Develop Reference

Can't connect to docker inside jenkins docker container MacOS

After two full days reading and trying thing, I humbling come here to ask how to make this work, because nothing from the other answers helped me to make this work.
I'm on a macos 10.13.6 (High Sierra)
Running Docker Desktop for mac 2.2.0.5 (43884)
Engine: 19.03.8
Compose 1.25.4
I want to run jenkins to study some pipeline stuff, so this is my ´docker-compose.yml´
version: "3.2"
services:
jenkins:
build:
dockerfile: dockerfile
context: ./build
ports:
- "8080:8080"
- "50000:50000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./data:/var/jenkins_home
First problem is that the image that i'm using jenkins/jenkins:lts does not have a docker client installed, so even mapping the socket through volumes I can't use docker version the output of this command is bash: docker: command not found.
This is my pipeline just for test (from jenkins documentation):
pipeline {
agent { docker { image 'node:6.3' } }
stages {
stage('build') {
steps {
sh 'npm --version'
}
}
}
}
So through this plugin https://plugins.jenkins.io/docker-plugin/ I can go to "Manage Jenkins > Manage Nodes and Clouds > Configure Clouds > Add a new cloud" and on "Docker Cloud details..."
I have the Host URI where I can put "unix:///var/run/docker.sock" that it will use the docker from my host macos to do what jenkins need to do.
I tried all the suggestion from the internet, from create the jenkins user, docker user, put jenkins user on docker group e other stuff but none of them work on the mac.
The big majority of the asked questions is for linux and all of them seems to have solved the problem, but when I try to replicate on the macos it just don't work.
Maybe there is some step that I'm missing, or people already know that they have to do in some of the steps, but i'm failing miserably.
Some of the steps that I tried:
create use user and group jenkins:
sudo dscl . create /Users/jenkins UniqueID 1000 PrimaryGroupID 1000
sudo dscl . create /Groups/jenkins gid 1000
created the group docker:
sudo dscl . create /Groups/docker gid 1001
Added the jenkins user to the docker group
sudo dscl . append /Groups/docker GroupMembership jenkins
Checked if the user really is on the group
$ dsmemberutil checkmembership -u 1000 -g 1001
user is a member of the group
Tried to change the owner of the socket from inside the jenkins container (that's why I was building the image, but it didn't work)
Tried to changer the ownership of the socket on the host macos but it just don't change.
The socket is always with those permissions.
lrwxr-xr-x 1 root daemon 68B Apr 28 10:14 docker.sock -> /Users/metasix/Library/Containers/com.docker.docker/Data/docker.sock

For jenkins, the best is to have agents that will run all jobs and the master that will only do the orchestration jobs.
Some years ago, I build an JNLP agent that register itself to jenkins master, you can check my repo here: https://github.com/jmaitrehenry/docker-jenkins-jnlp
As I say, I made it like 3 years ago and may be a bit outdated.
About your problem, you need to know that Docker for Mac run containers inside a little VM, so when you add a user on MacOS, the VM doesn't have it. And Docker for Mac do a lot a magic to map uid inside your mac with some uid inside containers.
You can try to add the docker client inside your Dockerfile, for that, try to add those steps:
FROM jenkins/jenkins:lts
[...]
# Switch to root as the base image switch to jenkins user
USER root
# Download docker-cli and install it
RUN curl -o docker-ce-cli.deb https://download.docker.com/linux/debian/dists/stretch/pool/stable/amd64/docker-ce-cli_19.03.8~3-0~debian-stretch_amd64.deb && \
dpkg -i docker-ce-cli.deb && \
rm docker-ce-cli.deb
# Switch back to jenkins user
USER jenkins

