0

I've got Jenkins official image deployed into Docker container on my Mac and I need to use docker commands here.

The question: How to correctly embed Docker executables to Docker's image (i.e.Jenkins image) in order Docker to use docker commands?

Here what I did:

  1. Runned Jenkins container with additional parameter of -v /var/run/docker.sock:/var/run/docker.sock. Getting permission denied when try to access docker build.
  2. Then I assigned sudo privileges inside container to Jenkins user usermod -aG sudo jenkins to Jenkins user and rebooted, the error is still here.
root@4328a7e643ea:/ groups jenkins
jenkins : jenkins sudo
  1. Doing chmod 777 /var/run/docker.sock on the host computer and reboot then hasn't helped too.

Additional info:

The parameters I used to create Jenkins container in Docker:

docker run --name jenkins --restart=on-failure --detach \
  --network jenkins --env DOCKER_HOST=tcp://docker:2376 \
  --env DOCKER_CERT_PATH=/certs/client --env DOCKER_TLS_VERIFY=1 \
  --publish 9000:8080 --publish 60000:50000 \
  --volume jenkins-data:/var/jenkins_home \
  --volume jenkins-docker-certs:/certs/client:ro \
  --volume /usr/local/bin/docker:/usr/bin/docker \
  --volume /var/run/docker.sock:/var/run/docker.sock \
  jenkins/jenkins:jdk17

After a whole day is wasted on reading & trying, I've finally gave up. Please, help me understand how to overcome this issue.

Dec0de
  • 321
  • 1
  • 11
  • `usermod -aG sudo jenking` You only added to sudo group, not sudo privileges, that depends on the permissions. `permission denied when try to access docker build` Congrats on installing docker. Now, what is `stat /var/run/docker.sock` and result of `id` inside the container? `chmod 777 /var/run/docker.sock on the host computer and reboot` Why did you _reboot_? So after reboot, permissions where reset. (?) – KamilCuk May 12 '23 at 07:30
  • 1
    But you use DOCKER_HOST=tcp://docker:2376 , not sock. Is there a hostname docker resolved by your DNS? – KamilCuk May 12 '23 at 14:19
  • 1. The result of issuing "stat /var/run/docker.sock": "16777232 30382117 lrwxr-xr-x 1 root daemon 0 35 "May 12 09:17:36 2023" "May 12 09:17:36 2023" "May 12 09:17:36 2023" "May 12 09:17:36 2023" 4096 0 0 /var/run/docker.sock". 2. The resilt of issuing "id" inside the container: "uid=0(root) gid=0(root) groups=0(root)" I rebooted to be sure that the changes applied. AFAIK the CHMOD changes is permanent. If it's not, please corrent me. – Dec0de May 12 '23 at 14:25
  • I blindly copied it from a sample config. I'm afraid not: tried to ping it on my host machine without result, neither I ran anything with the same name inside a Docker. – Dec0de May 12 '23 at 14:33

1 Answers1

0

I did some additional research and found nice post, where almost all possible solutions were mentioned. The similar group of posts resides here.

So generally there is two options to actually run Docker's build job on Jenkins:

  1. Embed Docker's binaries into Jenkins image. It could be just docker-ce-cli package.
  2. Route Docker's binaries on the host to container VM:
docker run  \
  --name jenkins \
   --volume /var/run/docker.sock:/var/run/docker.sock \**
   --volume $(which docker):/usr/bin/docker \**
jenkins/jenkins

The first option routes docker.sock to container and the second exposes Docker's executable from a host to the container.

Unfortunately, the second option didn't worked for me under any circumstances: I tried to run container in the privilege mode, under the root user, added Jenkins user to root group (for my home Mac it's okay), chmod 777 /var/run/docker.sock, usermod -aG docker jenkins. No way.

The last thing I gave a shot:

docker run -u root \
  --privileged \
  --name jenkins \
  --detach \
  --network jenkins \
  --publish 9000:8080 \
  --publish 60000:50000 \
  --volume jenkins-data:/var/jenkins_home \
  --volume /var/run/docker.sock:/var/run/docker.sock \
  --volume $(which docker):/usr/bin/docker \
jenkins/jenkins

So finally I decided to give up and just embed Docker's executables (docker-ce-cli) into my Jenkins image with --volume /var/run/docker.sock:/var/run/docker.sock \ option, which successfully exposes all of my host-machine's images to the Jenkins's container. Guess, it's more MacOS-related issues, because I red thousands messages of Linux users, which has confirmed that routing of binaries (the 1-st way) works good for them.

So for now I'm building my image from this Dockerfile:

FROM jenkins/jenkins:jdk17
USER root
RUN apt-get update
RUN apt-get install ca-certificates curl gnupg
RUN install -m 0755 -d /etc/apt/keyrings
RUN curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
RUN chmod a+r /etc/apt/keyrings/docker.gpg
RUN echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  tee /etc/apt/sources.list.d/docker.list > /dev/null
RUN apt-get update
RUN apt-get install -y docker-ce-cli docker-compose-plugin
Dec0de
  • 321
  • 1
  • 11