Jenkins dial unix /var/run/docker.sock: connect: permission denied MacOS
Question
I'm running Jenkins locally and have docker installed on my machine as well.
I have a Jenkins job that uses a Jenkins file to
- Build a maven project
- Build a docker image
- Deploy to docker hub.
I have all the docker plugins installed in Jenkins but when the Build step is executed I get...
Got permission denied while trying to connect to the Docker daemon
socket at unix:///var/run/docker.sock: Post
http://%2Fvar%2Frun%2Fdocker.sock/v1.39/build?
buildargs=%7B%7D&cachefrom=%5B%5D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&labels=%7B%7D&memory=0&memswap=0&networkmode=default&rm=1&session=w6ypm3t1b0qefyxh9omfvntru&shmsize=0&t=app-web&target=&ulimits=null&version=1: dial unix /var/run/docker.sock: connect: permission denied
I cant seem to change permissions on
lrwxr-xr-x 1 macuser staff 72 Jun 30 20:36 docker.sock -> /Users/john/Library/Containers/com.docker.docker/Data/docker.sock
Any help greatly appreciated
2 answers
solution1
2 ACCPTED 2019-07-02 21:24:22
Your main problem because user that being used through Jenkins, probably named jenkins does not have the enough permission to run docker.
So you basically need to make the user join into staff group.
I have answered this question few days ago, the second half of the answer is what you looking for: How to add user to a group from Mac OS X command line?
Please test it and let me know if it does not work for you with the output you got while trying to add the user to the staff group
solution2
1 2019-07-02 21:56:33
With Docker for Mac, inside the container you'll find the docker socket is owned by root (this is part of the embedded LinuxKit VM). I use the following entrypoint inside of my Jenkins container, and run the entrypoint as root, to automatically reconfigure the docker group inside the container to match the group id of the socket file, and then drop from root to the jenkins user before running the Jenkins application itself. This has the advantage of being portable, able to run on any desktop or server environment, without hard coding the docker GID into the container:
#!/bin/sh
# By: Brandon Mitchell <public@bmitch.net>
# License: MIT
# Source Repo: https://github.com/sudo-bmitch/jenkins-docker
set -x
# configure script to call original entrypoint
set -- tini -- /usr/local/bin/jenkins.sh "$@"
# In Prod, this may be configured with a GID already matching the container
# allowing the container to be run directly as Jenkins. In Dev, or on unknown
# environments, run the container as root to automatically correct docker
# group in container to match the docker.sock GID mounted from the host.
if [ "$(id -u)" = "0" ]; then
# get gid of docker socket file
SOCK_DOCKER_GID=`ls -ng /var/run/docker.sock | cut -f3 -d' '`
# get group of docker inside container
CUR_DOCKER_GID=`getent group docker | cut -f3 -d: || true`
# if they don't match, adjust
if [ ! -z "$SOCK_DOCKER_GID" -a "$SOCK_DOCKER_GID" != "$CUR_DOCKER_GID" ]; then
groupmod -g ${SOCK_DOCKER_GID} -o docker
fi
if ! groups jenkins | grep -q docker; then
usermod -aG docker jenkins
fi
# Add call to gosu to drop from root user to jenkins user
# when running original entrypoint
set -- gosu jenkins "$@"
fi
# replace the current pid 1 with original entrypoint
exec "$@"
You can find the full example, including the Dockerfile to install docker and gosu inside the image, at: https://github.com/sudo-bmitch/jenkins-docker
The same concept is in a fix-perms script in my base image that can be applied to other scenarios: https://github.com/sudo-bmitch/docker-base
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.