Execute docker host command inside jenkins docker container

Question

I have a docker container running jenkins. I want inside this container to start other container, so outside this container.

I've tried to start my jenkins controller with :

docker run -v /var/run/docker.sock:/var/run/docker.sock  -v $(which docker):/bin/docker

( As written here : https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/ )

But when inside of my container I try to run a Docker command, I have the typical message

 FATA[0000] Get http://%2Fvar%2Frun%2Fdocker.sock/v1.18/containers/json: dial unix /var/run/docker.sock: 
connect: permission denied. Are you trying to connect to a TLS-enabled daemon without TLS? 

And no way to run docker command inside this container..

I've tried with and without --privileged=true, it still don't work.

If you have any ideas !

Answer 1

A related post to this issue is this one.

However, a few words on this (as I had the same issue). There are two things you need to do: (1) mount docker.sock and (2) have docker service running.

Regarding (1): As mentioned by @yclian you have to put the jenkins user into the docker group.

I followed Adrian Mouat's instruction. He suggests to execute docker commands in a build step with sudo docker run ... The sudo is fine in my scenario, but in general it may be a security issue in that the Jenkins user may get root access to the host and could create containers that mount arbitrary directories on the host.

Regarding (2) and -v $(which docker):/bin/docker in your command. I'm on MacOS. which docker gives me /usr/local/bin/docker/ which is correct, but still docker was not available inside the container. I started the jenkins container with

docker run -p 8080:8080 -p 50000:50000 -v /usr/bin/docker:/usr/bin/docker -v /var/run/docker.sock:/var/run/docker.sock -v /Users/matthaeus/.jenkins_home:/var/jenkins_home -t -i jenkins

If you do not want to do this you have to install the docker engine inside the container, either manually by connecting to it (docker exec -t -i container-id /bin/bash and apt-get install docker-engine) or specifying it in a Dockerfile.

If you have done both your build steps may contain the commands like this sudo docker build -t my-image . and this image will also be available on the host machine.