[JIRA] [docker-build-publish-plugin] (JENKINS-24338) Issues with docker permissions
Title: Message Title Michael Neale commented on JENKINS-24338 Re: Issues with docker permissions @jdmulloy - the one for the docker build publish plugin. — NOTE Following notes appear to be missing due to data loss from issue tracker (from joseph): With Docker 1.7.1 on CentOS 7 I had to edit the SocketGroup setting in /usr/lib/systemd/system/docker.socket [Unit] Description=Docker Socket for the API PartOf=docker.service [Socket] ListenStream=/var/run/docker.sock SocketMode=0660 SocketUser=root SocketGroup=jenkins [Install] WantedBy=sockets.target Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [docker-build-publish-plugin] (JENKINS-24338) Issues with docker permissions
Title: Message Title Joseph Mulloy commented on JENKINS-24338 Re: Issues with docker permissions Michael Neale Which README is that? Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [docker-build-publish-plugin] (JENKINS-24338) Issues with docker permissions
Title: Message Title Joseph Mulloy commented on JENKINS-24338 Re: Issues with docker permissions With Docker 1.7.1 on CentOS 7 I had to edit the SocketGroup setting in /usr/lib/systemd/system/docker.socket [Unit] Description=Docker Socket for the API PartOf=docker.service [Socket] ListenStream=/var/run/docker.sock SocketMode=0660 SocketUser=root SocketGroup=jenkins [Install] WantedBy=sockets.target Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [docker-build-publish-plugin] (JENKINS-24338) Issues with docker permissions
Title: Message Title
Joseph Mulloy edited a comment on JENKINS-24338
Re: Issues with docker permissions
WithDocker1.7.1onCentOS7IhadtoedittheSocketGroupsettingin/usr/lib/systemd/system/docker.socket{code}[Unit]Description=DockerSocketfortheAPIPartOf=docker.service[Socket]ListenStream=/var/run/docker.sockSocketMode=0660 SocketUser=rootSocketGroup=jenkins[Install]WantedBy=sockets.target{code}
Add Comment
This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265)
--
You received this message because you are subscribed to the Google Groups Jenkins Issues group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[JIRA] [docker-build-publish-plugin] (JENKINS-24338) Issues with docker permissions
Title: Message Title Michael Neale commented on JENKINS-24338 Re: Issues with docker permissions Joseph - interesting. Perhaps that is worth a PR to the readme as systemd setups like that are probably becoming pretty common - and locking down the socket is the right thing to do? Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [docker-build-publish-plugin] (JENKINS-24338) Issues with docker permissions
Mike Saffitz commented on JENKINS-24338 Issues with docker permissions Just a note that the solution Valeri Golubev posted fixed the issue for me. This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [docker-build-publish-plugin] (JENKINS-24338) Issues with docker permissions
Michael Neale resolved JENKINS-24338 as Wont Fix Issues with docker permissions Closing this as work-around seems the "correct" thing to do. Change By: Michael Neale (25/Feb/15 8:47 PM) Status: Open Resolved Resolution: WontFix This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [docker-build-publish-plugin] (JENKINS-24338) Issues with docker permissions
Valeri Golubev commented on JENKINS-24338 Issues with docker permissions I had the same issue, as described earlier, that docker container was successfully running under 'su - jenkins' but failed when executing by script build step. Versions: jenkins: 1.555 os: CentOS release 6.6 (Final) docker: Docker version 1.3.2, build 39fa2fa/1.3.2 I found a work-around, that probably can be helpful to further clarify the issue. In order to allow jenkins to create and manage docker containers via 'execute script' build step, you can configure docker service to apply 'jenkins' group ownership to the socket, rather than adding jenkins user to the default-used 'docker' group. This configuration can be achieved by adding the '-G jenkins' arguments to the docker service config file. For example, on centos6, I updated the following file: cat /etc/sysconfig/docker Docker Upstart and SysVinit configuration file Customize location of Docker binary (especially for development testing). DOCKER="/usr/bin/docker" 0 Use DOCKER_OPTS to modify the daemon startup options. DOCKER_OPTS=' --host=unix:///var/run/docker.sock --restart=false -g /opt/app/jenkins/docker -G jenkins' and it resulted to the following permissions: srw-rw 1 root jenkins 0 Jan 5 12:22 docker.sock This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [docker-build-publish-plugin] (JENKINS-24338) Issues with docker permissions
