How to solve Docker permission error when trigger by Jenkins

Question

My Jenkins is not run in Docker container, just tradional install to VPS. I got the following error when executing a simple test project. I am using Ubuntu 14, java 7, and stable Jenkins. I tried all methods I can find on google, but can't get it work.

I am trying to execute this shell

docker build --pull=true -t nick/hello-jenkins:$GIT_COMMIT .

After code change.

Here is error:

Got permission denied while trying to connect to the Docker daemon socket at unix: ....

Started by user nicolas xu
Building in workspace /var/lib/jenkins/workspace/hello-Jenkins
 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.com/nicolasxu/hello-nick-jenkins.git # timeout=10
Fetching upstream changes from https://github.com/nicolasxu/hello-nick-jenkins.git
 > git --version # timeout=10
 > git fetch --tags --progress https://github.com/nicolasxu/hello-nick-jenkins.git +refs/heads/*:refs/remotes/origin/*
 > git rev-parse refs/remotes/origin/master^{commit} # timeout=10
 > git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
Checking out Revision d94ae21a8a2cf58ffc790dcad15bd851fb17df5a (refs/remotes/origin/master)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f d94ae21a8a2cf58ffc790dcad15bd851fb17df5a
 > git rev-list d94ae21a8a2cf58ffc790dcad15bd851fb17df5a # timeout=10
[hello-Jenkins] $ /bin/sh -xe /tmp/hudson5076309502904684976.sh
+ docker build --pull=true -t nick/hello-jenkins:d94ae21a8a2cf58ffc790dcad15bd851fb17df5a .
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.27/build?buildargs=%7B%7D&cachefrom=%5B%5D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&labels=%7B%7D&memory=0&memswap=0&networkmode=default&pull=1&rm=1&shmsize=0&t=nick%2Fhello-jenkins%3Ad94ae21a8a2cf58ffc790dcad15bd851fb17df5a&ulimits=null: dial unix /var/run/docker.sock: connect: permission denied
Build step 'Execute shell' marked build as failure
Finished: FAILURE

I can run 'docker' in console as root no problem, why jenkins can't try a shell command which runs 'docker'? What is going on? Totally confused.......

I'm voting to close this question as off-topic because this guy is handing out credentials to his Jenkins server asking about Docker issues which are related to running the Docker daemon as root. If this already hasn't been hacked, I'd be amazed to wake up next morning to a world where it hasn't. — Esko, Jun 08 '17 at 19:50
(off-topic was the least-wrong category I could find from the options, sorry for that) — Esko, Jun 08 '17 at 19:50
@NicolasS.Xu, please change your user name and password that you had posted here. — Robert, Jun 08 '17 at 19:53
If you are having the issue with a remote node, and have update the group but still get the error you can restart Jenkins as mentioned above, or just disconnect and reconnect the node for a faster less impactful approach. — James Taylor, Mar 09 '22 at 22:56

Robert · Accepted Answer · 2018-02-06T11:43:18.930

61

In your VPS server terminal, do this to add your jenkins user to the docker group:

sudo usermod -aG docker jenkins

Then restart your jenkins server to refresh the group.

Take into account any security issue that this could produce:

Warning: The docker group grants privileges equivalent to the root user. For details on how this impacts security in your system, see Docker Daemon Attack Surface.

Refer to the docs

Edit (mentioned by @iger): Just make sure to restart the Jenkins from command-line (i.e. sudo service jenkins restart), but not through the rest endpoint (http:///restart)

edited Feb 06 '18 at 11:43

answered Jun 08 '17 at 19:33

Robert

29,597
6
79
88

tried, doesn't work. Same error "Got permission denied while trying to connect to the Docker daemon socket" – Nicolas S.Xu Jun 08 '17 at 19:40
Is it because of my Docker, not my Jenkins? – Nicolas S.Xu Jun 08 '17 at 19:41
2

Restart your jenkins service in order to get the groups impacted – Robert Jun 08 '17 at 19:51
3

It works after restart Jenkins. Thank you so much!! I'll read the doc you provided in your answer. – Nicolas S.Xu Jun 08 '17 at 20:03
12

Just make sure to restart the Jenkins from command-line (i.e. sudo service jenkins restart), but not through the rest endpoint (http:///restart) – Iger Feb 06 '18 at 11:36
You saved by life. – Ramesh Murugesan Jul 26 '18 at 14:06
I am getting this error to add jenkins - **"usermod: user 'jenkins' does not exist"** – Shamim Sep 17 '19 at 05:04
2

Actually, you need to check the user of Jenkins, for example, if you use the codebase distribution, need to use `sudo usermod -aG docker cloudbees-jenkins-distribution`. you can check it by list user: `sudo cat /etc/passwd` – Xin Meng Sep 29 '19 at 16:44

score 3 · Answer 2 · answered Jun 21 '20 at 05:37

3

Running

sudo usermod -aG docker jenkins

and then

sudo service jenkins restart

worked perfectly for me.

answered Jun 21 '20 at 05:37

mindfulDoubt

31
2

Denys Bushulyak · Answer 3 · 2018-05-18T21:39:17.800

2

Add user to docker group as it described here.
Start jenkins with this command: docker run -d -u root --restart on-failure -p "8080:8080" -p "50000:50000" -v $PWD/jenkins-data:/var/jenkins_home -v /var/run/docker.sock:/var/run/docker.sock jenkinsci/blueocean

root user required because without it you will not be able to execute root task, example: apk update && apk install ...

edited May 18 '18 at 21:39

answered May 18 '18 at 20:48

Denys Bushulyak

147
1
5

I think op said the Jenkins instance is not run in a docker container – vbhakta Oct 01 '18 at 18:53
Step 2 does not need Step 1 because step 2 runs jenkins directly with root user and has a serious security issue. – raxetul Nov 05 '20 at 14:21

How to solve Docker permission error when trigger by Jenkins

3 Answers3

Linked