You need to enable host mode networking by adding network: host to your compose file:
services:
jenkins:
build:
dockerfile: dockerfile
context: ./build
network: host
ports:
- "8080:8080"
- "50000:50000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./data:/var/jenkins_home
This will allow your guest docker container to see the hosts network. The problem is that Docker Desktop for MacOS doesn't support listening over the TCP port. There is a known workaround by using socat. https://www.ivankrizsan.se/2016/05/21/docker-api-over-http-on-mac-os-x-with-docker-for-mac-beta/. Once you have socat set up to route from the docker.socker to TCP 2376 set your Host URI to tcp://0.0.0.0:2376. And of course you will need to create a new Dockerfile to extend the jenkins/jenkins:lts one with FROM jenkins/jenkins:lts and add Docker to the container as suggested in another answer

I ran into the same issue. jenkins user was not able to run docker commands even after adding the user to docker group.
When I checked the permissions on the host machine (MacOS), docker.sock file was owned by root:daemon.
ls -lart /var/run/docker.sock
lrwxr-x--x 1 root daemon 37 Feb 1 14:56 /var/run/docker.sock -> /Users/....
I updated the permissions to 755 and it started working. I am able to run the docker commands on the container as jenkins user.
Please change the host file permissions only for development environment.

is there any way to run a docker image on host from other docker image? [duplicate]

I am using a docker container to build and deploy my software to a collection of ec2's. In the deployment script I build my software and then package it in a docker image. The image is pushed to my private registry, pulled by my production ec2's and then run. So essentially I will need to run docker within a docker container.
The problem is that I can't actually start docker on my container. If I try
service docker start
I get
bash: service: command not found
And if I try
docker -d
I get
2014/10/07 15:54:35 docker daemon: 0.11.1-dev 02d20af/0.11.1; execdriver: native; graphdriver:
[e2feb6f9] +job serveapi(unix:///var/run/docker.sock)
[e2feb6f9] +job initserver()
[e2feb6f9.initserver()] Creating server
2014/10/07 15:54:35 Listening for HTTP on unix (/var/run/docker.sock)
[error] attach_loopback.go:42 There are no more loopback device available.
loopback mounting failed
[e2feb6f9] -job initserver() = ERR (1)
2014/10/07 15:54:35 loopback mounting failed
The service command doesn't exist on the docker container so I can't start docker. I'm not sure what I should be doing now to start docker so I'm a bit stuck here, any help is appreciated.
A bit more information
Host machine is running fedora 20 (will eventually be running amazon linux on an ec2)
Docker container is running centos 7.0
Host is running Docker version 1.2.0, build fa7b24f/1.2.0
Container is running docker-0.11.1-22.el7.centos.x86_64

How about not running 'docker inside docker' and run docker on your host, but from within your docker container? Just mount your docker.sock and docker binary:
docker run -v /var/run/docker.sock:/run/docker.sock -v $(which docker):/bin/docker [your image]
https://github.com/sameersbn/docker-gitlab uses this approach to spin up docker containers, take a look at this image.
You can also take a look at: https://registry.hub.docker.com/u/mattgruter/doubledocker/
UPDATE on july 2016
The most current approach is to use docker:dind image, as described here:
https://hub.docker.com/_/docker/
Short summary:
$ docker run --privileged --name some-docker -d docker:dind
and then:
$ docker run --rm --link some-docker:docker docker info

While in almost all cases I would suggest following #cthulhu's answer and not running "docker in docker", in the cases when you must (e.g. a test suite which tests against multiple docker version), use the following to create additional loopback devices:
#!/bin/bash
for i in {0..6}
do
mknod -m0660 /dev/loop$i b 7 $i
done
(Taken from the thread for Docker Issue #7058)

You can simply run docker inside the docker container using dind. Try this image from Jerome, as follows:
docker run --privileged -t -i jpetazzo/dind
Check this page for more details:
https://github.com/jpetazzo/dind

GItLab CI gives curl: (7) Failed to connect to localhost port 8090: Connection refused

