Jenkins Pipeline无法与docker-compose一起运行,因为它无法连接到docker守护程序 [英] Jenkins Pipeline does not run with docker-compose because it cant connect to docker daemon
问题描述
我正在尝试构建docker映像,并在Jenkins管道内使用docker-compose启动容器.
I am trying to build an docker image and start the container with docker-compose inside a Jenkins pipeline.
我为我的Jenkins创建了一个自定义Docker映像,在其中我可以使用现成的Jenkins映像并安装Docker CE和docker compose.
I have a custom docker image for my Jenkins where I use the Jenkins out of the box image and install Docker CE and docker compose.
Dockerfile:
The Dockerfile:
FROM jenkins/jenkins:2.159
USER root
# create dir to save jenkins log files
RUN mkdir /var/log/jenkins
RUN chown -R jenkins:jenkins /var/log/jenkins
########################################################################################################################
## install docker based on: https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-debian-9
########################################################################################################################
RUN apt update
RUN apt -y install apt-transport-https ca-certificates curl gnupg2 software-properties-common
RUN curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
RUN add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
RUN apt update
# make sure you are about to install from the Docker repo instead of the default Debian repo
RUN apt-cache policy docker-ce
RUN apt -y install docker-ce
#RUN systemctl status docker
# give jenkins docker rights
RUN apt update
RUN apt-get install acl
#RUN ls /var/run
#RUN setfacl -m user:jenkins:rw /var/run/docker.sock
RUN usermod -aG docker jenkins
RUN gpasswd -a jenkins docker
################################################################################################################################
## install docker-compose based on: https://www.digitalocean.com/community/tutorials/how-to-install-docker-compose-on-debian-9
################################################################################################################################
RUN curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
RUN chmod +x /usr/local/bin/docker-compose
RUN docker-compose --version
USER jenkins
RUN id -nG
#tell jenkins to use the created folder to store logs
我使用docker-compose build
并使用以下docker-compose文件构建此映像:
I build this image with docker-compose build
with this docker-compose file:
version: '3'
volumes:
jenkins-log:
jenkins-data:
networks:
jenkins-net:
services:
master:
build: ./jenkins-master
ports:
- "50000:50000"
volumes:
- jenkins-log:/var/log/jenkins
- jenkins-data:/var/jenkins_home
- /var/run/docker.sock:/var/run/docker.sock
networks:
- jenkins-net
nginx:
build: ./jenkins-nginx
ports:
- "80:80"
networks:
- jenkins-net
并以docker-compose -p jenkins up -d
这将启动Jenkins并可以正常运行.
This starts Jenkins and works fine for now.
然后,我创建一个使用以下Jenkinsfile的管道作业:
Then I create a Pipeline Job which uses the following Jenkinsfile:
node {
stage('Build Docker Image') {
sh '''
cd env-ci/
docker-compose --version
docker --version
docker-compose build
'''
}
}
运行此管道时,出现以下错误:
When I run this pipeline I get the following error:
+ cd env-ci/
+ docker-compose --version
docker-compose version 1.22.0, build f46880fe
+ docker --version
Docker version 18.09.1, build 4c52b90
+ docker-compose build
Couldn't connect to Docker daemon at http+docker://localhost - is it running?
If it's at a non-standard location, specify the URL with the DOCKER_HOST environment variable.
当我尝试在管道中运行docker info
时:
When I try to run docker info
within the pipeline:
node {
stage('Build Docker Image') {
sh '''
cd env-ci/
docker-compose --version
docker --version
docker info
'''
}
}
我收到以下错误:
+ cd env-ci/
+ docker-compose --version
docker-compose version 1.22.0, build f46880fe
+ docker --version
Docker version 18.09.1, build 4c52b90
+ docker info
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.39/info: dial unix /var/run/docker.sock: connect: permission denied
我目前不知道问题可能是什么或如何解决.
Jenkins管道以用户jenkins
身份运行,并且该用户已添加到docker组.所以权限应该可以吗?!
I am currently out of ideas what the issue might be or how I can resolve it.
The Jenkins pipeline is run as user jenkins
and this user is added to the docker group. So the permission should be fine?!
有人知道什么可能是错的吗? 谢谢!
Does anyone have an idea what might be wrong? Thank you!
推荐答案
显然,权限存在问题,因为它是docker中的docker.我可以通过以下方法解决它:
Apperantly there is a problem with permissions since it is docker in docker. I could solve it with the following:
1)从主机系统:以root用户身份连接到正在运行的jenkins容器
1) from the host system: connect to the running jenkins container as root
docker exec -u root -it <containerid> bin/bash
2)向jenkins用户授予/var/run/docker.sock的权限
2) give the jenkins user the right to /var/run/docker.sock
chown jenkins:docker /var/run/docker.sock
现在,我可以使用Jenkinsfile成功运行管道了.但这并不能真正解决问题,因为在每个图像生成之后都需要执行 chown 步骤.
Now I can run the pipeline with the Jenkinsfile successfully. But this does not really solve the problem since the chown step needs to be done after each image build.
修改: 解决此问题的干净方法是将Jenkins Slave(工作者)与Docker代理一起使用.这在本教程中进行了描述 https://engineering.riotgames.com/news/building- jenkins-inside-ephemeral-docker-container
The clean solution to solve this problem is to use a Jenkins Slave (worker) with a Docker Proxy. This is described in this turotial https://engineering.riotgames.com/news/building-jenkins-inside-ephemeral-docker-container
这篇关于Jenkins Pipeline无法与docker-compose一起运行,因为它无法连接到docker守护程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!