Is there any command which we can run and find out the "Docker Host URI"? I found some of related questions but didn't get it exactly.
How to find "Docker Host URI" to be used in Jenkins "Docker Plugin"?
34.8k Views Asked by Anand At
6
There are 6 best solutions below
0
On
to extend the discussion about Permissions from the Answer Post above
situation
following is what I am trying to do & worked
-- I am not sure that what Im doing is proper or not
-- regarding the design of Docker_Plugin & dynamically spawn cloud Jenkins_Agent & unix:///var/run/docker.sock & Docker-in-docker problem (dind)
if what i did below is proper, keep reading
- you have a ec2 instance
EEwith DockerDDinstalled - you have a Jenkins_Controller running inside an Docker_Container
FF-- spawned byDD
- you want to dynamically spawn cloud nodes -- Docker_Container with Jenkins_Agent inside, so you used the Docker_Plugin https://plugins.jenkins.io/docker-plugin/
- you want to use the Docker
DDas the Docker who spawns the Docker_Container with Jenkins_Agent (the Docker_Host) \- (- you dont want a remote Docker_Host) \
- -- so your Docker_Container with Jenkins_Agent will be spawned as Sibling Docker_Container to
FF(instead of Docker-in-docker) \
- so you mounted the volume by
-v /var/run/docker.sock:/var/run/docker.sock- eg: you started
FFwith followingdocker run \ --name jenkins_main \ -p 8080:8080 -p 50000:50000 \ -v jenkins_home:/var/jenkins_home \ -v /var/run/docker.sock:/var/run/docker.sock \ --restart=on-failure \ --detach \ jenkins/jenkins:lts-jdk17
- eg: you started
- so you configured
Cloud jenkinsDockerAgent Configuration>Docker Host URI>unix:///var/run/docker.sock
- you
Test Connection> getPermission Deny
solution
in ec2 instance
EErun the following command
sudo usermod -a -G docker ec2-user(orsudo usermod -a -G docker $USER)in
EE, restart DockerDD(& the Jenkins inside)
systemctl restart docker
explain
(I can be wrong)
- group
dockerhas permission to theunix:///var/run/docker.sock ec2-useris the default user for ec2 instance (depends on your ami though)
sudo usermod -a -G docker ec2-useradds theec2-userto the groupdocker
- user
ec2-userinEEhas uid1000 - inside Docker_Container
FFthere is an user calledjenkins
-- which is the actual user that runs the Jenkins & require the Permission \ - user
jenkinsinFFhas the same uid1000asec2-user
-- which links the permission from inside the containerFFto the outsideEE
note
you may use
sudo usermod -a -G docker $USER
$USERreturns the current user -- which is normallyec2-user- if you use
$USERwhen you arerootuser -- then you make a mistake
- if you use
you may instead go inside
FF
& change the permission of the/var/run/docker.sock-- so everyone can read & write to it::docker exec -it --user root jenkins_main /bin/bash chmod 666 /var/run/docker.sock- but when the container restart, this seems need to be set again
here is the fulluserdata(bash script for ec2 start up) //TODO
- (there may be other notes / reference I missed to write)
- seems many other people in other posts are talking about:
Jenkins_Controller inEEec2 directly; not insideFFwhich is a Docker_Container (or whatever other cases);
so the fix actually seems not that trivial
reference
sudo usermod -a -G docker jenkins
chmod 664 /var/run/docker.sock
From the perspective of the Docker host, any users inside the container are treated exactly the same as a user outside the container with the same UID (not the same name!), regardless of whether the UID is actually in use on the host. Unfortunately, it appears that only users with a username can belong to groups, so you can't just add the UID to the group. Instead, you need to add the host user with the same UID to the group (or create a user with that UID if one doesn't exist).
In the container, Jenkins user ID and group ID are set to 1000. The user ID as well as Docker group ID in the container, need to match on the host. This will allow Jenkins (with UID 1000) to create containers similar to how it happens on the host.
If your container doesn’t have the group
docker, you can create it by typing this command:
0
On
If your docker running at the same host were you use Jenkins inside a container than you can use unix:///var/run/docker.sock as the “Docker Host URI”, but you must check & obtain the permissions for jenkins user by using:
sudo groupadd docker
sudo usermod -aG docker $USER
sudo chmod a+rwx /var/run/docker.sock
sudo chmod a+rwx /var/run/docker.pid
4
On
Jenkins Docker Plugin Configuration when running jenkins as container
First Install Docker Plugin.
Go to Manage Jenkins -> System Configuration -> Scroll down to botton -> Add Cloud -> Docker.
If you are running jenkins as container, in the docker host uri field you have to enter unix or tcp address of the docker host. But since you are running jenkins as container, the container can't reach docker host unix port.
So, we have to run another container that can mediate between docker host and jenkins container. It will public docker host's unix port as its tcp port. Follow the instructions to create socat container https://hub.docker.com/r/alpine/socat/
After creating the socat container, you can go back the docker configuration in jenkins and enter tcp://socat-container-ip:2375
Test Connection should succeed now.
Yes this is the docker host uri
tcp://127.0.0.1:2375
But before that you need to add this DOCKER_OPTS="-H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock"
In
/etc/default/dockerat the end of file, then restart the docker.onec restarted docker.sock will run in 2375 and add this tcp://127.0.0.1:2375 in Jenkins