在 Ubuntu 服务器上,我正在运行 jenkins docker 容器。出于测试目的,在项目的 jenkins 文件中,我必须运行 postgres 服务器。 我正在尝试按照我的步骤构建一个容器 postegres docker。
但是,我做不到,我收到权限错误:
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.26/containers/json?filters=%7B%22name%22%3A%7B%22vpx_postgres%22%3Atrue%7D%7D: dial unix /var/run/docker.sock: connect: permission denied
下面是我的 Jenkins 文件。 “数据库创建”阶段失败。
def message = "";
def author = "";
def getLastCommitMessage = {
message = sh(returnStdout: true, script: 'git log -1 --pretty=%B').trim()
}
def getGitAuthor = {
def commit = sh(returnStdout: true, script: 'git rev-parse HEAD')
author = sh(returnStdout: true, script: "git --no-pager show -s --format='%an' ${commit}").trim()
}
pipeline {
agent {
docker { image 'starefossen/ruby-node' }
}
stages {
stage('Database creation') {
steps {
sh 'docker ps -f name=project_postgres -q | xargs --no-run-if-empty docker container stop'
sh 'docker container ls -a -fname=project_postgres -q | xargs -r docker container rm'
sh 'docker pull postgres'
sh 'docker run --name project_postgres -e POSTGRES_PASSWORD=secret -e POSTGRES_USER=postgres -p 5432:5432 -d postgres'
}
}
stage('Test') {
steps {
script {
getLastCommitMessage()
getGitAuthor()
}
sh 'RAILS_ENV=test bundle install --jobs 3'
sh 'RAILS_ENV=test yarn install'
sh 'RAILS_ENV=test bundle exec rails db:migrate'
sh 'RAILS_ENV=test bundle exec rspec -f documentation'
}
}
}
post {
failure {
rocketSend channel: 'project-x-ci', emoji: ':x:', message: "Build failed - Commit : '${message}' by ${author}", rawMessage: true
}
}
}
也许问题来自 jenkins docker ?这里是 docker-compose.yml :
version: '2'
services:
jenkins-server:
build: ./
ports:
- 8080:8080
- 50000:50000
volumes:
- /home/xero/jenkins/jenkins_home:/var/jenkins_home
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker
environment:
JENKINS_USER: jenkins
JENKINS_URL: "http://10.0.1.66:8080/"
DOCKER_SOCKET: /var/run/docker.sock
DOCKER_GROUP: dockerhost
DOCKER_HOST: unix:///var/run/docker.sock
restart: always
dns:
- 10.0.1.1
Dockerfile:
FROM jenkinsci/jenkins:latest
USER root
COPY ["entrypoint.sh", "/"]
RUN apt-get update && \
apt-get install sudo && \
chmod 755 /entrypoint.sh
ENTRYPOINT ["/bin/bash","-c","./entrypoint.sh"]
还有我的entrypoint.sh:
#!/bin/bash
if [ -S ${DOCKER_SOCKET} ]; then
DOCKER_GID=$(stat -c '%g' ${DOCKER_SOCKET})
groupadd -for -g ${DOCKER_GID} ${DOCKER_GROUP}
usermod -aG ${DOCKER_GROUP} ${JENKINS_USER}
fi
exec sudo -E -H -u jenkins bash -c /usr/local/bin/jenkins.sh
重要:
HOST(ubuntu) -> JENKINS(docker) -> POSTGRES(docker)
在我的 jenkins docker 容器中,docker 可用,我没有问题。问题是当我从 jenkins 文件在 jenkins 中构建项目时。
因此 JENKINS 容器无法创建其他容器(此处为 POSTGRES 容器)
最佳答案
找出用于运行 jenkins 的用户并将该用户添加到 docker组。
这应该可以解决权限问题。
您可以使用 sudo usermod -aG docker <jenkins-user-name> 将用户添加到 docker 组。
原因信息this is needed :
The docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root and other users can only access it using sudo. The docker daemon always runs as the root user.
If you don’t want to use sudo when you use the docker command, create a Unix group called docker and add users to it. When the docker daemon starts, it makes the ownership of the Unix socket read/writable by the docker group.
关于postgresql - Jenkins docker 许可,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49750244/