I am new to docker, so if this is a fairly obvious process that I am missing, I do apologize for the dumb question up front.
I am setting up a continuous integration server using the jenkins
docker image. I did a docker pull jenkins
, and created a user jenkins
to allow me to mount the /var/jenkins_home
in the container to my host's /var/jenkins_home
(also owned by jenkins:jenkins
user).
the problem is that the container seems to define the jenkins
user with uid 102, but my host has the jenkins
user as 1002, so when I run it I get:
docker run --name jenkins -u jenkins -p 8080 -v /var/jenkins_home:/var/jenkins_home jenkins
/usr/local/bin/jenkins.sh: line 25: /var/jenkins_home/copy_reference_file.log: Permission denied
I would simply make the uid for the host's jenkins
user be 102 in /etc/passwd
, but that uid is already taken by sshd. I think the solution is to change the container to use uid 1002 instead, but I am not sure how.
Edit
Actually, user 102 on the host is messagebus, not sshd.
In Jenkins you have to add a new credential with your Docker Hub account details. Go to Credentials → Global → Add credentials and fill out the form with your username and password. Create your Jenkins pipeline.
docker's userns-remap feature allows us to use a default dockremap user. In this scenario, docker engine creates the user dockremap on the host and maps the root user inside a container to this user. For this user, docker also needs to have entries on the host's /etc/subuid and /etc/subgid files.
The ARG directive in Dockerfile defines the parameter name and defines its default value. This default value can be overridden by the --build-arg <parameter name>=<value> in the build command docker build .
You can simply change the UID in /etc/passwd
, assuming that no other user has UID 1002.
You will then need to change the ownership of /var/jenkins_home
on your host to UID 1002:
chown -R jenkins /var/jenkins_home
In fact, you don't even need a jenkins
user on the host to do this; you can simply run:
chown -R 1002 /var/jenkins_home
This will work even if there is no user with UID 1002 available locally.
Another solution is to build your own docker image, based on the Jenkins image, that has an ENTRYPOINT
script that looks something like:
#!/bin/sh
chown -R jenkins /var/jenkins_home
exec "$@"
This will (recursively) chown
/var/jenkins_home
inside the container to whatever UID is used by the jenkins
user (this assumes that your Docker contains is starting as root
, which is true unless there was a USER
directive in the history of the image).
Update
You can create a new image, based on (FROM ...
) the jenkins image, with a Dockerfile that performs the necessary edits to the /etc/passwd
file. But that seems a lot of work for not much gain. It's not clear why you're creating jenkins
user on the host or if you actually need access to the jenkins home directory on the host.
If all you're doing is providing data persistence, consider using a data volume container and --volumes-from
rather than a host volume, because this will isolate the data volume from your host so that UID conflicts don't cause confusion.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With