Valeri Golubev edited a comment on JENKINS-24338 Issues with docker permissions I had the same issue, as described earlier, that docker container was successfully running under 'su - jenkins' but failed when executing by script build step. Versions: jenkins: 1.555 os: CentOS release 6.6 (Final) docker: Docker version 1.3.2, build 39fa2fa/1.3.2 I found a work-around, that probably can be helpful to further clarify the issue. In order to allow jenkins to create and manage docker containers via 'execute script' build step, you can configure docker service to apply 'jenkins' group ownership to the socket, rather than adding jenkins user to the default-used 'docker' group. This configuration can be achieved by adding the '-G jenkins' arguments to the docker service config file. For example, on centos6, I updated the following file: cat /etc/sysconfig/docker Docker Upstart and SysVinit configuration file Customize location of Docker binary (especially for development testing). DOCKER="/usr/bin/docker" 0 Use DOCKER_OPTS to modify the daemon startup options. DOCKER_OPTS=' --host=unix:///var/run/docker.sock --restart=false -g /opt/app/jenkins/docker -G jenkins' and it resulted to the following permissions: srw-rw 1 root jenkins 0 Jan 5 12:22 docker.sock This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [docker-build-publish-plugin] (JENKINS-24338) Issues with docker permissions
Valeri Golubev edited a comment on JENKINS-24338 Issues with docker permissions I had the same issue, as described earlier, that docker container was successfully running under 'su - jenkins' but failed when executing by script build step. Versions: jenkins: 1.555 os: CentOS release 6.6 (Final) docker: Docker version 1.3.2, build 39fa2fa/1.3.2 I found a work-around, that probably can be helpful to further clarify the issue. In order to allow jenkins to create and manage docker containers via 'execute script' build step, you can configure docker service to apply 'jenkins' group ownership to the socket, rather than adding jenkins user to the default-used 'docker' group. This configuration can be achieved by adding the '-G jenkins' arguments to the docker service config file. For example, on centos6, I updated the following file: cat /etc/sysconfig/docker # Docker Upstart and SysVinit configuration file # Customize location of Docker binary (especially for development testing). DOCKER="/usr/bin/docker" 0 # Use DOCKER_OPTS to modify the daemon startup options. DOCKER_OPTS=' --host=unix:///var/run/docker.sock --restart=false -g /opt/app/jenkins/docker -G jenkins' and it resulted to the following permissions: srw-rw 1 root jenkins 0 Jan 5 12:22 docker.sock This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [docker-build-publish-plugin] (JENKINS-24338) Issues with docker permissions
Adam Duro commented on JENKINS-24338 Issues with docker permissions I am running into this same problem. Did anyone find a resolution? This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [docker-build-publish-plugin] (JENKINS-24338) Issues with docker permissions
Adam Duro
commented on JENKINS-24338
Issues with docker permissions
I have confirmed all of the same things as OP. Jenkins is in docker group, and I can even run the exact same docker commands as the jenkins user when I run them directly on the shell.
Here is the output of my job:
Started by user anonymous
Building in workspace /var/lib/jenkins/jobs/Angemo_Test/workspace
git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
git config remote.origin.url g...@github.com:zehnergroup/rdi-angemo.git # timeout=10
Fetching upstream changes from g...@github.com:zehnergroup/rdi-angemo.git
git --version # timeout=10
using GIT_SSH to set credentials ZG Jenkins Bot
git fetch --tags --progress g...@github.com:zehnergroup/rdi-angemo.git +refs/heads/*:refs/remotes/origin/*
git rev-parse origin/master^{commit} # timeout=10
Checking out Revision 4df9e9c94199d24b60185e770bf3936e710cc6c0 (origin/master)
git config core.sparsecheckout # timeout=10
git checkout -f 4df9e9c94199d24b60185e770bf3936e710cc6c0
git rev-list 4df9e9c94199d24b60185e770bf3936e710cc6c0 # timeout=10
[workspace] $ /bin/sh -xe /tmp/hudson2446192870282789698.sh
+ docker build --rm=true -t reading/angemo:4 .
Sending build context to Docker daemon
2014/12/20 01:53:04 Post http:///var/run/docker.sock/v1.15/build?rm=1t=reading%2Fangemo%3A4: dial unix /var/run/docker.sock: permission denied
Build step 'Execute shell' marked build as failure
Finished: FAILURE
If I "sudo su" into the jenkins user and go to the workspace for the job, and run that same build command, the image builds just fine.
The problem only exists when I try to run the build as part shell script step in the jenkins job.
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
--
You received this message because you are subscribed to the Google Groups Jenkins Issues group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
