Re: [cbi-dev] Docker on Jenkins Dash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [cbi-dev] Docker on Jenkins Dash

From: Mikaël Barbero <mikael.barbero@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 30 Apr 2018 10:30:45 +0200
Delivered-to: cbi-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/cbi-dev>
List-help: <mailto:cbi-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/cbi-dev>, <mailto:cbi-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/cbi-dev>, <mailto:cbi-dev-request@eclipse.org?subject=unsubscribe>

IIRC, the args "-u" you're giving to the Dockerfile pipeline is used to define which user is used inside the container, not how to to run docker. It does not relate to which user starts the docker command.

With the current setup, Dash Jenkins user (named genie.dash), can only run "sudo docker" (see https://www.projectatomic.io/blog/2015/08/why-we-dont-let-non-root-users-run-docker-in-centos-fedora-or-rhel/ for reasoning).

Unfortunately, Jenkins docker pipeline does not support this setup.

AFAIK, Glassfish uses Docker successfully in Dash JIPP, not through pipeline though.

So I would go with a non-docker agent and start the build step with a shell command calling the docker run command itself. Something like:

pipeline {

agent { label 'glass-slave1' }

stages {

stage('Example Build') {

steps {

sh 'sudo docker run -it --rm -v ${WORKSPACE}:/build maven:3.5.3-jdk-8-slim mvn clean verify -f /build/pom.xml'

}

Cheers,

Mikaël Barbero - Eclipse Foundation

IT Services - Release Engineering

📱 (+33) 642 028 039

📧 mikael.barbero@xxxxxxxxxxxxxxxxxxxxxx

🐦 @mikbarbero

Le 30 avr. 2018 à 07:10, Yamini K B <yamini.k.b@xxxxxxxxxx> a écrit :
Hi,

I’ve been trying hard to get some tests to run within a container in the Jenkins Dash environment.

The main road block is this error:
[Pipeline] {
[Pipeline] sh
[mq-pipeline] Running shell script
+ docker inspect -f . maven:3.5.3-jdk-8-slim

Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.26/containers/maven:3.5.3-jdk-8-slim/json: dial unix /var/run/docker.sock: connect: permission denied
As seen, the container is unable to connect to Docker on the host. I then raised the following issue:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=534047

The Jenkins user has been given sudo access but that still doesn’t solve my problem since the docker commands are initiated by the Docker plugin. My script says just this:
pipeline { agent { docker { image 'maven:3.5.3-jdk-8-slim' } }

I tried all possible ways like passing args (-u root:sudo, -u 0:0) to above docker options. I also tried the dockerfile approach suspecting issue with the docker agent option, even that didn’t work:

agent {
dockerfile {
dir 'jenkins'
args '-u root:root'
label 'glass-slave1'
}
}

I can understand Jenkins user cannot be added to docker group for security reasons but is there any other way out? Has anyone been successful running jobs in containers on Eclipse Dash instances?

Thanks,
-Yamini
_______________________________________________
cbi-dev mailing list
cbi-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/cbi-dev

Attachment: signature.asc
Description: Message signed with OpenPGP

Follow-Ups:
- Re: [cbi-dev] Docker on Jenkins Dash
  - From: Yamini K B

References:
- [cbi-dev] Docker on Jenkins Dash
  - From: Yamini K B

Prev by Date: [cbi-dev] Docker on Jenkins Dash
Next by Date: Re: [cbi-dev] Docker on Jenkins Dash
Previous by thread: [cbi-dev] Docker on Jenkins Dash
Next by thread: Re: [cbi-dev] Docker on Jenkins Dash
Index(es):
- Date
- Thread

Breadcrumbs