using fabric8 docker-maven-plugin in a Jenkins docker container

Question

I am using fabric8's docker-maven-plugin to build and push my docker image. I do something like:

mvn docker:build

in both my dev environment and Jenkins. But here is my problem.

I have Jenkins running in a docker Swarm.

docker service create --name jenkins -p 8080:8080 -p 50000:50000 --replicas=1 --mount type=volume,src=jenkins_home,dst=/var/jenkins_home --mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock jenkins/jenkins

Notice that I have a bind mount from the host's /var/run/docker.sock to the container's /var/run/docker.sock.

I then install the Docker binaries inside the container by running:

apt-get update && apt-get -y install apt-transport-https ca-certificates \
curl gnupg2 software-properties-common && \
curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg > /tmp/dkey; apt-key add /tmp/dkey && \
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") $(lsb_release -cs) stable" && \
apt-get update && \ apt-get -y install docker-ce=18.06.1~ce~3-0~debian

lastly I add the jenkins user to the docker group

useradd -G {docker} jenkins

In reality I will build my own docker image using the jenkins/jenkins image as my root using the above mentioned commands.

I then login to Jenkins, crate my pipeline as follows

node {
    def mvnHome
    stage('Preparation') { // for display purposes
       git branch: 'branch', credentialsId: 'id', url: 'https://url'
       mvnHome = tool 'm3'
       env.JAVA_HOME="${tool 'java8'}"
       env.DOCKER_HOST="unix://var/run/docker.sock"
       env.PATH="${env.JAVA_HOME}/bin:${env.PATH}"
    }

    stage('Build Docker Image') {
       dir('rms-donation-manager') {
          sh "'${mvnHome}/bin/mvn' clean install docker:build"
       }
    }
}

When I run the pipeline i get the following error:

+ /var/jenkins_home/tools/hudson.tasks.Maven_MavenInstallation/m3/bin/mvn clean install docker:build
[INFO] Scanning for projects...
[INFO] 
[INFO] ------------------------------------------------------------------------
[INFO] Building donation-manager 1.0.3-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO] 
[INFO] --- docker-maven-plugin:0.28.0:build (default-cli) @ donation-manager ---
Apr 07, 2019 3:21:24 AM org.apache.http.impl.execchain.RetryExec execute
INFO: I/O exception (java.io.IOException) caught when processing request to {}->unix://127.0.0.1:1: Permission denied
Apr 07, 2019 3:21:24 AM org.apache.http.impl.execchain.RetryExec execute
INFO: Retrying request to {}->unix://127.0.0.1:1
Apr 07, 2019 3:21:24 AM org.apache.http.impl.execchain.RetryExec execute
INFO: I/O exception (java.io.IOException) caught when processing request to {}->unix://127.0.0.1:1: Permission denied
Apr 07, 2019 3:21:24 AM org.apache.http.impl.execchain.RetryExec execute
INFO: Retrying request to {}->unix://127.0.0.1:1
Apr 07, 2019 3:21:24 AM org.apache.http.impl.execchain.RetryExec execute
INFO: I/O exception (java.io.IOException) caught when processing request to {}->unix://127.0.0.1:1: Permission denied
Apr 07, 2019 3:21:24 AM org.apache.http.impl.execchain.RetryExec execute
INFO: Retrying request to {}->unix://127.0.0.1:1
[ERROR] DOCKER> Cannot create docker access object  [Permission denied]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 4.554 s
[INFO] Finished at: 2019-04-07T03:21:24Z
[INFO] Final Memory: 17M/175M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal io.fabric8:docker-maven-plugin:0.28.0:build (default-cli) on project donation-manager: Cannot create docker access object: Permission denied -> [Help 1]

Notice the command that was run by Jenkins

/var/jenkins_home/tools/hudson.tasks.Maven_MavenInstallation/m3/bin/mvn clean install docker:build

Its using the the maven tool 'm3' which i am using in the Jenkins pipeline and running the maven command mvn clean install docker:build and its complaining about permissions

Here is the kicker. I go into the jenkins container

docker exec -it ec4be3dffa62 /bin/bash

Notice that I am not going in as the root user, I am actually the jenkins user. I then go in to my project where the pom.xml file is located and run

/var/jenkins_home/tools/hudson.tasks.Maven_MavenInstallation/m3/bin/mvn clean install docker:build

And it works!!!! The image is built. Why does it work when i am inside the container, and not when I am running it from the jenkins ui. Is the jenkins UI using a different user?

Answer 1

In above mention sequence first you started Jenkins and then you have added jenkins user in docker group. if this is the case, changes is not reflected for the Jenkins server. but when you are executing manually, at that time jenkins added to docker group. To test - create a test job and execute script "id -a". this will show groups for user Jenkins at that point of time. same cmd execute from inside of container. if there is difference, i would suggest you to create a dockerfile with all above installation and useradd and then start Jenkins.