It’s unclear whether this is a Docker or Jenkins issue, but it sure feels like something I’m missing with Docker.
I have Jenkins running in a container and using slave containers for my build. This is running in the Google cloud, and I’m using a slave image provided (gcr.io/cloud-solutions-images/jenkins-k8s-slave). This works fine for several builds, but I need to add some things to the build slave container so I can access a test database or use grunt.
I tried two ways. First, I have the Dockerfile used for jenkins-k8s-slave, so I built my own image. Dockerfile unchanged, my slave fails with:
2016-10-20T12:49:56.168304754Z /dev/mapper/control: open failed: Operation not permitted
2016-10-20T12:49:56.168320487Z Failure to communicate with kernel device-mapper driver.
2016-10-20T12:49:56.168323854Z Check that device-mapper is available in the kernel.
2016-10-20T12:49:56.168326881Z Command failed
2016-10-20T12:49:56.173134906Z mount: permission denied
2016-10-20T12:49:56.173299257Z Could not mount /sys/kernel/security.
2016-10-20T12:49:56.173363215Z AppArmor detection and --privileged mode might break.
2016-10-20T12:49:56.193645184Z mkdir: cannot create directory ‘/sys/fs/cgroup/name=systemd’: Read-only file system
2016-10-20T12:49:56.196897668Z mount: mount point /sys/fs/cgroup/name=systemd does not exist
2016-10-20T12:49:56.200724772Z ln: failed to create symbolic link ‘/sys/fs/cgroup/systemd/name=systemd’: Read-only file system
2016-10-20T12:49:56.214796470Z flag provided but not defined: -d
2016-10-20T12:49:56.214855272Z See ‘docker --help’.
2016-10-20T12:49:56.254913759Z /usr/local/bin/wrapdocker: line 113: exec: 24d1091bca4832ec0373d07cc9f727b69bb634dec384c2a7c5f77beb165c6ff1: not found
I also tried to make my own Dockerfile like:
Nothing added for the test
I get exactly the same error when I use this image.
Also, if I look at docker history for my image and the jenkins-k8s-image, they are the same.
What am I missing? Why the security errors in one case and not the other? In theory, I have the same image.