The issue is I get the curl: (7) Failed to connect to localhost port 8090: Connection refused GItLab CI error but this does not happen on my laptop where I get the source html of the webpage. The .gitlab-ci.yml below is a simple reproduction of the issue. I have spent numerous hours trying to figure this out - i'm sure someone else has also.
Aside: This isn't a similar question - since they don't offer a solution.
GitLab Repo: https://gitlab.com/mudassir-ahmed/wordpress-testing-with-gitlab-ci/tree/another-approach but the only file it contains is the .gitlab-ci.yml shown below...
image: docker:stable
variables:
# When using dind service we need to instruct docker, to talk with the
# daemon started inside of the service. The daemon is available with
# a network connection instead of the default /var/run/docker.sock socket.
#
# The 'docker' hostname is the alias of the service container as described at
# https://docs.gitlab.com/ee/ci/docker/using_docker_images.html#accessing-the-services
#
# Note that if you're using the Kubernetes executor, the variable should be set to
# tcp://localhost:2375/ because of how the Kubernetes executor connects services
# to the job container
# DOCKER_HOST: tcp://localhost:2375/
#
# For non-Kubernetes executors, we use tcp://docker:2375/
DOCKER_HOST: tcp://docker:2375/
# When using dind, it's wise to use the overlayfs driver for
# improved performance.
DOCKER_DRIVER: overlay2
services:
- docker:dind
before_script:
- docker info
build:
stage: build
script:
- apk update
- apk add curl
#- hostname -i
- docker container ls
- docker run -d -p 8090:80 --name nginx-server kitematic/hello-world-nginx
- curl localhost:8090 # This works on my laptop but not on a GitLab runner.

Referring to the answer from here : gitlab-ci.yml & docker-in-docker (dind) & curl returns connection refused on shared runner
There are two ways to fix this :
Option 1: Replace localhost in curl localhost:8090 with docker like this curl docker:8090
Option 2:
services:
- name: docker:dind
alias: localhost

docker run -d -p 8090:80 --name nginx-server kitematic/hello-world-nginx
curl localhost:8090 # This works on my laptop but not on a GitLab runner.
Assuming that is your code i think that you should somehow add some timeout between docker run and curl.
I have similar issues some time ago after starting docker container on gitlab runner machine i wasnt able to accces my url to. When i added command which check if container is running for " about one minute " it resolved my problem.
"docker inspect -f {{.State.Running}} " + containerName" but in order to do that check, you should add some additional script

How can I pass ssh credentials to the docker daemon on Mac OS X?

I'd like to have a section like this in my docker-compose.yml file:
services:
thing:
build: git#server.company.com/path/to/project.git
Then I'd like to build it with docker-compose build thing
But when I try that it fails with
ERROR: error fetching: fatal: 'git#server.company.com/path/to/project.git' does not appear to be a git repository
fatal: Could not read from remote repository.
Presumably it's failing because it needs my ssh keys to access the repository and the docker daemon is running in a linux VM which doesn't have access to my keys.
How can I pass a ssh key, or an ssh agent socket to the docker daemon so it can access a private repository?

CI with Gitlab and Digital Ocean

I have my website hosted on Digital Ocean and my repo on gitlab. I do not have an instance of gitlab installed on my Digital Ocean Server. I am just using the .gitlab-ci.yml file.
In my CI script, I ssh into digital ocean, CD into my project and attempt to pull the latest code.
I have also generated an ssh key on the digital ocean server and added it to my ssh-keys on Gitlab.
I'm not sure if there is a firewall that I can't get past or something.
unfortunately, it errors out with this error.
Running with gitlab-ci-multi-runner 1.9.0 (82714ae)
Using Docker executor with image ruby:2.1 ...
Pulling docker image ruby:2.1 ...
Running on runner-4e4528ca-project-1209495-concurrent-0 via runner- 4e4528ca-machine-1484021348-29523945-digital-ocean-4gb...
Cloning repository...
Cloning into '/builds/Rchampin/ryan_the_developer_django'...
Checking out b3783fbf as master...
$ ssh root#myIP
Pseudo-terminal will not be allocated because stdin is not a terminal.
Host key verification failed.
ERROR: Build failed: exit code 1
Here is my CI script.
before_script:
- ssh root#myIP
- cd /home/rchampin/ryan_the_developer_django
pull:
script:
- git pull

You have some optinos to try in this question
ssh -t -t
# or
ssh -T
That should avoid requesting a pseudo terminal.