jenkins script call docker

question:

We're trying to use the docker-build-publish plugin to create a docker image from a Docker file. We're hitting an issue with permissions against the docker service:

Started by an SCM change
[EnvInject] - Loading node environment variables.
Building in workspace /var/lib/jenkins/jenkins-data/jobs/Web Docker Build/workspace
 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url git@github.com:apptentive/web.git # timeout=10
Fetching upstream changes from git@github.com:apptentive/web.git
 > git --version # timeout=10
 > git fetch --tags --progress git@github.com:apptentive/web.git +refs/heads/*:refs/remotes/origin/*
 > git rev-parse origin/master^{commit} # timeout=10
Checking out Revision 4524d546bff7c10f7255a3b04f010af45edff98c (origin/master)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 4524d546bff7c10f7255a3b04f010af45edff98c
 > git rev-list c585ab3d0a9b7dae3ce86ca8e44c6b393836c886 # timeout=10
No credentials provided, so not logging in to the registry.
[workspace] $ docker build -t quay.io/apptentive/web:4524d546bff7c10f7255a3b04f010af45edff98c support/web-base
2014/08/19 23:39:40 Post http:///var/run/docker.sock/build?rm=1&t=quay.io%2Fapptentive%2Fweb%3A4524d546bff7c10f7255a3b04f010af45edff98c: dial unix /var/run/docker.sock: permission denied
Build step 'Docker build and publish' marked build as failure
Finished: FAILURE

We have other jenkins jobs that hit docker on this machine (without sudo) without issue-- the jenkins user is a member of the docker group and the docker group has r/w permissions on the socket.

 

 

 

 

 

effective answer:

I had the same issue, as described earlier, that docker container was successfully running under 'su - jenkins' but failed when executing by script build step.
Versions:
jenkins: 1.555
os: CentOS release 6.6 (Final)
docker: Docker version 1.3.2, build 39fa2fa/1.3.2

I found a work-around, that probably can be helpful to further clarify the issue.

In order to allow jenkins to create and manage docker containers via 'execute script' build step, you can configure docker service to apply 'jenkins' group ownership to the socket, rather than adding jenkins user to the default-used 'docker' group.
This configuration can be achieved by adding the '-G jenkins' arguments to the docker service config file.

For example, on centos6, I updated the following file:

 
cat /etc/sysconfig/docker
# Docker Upstart and SysVinit configuration file

# Customize location of Docker binary (especially for development testing).
DOCKER="/usr/bin/docker"
0
# Use DOCKER_OPTS to modify the daemon startup options.
DOCKER_OPTS=' --host=unix:///var/run/docker.sock --restart=false -g /opt/app/jenkins/docker -G jenkins'

and it resulted to the following permissions:
srw-rw----  1 root      jenkins      0 Jan  5 12:22 docker.sock