I have an agent that is running on a docker host. The jenkins user where the agent is running is allowed to run docker commands.
When I SSH directly in the docker host, I execute docker commands, everything works fine (as jenkins user).
Now if I try to execute a simple docker command from the agent, it generates a “permission denied” error.
Here is the complete output from my build:
Started by user Sebastien Manningham
Running as SYSTEM
Building remotely on debian-podman in workspace /var/lib/jenkins/workspace/test123
[test123] $ /bin/sh -xe /tmp/jenkins5844386795245861196.sh
+ /usr/bin/id
uid=1001(jenkins) gid=1001(jenkins) groups=1001(jenkins)
+ /usr/bin/hostname
debian-podman
+ /usr/bin/docker ps
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json": dial unix /var/run/docker.sock: connect: permission denied
Build step 'Execute shell' marked build as failure
Finished: FAILURE
so the agent is a docker agent with docker socket mounted inside of it?
You need to run the agent with group-add to give the process the right gids and stuff.
If your agent is an ssh agent, that’s super weird. I don’t know of any way for group stuff to be different shell vs not. If the groups were added after the agent.jar was run, then you need to restart the agent since groups are only picked up on process start.
OMG… I found it… as usual, weirdest stuff are always stupid.
I added the jenkins user to the docker group AFTER I created my ssh agent. In order to solve the issue… I just had to disconnect / reconnect the agent…