Access docker within container on jenkins slave

my question is basically a combination of Access Docker socket within container and Accessing docker host from (jenkins) docker container

My goal

to run Jenkins fully dockerized including dynamic slaves and being able to create docker-containers within the slaves.

  • memory usage reporting by kernel in log when task is killed due to OOM
  • Why can't I pipe a file to “tar” from “curl” with a Docker image for Debian?
  • Equivalent of using a ssh tunnel
  • Mounting directory in docker container and running Gradle command
  • Multi tenancy or multi instance? [closed]
  • How to use HTTPS / SSL with self signed certificate on Mgt Development Environment
  • Except for the last part everything is already working thanks to if the Unix-docker-sock is properly exposed to the Jenkins master.

    The problem

    unlike the slaves which are provisioned dynamically, the master is started via docker-compose and thus has proper access to the UNIX socket.

    For the slaves which are spawned dynamically, this approach does not work.
    I tried to forward the access to docker like

    VOLUME /var/run/docker.sock
    VOLUME /var/lib/docker

    during building the image. Unfortunately so far I get a Permission denied (socket: /run/docker.sock) when trying to access to docker.sock in the slave which was created like:
    The strange thing is: the user in the slave is root.

    So why do I not have access to the docker.sock? Or how could I burn in the --privileged flag so that the permission denied problem would go away?

  • OSX / Mac with Kitematic / Docker : Tunnel / Port forwarding for access via external url
  • How to tag a image(.tar) file of docker(container) while loading into other host?
  • How can I create a docker image then upload it to my repositary? [closed]
  • How do I automate two layers of SSH plus a docker exec?
  • Restore SQL Server database to Linux Docker
  • Run Docker on Windows without virtualization
  • One Solution collect form web for “Access docker within container on jenkins slave”

    With docker 1.10 a new User namespace is introduced, thus sharing docker.sock isn’t enough, as root inside the container isn’t root on the host machine anymore.
    I recently played with Jenkins container as well, and I wanted to build containers using the host docker engine.
    The steps I did are:

    Find group id for docker group:

    $ id
    ..... 999(docker)

    Run jenkins container with two volumes – one contains the docker client executable, the other shares the docker unix socket. Note how I use --group-add to add the container user to the docker group, to allow access:

    docker run --name jenkins -tid -p 8080:8080 --group-add=999 -v /path-to-my-docker-client:/home/jenkins/docker -v /var/run/docker.sock:/var/run/docker.sock jenkins

    Tested and found it indeeds work:

    docker exec -ti jenkins bash
    ./docker ps

    See more about additional groups here

    Another approach would be to use --privileged flag instead of –group-add, yet its better to use avoid it if possible

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.