How to map volume for Jenkins in Dockers

Question

I have been trying to map volume from my host to docker container, while running jenkins, but failing.

This is what I tried so far:

I executed the following command:

docker run -p 8080:8080 -p 50000:50000 -v /var/jenkins_home:/var/jenkins_home jenkins/jenkins:lts

I am getting following error:

touch: cannot touch '/var/jenkins_home/copy_reference_file.log': Permission denied
Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions?

I tried a lot of things, and last I followed the following steps from this link:

Jenkins wrong volume permissions

docker run -p 8080:8080 -p 50000:50000 -it jenkins bin/bash

Once inside the container's shell run the id command and you'll get results like:

uid=1000(jenkins) gid=1000(jenkins) groups=1000(jenkins)

Exit the container, go to the folder you are trying to map and run:

chown -R 1000:1000 .

On my machine I do not have user 1000 so I am trying to create it but failing to do so.

useradd -u 1000 jenkins

When I run the above command, I get the following error.

useradd: UID 1000 is not unique

My machine details are as follows:

NAME="CentOS Linux"
VERSION="7 (Core)"

The OS is running on Oracle VM Virtual Box.

I have tried couple of other things, but seems to be failing.

Any pointers will be appreciated.

Thanks.

score 1 · Answer 1 · answered Jul 26 '20 at 12:14

1

tl;dr: You dont need add user jenkins with id 1000 on your host, the chown should be enough.

Privilege mismatch is a common problem you often get when using bind mounts. The user running a process inside a container does not match the bind-mount privileges it tries to access.

You can try to run the container as the host user that is allowed to access the bind mount, i.e. as the current host user docker run --user $(id -u):$(id -g) ...

Then again there might be a specific user set in the image to run a process and this trick does not work. If you choose to keep using bind mounts you can change the permissions on the bind mount like you already did, i.e. chown -R 1000:1000 .. You dont need that user on your host system, it should still work, it will just show as user 1000 with gid 1000 on the host without a named user attached.

I suggest to get used to use named mounts instead of bind mounts, it solves alot of the troubles you get with bind mounts.

answered Jul 26 '20 at 12:14

Dominik Gebhart

2,980
1
16
28

If i do `chown -R 1000:1000 jenkins_home2`, and then `ll`, I get the following output. ```drwxr-xr-x. 2 osboxes osboxes 4096 Jul 26 04:10 jenkins_home2``` It seems like use osboxes has id 1000, and I am still getting the same problem. It is necessary that the user should be jenkins with id 1000. If yes, how can i do that. – Naresh Chaurasia Jul 27 '20 at 03:36
It shouldn't matter what user mapping is shown on your host. `jenkins_home2` - you start your container with `-v /var/jenkins_home2:/var/jenkins_home`, right? Because of the `2` being different to your example. – Dominik Gebhart Jul 27 '20 at 21:58
I still cannot get it to work. As you can see in the comments above, i tried almost everything. – Naresh Chaurasia Jul 28 '20 at 02:49

score 1 · Answer 2 · answered Jul 27 '20 at 03:06

I did some more RnD and tried following:

I ran the following command

docker volume create jenkins_volume

This creates a volume jenkins_volume in following directory

var/lib/docker/volumes

If i do ll, i get the following details

drwxr-xr-x. 3 root root 4096 Jul 26 07:51 jenkins_volume

i.e. the user and group is root.

Now if i try to run this command it works fine.

docker run -p 8080:8080 -p 50000:50000 -v jenkins_volume:/var/jenkins_home jenkins/jenkins:lts

Although I am not clear to me why earlier it was not working (as in the original question), even when the id and group was root:root for /var/jenkins_home.

May be someone shed more light on this, but for now it am able to make progess.

Thanks.

named volumes / mounts is the better way as i already mentioned, you don't run into problems of mismatching permissions between host and container file system. The cause of your initial issue might e just some oddity with your vm setup, hard to tell. — Dominik Gebhart, Jul 28 '20 at 10:17

René Link · Answer 3 · 2020-07-27T06:07:43.343

I also had this problem and I will use different directory paths to avoid ambigiouty in this answer. E.g. -v /var/host/jenkins_home:/var/jenkins_home

First I would like to reproduce the error and create the directory on my host with sudo -u root mkdir -p /var/host/jenkins_home. Since the directory is created by root only root has permission to access it.

$ ls -al /var/host/jenkins_home/
total 8
drwxr-xr-x 2 root root 4096 Jul 27 03:54 .
drwxr-xr-x 3 root root 4096 Jul 27 03:54 ..

