g 998 docker && \
 usermod -aG staff,docker jenkins
...
user jenkins
tm1701
  • 7,307
  • 17
  • 79
  • 168
  • 1
    I'm a little confused. You download docker tar and decompress. On the next line you `rm` the docker daemon binary from the decompressed files. How can you launch the docker daemon in your container after that ? Are you in fact accessing the docker daemon on your host by bind mounting the socket as described in [this article](https://getintodevops.com/blog/the-simple-way-to-run-docker-in-docker-for-ci) ? If this the case, can you show the command you use to launch your container ? – Zeitounator May 30 '19 at 17:34
  • Possible duplicate: https://stackoverflow.com/q/54452152/596285 – BMitch May 30 '19 at 17:36
  • @Zeitounator - I added a new seconds paragraph in the question for an explanation. @ BMitch - I really hope to find something more accessable. Are there ways to do it without a seperate entry script? – tm1701 May 30 '19 at 18:59
  • @Zeitounator - the Docker daemon is already active because the container is managed as a Docker container ;-) So you only have to connect to the Docker engine. – tm1701 May 31 '19 at 16:38
  • That's clearer now. In this case see BMitch answer above in the duplicate link. This is likely related to docker user uid mapping between the container and your host. – Zeitounator Jun 01 '19 at 08:27

0 Answers0