unable to invoke DOCKER using JENKINS user - macos

I am trying to run a docker command as part of a jenkins job using shell. I get a standard error stating
"Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.39/images/json: dial unix /var/run/docker.sock: connect: permission denied"
I will require some help on
1. how to find the path where docker is installed which can be added to JENKINS global configuration
2. workaround to fix this permission issue(running as a sudo user/any other specific user)
I have already experimented by adding the JENKINS users to admin group, staff group, made administrator. But, nothing has actually helped. I still get the standard error
Tried the below code on terminal too
sudo -u jenkins docker images
OUTPUT:
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.39/images/json: dial unix /var/run/docker.sock: connect: permission denied
I am expecting to run this code without the error. Only then my jenkins pipeline will be complete.

To find the path where docker is installed, simply run a which docker. Usually, it'll be installed somewhere in the standard PATH already, so probably Jenkins will already have access. As you get the permission denied error message, it looks like Jenkins is already using the correct docker executable.
Depending on the distribution or operating system you are using, you will most likely need to add the jenkins user to a docker group, e.g. sudo usermod -aG docker jenkins. To find out which group you need, run:
$ ls -l /var/run/docker.sock
srw-rw---- 1 root docker 0 Apr 30 16:20 /var/run/docker.sock
In the second line, you see the group that docker.sock is owned by. Add the jenkins user to that group.

Related

Auto Start Docker on Windows reboot

I created a task to autostart docker on windows server using TaskScheduler
referred to https://stackoverflow.com/a/59467740/12768108
As admin created a local "task-executor" user and added it to the administrator group.
As admin added the same user to the docker-users group
Now after logging into the system using another user account(already in the docker users group), I run the task manually from the task scheduler the docker services started with daemon mode and I am able to run all docker commands like "docker ps".
But when restarting the machine it only started two services of docker ie "docker desktop" and "docker desktop backend" and not others, also when tried to run docker ps gives below error
error during connect: This error may indicate that the docker daemon is not running.: Get "http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.24/containers/json": open //./pipe/docker_engine: The system cannot find the file specified.
I have also tried https://github.com/tfenster/dockeraccesshelper but this helps me achieve only point 1 of the description.
Can someone please let me know what i am missing here ?

Failed to start ddev-ssh-agent container: Permission denied on socket

When I start a DDEV-Local project, I get "Failed to start ddev-ssh-agent", and when I use docker logs ddev-ssh-agent I see
Running socat UNIX-LISTEN:/tmp/.ssh-agent/proxy-socket,perm=0666,fork UNIX-CONNECT:/tmp/.ssh-agent/socket
unix_listener: cannot bind to path /tmp/.ssh-agent/socket: Permission denied
2020/04/29 14:50:25 socat[16] E bind(5, {AF=1 "/tmp/.ssh-agent/proxy-socket"}, 30): Permission denied
How can I fix this?
Use this sequence to fix this exact problem:
ddev poweroff
docker volume rm ddev-ssh-agent_dot_ssh ddev-ssh-agent_socket_dir
ddev start
That will repair/replace the docker volumes that store the ssh-agent socket, and seems to resolve this problem.
If you know what sequence of events might have caused this, please comment or open an issue to explain. It is mostly likely caused by using root privileges with ddev, but ddev actively tries to prevent that.

