How to find "Docker Host URI" to be used in Jenkins "Docker Plugin"?

Question

Is there any command which we can run and find out the "Docker Host URI"? I found some of related questions but didn't get it exactly.

Answer 1

to extend the discussion about Permissions from the Answer Post above

situation

following is what I am trying to do & worked
-- I am not sure that what Im doing is proper or not
-- regarding the design of Docker_Plugin & dynamically spawn cloud Jenkins_Agent & unix:///var/run/docker.sock & Docker-in-docker problem (dind)
if what i did below is proper, keep reading

• you have a ec2 instance EE with Docker DD installed
• you have a Jenkins_Controller running inside an Docker_Container FF -- spawned by DD

• you want to dynamically spawn cloud nodes -- Docker_Container with Jenkins_Agent inside, so you used the Docker_Plugin https://plugins.jenkins.io/docker-plugin/
• you want to use the Docker DD as the Docker who spawns the Docker_Container with Jenkins_Agent (the Docker_Host) \
  • (- you dont want a remote Docker_Host) \
  • -- so your Docker_Container with Jenkins_Agent will be spawned as Sibling Docker_Container to FF (instead of Docker-in-docker) \

• so you mounted the volume by -v /var/run/docker.sock:/var/run/docker.sock
  • eg: you started FF with following

    docker run \
      --name jenkins_main \
      -p 8080:8080 -p 50000:50000 \
      -v jenkins_home:/var/jenkins_home \
      -v /var/run/docker.sock:/var/run/docker.sock \
      --restart=on-failure \
      --detach \
      jenkins/jenkins:lts-jdk17
    

• so you configured Cloud jenkinsDockerAgent Configuration > Docker Host URI > unix:///var/run/docker.sock

• you Test Connection > get Permission Deny

solution

• in ec2 instance EE run the following command
  sudo usermod -a -G docker ec2-user (or sudo usermod -a -G docker $USER)

• in EE, restart Docker DD (& the Jenkins inside)
  systemctl restart docker

explain

(I can be wrong)

• group docker has permission to the unix:///var/run/docker.sock
• ec2-user is the default user for ec2 instance (depends on your ami though)

• sudo usermod -a -G docker ec2-user adds the ec2-user to the group docker

• user ec2-user in EE has uid 1000
• inside Docker_Container FF there is an user called jenkins
  -- which is the actual user that runs the Jenkins & require the Permission \
• user jenkins in FF has the same uid 1000 as ec2-user
  -- which links the permission from inside the container FF to the outside EE

note

• you may use sudo usermod -a -G docker $USER
$USER returns the current user -- which is normally ec2-user

  • if you use $USER when you are root user -- then you make a mistake

• you may instead go inside FF
  & change the permission of the /var/run/docker.sock -- so everyone can read & write to it::

  docker exec -it --user root jenkins_main /bin/bash
  chmod 666 /var/run/docker.sock
  

  • but when the container restart, this seems need to be set again

• here is the full userdata (bash script for ec2 start up) //TODO

• (there may be other notes / reference I missed to write)
• seems many other people in other posts are talking about:
  Jenkins_Controller in EE ec2 directly; not inside FF which is a Docker_Container (or whatever other cases);
  so the fix actually seems not that trivial

reference

sudo usermod -a -G docker jenkins

• Docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock

chmod 664 /var/run/docker.sock

• Docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock

From the perspective of the Docker host, any users inside the container are treated exactly the same as a user outside the container with the same UID (not the same name!), regardless of whether the UID is actually in use on the host. Unfortunately, it appears that only users with a username can belong to groups, so you can't just add the UID to the group. Instead, you need to add the host user with the same UID to the group (or create a user with that UID if one doesn't exist).

• How do I add a container user to a user group in the Docker host?

In the container, Jenkins user ID and group ID are set to 1000. The user ID as well as Docker group ID in the container, need to match on the host. This will allow Jenkins (with UID 1000) to create containers similar to how it happens on the host.

• https://www.nixknight.com/2021/04/jenkins-docker-in-docker/

If your container doesn’t have the group docker, you can create it by typing this command:

• https://medium.com/igorgsousa-tech/docker-in-docker-with-jenkins-permission-problem-637f45549947

Answer 2

Jenkins Docker Plugin Configuration when running jenkins as container

1. First Install Docker Plugin.

2. Go to Manage Jenkins -> System Configuration -> Scroll down to botton -> Add Cloud -> Docker.

3. If you are running jenkins as container, in the docker host uri field you have to enter unix or tcp address of the docker host. But since you are running jenkins as container, the container can't reach docker host unix port.

4. So, we have to run another container that can mediate between docker host and jenkins container. It will public docker host's unix port as its tcp port. Follow the instructions to create socat container https://hub.docker.com/r/alpine/socat/

5. After creating the socat container, you can go back the docker configuration in jenkins and enter tcp://socat-container-ip:2375

6. Test Connection should succeed now.

Answer 3

If you are in the OS X, the HOST URL is:

unix:///var/run/docker.sock

Answer 4

If your docker running at the same host were you use Jenkins inside a container than you can use unix:///var/run/docker.sock as the “Docker Host URI”, but you must check & obtain the permissions for jenkins user by using:

sudo groupadd docker
sudo usermod -aG docker $USER
sudo chmod a+rwx /var/run/docker.sock
sudo chmod a+rwx /var/run/docker.pid

Answer 5

Yes this is the docker host uri

tcp://127.0.0.1:2375

But before that you need to add this DOCKER_OPTS="-H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock"

In /etc/default/docker at the end of file, then restart the docker.onec restarted docker.sock will run in 2375 and add this tcp://127.0.0.1:2375 in Jenkins

Answer 6

The other option would be to enter Docker Host URI "unix: ///var/run/docker.sock", it worked for me, I hope that it is also.