6

I have a docker container running jenkins. I want inside this container to start other container, so outside this container.

I've tried to start my jenkins controller with :

docker run -v /var/run/docker.sock:/var/run/docker.sock  -v $(which docker):/bin/docker

( As written here : https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/ )

But when inside of my container I try to run a Docker command, I have the typical message 

 FATA[0000] Get http://%2Fvar%2Frun%2Fdocker.sock/v1.18/containers/json: dial unix /var/run/docker.sock: 
connect: permission denied. Are you trying to connect to a TLS-enabled daemon without TLS?

And no way to run docker command inside this container..

I've tried with and without --privileged=true, it still don't work.

If you have any ideas !

Oubord
  • 235
  • 2
  • 10
  • did you try to add "sudo" before the command ? Or make sure the service is running "sudo service docker start". Or add your user to the group : "sudo usermod -aG docker username" then log out or restart to take effect. – JeffProd Nov 30 '15 at 10:47
  • I am running into a similar issue as well, with a different error: `Cannot connect to the Docker daemon. Is the docker daemon running on this host?` – Tri Nguyen Mar 14 '16 at 21:08

2 Answers2

2

A related post to this issue is this one.

However, a few words on this (as I had the same issue). There are two things you need to do: (1) mount docker.sock and (2) have docker service running.

Regarding (1): As mentioned by @yclian you have to put the jenkins user into the docker group.

I followed Adrian Mouat's instruction. He suggests to execute docker commands in a build step with sudo docker run ... The sudo is fine in my scenario, but in general it may be a security issue in that the Jenkins user may get root access to the host and could create containers that mount arbitrary directories on the host.

Regarding (2) and -v $(which docker):/bin/docker in your command. I'm on MacOS. which docker gives me /usr/local/bin/docker/ which is correct, but still docker was not available inside the container. I started the jenkins container with 

docker run -p 8080:8080 -p 50000:50000 -v /usr/bin/docker:/usr/bin/docker -v /var/run/docker.sock:/var/run/docker.sock -v /Users/matthaeus/.jenkins_home:/var/jenkins_home -t -i jenkins

If you do not want to do this you have to install the docker engine inside the container, either manually by connecting to it (docker exec -t -i container-id /bin/bash and apt-get install docker-engine) or specifying it in a Dockerfile.

If you have done both your build steps may contain the commands like this sudo docker build -t my-image . and this image will also be available on the host machine.

matthaeus
  • 662
  • 1
  • 7
  • 13
0

When such situation happens, first have a look at the /var/run/docker.sock it's dialing. If I'm not wrong, you will have to put your jenkins user into the docker group in order to have access to the socket file.

Would also be good to troubleshoot this by logging into the shell as jenkins user, vs. troubleshooting via Jenkins UI.

yclian
  • 1,470
  • 13
  • 22