Jenkins container supporting docker build using host's docker daemon (Docker-in-Docker).
# Linux
docker run --name jenkins -p 8080:8080 -p 50000:50000 --restart=always \
--group-add `stat -c %g /var/run/docker.sock` \
-v $(pwd)/jenkins_home:/var/jenkins_home \
-v /var/run/docker.sock:/var/run/docker.sock \
deskoh/jenkins-docker
# Windows
docker run --name jenkins -p 8080:8080 -p 50000:50000 --restart=always ^
--group-add 0 ^
-v %cd%/jenkins_home:/var/jenkins_home ^
-v /var/run/docker.sock:/var/run/docker.sock ^
deskoh/jenkins-docker
# Stop / Start / Restart
docker stop jenkins
docker start jenkins
docker restart jenkinsJenkins default password will be in console output (
stdout). Alternatively rundocker exec jenkins cat /var/jenkins_home/secrets/initialAdminPassword`
See official documentation for notes on using bind mount for Jenkins home directory.
The image variants differs by the plugins included.
The following opiniated set of plugins is included:
- Jenkins recommended plugins referenced here.
- Artifactory
- Blue Ocean
- Cobertura
- Docker
- File System SCM
- Fortify
- Git Parameter
- GitLab
- HTTP Request
- JaCoCo
- JUnit
- Kubernetes CLI
- Kubernetes Credentials
- Pipeline: Multibranch
- Pipeline Utility Steps
- Prometheus metrics
- Robot Framework
- RocketChat Notifier
- Templating Engine
- Warnings Next Generation
- xUnit
Only Jenkins recommended plugins referenced here are included.
No plugins are included.
# Tail logs
docker logs -f --tail 0 jenkinsThe container is running Docker-in-Docker (DIND).
The Docker daemon listens on the /var/run/docker.sock Unix socket by default and is volume mounted to the Jenkins container. This allows the host Docker to run any Docker commands within the Jenkins container.
The jenkins user (uid 1000) needs belong to the same group (usually root) as /var/run/docker.sock on the host container to communicate with the host Docker daemon. See here for more information on uid and gid. To see the group permission for /var/run/docker.dock:
# Linux: See group permission for `/var/run/docker.dock`
$ stat -c %g /var/run/docker.sock
982
# Windows: See group permission for `/var/run/docker.dock` (on Moby Linux VM)
> docker run -it --rm -v /var/run:/var/run busybox stat -c %g /var/run/docker.sock
0One way to achieve this is to add RUN usermod -aG root jenkins to the Dockerfile. The recommended way is to add jenkins uesr to the necessary group during runtime using --group-add parameter.
See this blog post for more details on DIND.
See agent-docker for more details on adding build agents.
# Assuming Jenkins master is on default `jenkins-docker_default` network
docker run --network jenkins-docker_default \
-v $(pwd)/data/worker:<remote root dir>
deskoh/jenkins-agent-docker -url http://jenkins:8080 <secret> <worker name>Using docker-compose.yml.
# Default grafana user/password: admin/admin
# Linux only
docker-compose up -d
# Stop running containers
docker-compose stop
# Remove running containers
docker-compose rm- Grafana: http://localhost:3000 (Default user:
admin/ password:admin)- Jenkins Grafana Dashboard: https://grafana.com/grafana/dashboards/9524
- Prometheus: http://localhost:9090
# Get PID of Jenkins
> docker exec jenkins-docker_jenkins_1 jcmd
7 /usr/share/jenkins/jenkins.war
# Dump Jenkins JVM properties
> docker exec jenkins-docker_jenkins_1 jcmd 7 VM.system_properties
> docker exec jenkins-docker_jenkins_1 jcmd 7 VM.flagsAuthenticated Users to be granted Overall-Read permissions to be able to login and view projects.