【发布时间】:2016-09-05 13:51:38
【问题描述】:
我在 Ubuntu 14.04 机器上安装了 CI 环境,安装了 Jenkins、Gitlab 和 docker 运行时。我配置了一个项目 myproject-hello-world(一个 java/maven 项目)和一个相应的 jenkins 作业,包括对以下目标的调用
(in Jenkins > myproject-hello-world job configuration page)
Invoke top-level Maven targets
clean package docker:build -DskipTests
jenkins 作业失败并出现以下错误:
[ERROR] Failed to execute goal com.spotify:docker-maven-plugin:0.2.3:build (default-cli) on project myproject-hello-world:
Exception caught: java.util.concurrent.ExecutionException: com.spotify.docker.client.shaded.javax.ws.rs.ProcessingException:
org.newsclub.net.unix.AFUNIXSocketException: Permission denied (socket: /run/docker.sock) -> [Help 1]
(see below for the whole console log)
如果我只为 maven 保留 clean package 任务(即删除 docker:build 插件并保持其他所有内容不变),项目构建没有问题,所以我很确定我的 Jenkins+Jdk+Maven+ Gitlab 配置应该没有问题。
另外,如果我在我的开发机器mvn clean package docker:build 上启动,这也可以正常工作,为我的项目正确创建一个 docker 映像。这应该排除 pom.xml 或我的 Dockerfile 中的 docker-maven 插件配置中的问题。
这是在 Jenkins 配置 > 系统配置 > 云/添加云中配置 Jekins Docker 插件的方式:Docker 部分我已经放置了以下配置
Name
docker
Docker URL
http://localhost:4243
Credentials:
None
不清楚我是否必须在“凭据”部分中添加一些内容(可能与“权限被拒绝”错误有关,但如果我不知道我应该在此处放置什么凭据)
这是整个作业的控制台输出
Started by user ...
Building in workspace /var/lib/jenkins/workspace/myproject-hello-world mvn docker build
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url http://myproject.repository:8082/<my username>/myproject-hello-world.git # timeout=10
Fetching upstream changes from http://myproject.repository:8082/<my username>/myproject-hello-world.git
> git --version # timeout=10
using .gitcredentials to set credentials
> git config --local credential.username <my username> # timeout=10
> git config --local credential.helper store --file=/tmp/git4397825852307959267.credentials # timeout=10
> git -c core.askpass=true fetch --tags --progress http://myproject.repository:8082/<my username>/myproject-hello-world.git +refs/heads/*:refs/remotes/origin/*
> git config --local --remove-section credential # timeout=10
> git rev-parse refs/remotes/origin/master^{commit} # timeout=10
> git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
Checking out Revision 456503c176851863d8398df83385305687aef9b3 (refs/remotes/origin/master)
> git config core.sparsecheckout # timeout=10
> git checkout -f 456503c176851863d8398df83385305687aef9b3
> git rev-list 456503c176851863d8398df83385305687aef9b3 # timeout=10
[myproject-hello-world mvn docker build] $ mvn clean package docker:build -DskipTests
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building myproject-hello-world 0.0.1-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ myproject-hello-world ---
[INFO] Deleting /var/lib/jenkins/workspace/myproject-hello-world mvn docker build/target
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ myproject-hello-world ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 1 resource
[INFO] Copying 0 resource
[INFO]
[INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ myproject-hello-world ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 2 source files to /var/lib/jenkins/workspace/myproject-hello-world mvn docker build/target/classes
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ myproject-hello-world ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /var/lib/jenkins/workspace/myproject-hello-world mvn docker build/src/test/resources
[INFO]
[INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ myproject-hello-world ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 1 source file to /var/lib/jenkins/workspace/myproject-hello-world mvn docker build/target/test-classes
[INFO]
[INFO] --- maven-surefire-plugin:2.18.1:test (default-test) @ myproject-hello-world ---
[INFO] Tests are skipped.
