Docker task permission denied
問題
Docker task fails to run with the following appears in the build log:
command 08-Mar-2017 09:17:33 Substituting variable: ${bamboo.working.directory} with /home/bamboo-home/xml-data/build-dir/PROJ-PLAN-JOB1
simple 08-Mar-2017 09:17:33 Starting task 'Build Image' of type 'com.atlassian.bamboo.plugins.bamboo-docker-plugin:task.docker.cli'
command 08-Mar-2017 09:17:33 Beginning to execute external process for build 'Driver API - DAPI Docker - Default Job #2 (PROJ-PLAN-JOB1-2)'\n ... running command line: \n/usr/bin/docker build --force-rm=true --tag=dapi-base /home/bamboo-home/xml-data/build-dir/PROJ-PLAN-JOB1\n ... in: /home/bamboo-home/xml-data/build-dir/PROJ-PLAN-JOB1\n ... using extra environment variables:...
error 08-Mar-2017 09:17:33 Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.26/build?buildargs=%7B%7D&cachefrom=%5B%5D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&forcerm=1&labels=%7B%7D&memory=0&memswap=0&networkmode=default&rm=1&shmsize=0&t=dapi-base&ulimits=null: dial unix /var/run/docker.sock: connect: permission denied
simple 08-Mar-2017 09:17:33 Failing task since return code of [/usr/bin/docker build --force-rm=true --tag=dapi-base /home/bamboo-home/xml-data/build-dir/PROJ-PLAN-JOB1] was 1 while expected 0
error 08-Mar-2017 09:17:33 Error occurred while running Task 'Build Image(2)' of type com.atlassian.bamboo.plugins.bamboo-docker-plugin:task.docker.cli.
error 08-Mar-2017 09:17:33 com.atlassian.bamboo.task.TaskException: Failed to execute task
error 08-Mar-2017 09:17:33 at com.atlassian.bamboo.plugins.docker.service.BuildService.execute(BuildService.java:53)
error 08-Mar-2017 09:17:33 at com.atlassian.bamboo.plugins.docker.tasks.cli.DockerCliTask.execute(DockerCliTask.java:60)
error 08-Mar-2017 09:17:33 at com.atlassian.bamboo.task.TaskExecutorImpl.lambda$executeTasks$3(TaskExecutorImpl.java:317)
error 08-Mar-2017 09:17:33 at com.atlassian.bamboo.task.TaskExecutorImpl.executeTaskWithPrePostActions(TaskExecutorImpl.java:246)
error 08-Mar-2017 09:17:33 at com.atlassian.bamboo.task.TaskExecutorImpl.executeTasks(TaskExecutorImpl.java:317)原因
If the agent where the build fails is:
- Local agent: the user running Bamboo server can’t access the docker engine, because it is lacking permissions to access the UNIX socket to communicate with the engine.
- Remote agent: the user running the remote agent can’t access the docker engine, because it is lacking permissions to access the UNIX socket to communicate with the engine.
ソリューション
Add the user running Bamboo server or agent to the docker group
#if group "docker" doesn't exist sudo groupadd docker #add user to group "docker" sudo usermod -a -G docker $USER- Restart the machine
注意
If the adding the user running Bamboo server or agent to the docker group doesnt work . Please add -G bamboo to the docker daemon so the socket becomes owned by the bamboo user.
https://docs.docker.com/engine/reference/commandline/dockerd/
1) To do this, you will need to edit the Docker service configuration file, which is often located at /lib/systemd/system/docker.service or /etc/systemd/system/docker.service. Use a text editor to open the file:
bash
sudo nano /lib/systemd/system/docker.service
2) Locate the ExecStart line in the file, which typically starts with ExecStart=/usr/bin/dockerd. Add the -G newgroup option to the ExecStart line.
bash
ExecStart=/usr/bin/dockerd -G bamboo -H fd://
3) Save the configuration file and exit the text editor.
Reload Systemd Configuration:
To apply the changes, you should reload the systemd configuration:
bash
sudo systemctl daemon-reload
4) Restart Docker:
Finally, restart the Docker service to have the changes take effect:
bash
sudo systemctl restart docker