Connecting to Oracle instance running on Docker

I spent more than two days on this and I ran out of ideas and I really hope someone here will be able to help.
I am running docker on my Linux Fedora laptop.
[julian#julian-hp ~]$ docker -v
Docker version 18.06.1-ce, build e68fc7a
I loaded an oracle 12c image from another laptop (running Linux Ubuntu) and ran it using the following command:
docker run --name oracle_12c_201 -p 1521:1521 -p 5500:5500
-v /opt/dev/data/oracle/o12c_201_u02/:/opt/oracle/oradata
-e ORACLE_PWD=admin 12a359cd0528
The container gets created and is displayed as healthy when running docker ps:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
544917a88b6b 12a359cd0528 "/bin/sh -c '/bin/ba…" 2 days ago Up 2 days (healthy) 0.0.0.0:1521->1521/tcp, 0.0.0.0:5500->5500/tcp oracle_12c_201
However when I try to login to my running instance I am getting ORA-01017: Invalid username/password; logon denied message
All of the HOW TOs I found on the internet say that if you do not specify a password when you create the container using docker run the the SYS password will be displayed under this line:
ORACLE PASSWORD FOR SYS, SYSTEM AND PDBADMIN:
There is not such a line in my logs. Note I deleted the container using all possible permutations such following internet articles such as -e "ORACLE_PWD=admin" or not specifying a password at running docker run using sudo nothing worked.
When trying to change the password using below:
docker exec oracle_12c_201 ./setPassword.sh admin
It fails with the following error mesage:
OCI runtime exec failed: exec failed: container_linux.go:348: starting container
process caused "exec: \"./setPassword.sh\": stat ./setPassword.sh:
no such file or directory": unknown
I ran out of ideas. I can see from the logs that the database is up and running but it is useless as long as I cannot connect to it. Note that the same image runs OK and I can connect to it without any problems on my other laptop running Linux Ubuntu. Unfortunately I no longer have the commands that I used to install oracle on that machine.
Thank you in advance for your help.

failing to start docker engine open //./pipe/docker_engine

I'm receiving the following error in docker on windows 10 laptop.
I've try to reinstall and restart but nothing helps.
The docker service is running OK but what i understand that i have a problem with the docker daemon (from what i read)
The whole issue started when i run the 2 commands:
net stop com.docker.service
net start com.docker.service
from there on i keep getting the error below and cannot solve it.
C:\Users\xxxx>docker images error during connect: Get
http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.30/images/json: open
//./pipe/docker_engine: The system cannot find the file specified. In
the default daemon configuration on Windows, the docker client must be
run elevated to connect. This error may also indicate that the docker
daemon is not running.
anyone succeed to solve it?
docker client must be run elevated to connect
This indicates that you do not have enough permissions. Try starting the terminal as administrator.
I run Docker remotely as a non admin user.
For this the user running docker should have full permission to location where Docker is installed.
User should be part of docker_users group
docker daemon runs on port 2375 by default. Try to whitelist this port. Allow incoming connections to 2375 in Windows Firewall settings
Restart your docker daemon and Docker service.
Restart the running Docker instance[Docker for Windows] if required. You do not have to reinstall.

What is the default Jenkins password?

