Problem
I've been using the fabric8 maven plugin to build docker images. My user was part of the docker group and it all worked fine.
I recently got a 'new more locked down' work computer and have to run "sudo" to build docker images.
Running the fabric8 maven build, however fails with the error:
Execution default of goal io.fabric8:docker-maven-plugin:0.43.4:build failed: No <dockerHost> given, no DOCKER_HOST environment variable, no read/writable '/var/run/docker.sock' or '//./pipe/docker_engine' and no external provider like Docker machine configured
My docker engine is running on my local host, and /var/run/docker.sock is available but not 'writeable':
ls -al /var/run/docker.sock
srwxr-xr-x 1 root root 0 Oct 9 22:53 /var/run/docker.sock
I can 'sudo docker build ...' (I have some projects using mvn exec instead of fabric8 and they still work).
I'm out of ideas trying to figure out if fabric8 can be configured to use 'sudo' in some way to do its job.
Extra Details and Things I've Tried
We actually created a few dockerized 'build images' that we use to perform project builds for all developers. (everyone uses the same environment, dependencies, etc)
We start up the build container, mounting in source and the docker socket, and users can execute builds from within. We pass in the users ID/GID to the container and setup a user in the container with those IDs so that build output has appropriate ownership.. This has been working great for a couple of years now.
These new 'locked down' systems deal with the docker socket in ways that I don't understand.
- On my mac, as my own user, I can use the docker cli as is (w/o sudo).
- Inside the container (with docker socket mounted and a user setup with my uid/gid) I CANNOT run docker commands.
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json": dial unix /var/run/docker.sock: connect: permission denied
- I could 'sudo' to execute docker commands so I added my user to /etc/sudoers and aliased "docker" to "sudo docker"
- Everything works as before EXCEPT trying to do docker builds with fabric8 plugin. Docker builds performed with mvn-exec plugin works well.
- I CAN run the build successfully as long as I'm the root user in the container (no need to sudo). This, however, is not a good solution because other build output will have the wrong ownership 0/0 and be a pain to deal with.
After a day of searching stack overflow, I found this question that helped my specific situation.
Our build container's entrypoint takes a passed in UID/GID from docker command line and as root, sets up that user before switching over to that user to execute the build commands. (neat little tool called gosu)
What I found is that after setting up the user in the container, it is possible to chown myuser:mygroup /var/run/docker.sock. After that's done, the "myuser" can now execute docker commands 'natively.
I was kind of shocked since on my host, /var/run/docker.sock is a softlink to /Users//.docker/run/docker.sock. I MOUNT /var/run/docker.sock. Some sort of mac/docker wizadry is going on under the covers.