Jenkins管道无法与docker compose一起运行,因为它无法连接到docker守护程序
我正在尝试构建一个docker映像,并在Jenkins管道中使用docker compose启动容器 我有一个自定义的docker映像,我使用Jenkins开箱即用映像,安装docker CE和docker compose Dockerfile:Jenkins管道无法与docker compose一起运行,因为它无法连接到docker守护程序,docker,jenkins,docker-compose,jenkins-pipeline,Docker,Jenkins,Docker Compose,Jenkins Pipeline,我正在尝试构建一个docker映像,并在Jenkins管道中使用docker compose启动容器 我有一个自定义的docker映像,我使用Jenkins开箱即用映像,安装docker CE和docker compose Dockerfile: FROM jenkins/jenkins:2.159 USER root # create dir to save jenkins log files RUN mkdir /var/log/jenkins RUN chown -R jenkins:
FROM jenkins/jenkins:2.159
USER root
# create dir to save jenkins log files
RUN mkdir /var/log/jenkins
RUN chown -R jenkins:jenkins /var/log/jenkins
########################################################################################################################
## install docker based on: https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-debian-9
########################################################################################################################
RUN apt update
RUN apt -y install apt-transport-https ca-certificates curl gnupg2 software-properties-common
RUN curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
RUN add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
RUN apt update
# make sure you are about to install from the Docker repo instead of the default Debian repo
RUN apt-cache policy docker-ce
RUN apt -y install docker-ce
#RUN systemctl status docker
# give jenkins docker rights
RUN apt update
RUN apt-get install acl
#RUN ls /var/run
#RUN setfacl -m user:jenkins:rw /var/run/docker.sock
RUN usermod -aG docker jenkins
RUN gpasswd -a jenkins docker
################################################################################################################################
## install docker-compose based on: https://www.digitalocean.com/community/tutorials/how-to-install-docker-compose-on-debian-9
################################################################################################################################
RUN curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
RUN chmod +x /usr/local/bin/docker-compose
RUN docker-compose --version
USER jenkins
RUN id -nG
#tell jenkins to use the created folder to store logs
我使用此docker compose文件使用docker compose build构建此图像:
version: '3'
volumes:
jenkins-log:
jenkins-data:
networks:
jenkins-net:
services:
master:
build: ./jenkins-master
ports:
- "50000:50000"
volumes:
- jenkins-log:/var/log/jenkins
- jenkins-data:/var/jenkins_home
- /var/run/docker.sock:/var/run/docker.sock
networks:
- jenkins-net
nginx:
build: ./jenkins-nginx
ports:
- "80:80"
networks:
- jenkins-net
并以docker compose-p jenkins up-d
从詹金斯开始,现在一切正常
然后,我创建一个管道作业,该作业使用以下文件:
node {
stage('Build Docker Image') {
sh '''
cd env-ci/
docker-compose --version
docker --version
docker-compose build
'''
}
}
运行此管道时,出现以下错误:
+ cd env-ci/
+ docker-compose --version
docker-compose version 1.22.0, build f46880fe
+ docker --version
Docker version 18.09.1, build 4c52b90
+ docker-compose build
Couldn't connect to Docker daemon at http+docker://localhost - is it running?
If it's at a non-standard location, specify the URL with the DOCKER_HOST environment variable.
+ cd env-ci/
+ docker-compose --version
docker-compose version 1.22.0, build f46880fe
+ docker --version
Docker version 18.09.1, build 4c52b90
+ docker info
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.39/info: dial unix /var/run/docker.sock: connect: permission denied
当我尝试在管道中运行docker info
时:
node {
stage('Build Docker Image') {
sh '''
cd env-ci/
docker-compose --version
docker --version
docker info
'''
}
}
我得到以下错误:
+ cd env-ci/
+ docker-compose --version
docker-compose version 1.22.0, build f46880fe
+ docker --version
Docker version 18.09.1, build 4c52b90
+ docker-compose build
Couldn't connect to Docker daemon at http+docker://localhost - is it running?
If it's at a non-standard location, specify the URL with the DOCKER_HOST environment variable.
+ cd env-ci/
+ docker-compose --version
docker-compose version 1.22.0, build f46880fe
+ docker --version
Docker version 18.09.1, build 4c52b90
+ docker info
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.39/info: dial unix /var/run/docker.sock: connect: permission denied
我目前不知道问题可能是什么,也不知道如何解决。
Jenkins管道以用户Jenkins
的身份运行,该用户被添加到docker组。那么许可就可以了
有人知道什么地方出了问题吗?
谢谢大家! 显然权限有问题,因为它是docker中的docker。我可以用以下方法解决这个问题:
1) 从主机系统:以root用户身份连接到正在运行的jenkins容器
docker exec -u root -it <containerid> bin/bash
现在,我可以使用Jenkins文件成功运行管道。但这并不能真正解决问题,因为chown步骤需要在每次图像构建之后完成
编辑:
解决此问题的干净解决方案是使用带有Docker代理的Jenkins Slave(worker)。本教程对此进行了描述
人们通常面临的问题是无法连接到Docker daemon
,因为他们不是Docker
组的成员,并且没有读取该文件的权限。
使用sudo
docker运行会解决这个问题,但这不是一个合适的解决方案
解决方案
Docker可以作为具有适当组权限的非root用户(没有sudo)运行。详细信息已发布。
以下是简短的版本:
$ sudo groupadd docker
$ sudo usermod -aG docker $USER
# Log out and log back in again to apply the groups
$ groups # docker should be in the list of groups for your user
$ docker run hello-world # Works without sudo
这将授予docker
组中的用户在不使用sudo
的情况下运行docker
和docker compose
命令的权限
允许jenkins使用:
chown-jenkins:docker/var/run/docker.sock
尝试在主机上运行此命令,但这只是一种解决方法:
chmod 777/var/run/docker.sock
这将允许任何人连接到docker守护进程,包括jenkins进程您是否尝试以jenkins用户身份登录并从那里访问docker命令?码头工人在同一台主机上吗?jenkins和docker之间的网络拓扑是什么样子的,我尝试连接到容器并运行docker info,结果是:jenkins@6b6da698df44:/$docker info在尝试连接到位于的docker守护程序套接字时被拒绝unix:///var/run/docker.sock: 获取http://%2Fvar%2Frun%2Fdocker.sock/v1.39/info:dial unix/var/run/docker.sock:connect:permission denied
可能副本