jenkins容器中使用docker

背景

在项目中要使用jenkins实现自动化CI/CD功能,jenkins以docker容器方式运行,其中项目编译完要以docker方式构建image,上传到harbor私有仓库中。那jenkins容器中就要有docker运行环境以实现docker build images。

问题

我使用的官方的镜像文件jenkins/jenkins:lts,jenkins容器中是要以jenkins用户方式运行的。但宿主机host中的docker是以root所有的。

image.png

这样的,在jenkins一运行docker就会报Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.38/info: dial unix /var/run/docker.sock: connect: permission denied

docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock  docker-jenkins-test bash
image.png

这是因为当前容器中是以jenkins用户在运行的,所以没有权限去访问/var/run/docker.sock。


image.png

可以看到容器中还是宿主机的权限模式,其中994是宿主机的docker的GID


image.png

宿主机的docker GID查看


image.png

为了验证这个问题,可以把jenkins容器以root用户方式去运行。

docker run --rm -it -u root -v /var/run/docker.sock:/var/run/docker.sock  docker-jenkins-test bash
image.png

可以看到以root方式运行,是可以成功执行docker info命令的,这说明可以在jenkins容器中运行了。

docker-jenkins-test镜像Dockerfile如下:

FROM jenkins/jenkins:lts

USER root
RUN apt-get -qq update \
   && apt-get -qq -y install \
   curl

RUN curl -sSL https://get.docker.com/ | sh

RUN usermod -a -G staff jenkins

USER jenkins

在参考其他几种jenkins with docker的实现方式:

How can i run docker command inside a docker container?

A jenkins capable of running docker agents using docker engine of host.

Use docker inside docker with jenkins user 里面有各种实现方式,但我试验过了,在不改变宿主机/var/run/docker.sock权限的情况,都没有成功过。

无奈实现方式

最简单的,就是在容器中不jenkins用户运行。
The simple way to run Docker-in-Docker for CI跟这个仁兄实现方法类似,以root用户去运行,手工安装docker,再挂载宿主机/var/run/docker.sock。

FROM jenkins/jenkins:lts
# if we want to install via apt
USER root

RUN apt-get update \
    && apt-get -y install \
    maven \
    nodejs \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg2 \
    software-properties-common \
    && curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg > /tmp/dkey; apt-key add /tmp/dkey \
    && add-apt-repository \
      "deb [arch=amd64] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")  $(lsb_release -cs) stable" \
    && apt-get update \
    && apt-get -y install docker-ce \
    && rm -rf /var/lib/apt/lists/*

启动容器

docker run -it -d --name jenkins \
  -p 8081:8080 -p 50000:50000 \
  -v /data/dockerwork/jenkins/jenkins_home:/var/jenkins_home \
  -v /var/run/docker.sock:/var/run/docker.sock \
  maven-node-docker-jenkins-withroot:lts

运行情况:
这个jenkins容器中docker info跟宿主机的docker info是一样的。

[root@htwy maven-node-docker-jenkins-withroot]# docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock  maven-node-docker-jenkins-withroot:lts bash
root@536823d29e10:/# whoami
root
root@536823d29e10:/# docker info
Containers: 19
 Running: 19
 Paused: 0
 Stopped: 0
Images: 83
Server Version: 18.06.1-ce
Storage Driver: overlay2
 Backing Filesystem: xfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: fec3683
Security Options:
 seccomp
  Profile: default
Kernel Version: 3.10.0-862.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 6
Total Memory: 31.02GiB
Name: htwy
ID: XKVN:JBW6:RFQX:4SJA:TVR3:VCOH:2WGT:E2SF:LYMC:GPQN:MW33:MICD
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

推荐阅读更多精彩内容