The synergy between Jenkins and Docker has revolutionized the development landscape. To harness this power, building Docker images within a Jenkins Docker container lays the foundation for seamless deployment.
To build a Docker image inside a Jenkins Docker container, ensure that Docker is installed on your host machine, which could be your local computer or a server.
Start Jenkins using the Docker image with the following command:
docker run -d -p 9090:8080 -p 50000:50000 -v <your-desired-path>/jenkins_home:/var/jenkins_home --name jenkins_container jenkins/jenkins:lts
For instance:
docker run -d -p 9090:8080 -p 50000:50000 -v /home/bhargav/jenkins_home:/var/jenkins_home --name jenkins_container jenkins/jenkins:lts
Now, to grant access to Docker from the host machine to the Jenkins Docker container, create a new Dockerfile for Jenkins:
FROM jenkins/jenkins:lts
USER root
RUN curl -sSL https://get.docker.com/ | sh
USER jenkins
This Dockerfile ensures that Docker is accessible within the Jenkins container. It starts from the Jenkins LTS image, switches to the root user temporarily to install Docker within the container, and then switches back to the Jenkins user.
This setup allows the Jenkins container to interact with Docker and perform Docker-related operations seamlessly.
Why Configure Docker CLI in Jenkins Container?
To enable the Jenkins container to communicate with the Docker daemon on your host machine, you'll configure the Docker CLI within the Jenkins container to utilize the docker.sock file from your host.
Building Your Custom Docker Image:
Create your own Docker image using the following command:
docker build -t <your-desired-image-name>:<your-desired-tag> .
For example:
docker build -t jenkins-did:1.0 .
Running the Custom Docker Image with Docker Socket Access:
To run this newly created custom Docker image, granting access to the docker.sock file, execute this command:
docker run -p <Your-host-machine-port>:8080 -p <Your-host-machine-port>:50000 -d -v /var/run/docker.sock:/var/run/docker.sock -v <your-desired-path>/jenkins_home:/var/jenkins_home --name jenkins <your-image-name>:<your-image-tag>
For instance:
docker run -p 9090:8080 -p 50000:50000 -d -v /var/run/docker.sock:/var/run/docker.sock -v /home/bhargav/jenkins_home:/var/jenkins_home --name jenkins jenkins-did:1.0
This command launches the Jenkins container from your custom Docker image, linking the docker.sock file from the host machine to the container. It allows Jenkins within the container to execute Docker commands seamlessly.
Opening an Interactive Shell in the Jenkins Container as Root:
To access an interactive shell inside the running Jenkins container with root user privileges, use the following command:
docker exec -it -u root <your-container-id> bash
For example:
docker exec -it -u root 2af4d405e0f5 bash
This command (docker exec) allows you to execute a command (bash) interactively (-it) within the specified container, running as the root user (-u root).
Running Docker Commands within the Jenkins Container:
Once you're inside the container with the interactive shell as root, you can now run Docker-related commands directly within the Jenkins container to interact with Docker functionalities.
For example, you can try commands like docker ps, docker images, or any other Docker command to interact with the Docker daemon from within the Jenkins container.
While we're capable of viewing the containers running on the host machine, Jenkins operates with its distinct user, 'Jenkins,' instead of the root user. Executing a 'su - jenkins' command and then attempting any Docker command, such as 'docker images,' results in a permission issue.
To address this effectively, reverting to the root user is the initial step. Checking the permissions of the 'docker.sock' file becomes pivotal in solving this. To do so, run the following command within your container:
ls -l /var/run/docker.sock
This command allows assessment of the permissions associated with the 'docker.sock' file.
In my case, the user is 'root,' and the group is 'systemd-journal,' but your system may have different user and group configurations. Executing the 'cat /etc/group' command reveals that the 'systemd-journal' group does not include the Jenkins user. To grant the Jenkins user access to the Docker functionalities, we need to add this user to the 'systemd-journal' group using the following command:
gpasswd -a jenkins <group-that-has-access-to-docker>
For example:
gpasswd -a jenkins systemd-journal
After running this command, executing 'cat /etc/group' will display an updated output, reflecting the inclusion of the Jenkins user within the 'systemd-journal' group.
Exit the container by using the 'exit' command and proceed to restart the Docker container with the 'docker restart <container-id>' command.
After restarting, re-access the interactive shell as previously instructed and log in as the 'jenkins' user using the 'su - jenkins' command. Then, attempt to execute the 'docker images' command or any other desired Docker command.
This step helps in verifying whether the 'jenkins' user now possesses the necessary permissions to execute Docker commands within the container.
Hooray, we've unlocked Docker's magic within Jenkins! ๐๐ป Now, Docker's at your fingertips inside Jenkins โ ready to dance to your commands! ๐๐ณ
Thanks for reading.
Confused about TLS certificate and how it works? look here: Working of TLS Certificate
Please drop suggestion if any or connect here.
Happy New Year! ๐๐ฅณ May this year be filled with joy, success, and endless opportunities! ๐โจ Cheers to a fantastic year ahead! ๐๐