Reputation: 9387
setting up docker permission to VSTS agent in a private pipeline
I have set a private pipeline with linux vm and agent is install and in the portal it shows that the agent is active. I also have install docker. In the same machine if I use sudo docker it works. So I am sure it is a permission issues when the VSTS agent is running the command. Not sure what which user i need to give which premission so that docker command will run when I initial a build from VSTS.
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v.37/build?buildargs=%7B%7D&cachefrom=%5B]&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&labels=%7B%7D&memory=0&memswap=0&networkmode=default&rm=&session=a53bebddc77c89993b6e464d9f2a56fac9b***e62***094***fe70355df2c8dfcf***8b9&shmsize=0&t=mycontainerreg.azurecr.io%2Ftk-dashboard%3A853&target=&ulimits=null: dial unix /var/run/docker.sock: connect: permission denied
/usr/bin/docker failed with return code: ***
Upvotes: 7
Views: 10072
Answers (3)
Reputation: 89
First of all, check if the docker group was created. If the gourp does not exist -> https://www.digitalocean.com/community/questions/how-to-fix-docker-got-permission-denied-while-trying-to-connect-to-the-docker-daemon-socket
Then
sudo usermod -aG docker $USER
sudo usermod -aG root $USER
sudo chmod 777 /var/run/docker.sock
Upvotes: 2
Reputation: 40603
I had to run following commands to get rid off this issue:
sudo usermod -aG docker vstsbuildagent
# check docker group
grep 'docker' /etc/group
usermod -aG root vstsbuildagent
sudo systemctl restart docker
# your build agent process
sudo systemctl stop vsts********
sudo systemctl start vsts********
Upvotes: 0
Reputation: 51093
In VSTS, it's the build service account which execute entire build pipeline. This account should also run the command.
Note, the service is setting up during the configuration of build agent. You can run the build agent as a systemd service. More details please refer to this tutorial.
You will need to grant appropriate permissions. The user just needs to be added to the group docker.
sudo usermod -a -G docker user
Also restart the systemd service and try to trigger the build again.
Upvotes: 9
Related Questions
- Permissions to run docker container on self-hosted windows azure devops agent
- azure devops local agent pipeline permission denied
- How to execute pipeline on self-hosted build agent as non-root user
- Running a linux docker container and VsTest on same agent
- Azure Pipelines agent on Azure VM
- What are the permission needed in VSTS to create Agent pool?
- VSTS: Use Docker on a Self-Hosted Windows 10 Agent
- Cannot conect to Docker container running in VSTS
- Access container started at Docker Compose step from Hosted Linux Agent on Azure VSTS
- VSTS Agent Issue