I'm using a EC2 server instance. Used the following to install Jenkins:
wget -q -O - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add -
sudo sh -c 'echo deb http://pkg.jenkins-ci.org/debian binary/ > /etc/apt/sources.list.d/jenkins.list'
sudo apt-get update
sudo apt-get install jenkins
but I need to install software on the Jenkins server so in my EC2 instance I did
sudo –s –H –u jenkins
to get into the jenkins server.
Then I tried to do
sudo cabal install quickcheck
but it prompted me for jenkins password.
I've been searching around the internet for 4hrs now and nothing is helping me get administrative privilege in the jenkins server.
So I'm building my project using the following command in shell:
sudo cabal clean
sudo cabal configure
sudo cabal build
sudo cabal install
This is the error I'm getting:
Started by timer
Building in workspace /var/lib/jenkins/jobs/Finance/workspace
Checkout:workspace / /var/lib/jenkins/jobs/Finance/workspace - hudson.remoting.LocalChannel#eea6dc
Using strategy: Default
Last Built Revision: Revision b638e2182dece0ef1a40232b1d75fa3ae5c01a5d (origin/master)
Fetching changes from 1 remote Git repository
Fetching upstream changes from origin
Commencing build of Revision b638e2182dece0ef1a40232b1d75fa3ae5c01a5d (origin/master)
Checking out Revision b638e2182dece0ef1a40232b1d75fa3ae5c01a5d (origin/master)
[workspace] $ /bin/sh -xe /tmp/hudson3500373817395137440.sh
+ sudo cabal clean
sudo: no tty present and no askpass program specified
Sorry, try again.
sudo: no tty present and no askpass program specified
Sorry, try again.
sudo: no tty present and no askpass program specified
Sorry, try again.
sudo: 3 incorrect password attempts
Build step 'Execute shell' marked build as failure
Sending e-mails to: ***#gmail.com
ERROR: Could not connect to SMTP host: localhost, port: 25
javax.mail.MessagingException: Could not connect to SMTP host: localhost, port: 25;
nested exception is:
java.net.ConnectException: Connection refused
at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1934)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:638)
at javax.mail.Service.connect(Service.java:295)
at javax.mail.Service.connect(Service.java:176)
at javax.mail.Service.connect(Service.java:125)
at javax.mail.Transport.send0(Transport.java:194)
at javax.mail.Transport.send(Transport.java:124)
at hudson.tasks.MailSender.execute(MailSender.java:116)
at hudson.tasks.Mailer.perform(Mailer.java:117)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:19)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:814)
at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:786)
at hudson.model.Build$BuildExecution.post2(Build.java:183)
at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:733)
at hudson.model.Run.execute(Run.java:1592)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:46)
at hudson.model.ResourceController.execute(ResourceController.java:88)
at hudson.model.Executor.run(Executor.java:237)
Caused by: java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391)
at java.net.Socket.connect(Socket.java:579)
at com.sun.mail.util.SocketFetcher.createSocket(SocketFetcher.java:286)
at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:231)
at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1900)
... 17 more
Finished: FAILURE
Here is how you can fix it:
Stop Jenkins
Go go edit /var/lib/jenkins/config.xml
Change <useSecurity>true</useSecurity> to false
Restart Jenkins: sudo service jenkins restart
Navigate to the Jenkins dashboard to the "Configure Security" option you likely used before. This time, setup security the same as before, BUT set it to allow anyone to do anything, and allow user signup.
Go to www.yoursite.com/securityRealm/addUser and create a user
Then go change allow anyone to do anything to whatever you actually want users to be able to do. In my case, it is allow logged in users to do anything.
If you installed using apt-get in ubuntu 14.04, you will found the default password in /var/lib/jenkins/secrets/initialAdminPassword location.
Before installing jenkins, create a user named jenkins and set password there. Then after installing jenkins you can use the password you created.
With the default Jenkins installation using Homebrew on macOS this will output the initial password for the admin user:
sudo cat /Users/Shared/Jenkins/Home/secrets/initialAdminPassword
jenkins default administrator password is logged in log file in ubuntu
log file is situated in /var/log/jenkins/jenkins.log folder
password will be placed after this,
Jenkins initial setup is required. An admin user has been created and a password generated.
Please use the following password to proceed to installation:
After Jenkins is installed just run sudo cat /var/lib/jenkins/secrets/initialAdminPassword.
In the Jenkins login page:
User: admin
Password: the output from the above command
On ubuntu 19.04, the default password are stored in the home directory:
cat ~/.jenkins/secrets/initialAdminPassword
The password is present in the log generated by docker run image as shown in the example below.
Jenkins Docker run log
Additionally you can check the directory /var/jenkins_home/secrets/
Its in the file name initialAdminPassword
You can use
cat /var/jenkins_home/secrets/initialAdminPassword
In my case I was using Jenkins Docker Image and I found the initial admin password using this command:
cat ~/secrets/initialAdminPassword
You can always disable security, then go in and re-enable it with the settings you want.
