我正在使用fabric8的docker-maven-plugin构建并推送我的docker映像。我做类似的事情:
mvn docker:build
。但这是我的问题。
我让Jenkins运行在Docker Swarm中。
docker service create --name jenkins -p 8080:8080 -p 50000:50000 --replicas=1 --mount type=volume,src=jenkins_home,dst=/var/jenkins_home --mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock jenkins/jenkins
请注意,我已经从主机的/var/run/docker.sock到容器的/var/run/docker.sock进行了绑定安装。
然后我通过运行以下命令在容器内安装Docker二进制文件:
apt-get update && apt-get -y install apt-transport-https ca-certificates \
curl gnupg2 software-properties-common && \
curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg > /tmp/dkey; apt-key add /tmp/dkey && \
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") $(lsb_release -cs) stable" && \
apt-get update && \ apt-get -y install docker-ce=18.06.1~ce~3-0~debian
最后,我将jenkins用户添加到docker组
useradd -G {docker} jenkins
实际上,我将使用上述命令以jenkins/jenkins映像作为我的根来构建自己的docker映像。
然后我登录到Jenkins,创建我的管道,如下所示
node {
def mvnHome
stage('Preparation') { // for display purposes
git branch: 'branch', credentialsId: 'id', url: 'https://url'
mvnHome = tool 'm3'
env.JAVA_HOME="${tool 'java8'}"
env.DOCKER_HOST="unix://var/run/docker.sock"
env.PATH="${env.JAVA_HOME}/bin:${env.PATH}"
}
stage('Build Docker Image') {
dir('rms-donation-manager') {
sh "'${mvnHome}/bin/mvn' clean install docker:build"
}
}
}
运行管道时,出现以下错误:
+ /var/jenkins_home/tools/hudson.tasks.Maven_MavenInstallation/m3/bin/mvn clean install docker:build
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building donation-manager 1.0.3-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- docker-maven-plugin:0.28.0:build (default-cli) @ donation-manager ---
Apr 07, 2019 3:21:24 AM org.apache.http.impl.execchain.RetryExec execute
INFO: I/O exception (java.io.IOException) caught when processing request to {}->unix://127.0.0.1:1: Permission denied
Apr 07, 2019 3:21:24 AM org.apache.http.impl.execchain.RetryExec execute
INFO: Retrying request to {}->unix://127.0.0.1:1
Apr 07, 2019 3:21:24 AM org.apache.http.impl.execchain.RetryExec execute
INFO: I/O exception (java.io.IOException) caught when processing request to {}->unix://127.0.0.1:1: Permission denied
Apr 07, 2019 3:21:24 AM org.apache.http.impl.execchain.RetryExec execute
INFO: Retrying request to {}->unix://127.0.0.1:1
Apr 07, 2019 3:21:24 AM org.apache.http.impl.execchain.RetryExec execute
INFO: I/O exception (java.io.IOException) caught when processing request to {}->unix://127.0.0.1:1: Permission denied
Apr 07, 2019 3:21:24 AM org.apache.http.impl.execchain.RetryExec execute
INFO: Retrying request to {}->unix://127.0.0.1:1
[ERROR] DOCKER> Cannot create docker access object [Permission denied]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 4.554 s
[INFO] Finished at: 2019-04-07T03:21:24Z
[INFO] Final Memory: 17M/175M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal io.fabric8:docker-maven-plugin:0.28.0:build (default-cli) on project donation-manager: Cannot create docker access object: Permission denied -> [Help 1]
注意詹金斯(Jenkins)运行的命令
/var/jenkins_home/tools/hudson.tasks.Maven_MavenInstallation/m3/bin/mvn clean install docker:build
它使用我在Jenkins管道中使用的maven工具'm3'并运行maven命令mvn clean install docker:build及其抱怨权限
这里是踢人。我进入詹金斯容器
docker exec -it ec4be3dffa62 /bin/bash
请注意,我不是root用户,实际上我是jenkins用户。然后,我进入pom.xml文件所在的项目并运行
/var/jenkins_home/tools/hudson.tasks.Maven_MavenInstallation/m3/bin/mvn clean install docker:build
它有效!!!图像已构建。为什么当我在容器中而不是从jenkins ui运行它时,它为什么起作用? jenkins UI是否使用其他用户?
答案 0 :(得分:0)
在上述序列中,首先启动了Jenkins,然后在docker组中添加了jenkins用户。在这种情况下,Jenkins服务器不会反映更改。但是当您手动执行时,此时jenkins已添加到docker组。要进行测试-创建一个测试作业并执行脚本“ id -a”。这将显示该时间点用户Jenkins的群组。从容器内部执行相同的cmd。如果存在差异,我建议您使用上述所有安装和useradd创建一个dockerfile,然后启动Jenkins。