CircleCI码头工人撰写权限被拒绝了吗?

时间:2019-01-17 10:15:12

标签: docker docker-compose continuous-integration circleci

我正在尝试在ci圈中使用docker compose,以便我可以在工作流程中运行一些组件测试。但是,当我尝试使用docker compose时,出现以下错误:Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.38/containers/json: dial unix /var/run/docker.sock: connect: permission denied /

这是我的圈子ci配置

version: 2
jobs:
  build:
  component_test:
    docker:
    - image: circleci/openjdk:8-jdk
    working_directory: ~/repo
    environment:
      JVM_OPTS: -Xmx3200m
      TERM: dumb
    steps:
    - checkout
    - run:
        name: Install Docker Compose
        command: |
          curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` > ~/docker-compose
          chmod +x ~/docker-compose
          sudo mv ~/docker-compose /usr/local/bin/docker-compose
    - setup_remote_docker:
        docker_layer_caching: true
    - run: |
        set -x
        docker ps
        docker-compose up -d
    - run: |
        ./gradlew cucumber -Dtag="@Local"

输出:     ==== >> sudo groupadd泊坞窗       #!/ bin / bash -eo pipefail     sudo groupadd泊坞窗     ==== >> sudo usermod -aG泊坞窗$ USER       #!/ bin / bash -eo pipefail     sudo usermod -aG码头$ USER     用法:usermod [选项]登录

Options:
  -c, --comment COMMENT         new value of the GECOS field
  -d, --home HOME_DIR           new home directory for the user account
  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
  -f, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -g, --gid GROUP               force use GROUP as new primary group
  -G, --groups GROUPS           new list of supplementary GROUPS
  -a, --append                  append the user to the supplemental GROUPS
                                mentioned by the -G option without removing
                                him/her from other groups
  -h, --help                    display this help message and exit
  -l, --login NEW_LOGIN         new value of the login name
  -L, --lock                    lock the user account
  -m, --move-home               move contents of the home directory to the
                                new location (use only with -d)
  -o, --non-unique              allow using duplicate (non-unique) UID
  -p, --password PASSWORD       use encrypted password for the new password
  -R, --root CHROOT_DIR         directory to chroot into
  -s, --shell SHELL             new login shell for the user account
  -u, --uid UID                 new UID for the user account
  -U, --unlock                  unlock the user account
  -v, --add-subuids FIRST-LAST  add range of subordinate uids
  -V, --del-subuids FIRST-LAST  remove range of subordinate uids
  -w, --add-subgids FIRST-LAST  add range of subordinate gids
  -W, --del-subgids FIRST-LAST  remove range of subordinate gids
  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account

Error: Exited with code 2
Step failed
Error: runner failed
{"Runner":true,"level":"error","msg":"runner failed","task-id":"localbuild-1547728937","time":"2019-01-17T12:42:24Z"}
Task failed
Error: task failed

1 个答案:

答案 0 :(得分:0)

Docker守护程序绑定到Unix套接字而不是TCP端口。默认情况下,Unix套接字是由root用户拥有的,其他用户只能使用sudo访问它。 Docker守护程序始终以root用户身份运行。如果您不想以sudo开头docker命令,请创建一个名为docker的Unix组并将用户添加到其中。 Docker守护程序启动时,它将创建一个可由Docker组成员访问的Unix套接字。

要创建docker组并添加用户:

  1. 创建docker组。
$ sudo groupadd docker
  1. 将您的用户添加到docker组。
$ sudo usermod -aG docker $USER

  1. 注销并重新登录,以便重新评估您的组成员身份。

    如果在虚拟机上进行测试,则可能需要重新启动虚拟机以使更改生效。

    在台式机Linux环境(例如X Windows)上,完全退出会话,然后重新登录。

  2. 验证您可以在没有docker的情况下运行sudo命令。

$ docker ps
相关问题
最新问题