By default, Jenkins account is created without password and with the login shell as /bin/false.
jenkins:x:496:493:Jenkins Continuous Integration Server:/var/lib/jenkins:/bin/false
Change the shell to /bin/bash and you should be able to login without password by sudo su - jenkins.
Command to change the shell is:
chsh -s /bin/bash jenkin
When you install jenkins on your local machine, the default username is admin and password it gets automatically filled.
I was running Jenkins executing java -jar jenkins.war.
In my case Jenkins wrote webroot in an stdout: webroot: $user.home/.jenkins. So admin secret key was placed in a ~/.jenkins/secrets/initialAdminPassword.
I don't believe that the Jenkins user that is installed via apt has a password. If it does, I have never seen documentation. Based on the commands you entered, I am guessing you are using a Debian distro?
Is there any particular reason you must use the jenkins user to do the install instead of the user which was set up when you created your instance?
When installing Jenkins from AWS Marketplace . . .
"A default user "admin"with the instance-id as password is created to secure the Jenkins instance."
On the AWS Console for EC2, with the instance selected, choose the "Usage Instructions" tab:
"AWS Marketplace Usage Instructions
Latest Versions: 2.19.4.2
A default user "admin"with the instance-id as password is created to secure the Jenkins instance. Once the instance is started, copy the public DNS hostname of the server in the AWS Management Console and enter it in your web browser. The welcome screen allows you to request a trial license, start and evaluation, enter a license key, or connect to your instance to Operations Center. Once the license step is done, your instance is fully functional. We recommend enabling security and backups. You can connect with SSH to the server using the "ubuntu"linux user. The JENKINS_HOME is located under "/var/lib/jenkins". Jenkins listens on the following ports: * HTTP 80: through HAProxy, can be configured to use HTTPS:443 instead * Jenkins SSH 2222: primarily for the CloudBees Git Validated Merge Plugin * Jenkins JNLP 10000: communication from Jenkins agents or Jenkins CLI configured to use JNLP protocol. Not exposed by default on security groups."
Similar to the Ubuntu answer above, the Windows admin default password is stored in {jenkins install dir}\secrets\initialAdminPassword file (default install location would it in C:\Program Files (x86)\Jenkins\secrets\initialAdminPassword )
If you don't create a new user when you installed jenkins, then:
user: admin
pass: go to C:\Program Files (x86)\Jenkins\secrets and open the file initialAdminPassword
I am a Mac OS user & following credential pair worked for me:
Username: admin
Password: admin
For me the best method of retrieving admin pass is by executing cat command inside the running container.
docker exec YOUR_JENKINS_CONTAINER cat /var/jenkins_home/secrets/initialAdminPassword
On Windows it can be found in the file "C:\Windows\System32\config\systemprofile\AppData\Local\Jenkins\.jenkins\secrets\initialAdminPassword"
(I know OP specified EC2 server, but this is now the first result on google when searching Jenkins Password)
Jenkins Default username and password
username: admin
And
password available in the root directory .jenkins\secrets\initialAdminPassword just open the file and copy text and paste into password textbox.
Well,
Even I tried to log in with the admin/password which was failed.
So I created my own user like this.
Go to Jenkins home folder (C:\User.jenkins or you can find this in Jenkins server startup logs)
Go to Config file config.xml
set disableSignup to false false
if at all you want to disable login security
4.set ser security to false. true
For mac users: Just run this command
cat ~/.jenkins/secrets/initialAdminPassword
Initial Password of Jenkins is stored in the following directory
cat /var/lib/jenkins/secrets/initialAdminPassword
There are few steps to follow:
Go to the folder: C:\Users\Manjeet\.jenkins .(here in your case, there can be your system name or your name instead of mine)
Open config.xml file using any text editor.(recommended Notepad++)
Go to Line number seven which is like <useSecurity>true</useSecurity>.
So make it change this from true to false.
Save this file and close the window.
Open Command Prompt and start your Jenkins .
(java -jar jenkins.war --httpPort=8085).
Open browser and search for your localhost at your given port number.
(localhost:8085)
You will see it doesn't ask for username and password anymore. Now you have to delete
that existed user and Add new user for setting new username and password.
Steps to make new Admin:
1.Go to people option which present at second number at left hand side below Dashboard
Click on admin option present in a row and than click on delete.
Go to Dashboard, Click on Manage Jenkins, Click on Configure Global Security.
Check the box of Enable security option.
Check the box of Jenkins own user database option and Uncheck Allow user to sign up present just below of it.
6 . Check Logged-in user can do anything option and Uncheck Allow anonymous read access present just below of it.
Make it Save and it will give you a new form for creating new first user. Fill the details correctly and click on Create First Admin User .(it will automatically made a change on that config.xml file just save it. )

Resources