6

I am trying to run Jenkins pipeline job in my macbook. I also have docker instance running locally. Initially I got the "docker command not found" error while running the Jenkins Job. I fixed the error by adding a symlink "ln -f -s /Applications/Docker.app/Contents/Resources/bin/* /usr/local/bin"

I also applied these two changes so that jenkins user has the access to the docker directory

  1. chmod -R 777 /Users/myUserName/Library/Containers/com.docker.docker/
  2. chmod -R 777 /Users/myUserName/Library/Containers/com.docker.helper/

I am getting below errors:

Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.27/containers/openjdk:8/json: dial unix /var/run/docker.sock: connect: permission denied [Pipeline] sh [test] Running shell script + docker pull openjdk:8 Warning: failed to get default registry endpoint from daemon (Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.27/info: dial unix /var/run/docker.sock: connect: permission denied). Using system default: https://index.docker.io/v1/ Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.27/images/create?fromImage=openjdk&tag=8: dial unix /var/run/docker.sock: connect: permission denied [Pipeline] } [Pipeline] // node [Pipeline] End of Pipeline ERROR: script returned exit code 1 Finished: FAILURE

Sameer Malhotra
  • 352
  • 2
  • 11
  • 26
  • Possible duplicate of [Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock](https://stackoverflow.com/questions/47854463/got-permission-denied-while-trying-to-connect-to-the-docker-daemon-socket-at-uni) – Raedwald Apr 08 '19 at 17:39
  • Beware of this. It never hurts to say that if you do chmod without really knowing what you do, you may be creating a security hole. 777 means anybody has full read and write access to a resource. That's probably not necessary in most situations. In general, looking for a way to adjust the user's permissions (group memberships) rather than widening a resource availability, usually makes more sense. – Simón Mar 25 '20 at 04:56

4 Answers4

2

This is a docker permission issue. Add the jenkins user to docker group as follow:

usermod -aG docker ${USER}

Innocent Anigbo
  • 3,130
  • 1
  • 13
  • 17
  • 4
    Thanks for the suggestion but, I don't have usermod command in mac – Sameer Malhotra Jul 07 '17 at 20:33
  • This _usermod_ step is suggested in Docker's [Post-installation steps for Linux](https://docs.docker.com/engine/installation/linux/linux-postinstall/) and so it may still be relevant in Linux situations. – Wyck Sep 17 '17 at 15:43
2

There are any ways to solve this issue, I faced it last week, I solved but with docker-compose this setup is replicable to docker, you can create a shared volume that points from the location of docker.sock in your host /var/run/docker.sock to location of docker.sock in your container /var/run/docker.sock. Something like this:

version: '2'
services:
  jenkins:
    build:
      context: ./jenkins
    ports:
      - "8080:8080"
    expose:
      - "8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /usr/bin/docker:/usr/bin/docker
      - /usr/local/bin/docker-compose:/usr/local/bin/docker-compose

  nginx:
    build:
      context: ./nginx
    container_name: "prueba"
    links:
      - jenkins
    ports:
      - "80:80"
    depends_on:
      - jenkins

To works well you have to give permissons of user to the socketsudo chown $USER:$USER /var/run/docker.sock and to the group of docker , as Innocent Anigbo mentioned.

julian salas
  • 2,254
  • 16
  • 20
  • 1
    Ok, I applied the following changes to my system: 1. Create a docker group- "sudo dscl . -create /groups/docker". 2. Assign jenkins user to docker group- "sudo dseditgroup -o edit -a jenkins -t user docker". 3. Assign the socket to docker- "sudo chown jenkins:jenkins /var/run/docker.sock". But still seeing the same issue. – Sameer Malhotra Jul 07 '17 at 21:13
  • now, set up shared volumes, add this with docker run command ```-v /var/run/docker.sock:/var/run``` – julian salas Jul 07 '17 at 21:53
0

Somewhat hacky workaround:

  • DockerUser is the user who installed Docker
  • Both DockerUser and the Jenkins user are in the staff group (verify with groups USERNAME)

As DockerUser:

$ chmod g+rx /Users/DockerUser/Library
$ chmod g+rx /Users/DockerUser/Library/Containers
$ chmod g+rx /Users/DockerUser/Library/Containers/com.docker.docker
$ chmod g+rw /Users/DockerUser/Library/Containers/com.docker.docker/Data/docker.sock

⚠️ Security Implications

Any user account on the machine (not just the Jenkins user) has write access to all of your docker containers/volumes/anything and launch anything they like.

Then as your other (Jenkins) user, you should be able to do the following to launch a container:

$ docker run --rm ubuntu uname -a
Unable to find image 'ubuntu:latest' locally
latest: Pulling from library/ubuntu
6a5697faee43: Pull complete
ba13d3bc422b: Pull complete
a254829d9e55: Pull complete
Digest: sha256:fff16eea1a8ae92867721d90c59a75652ea66d29c05294e6e2f898704bdb8cf1
Status: Downloaded newer image for ubuntu:latest

Linux dc3d34c548e5 5.4.39-linuxkit #1 SMP Fri May 8 23:03:06 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
rcoup
  • 4,299
  • 2
  • 26
  • 33
-2

You can try this and worked for me: 

docker run --rm -p 8080:8080 -p 4040:4040 -v /var/run/docker.sock:/var/run/docker.sock -v $PWD/jenkins_home:/var/jenkins_home logimethods/jenkins
varun7447
  • 446
  • 5
  • 22
Sameer Malhotra
  • 352
  • 2
  • 11
  • 26
  • Glad it worked for you. But this answer would have been of help to other people if it explained what's the purpose of the different arguments in that command line, and how each of them may affect the outcome. – Simón Mar 25 '20 at 04:59
  • This is absolutely NOT the correct solution. I'm very skeptical that this alone fixed your issue. – After_Sunset Apr 12 '20 at 23:10