jenkins jenkins, .

sudo usermod -a -G root jenkins
sudo service jenkins restart

2018-08-19

, " ", , , .

Jenkins :

1. /var/run/docker.sock jenkins, .
2. , . , . ,
3. sudo usermod -a -g docker jenkins, jenkins docker. , , gid , gid .

exec : groupmod -g <YOUR_HOST_DOCKER_GID> docker.

, /var/run/docker.sock 777 - , /var/run/docker.sock .

Jenkins, Docker, Jenkins Docker- - Ubuntu 16.04 /var/run/docker.sock.

:

1) - (docker exec -it jenkins bash )

usermod -a -G docker jenkins
chmod 664 /var/run/docker.sock
service jenkins restart (or systemctl restart jenkins.service)
su jenkins

2) -:

sudo service docker restart

664 - ( ) .

docker jenkins

sudo usermod -a -G docker jenkins

Docker Jenkins. , Jenkinsfile pipeline{agent{dockerfile pipeline{agent{image:

pipeline {
    agent {
        dockerfile {
            filename 'Dockerfile.jenkinsAgent'
        }
    }
    stages {

, docker run, .

• () Docker.
• Docker, Docker-in-Docker, .
• , . , docker run ( sudo).

Docker

Docker- Docker, Docker Dockerfile:

# Dockerfile.jenkinsAgent
FROM debian:stretch-backports
# Install Docker in the image, which adds a docker group
RUN apt-get -y update && \
 apt-get -y install \
   apt-transport-https \
   ca-certificates \
   curl \
   gnupg \
   lsb-release \
   software-properties-common

RUN curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
RUN add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/debian \
   $(lsb_release -cs) \
   stable"

RUN apt-get -y update && \
 apt-get -y install \
   docker-ce \
   docker-ce-cli \
   containerd.io

...

Docker

, Jenkins Docker, Docker Docker, . , Jenkins Docker :

pipeline {
    agent {
        dockerfile {
            filename 'Dockerfile.jenkinsAgent'
            args '-v /var/run/docker.sock:/var/run/docker.sock'
        }
    }

UID GID

. . , , - UID GID Docker ( root.docker). , ( useradd... jenkins groupadd... docker Jenkins Docker). jenkins docker

args '-v /var/run/docker.sock:/var/run/docker.sock -u jenkins:docker'

Docker jenkins docker , Docker, , jenkins, , , UID GID , , GID docker

, docker build Dockerfile , Docker:

pipeline {
    agent {
        dockerfile {
            filename 'Dockerfile.jenkinsAgent'
            additionalBuildArgs  '--build-arg JENKINSUID='id -u jenkins' --build-arg JENKINSGID='id -g jenkins' --build-arg DOCKERGID='stat -c %g /var/run/docker.sock''
            args '-v /var/run/docker.sock:/var/run/docker.sock -u jenkins:docker'
        }
    }

id UID GID jenkins stat Docker.

Dockerfile , jenkins docker , groupadd, groupmod useradd:

# Dockerfile.jenkinsAgent
FROM debian:stretch-backports
ARG JENKINSUID
ARG JENKINSGID
ARG DOCKERGID
...
# Install Docker in the image, which adds a docker group
RUN apt-get -y update && \
 apt-get -y install \
   apt-transport-https \
   ca-certificates \
   curl \
   gnupg \
   lsb-release \
   software-properties-common

RUN curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
RUN add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/debian \
   $(lsb_release -cs) \
   stable"

RUN apt-get -y update && \
 apt-get -y install \
   docker-ce \
   docker-ce-cli \
   containerd.io

...
# Setup users and groups
RUN groupadd -g ${JENKINSGID} jenkins
RUN groupmod -g ${DOCKERGID} docker
RUN useradd -c "Jenkins user" -g ${JENKINSGID} -G ${DOCKERGID} -M -N -u ${JENKINSUID} jenkins

2019-02-16

, . , usermod .

:

sudo usermod -a -G docker jenkins

( - :

docker exec -t -i my_container_id_or_name /bin/bash

)

:

usermod: 'jenkins'

:

, . :

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] :

.

sudo , Docker :

usermod: . usermod: /etc/passwd; .

: :

docker exec -t -i -u root my_container_id_or_name /bin/bash

root :

usermod -a -G docker jenkins

:

docker restart my_container_id_or_name

, .

root usermod jenkins.

2019-05-26

!

docker-compose:

version: "3"
services:
  jenkins:
    image: jenkinsci/blueocean
    privileged: true
    ports:
      - "8080:8080"
    volumes:
      - $HOME/learning/jenkins/jenkins_home:/var/jenkins_home
    environment:
      - DOCKER_HOST=tcp://socat:2375
    links:
      - socat

  socat:
     image: bpack/socat
     command: TCP4-LISTEN:2375,fork,reuseaddr UNIX-CONNECT:/var/run/docker.sock
     volumes:
        - /var/run/docker.sock:/var/run/docker.sock
     expose:
        - "2375"

jenkins docker , jenkins .

# usermod -g docker jenkins
# usermod -a -G jenkins jenkins

jenkins jenkins, .

sudo usermod -a -G docker jenkins
sudo service jenkins restart

, , . https://hub.docker.com/r/fristonio/jenkins_docker/

. , Docker

- Linux.

https://docs.docker.com/install/linux/linux-postinstall/

, Jenkins,

sudo setfacl -m user:tomcat:rw /var/run/docker.sock

-

-v /var/run/docker.sock:/var/run/docker.sock

setfacl , "-u user". , Jenkins. .

. , GID, :

FROM jenkins/jenkins:lts
...
CMD DOCKER_GID=$(stat -c '%g' /var/run/docker.sock) && \
    groupadd -for -g ${DOCKER_GID} docker && \
    usermod -aG docker jenkins && \
    sudo -E -H -u jenkins bash -c /usr/local/bin/jenkins.sh

.: https://github.com/jenkinsci/docker/issues/263

jenkins :

-v /var/run/docker.sock:/var/run/docker.sock \
-u jenkins:$(getent group docker | cut -d: -f3)

, jenkins Docker. : https://getintodevops.com/blog/the-simple-way-to-run-docker-in-docker-for-ci

. .

ubuntu@node1:~$ docker run hello-world
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.38/containers/create: dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.

: , , /var/run/docker.sock:

ubuntu@ip-172-31-21-106:/var/run$ ls -lrth docker.sock
srw-rw---- 1 root root 0 Oct 17 11:08 docker.sock
ubuntu@ip-172-31-21-106:/var/run$ sudo chmod 666 /var/run/docker.sock
ubuntu@ip-172-31-21-106:/var/run$ ls -lrth docker.sock
srw-rw-rw- 1 root root 0 Oct 17 11:08 docker.sock

docket.sock , .

ubuntu@ip-172-31-21-106:/var/run$ docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
1b930d010525: Pull complete
Digest: sha256:c3b4ada4687bbaa170745b3e4dd8ac3f194ca95b2d0518b417fb47e5879d9b5f
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/