[INFO]
[INFO] --- maven-jar-plugin:2.5:jar (default-jar) @ myproject-hello-world ---
[INFO] Building jar: /var/lib/jenkins/workspace/myproject-hello-world mvn docker build/target/myproject-hello-world.jar
[INFO]
[INFO] --- spring-boot-maven-plugin:1.3.3.RELEASE:repackage (default) @ myproject-hello-world ---
[INFO]
[INFO] --- docker-maven-plugin:0.2.3:build (default-cli) @ myproject-hello-world ---
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
[INFO] Copying /var/lib/jenkins/workspace/myproject-hello-world mvn docker build/target/myproject-hello-world.jar -> /var/lib/jenkins/workspace/myproject-hello-world mvn docker build/target/docker/myproject-hello-world.jar
[INFO] Copying src/main/docker/Dockerfile -> /var/lib/jenkins/workspace/myproject-hello-world mvn docker build/target/docker/Dockerfile
[INFO] Building image myproject-h2020/myproject-hello-world:0.0.1-SNAPSHOT
May 10, 2016 1:34:39 PM org.apache.http.impl.execchain.RetryExec execute
INFO: I/O exception (org.newsclub.net.unix.AFUNIXSocketException) caught when processing request to {}->unix://localhost:80: Permission denied
May 10, 2016 1:34:39 PM org.apache.http.impl.execchain.RetryExec execute
INFO: Retrying request to {}->unix://localhost:80
May 10, 2016 1:34:39 PM org.apache.http.impl.execchain.RetryExec execute
INFO: I/O exception (org.newsclub.net.unix.AFUNIXSocketException) caught when processing request to {}->unix://localhost:80: Permission denied
May 10, 2016 1:34:39 PM org.apache.http.impl.execchain.RetryExec execute
INFO: Retrying request to {}->unix://localhost:80
May 10, 2016 1:34:39 PM org.apache.http.impl.execchain.RetryExec execute
INFO: I/O exception (org.newsclub.net.unix.AFUNIXSocketException) caught when processing request to {}->unix://localhost:80: Permission denied
May 10, 2016 1:34:39 PM org.apache.http.impl.execchain.RetryExec execute
INFO: Retrying request to {}->unix://localhost:80
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 11.626s
[INFO] Finished at: Tue May 10 13:34:39 UTC 2016
[INFO] Final Memory: 27M/64M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal com.spotify:docker-maven-plugin:0.2.3:build (default-cli) on project myproject-hello-world: Exception caught: java.util.concurrent.ExecutionException: com.spotify.docker.client.shaded.javax.ws.rs.ProcessingException: org.newsclub.net.unix.AFUNIXSocketException: Permission denied (socket: /run/docker.sock) -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
Build step 'Invoke top-level Maven targets' marked build as failure
Finished: FAILURE
在https://wiki.jenkins-ci.org/display/JENKINS/Docker+Plugin 的 docker 插件说明页面中,有一个提示我必须设置
DOCKER_OPTS="-H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock"
在 /etc/default/docker 文件中。我做到了,但没有任何改变。
【问题讨论】:
-
Jenkins 运行的用户是什么?他是
docker组的成员吗? -
一般来说,为了连接到 docker 的套接字
docker组必须是您的(通常是补充的)组之一。您可以创建一个只能访问该套接字而没有其他权限的用户(出于安全原因)并将他的凭据放入插件的配置中,或者如果您不关心将jenkins用户添加到该组(这是不明智的, 轻描淡写) -
谢谢,这似乎是我的问题的原因。我还发现了这个线程serverfault.com/questions/639459/…,这似乎和我的问题一样。那建议直接在/etc/default/docker中添加DOCKER_OPTS='-G jenkins',这实际上消除了我的异常。
-
这也是一个更好的解决方案!您可能应该将其作为解决方案发布并自己接受,以便人们将来能够找到它。