Docker Community Forums

Share and learn in the Docker community.

Rights to run Docker via Azure DevOps

  • Issue type:

Rights to run Docker

  • OS Version/build

NAME=“Red Hat Enterprise Linux Server”
VERSION=“7.5 (Maipo)”
ID=“rhel”
ID_LIKE=“fedora”
VARIANT=“Server”
VARIANT_ID=“server”
VERSION_ID=“7.5”

  • App version

Docker version 19.03.3, build cde21d3829

  • Steps to reproduce

Run build from ADO

I am running my Azure DevOps build agent with an account named “account”.

server:Linux:account: /opt/ADOReleaseMark --> docker run hello-world

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:

  1. The Docker client contacted the Docker daemon.
  2. The Docker daemon pulled the “hello-world” image from the Docker Hub.
    (amd64)
  3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
  4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/

For more examples and ideas, visit:
https://docs.docker.com/get-started/

This works as intended. However when I run from a pipeline, I get the following error

docker run hello-world

========================== Starting Command Output ===========================

[command]/usr/bin/bash --noprofile --norc /opt/ADOReleaseMark/_work/_temp/cd98490e-3bcf-480c-a023-bca65cc4fbfb.sh

docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/create: dial unix /var/run/docker.sock: connect: permission denied.

See ‘docker run --help’.

##[error]Bash exited with code ‘126’.

The account is an AD account and not a local account. Running usermod -a -G docker account gives me the following error.

usermod: user ‘account’ does not exist

So to get around this I hard coded account into the group file. This allowed me to run docker hello, however I still get the same error when running from Azure DevOps.

Any thoughts on how I can allow anyone to call docker?

TIA,

Well it isn’t exactly what I wanted to do, however issuing the following command fixed the problem.

sudo chmod 666 /var/run/docker.sock

Thanks,

This is a bit late, but just in case someone else runs into this…

You shouldn’t actually need to do sudo to do that. Basically, what’s happening here, is that your system that you’re using (presumably Linux) doesn’t have the account that you setup for the agent as a Service to have access to the destination folders (as the default for using the docker folders is generally located in a place where you need Administrative access). What you’ll need to do, is something like this:

either make a daemon.json file to specify the account that you’re using as the User Account for the network service should be permitted to use the daemon, or you whatever User Account you end up using needs to have administrative access on the OS, or at least access to said folder.

I suppose a third way, could be if you are using Docker Desktop rather than Docker Engine, is to have Docker installed somewhere that doesn’t need administrative access, but I haven’t really messed with doing something like that too much, so I cannot say for certain.