Give permission to jenkins to access unix:///var/run/docker.sock

Question

I have installed the docker plugin into jenkins and I am trying to configure a docker cloud.

My jenkins installation is running inside a docker container and I have bound to the docker socket on the host like so:

version: '3.3'
services:
    jenkins:
        container_name: jenkins
        ports:
            - '7345:8080'
            - '50000:50000'
        volumes:
            - /docker/jenkins/data/jenkins_home:/var/jenkins_home
            - /var/run/docker.sock:/var/run/docker.sock
        image: 'jenkins/jenkins:lts'

This method works fine using docker-ce-cli. If I install the cli and bind to the socket of host then it works.

However setting up jenkins I am getting an error:

Inside the jenkins container everything is run under user "jenkins" with a UID of 1000. On my host, UID 1000 is a user called "ubuntu".

I have added this user to the docker group

usermod -aG docker ubuntu

And checked the socket permissions:

# ls -lisa /var/run/docker.sock
833 0 srw-rw---- 1 root docker 0 Jul 22 22:02 /var/run/docker.sock

But jenkins still complains it doesn't have permissions.

What is right way to give jenkins permissions to access this socket?

Have you tried this? https://stackoverflow.com/a/51921594/530160 — Nick ODell, Jul 26 '20 at 04:13
Thanks, I haven't seen that. I tried to add the docker group with same ID inside the jenkins container but I need to be root to do it and it asks for a password when I try to elevate myself — Guerrilla, Jul 26 '20 at 04:25
You should be able to override that with `docker exec -it -u 0 bash` — Nick ODell, Jul 26 '20 at 04:31
Nice, I didn't know about that switch, thanks. I think though that would cause an issue everytime I restarted the container. I think only permanent way is to make a custom dockerfile? — Guerrilla, Jul 26 '20 at 04:34
I think so. I looked at the docs for bind mounts, and I couldn't find a way to mount a file in as a different user. — Nick ODell, Jul 26 '20 at 04:35
Cool, thanks for your help. I will give custom Dockerfile a try — Guerrilla, Jul 26 '20 at 04:36
Adding group with same gid ` addgroup --gid 998 docker` then `usermod -aG docker jenkins` didn't fix issue. Still getting permission denied :( — Guerrilla, Jul 26 '20 at 04:44

Guerrilla · Accepted Answer · 2020-07-30T06:54:52.020

None of the customizations in the other thread worked but I tweaked it a bit and got it working with the below file:

FROM jenkins/jenkins 

USER 0

ARG DOCKERGID=998

# Docker
RUN apt-get update \
    && apt-get install software-properties-common apt-transport-https ca-certificates gnupg-agent dialog apt-utils -y \ 
    && curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - \
    && add-apt-repository \
        "deb [arch=amd64] https://download.docker.com/linux/debian \
        $(lsb_release -cs) \
        stable" \
    && apt-get update \
    && apt-get install docker-ce-cli -y

# Setup users and groups
RUN addgroup --gid ${DOCKERGID} docker
RUN usermod -aG docker jenkins

USER 1000

score -1 · Answer 2 · answered Jul 26 '20 at 08:28

-1

To be able to use docker from jenkins - just add jenkins user to docker group, not ubuntu one.

usermod -aG docker jenkins

answered Jul 26 '20 at 08:28

Dmitriy Tarasevich

1,082
5
6

This is incorrect. If UID 1000 is set in docker then it has to be UID 1000 from the host. which is ubuntu user as stated in question. I have resolved issue please see my previously posted answer. – Guerrilla Jul 26 '20 at 11:12

Give permission to jenkins to access unix:///var/run/docker.sock

2 Answers2