Jenkins: Can't connect to Docker daemon

Question

I am running Jenkins and Docker on a CentOS machine. I have a Jenkins job that pulls a Github repo and builds a Docker image. When I try running the job I get the error:

+ docker build -t myProject .
Cannot connect to the Docker daemon. Is the docker daemon running on this host?
Build step 'Execute shell' marked build as failure
Finished: FAILURE

This problem occurs even though I have added jenkins to my docker usergroup via sudo usermod -aG docker jenkins and restarted my machine. How do I fix this?

By the way, if try changing the command to sudo docker build -t myProject . I just get the error sudo: sorry, you must have a tty to run sudo

Answer 1

I'm sharing my answer to help anyone who might face a similar issue.

In my case, I was testing a deployment with Jenkins in a DigitalOcean Kubernetes cluster. However, I didn’t know that starting from version 1.31 of DigitalOcean Kubernetes, the cluster nodes no longer include the Docker daemon.

The Docker daemon has been deprecated since Kubernetes 1.20, but DigitalOcean kept it available on nodes until version 1.30. You can find more details in the changelog: DigitalOcean Kubernetes Changelog - https://docs.digitalocean.com/products/kubernetes/details/changelog/.

One solution is to use Kaniko. It doesn't require a Docker daemon to build and push Docker images. Here's a helpful guide: How to Use Kaniko to Build Docker Images on Jenkins - https://senertugrul.medium.com/how-to-use-kaniko-to-build-docker-images-on-jenkins-216a68caf7b8.

Answer 2

Try to run:

sudo gpasswd -a jenkins docker

This will add Jenkins user to docker group.

Answer 3

I was using jenkins-blueocean

My problem was the I wanted to use docker.sock and use the same daemon as the hosting system rather than deploying from a docker daemon setup by the container

for that make sure you have your DOCKER_HOST env properly set to the docker.socket you specify in a volume

--env DOCKER_HOST=unix:///var/run/docker.sock \

and specify the docker daemon to be the same one as the one hosting the container you want to defer to by specifying its docker.sock

--volume /var/run/docker.sock:/var/run/docker.sock \

Make sure you do not have any TLS args specified or it may try to use HTTPS to communicate.

REMOVE STUFF LIKE THIS:

--env DOCKER_TLS_VERIFY=1 \

DockerFile:

FROM jenkins/jenkins:2.263.4-lts-jdk11
USER root
RUN apt-get update && apt-get install -y apt-transport-https \
       ca-certificates curl gnupg2 \
       software-properties-common
RUN curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
RUN apt-key fingerprint 0EBFCD88
RUN add-apt-repository \
       "deb [arch=amd64] https://download.docker.com/linux/debian \
       $(lsb_release -cs) stable"
RUN apt-get update && apt-get install -y docker-ce-cli
USER jenkins
RUN jenkins-plugin-cli --plugins blueocean:1.24.4

run command:

docker run \
  --name jenkins-blueocean \
  --rm \
  --detach \
  --network jenkins \
  --env DOCKER_HOST=unix:///var/run/docker.sock \
  --env DOCKER_CERT_PATH=/certs/client \
  --publish 8080:8080 \
  --publish 50000:50000 \
  --volume jenkins-data:/var/jenkins_home \
  --volume jenkins-docker-certs:/certs/client:ro \
  --volume /var/run/docker.sock:/var/run/docker.sock \
  myjenkins-blueocean:1.1

Answer 4

After the installation of Jenkins and Docker. Add jenkins user to dockergroup (like you did)

sudo gpasswd -a jenkins docker

Edit the following file

vi /usr/lib/systemd/system/docker.service

And edit this rule to expose the API :

ExecStart=/usr/bin/docker daemon -H unix:// -H tcp://localhost:2375

Do not create a new line with ExecStart, simply add the commands at the end of the existing line.

Now it's time to reload and restart your Docker daemon

systemctl daemon-reload
systemctl restart docker

Then restart jenkins, you should be able to perform docker commands as jenkins user in your jenkins jobs

sudo service jenkins restart

Answer 5

The fix for me was to...

Reload and restart the Docker daemon

systemctl daemon-reload
systemctl restart docker

but then to

Disconnect the docker Jenkins agent though manage Jenkins -> manage nodes -> disconnect agent.

Then to re-connect the agent which will persist the user within the docker group.

Answer 6

You cannot use myProject as a tag name. the image name and tag must be all lowercase.

invalid argument "myProject" for "-t, --tag" flag: invalid reference format: repository name must be lowercase
See 'docker build --help'.

if you are using docker-compose, you will see a misleading error

Couldn't connect to Docker daemon at http+docker://localunixsocket - is it running?

If it's at a non-standard location, specify the URL with the DOCKER_HOST environment variable.

https://github.com/docker/compose/issues/2816

Answer 7

I had the same issue with Jenkins.

I did fix it by adding /var/run/docker.sock:/var/run/docker.sock on docker-compose.yml :

  jenkins:
  container_name: jenkins
  build: "jenkins/"
  ports:
    - "8080:8080"
  environment:
    - JAVA_OPTS:-Djava.awt.headless=true
  volumes:
    - /var/jenkins_home
    - /var/run/docker.sock:/var/run/docker.sock

Answer 8

@lvthillo, your answer is good, but, not enough. You also need to create the docker group. See Post Installation Steps for Docker Manage Docker as a non-root user https://docs.docker.com/engine/installation/linux/linux-postinstall/#manage-docker-as-a-non-root-user

to add the user running jenkins to the docker group.

E.g. if you run Jenkins server under the jenkins user:

Step 1: Create Docker Group

sudo groupadd docker

Step 2: Add your user to the docker group:

sudo usermod -aG docker jenkins

Step 3: Logout and log back in as jenkins, then test:

docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

The docker group is given special treatement by the docker daemon on startup just for this purpose. Any user in that group can now call docker without sudo. Use this with care.

https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface

Answer 9

Another option is to point your Jenkins docker host to 'unix:///var/run/docker.sock'

This is instead of running the actual docker host and opening it up.