Docker Community Forums

Share and learn in the Docker community.

Not able to run docker commands in jenkins shell step


(Vikramvi) #1

Hi All,

I’ve Linux VM and have installed Docker on it. Have got jenkins setup on it as well.

When I try to run simple docker commands like

[Test-1-2] $ /bin/sh -xe /tmp/hudson643651586166715818.sh

  • docker run hello-world
    docker: Cannot connect to the Docker daemon. Is the docker daemon running on this host?.
    See ‘docker run --help’.

If I run this command in command prompt , it works perfectly.

Kindly clarify how to make this run with jenkins ?

thanks & regards,
Vikram


(Nathan Le Claire) #2

Does it want sudo docker, e.g. does the script run as a separate user? It’s quite difficult to say without knowing the contents of the script or more about your situation.


(Vikramvi) #3

you are absolutely right.

Even though jenkins session is logged in with sudo ubuntu user ( as I’ve configured jenkins to use ubuntu user database )

when I got the output of command “whoami” , it shows as “Jenkins”

I’m not sure why is it using “Jenkins” user ?

Is there a way to tell docker commands in shell step to use sudo user and not the default “Jenkins” users ?

Thanks,
Vikram


(Nathan Le Claire) #4

Many programs, for instance Postgresql, run as a user which is specifically named after the program. This is done for a variety of reasons including security (finer-grained permissions can be configured for this user) and monitoring (it’s easy to see that processes owned by foo user are using the most memory in commands like top). I’m not 100% sure, but there’s a good chance the scripting and/or Jenkins itself drop down to this user role to perform their actions.

In your case, if you are having the Jenkins user invoke docker commands, it would probably be easiest to add the Jenkins user to the docker group to allow it to invoke Docker commands without needing sudo:

sudo usermod -aG docker Jenkins

Bewarned: All users of the docker group have, effectively, root-level permissions. Therefore, anyone who can run Jenkins jobs on this box could potentially escalate to root due to their access to the Docker CLI.


(Vikramvi) #5

ditto I added Jenkins user to docker yesterday and things went well. ( it strike to me while discussing issue a colleague )

As per your clarifications , after this > Jenkins user has got root-level permissions.

Any good practices you recommend in this scenario ?

Thanks again.

Regards,
Vikram