Reputation: 1072
Different groups from jenkins job's shell and bash on docker container
I have installed jenkins master on a docker container and running a slave using the Swarm plugin within a docker container. I created a group within the docker slave. Once I enter the slave container using docker exec -it <container> bash and type groups my created group is correctly listed.
However, when I type groups into a job descriptions shell and execute the job on that created slave my group does not appear.
Edit:
Slave container: Simply starts a jenkins-slave as user jenkins. On startup the following code is executed (script: startup.sh) via CMD [ "/startup.sh" ]. The jenkins-slave.sh is provided under https://gist.github.com/sfrehse/02c7d57fad862c71c20f07c59caba240.
DOCKER_SOCKET=/var/run/docker.sock
DOCKER_GROUP=dockergrp
JENKINS_USER=jenkins
if [ -S ${DOCKER_SOCKET} ]; then
DOCKER_GID=$(stat -c '%g' ${DOCKER_SOCKET})
sudo groupadd -for -g ${DOCKER_GID} ${DOCKER_GROUP}
sudo usermod -aG ${DOCKER_GROUP} ${JENKINS_USER}
fi
/usr/local/bin/jenkins-slave.sh
After startup from bash: docker exec -it 8b85afe2b360 groups outputs jenkins dockergrp.
Triggering a job just containing the following code:
whoami
groups
docker ps
outputs
jenkins
jenkins
Got permission denied while trying to connect to the Docker
daemon socket at unix:///var/run/docker.sock: Get
http://%2Fvar%2Frun%2Fdocker.sock/v1.30/containers/json: dial
unix /var/run/docker.sock: connect: permission denied
The group dockergrp is missing in the second line.
Overall, I'm unable to access the docker daemon without sudo and the problem seems to be the missing group. Running the command docker exec -it <id> docker ps outputs my running containers successfully.
Upvotes: 3
Views: 490
Answers (1)
Reputation: 36843
There is a known issue when adding groups, they are not reloaded for already logged-in users.
Try changing the last line to this:
sudo su -l jenkins -c /usr/local/bin/jenkins-slave.sh
In order to launch the script under a new fresh jenkins login.
Note: You can prepend an exec instruction in order to not have a child process, so just replace the current one:
exec sudo su -l jenkins -c /usr/local/bin/jenkins-slave.sh
Upvotes: 1
Related Questions
- Dockerfile can't run shell scripts inside Jenkins
- Docker in Docker permissions error
- change Jenkins shell for only one pipeline
- jenkins shell user groups and normal shell user group is different
- Jenkins docker - running a container, executing shell script etc
- Execute docker commands in jenkins (in docker container)
- Jenkins shell script add Unix user to group
- How to add user of jenkins container(jenkins) in group(users) inside container itself?
- Jenkins user using docker (inside docker container)
- Jenkins with docker