patterndockerModerate
What are the correct permission settings when running Docker in a Jenkins Pipeline?
Viewed 0 times
thesettingswhataredockerpermissionjenkinsrunningcorrectwhen
Problem
I'm trying to get a new jenkins pipeline together to test new pull requests to our code. I'm using docker with the
Here is a minimum working example:
and
And the
The problem I'm having is that docker is not running as root as I'm used to and instead retaining the user id of the jenkins user from the host machine. This makes it difficult to sudo.
I've tried adding the jenkins user to the containers
ubuntu:14.04 image to simulate our production environment.Here is a minimum working example:
#jenkinsfile
stage('Checkout and provision'){
docker.image('ubuntu:14.04').withRun('-u root'){
checkout scm
sh 'chmod -R 770 ./'
sh './init-script.sh'
}
}and
#init-script.sh
sudo add-apt-repository ppa:ondrej/php
sudo apt-get update -y
sudo apt-get dist-upgrade -y
sudo apt-get install \
apache2 \
php \
php-mysql \
php-xml \
libapache2-mod-auth-mysql \
libapache2-mod-php \
php5-curl \
zip \
htop \
supervisor \
mailutils \
git \
build-essential -y
sudo apt-get autoremove -yAnd the
/etc/sudoers file for the container is as follow:#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
Defaults:jenkins !requiretty
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
jenkins ALL=(ALL:ALL) NOPASSWD:ALLThe problem I'm having is that docker is not running as root as I'm used to and instead retaining the user id of the jenkins user from the host machine. This makes it difficult to sudo.
I've tried adding the jenkins user to the containers
/etc/passwd file and running chmod against that file but don't even have the permissions to dSolution
So after a debug session in chat what is needed is to allow the user running jenkins to be able to
A typical sudoers file on ubuntu could be in
Be warned this allow
This will allow to start the container as root and as such it gives all rights within the container itself by running as uid 0.
Useful resources used aside:
sudo docker passwordless on the docker host. A typical sudoers file on ubuntu could be in
/etc/sudoers.d/jenkinsjenkins_user ALL=(ALL) NOPASSWD:ALLBe warned this allow
jenkins_user to run as root without password any command, a better file should be:jenkins_user ALL=(ALL) NOPASSWD:/full/path/to/docker
jenkins_user ALL=(ALL) NOPASSWD:This will allow to start the container as root and as such it gives all rights within the container itself by running as uid 0.
Useful resources used aside:
- Jenkins docker plugin readme
- How to setup passwordless
sudoon Linux?
Code Snippets
jenkins_user ALL=(ALL) NOPASSWD:ALLjenkins_user ALL=(ALL) NOPASSWD:/full/path/to/docker
jenkins_user ALL=(ALL) NOPASSWD:<other needed command to be run as root>Context
StackExchange DevOps Q#764, answer score: 12
Revisions (0)
No revisions yet.