Docker在Docker权限错误 [英] Docker in Docker permissions error
问题描述
这是很好的,直到我最近更新了docker。我已经确定了这个问题,但我似乎无法找出正确的魔法来使其正常工作。
host $ docker exec -it myjenkins bash
jenkins @ container $ docker ps
尝试连接到Docker守护程序时拒绝了权限
在unix下的套接字:///var/run/docker.sock:获取http://%2Fvar%2Frun%2Fdocker.sock/v1.26/containers/json:dial unix /var/run/docker.sock:connect:permission denied
host $ docker exec - 它-u root -it myjenkins bash
root @ container $ docker ps
... docker ps从主机容器yay! ...
所以这里是我的推测。我可以从容器中访问主机docker socket,但是我似乎没有给jenkins用户许可。
我已经添加了docker组,并将jenkins用户添加到docker组。但我仍然收到同样的错误。我已经重新启动了一段时间,所以我很失望,接下来要做什么。
有没有办法强制在特定套接字上的用户的权限?
您需要将主机上的docker组的gid映射到容器中jenkins所属的组的gid。以下是我的Docker文件中的一个示例,介绍我如何构建一个jenkins从属映像:
ARG DOCKER_GID = 993
RUN groupadd -g $ {DOCKER_GID} docker \
&& curl -sSL https://get.docker.com/ | sh \
&& apt-get -q autoremove \
&&& apt-get -q clean -y \
&& rm -rf / var / lib / apt / lists / * /var/cache/apt/*.bin
运行useradd -m -d / home / jenkins -s / bin / sh jenkins \
&& usermod -aG docker jenkins
在这个例子中,993恰好是主机上的docker的gid,你可以调整它来匹配你的环境。
OP中的解决方案:
如果重建不是一种可能性,您可以使用root设置docker组并添加用户。如果您尝试这样做,则可能必须删除从站上的组( groupdel docker
):
docker exec -it -u root myjenkins bash
/ pre>
container $ groupadd -g 993 docker
container $ usermod -aG docker jenkins
I have a docker in docker setup for CI. Essentially, the machine has a jenkins CI server on it that uses the same machines docker socket to create nodes for CI.
This was working great until I recently updated docker. I've identified the issue, but I can't seem to figure out the right magic to get it working.
host $ docker exec -it myjenkins bash jenkins@container $ docker ps Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.26/containers/json: dial unix /var/run/docker.sock: connect: permission denied host $ docker exec -it -u root -it myjenkins bash root@container $ docker ps ... docker ps from host container yay! ...
So here's what I surmise. I have access to the host docker socket from within the container, but I can't seem to give permission to the jenkins user.
I've added the docker group, and also added the jenkins user to the docker group. But I still get the same error. I've restarted a whack of times so, I'm kind of at a loss for what to do next.
Is there a way to force permissions for a user on a particular socket?
解决方案You need to map the gid of the docker group on your host to the gid of a group that jenkins belongs to inside your container. Here's a sample from my Dockerfile of how I've built a jenkins slave image:
ARG DOCKER_GID=993 RUN groupadd -g ${DOCKER_GID} docker \ && curl -sSL https://get.docker.com/ | sh \ && apt-get -q autoremove \ && apt-get -q clean -y \ && rm -rf /var/lib/apt/lists/* /var/cache/apt/*.bin RUN useradd -m -d /home/jenkins -s /bin/sh jenkins \ && usermod -aG docker jenkins
The 993 happens to be the gid of docker on the host in this example, you'd adjust that to match your environment.
Solution from the OP: If rebuilding isn't a possibility you can set the docker group accordingly in using root and add the user. If you tried this before you may have to delete the group on the slave (
groupdel docker
):docker exec -it -u root myjenkins bash container $ groupadd -g 993 docker container $ usermod -aG docker jenkins
这篇关于Docker在Docker权限错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!