diff --git a/docker-compose.yml b/docker-compose.yml index 759707dd..9d219754 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -158,6 +158,10 @@ services: - /var/run/docker.sock:/var/run/docker.sock - ${REPO_CURATED}:${REPO_CURATED}:ro - ${REPO_CONFIG}:${REPO_CONFIG}:ro + # docker plugin requires a shared workspace + # docker-in-docker can't share an internal workspace so we need + # an external volume + - ./docker-workspace:/home/omero/workspace environment: - SLAVE_NAME=docker - SLAVE_PARAMS=-labels docker -disableClientsUniqueId -executors ${DOCKER_EXECUTORS} diff --git a/docker-workspace/.gitignore b/docker-workspace/.gitignore new file mode 100644 index 00000000..355164c1 --- /dev/null +++ b/docker-workspace/.gitignore @@ -0,0 +1 @@ +*/ diff --git a/docker/Dockerfile b/docker/Dockerfile index 1a505db5..a44ce736 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -14,9 +14,10 @@ RUN yum -y install docker-ce # Change user id to fix permissions issues ARG USER_ID=1000 -RUN usermod -u $USER_ID omero +RUN usermod -u $USER_ID -aG docker omero COPY run.sh /tmp/run.sh RUN chmod a+x /tmp/run.sh -USER omero +# Start as root so docker permissions can be fixed +# Drop to omero in startup script CMD ["/tmp/run.sh"] diff --git a/docker/run.sh b/docker/run.sh index 76a7de69..bcec5520 100644 --- a/docker/run.sh +++ b/docker/run.sh @@ -1,3 +1,14 @@ #!/bin/bash -/tmp/jenkins-slave.sh +set -eu +set -x + +# Adjust docker permissions +# https://github.com/jenkinsci/docker/issues/263#issuecomment-217955379 +sudo groupmod -g $(stat -c %g /var/run/docker.sock) docker +sudo usermod -aG docker omero +# This is mounted from outside, so you may need to fix permissions +# https://support.cloudbees.com/hc/en-us/articles/360000304932-Pipeline-jobs-fail-to-run-in-a-Docker-in-Docker-step +#sudo chown omero /home/omero/workspace + +exec sudo -iu omero env SLAVE_PARAMS="$SLAVE_PARAMS" SLAVE_EXECUTORS="$SLAVE_EXECUTORS" SLAVE_NAME="$SLAVE_NAME" JENKINS_MASTER="$JENKINS_MASTER" /tmp/jenkins-slave.sh