群辉 docker 部署 jenkins之后容器内部执行 docker 命令权限不够的问题
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/images/json": dial unix /var/run/docker.sock: connect: permission denied
参考:https://blog.csdn.net/u014595589/article/details/107028711
宿主机docker文件属组情况:
root@HOHNAS2:/var/run# ls -l
drwx------ 8 root root 200 Dec 21 18:00 docker
-rw-r--r-- 1 root root 5 Dec 21 17:54 docker.pid
drwxr-xr-x 2 root root 40 Dec 21 17:54 docker-share
srw-rw---- 1 root docker 0 Dec 21 17:54 docker.sock
进入到容器内部
root@HOHNAS2:/var/run# docker exec -it cb1e77577502 /bin/bash
jenkins@cb1e77577502:/$ docker images
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/images/json": dial unix /var/run/docker.sock: connect: permission denied
jenkins@cb1e77577502:/$ id jenkins
uid=1000(jenkins) gid=1000(jenkins) groups=1000(jenkins)
jenkins@cb1e77577502:/$ cd /var/run/
jenkins@cb1e77577502:/var/run$ ls -l
total 0
-rw-r--r-- 1 root root 0 Dec 12 13:51 adduser
srw-rw---- 1 root 65536 0 Dec 21 09:54 docker.sock
drwxrwxrwt 1 root root 0 Nov 20 00:00 lock
jenkins@cb1e77577502:/var/run$ exit
从图中可知,docker.sock的属组是65536,由于容器内部没有组id为65536的组,所以显示65536,而jenkins容器内的默认用户是jenkins用户,所以我们需要创建组id为65536的组,把jenkins用户添加到id为65536的组,就能满足jenkins容器访问容器外的docker。
首先以root权限进去jenkins容器:
root@HOHNAS2:/var/run# docker exec -it -u root jenkins bash
root@cb1e77577502:/# groupadd -g 65536 docker
root@cb1e77577502:/# cd /var/run
root@cb1e77577502:/var/run# ls -l
total 0
-rw-r--r-- 1 root root 0 Dec 12 13:51 adduser
srw-rw---- 1 root docker 0 Dec 21 09:54 docker.sock
drwxrwxrwt 1 root root 0 Nov 20 00:00 lock
# 然后把jenkins用户加入到docker组中
root@cb1e77577502:/var/run# gpasswd -a jenkins docker
Adding user jenkins to group docker
root@cb1e77577502:/var/run# exit
exit
root@HOHNAS2:/var/run# docker exec -it cb1e77577502 /bin/bash
jenkins@cb1e77577502:/$ docker images
改完记得重启容器即可
评论区