Jenkins Docker Container can't access docker.sock

Question

I deployed the standard Jenkins Docker image with docker-compose and this configuration:

deployer:
  image: jenkins
  volumes:
    - "/mnt/jenkins:/var/jenkins_home"
    - "/var/run/docker.sock:/var/run/docker.sock"
  ports:
    - "2375:2375"
    - "8080:8080"
    - "50000:50000"

After reading numerous SO questions I tested added Root to the docker user group with gpasswd -a ${USER} docker and verified that the user inside the Container is Root with docker exec jenkins_deployer echo ${USER}.

When I try to add Docker access inside the Jenkins UI with "Docker URL = unix:///var/run/docker.sock" I get the error message "org.newsclub.net.unix.AFUNIXSocketException: Permission denied (socket: /run/docker.sock)"

How can I give Jenkins access to docker.sock to automatically deploy Docker Containers?

Is docker installed inside your container? Further, you would need to share/mount the docker socket from your host system into your Jenkins container. Personally I do not like the docker-in-docker approaches as they feel quite hacky... I prefer connecting my jenkins master container to a slave which has docker installed and then delegate all docker tasks to that slave. — fishi0x01, Jan 26 '17 at 14:20
I installed the Docker Plugin from the Web GUI inside so it should have all the dependencies to interact with a Docker Socket (I guess?) How would you delegate the docker tasks to a slave? I want to deploy a new Container within the host system that runs the Jenkins Container so the connection between Host Docker API and Container that triggers a deployment has to be made somewhere. — trahloff, Jan 26 '17 at 14:47
Ah sorry my mistake. You right, you are already mounting the docker socket and have docker installed inside the container. My slave use-case is more targeted for container builds. Maybe the permission error is related to some [SELinux restrictions](https://forums.docker.com/t/docker-inside-jenkins-container/3583/3)? — fishi0x01, Jan 26 '17 at 16:07
Have you tried adding `privileged: true` or `network_mode: host` as options for your deployer service? I have occasionally needed one or both of these options when trying to share the Docker socket. Also, you may want to make sure that your *jenkins* user has privileges to access `/var/run/docker.sock`. By default, Jenkins does not run as the root user, even if you start the service using the root user. — Nick Settje, Sep 04 '18 at 08:51

Alex Mougenet · Accepted Answer · 2019-07-15T13:08:40.207

I know I'm two years late, but I ran into the same issue and having this solution would've save me several hours of work.

So I needed to deploy a Jenkins Container that automatically deploys Docker Containers. Here are the files I used to build and run :

Dockerfile

FROM jenkins/jenkins:latest

USER root
RUN apt-get update -qq \
    && apt-get install -qqy apt-transport-https ca-certificates curl gnupg2 software-properties-common
RUN curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
RUN add-apt-repository \
  "deb [arch=amd64] https://download.docker.com/linux/debian \
  $(lsb_release -cs) \
  stable"
RUN apt-get update  -qq \
    && apt-get install docker-ce=17.12.1~ce-0~debian -y

RUN usermod -aG docker jenkins

docker-compose.yml

version: '3'

services:
  jenkins:
    container_name: 'jenkins-container'
    privileged: true
    build: .
    ports:
      - '8080:8080'
      - '50000:50000'
    volumes:
      - jenkins-data:/var/jenkins_home
    restart: unless-stopped

volumes:
  jenkins-data:

Then, in the folder these files are, run the following command :

docker-compose up

When the container is up, use this to start Docker inside :

docker exec -it --user root <CONTAINER_ID>

service docker start

And voilà ! There might be some more optimized solutions, but this works great for me right now.

You can now visit <YOUR_IP>:8080 in a browser to have access to your brand new Jenkins that can run Docker Containers.

Jenkins Docker Container can't access docker.sock

1 Answers1

Linked