I have installed docker inside my EC2 instance and running Jenkins as a docker container. The complete code is given below.
sudo su
apt-get update
apt install -y docker.io
service docker start
usermod -a -G docker ubuntu
chmod 666 /var/run/docker.sock
mkdir /data
mkdir /data/jenkins
chmod o+rwx /data
chmod o+rwx /data/jenkins
Then to run the container,
docker run --name jenkins-dev -p 8080:8080 -p 50000:50000 -v /data/jenkins:/var/jenkins_home -v /var/run/docker.sock:/var/run/docker.sock jenkins/jenkins:jdk11
An then I entered inside the container by docker exec -it 17cfbb0f966d
and install docker inside it as mentioned over here. Then, the docker commands were working fine. But after re logging I can’t run docker commands. It gives below error Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json": dial unix /var/run/docker.sock: connect: permission denied
. I guess, after every login the permission for docker.sock file is changing. So i had to rerun chmod 666 /var/run/docker.sock
in main terminal to work docker commands inside the container. But I tried another way to add user jenkins into docker group as well. It was successfully added to group "docker" as shown below.
ubuntu@ip-10-133-184-31:~$ docker exec -it 17cfbb0f966d bash
jenkins@17cfbb0f966d:/$ grep /etc/group -e "docker"
docker:x:999:jenkins
After that i rebooted the instance and started the container again. But still I can’t run any docker commands inside the container. It throws the same error.
ubuntu@ip-10-133-184-31:~$ docker exec -it 17cfbb0f966d bash
jenkins@17cfbb0f966d:/$ docker ps
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json": dial unix
/var/run/docker.sock: connect: permission denied
What may be the issue?
2
Answers
It worked after running the container as root user ie:
docker run -u root ...
I met the same problem several days ago and fixed it by adding an another group as below:
The
$DGID
here is thegid
of groupdocker
at the host.After installing docker client inside the docker image, a
docker
group is created, but thegid
of this docker group could be different from that at host, while thegid
, not the group name is the key.So I created a new group with the
gid
of docker group at host and put my new user into this group. With thisgid
, this user then can access the/var/run/docker.sock
.PS.
I tried to make the
docker
group inside docker share the samegid
with the host, but just couldn’t make it.This did fix my problem, however I’m wondering whether there could be a better solution.