I am trying to run Jenkins inside docker container and at the same time allow Jenkins to run docker commands. After reading this article, I tried to add docker socket to the Jenkins container so that Jenkins can use it. This is the part of docker-compose.yml file that defines jenkins
jenkins:
build:
dockerfile: JenkinsDockerfile
environment:
- JENKINS_OPTS=--httpPort=8085
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- jenkins_data:/var/jenkins_home
ports:
- "8085:8085"
JenkinsDockerfile is a copy-paste file from Jenkins' official documentation. I assume it just installs docker cli on top of jenkins image.
FROM jenkins/jenkins:lts-jdk17
USER root
RUN apt-get update && apt-get install -y lsb-release
RUN curl -fsSLo /usr/share/keyrings/docker-archive-keyring.asc \
https://download.docker.com/linux/debian/gpg
RUN echo "deb [arch=$(dpkg --print-architecture) \
signed-by=/usr/share/keyrings/docker-archive-keyring.asc] \
https://download.docker.com/linux/debian \
$(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list
RUN apt-get update && apt-get install -y docker-ce-cli
USER jenkins
RUN jenkins-plugin-cli --plugins "blueocean docker-workflow"
In one of my projects, I have the following Jenkinsfile which I am trying to run from Jenkins web UI.
pipeline {
agent {
docker {
image 'gradle:jdk17'
args '-v /var/run/docker.sock:/var/run/docker.sock'
}
}
stages {
stage('build'){
steps{
sh './gradlew build'
}
}
stage('test') {
steps {
sh './gradlew check'
}
}
}
post{
always{
archiveArtifacts 'build/libs/**/*.jar'
junit 'build/test-results/**/*.xml'
}
}
}
But when I run it, I get an error
+ docker pull gradle:jdk17
permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/images/create?fromImage=gradle&tag=jdk17": dial unix /var/run/docker.sock: connect: permission denied`enter code here`
So Jenkins can run docker commands, but I cannot connect to docker through docker.sock because it doesn't have appropriate permission. How do I solve this problem? I know that I need to add jenkins user to the docker group, but how I do this when jenkins user exists within Jenkins container?
Also, my end goal is to run tests that use testcontainers. Since I am using docker agent, I am assuming my gradlew step will be executed within another container, hence do I also need to do the same procedure for that container(add permission for user) and if so, how?
P.S I know that Jenkins' official documentation suggests running docker:dind, but I want to try this with socker since it seems easier, and from this article - more secure/safe.