When I start jenkins now I will get the same error like you

$ docker run -p 8080:8080 -p 50000:50000 -v /var/host/jenkins_home:/var/jenkins_home jenkins/jenkins:lts
Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions?
touch: cannot touch '/var/jenkins_home/copy_reference_file.log': Permission denied

To fix this problem you must change the permissions on the host filesystem so that uid 1000 and gid 1000 has access to /var/host/jenkins_home.

sudo chown -R 1000:1000 /var/host/jenkins_home/

If I start jenkins now it will work:

$ docker run -p 8080:8080 -p 50000:50000 -v /var/host/jenkins_home:/var/jenkins_home jenkins/jenkins:lts
Running from: /usr/share/jenkins/jenkins.war webroot: EnvVars.masterEnvVars.get("JENKINS_HOME")
2020-07-27 03:51:36.430+0000 [id=1]     INFO  org.eclipse.jetty.util.log.Log#initialized: Logging initialized @441ms to org.eclipse.jetty.util.log.JavaUtilLog
2020-07-27 03:51:36.577+0000 [id=1]     INFO  winstone.Logger#logInternal: Beginning extraction from war file

When working with docker you should think in uid and gid and not in usernames, because they can differ and lead to confusion.

E.g. on my host machine the uid 1000 is my user rene

 $ id -un 1000
 rene

But in the container it is jenkins:

 $ docker exec <CONTAINER_NAME> id -un 1000
 jenkins

EDIT

I still get same error

Check the permissions in the container

docker run --rm -v /var/host/jenkins_home:/var/jenkins_home jenkins/jenkins:lts ls -al /var/jenkins_home

it should show you that jenkins is the owner and group of /var/jenkins_home

total 12
drwxr-xr-x 2 jenkins jenkins 4096 Jul 27 04:56 .
drwxr-xr-x 1 root    root    4096 Jul 15 14:56 ..
-rw-r--r-- 1 jenkins jenkins  100 Jul 27 04:56 copy_reference_file.log

EDIT

Yes. I am running docker inside a VM, right. And the VM host is also a linux. I am new to dockers, so did not understand much of what you said here. Can you please elaborate.

So you have the following setup:

+-------------------------------------------------------------------------------+
+                                VM  Host                                       | 
+-------------------------------------------------------------------------------+
|                                                                               |
|                           +-------------------------------------------------+ |
| /                         |           VM (Docker Host)                      | |
| +- var                    +-------------------------------------------------+ |
|    +- ...                 | /                      +-----------------------+| |
|                           | +- var                 |   container jenkins   || |
|                           |    +- host             +-----------------------+| |
|                           |       + -jenkins_home  |/                      || |
|                           | /                      |+- var                 || |
|                           |                        |   +- jenkins_home     || |
|                           |                        +-----------------------+| |
|                           +-------------------------------------------------+ |
+-------------------------------------------------------------------------------+

Please ensure that you run the commands on the docker host (the VM). Keep in mind that the docker host file system is different from your local (VM Host).

I tried as follows: `sudo -u root mkdir -p /var/host/jenkins_home` then `ls -al /var/host/jenkins_home/` then `sudo chown -R 1000:1000 /var/host/jenkins_home/` then `docker run -p 8080:8080 -p 50000:50000 -v /var/host/jenkins_home:/var/jenkins_home jenkins/jenkins:lts` I still get same error: `touch: cannot touch '/var/jenkins_home/copy_reference_file.log': Permission denied Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions? ` Machine details: NAME="CentOS Linux" VERSION="7 (Core)" The OS is running on Oracle VM Virtual Box. — Naresh Chaurasia, Jul 27 '20 at 04:44
I updated my answer. Please check the permissions in the container. — René Link, Jul 27 '20 at 04:58
I am not able to execute the command `docker run --rm -v /var/host/jenkins_home:/var/jenkins_home jenkins/jenkins:lts ls -al /var/jenkins_home`. I am getting same error. If i execute following command `less /etc/passwd | grep 1000`, i get the following out put: `osboxes:x:1000:1000:osboxes.org:/home/osboxes:/bin/bash` 1000 is mapped to user osboxes. — Naresh Chaurasia, Jul 27 '20 at 05:19
You are running docker inside a VM, right? And the VM host is also a linux? If so you can't mount the VM hosts directory in the VMs docker container, because the VMs docker container will mount the directory of the docker host, which is the VM. — René Link, Jul 27 '20 at 05:54
What I mean is: "Do you have 3 sparate file systems?" -> VM Host, VM (docker host), docker container? — René Link, Jul 27 '20 at 05:56
Yes. I am running docker inside a VM, right. And the VM host is also a linux. I am new to dockers, so did not understand much of what you said here. Can you please elaborate. — Naresh Chaurasia, Jul 27 '20 at 05:57
Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/218658/discussion-between-naresh-chaurasia-and-rene-link). — Naresh Chaurasia, Jul 27 '20 at 05:59

How to map volume for Jenkins in Dockers

3 Answers3