Question 176966 in Ubuntu Question posted in
The official Ubuntu documentation can be found here.

Why does Jenkins give ‘permission denied’ error when using Ubuntu, but not when bash-ing into DIND image?

Jenkins and docker

Hello, I have installed jenkins on my main computer using docker desktop with the recommended current jenkins image. On that same windows computer I created an ubuntu VM with vmware. On the ubuntu VM I installed the docker engine. I also installed sysbox-runc runtime to use with dind. In jenkins I added the ubuntu vm has a permanent agent and everything is working except the docker client commands.

My JenkinsFile look like this

pipeline {
agent { docker {
    image 'costum dind image with java and maven'
    registryCredentialsId 'credential'
    args '-v /var/run/docker.sock:/var/run/docker.sock'
 } }
stages {
    codecheckout
    ...
    stage('compile') {
        steps {
            sh 'mvn compile'
        }
    }

    stage('test') {
        steps {
            sh 'mvn test'
        }
    }

    stage('build jar') {
        steps {
            sh 'mvn clean compile assembly:single'
        }
    }

    stage('docker build') {
        steps {
            sh 'docker build -t img/img .'
        }
    }
}

}

It all work except the last one sh ‘docker build -t img/img .’
It says ERROR: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/_ping": dial unix /var/run/docker.sock: connect: permission denied

My jenkins start the agent on ubuntu via the launch method "Launch agents via SSH".

I added the ssh user that jenkins is using to start the agent in the docker group. It still does the error. So far the only way it work is if I cheat and put 777 perm on docker.sock.

The wierd thing is when using the ubuntu terminal, I run a dind image and go on it, I don’t have any error and all docker commands work. It is only when jenkins does it with the docker agent that it has some kind of permission issues.

I’ve spend more so much time on this, does someone have ideas?

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Thank you for the response, it made me realise I know to little about this topic to do it this way.

    I'll revisite this when I know more. For now I found https://github.com/felipecrs/jenkins-agent-dind that work out of the box for what I want to do.


  2. 0

    This is because Jenkins passes -u jenkins or the user id you are running your jenkins worker with to the docker container, so you are running as Jenkins user with Jenkins user permissions inside the docker container. However (you are completely ignoring your "dind" image and) you are mounting docker from host, and Jenkins user inside the container is most probably unknown user without any groups, so it has no permission to access the docker.sock.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search