在jenkins docker容器中执行docker host命令 [英] Execute docker host command inside jenkins docker container
问题描述
我有一个运行jenkins的docker容器.我要在此容器内启动其他容器,所以要在此容器外.
I have a docker container running jenkins. I want inside this container to start other container, so outside this container.
我尝试使用以下命令启动我的jenkins控制器:
I've tried to start my jenkins controller with :
docker run -v /var/run/docker.sock:/var/run/docker.sock -v $(which docker):/bin/docker
(如此处所写:但是当我在容器中尝试运行Docker命令时,我收到了典型的消息
But when inside of my container I try to run a Docker command, I have the typical message
FATA[0000] Get http://%2Fvar%2Frun%2Fdocker.sock/v1.18/containers/json: dial unix /var/run/docker.sock:
connect: permission denied. Are you trying to connect to a TLS-enabled daemon without TLS?
并且无法在此容器中运行docker命令.
And no way to run docker command inside this container..
无论是否使用--privileged = true,我都尝试过,但仍然无法正常工作.
I've tried with and without --privileged=true, it still don't work.
如果您有任何想法!
推荐答案
A related post to this issue is this one.
但是,关于此事,我要说几句话(因为我有同样的问题).您需要做两件事:(1)安装docker.sock和(2)运行docker服务.
However, a few words on this (as I had the same issue). There are two things you need to do: (1) mount docker.sock and (2) have docker service running.
关于(1):如@yclian所述,您必须将使用的jenkins放入docker组.
Regarding (1): As mentioned by @yclian you have to put the jenkins used into the docker group.
我遵循了 Adrian Mouat的指令.他建议在sudo docker run ..的构建步骤中执行docker命令.在我的情况下,sudo很好,但是总的来说,这可能是一个安全问题,因为Jenkins用户可能获得对主机的根访问权限,并且可以创建在主机上装载任意目录的容器.
I followed Adrian Mouat's instruction. He suggests to execute docker commands in a build step with sudo docker run ... The sudo is fine in my scenario, but in general it may be a security issue in that the Jenkins user may get root access to the host and could create containers that mount arbitrary directories on the host.
关于命令中的(2)和-v $(which docker):/bin/docker.我在MacOS上. which docker给了我/usr/local/bin/docker/这是正确的,但是docker仍然在容器内不可用.我从
Regarding (2) and -v $(which docker):/bin/docker in your command. I'm on MacOS. which docker gives me /usr/local/bin/docker/ which is correct, but still docker was not available inside the container. I started the jenkins container with
docker run -p 8080:8080 -p 50000:50000 -v /usr/bin/docker:/usr/bin/docker -v /var/run/docker.sock:/var/run/docker.sock -v /Users/matthaeus/.jenkins_home:/var/jenkins_home -t -i jenkins
如果不想执行此操作,则必须将docker engine安装在容器内,方法是通过连接到容器(docker exec -t -i container-id /bin/bash和apt-get install docker-engine)或在Dockerfile中指定它来手动进行安装.
If you do not want to do this you have to install the docker engine inside the container, either manually by connecting to it (docker exec -t -i container-id /bin/bash and apt-get install docker-engine) or specifying it in a Dockerfile.
如果您都完成了这两个构建步骤,则可能包含诸如sudo docker build -t my-image .这样的命令,并且该映像也将在主机上可用.
If you have done both your build steps may contain the commands like this sudo docker build -t my-image . and this image will also be available on the host machine.
这篇关于在jenkins docker容器中执行docker host命令的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
