0

I have installed Docker on an Amazon Linux server and given it permissions with sudo usermod -aG docker $USER. When I start my Jenkins docker containers (which have the home directories on an EBS mounted volume, mounted at /var/lib/docker/volumes) from the command line;

docker run -d \
--restart=always \
--name=jenkins-core \
--hostname=jenkins-core \
-p 8080:8080 \
-p 50000:50000 \
--env JENKINS_OPTS="--prefix=/core" \
-v jenkins-core:/var/jenkins_home \
jenkins/jenkins:lts

Everything works fine. However when I try to start it from docker-compose up -d or sudo docker-compose up -d I get;

touch: cannot touch '/var/jenkins_home/copy_reference_file.log': Permission denied
Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions?

and the docker containers go into a boot loop trying to restart. I cannot figure out why the permissions are wrong on docker-compose but fine on docker.

I have tried sudo chown $(whoami):$(whoami) /usr/local/bin/docker-compose but it didn't work. I installed docker-compose from here; https://docs.docker.com/compose/install/

here is the docker-compose.yml there is also a .env file for the variables (not attached)

version: "3.6"
services:
  jenkins-core:
    image:           jenkins/jenkins:lts
    container_name:  jenkins-core
    restart:         always
    ports:
      - ${JENKINS_CORE_HOST_PORT_8080}:${JENKINS_PORT_8080}
      - ${JENKINS_CORE_HOST_PORT_50000}:${JENKINS_PORT_50000}
    environment:
      - JENKINS_OPTS=--prefix=${JENKINS_CORE_PREFIX}
      - JAVA_OPTS=-Duser.timezone=${TZ}
    volumes:
      - ${JENKINS_CORE_HOME_DIR}:/var/jenkins_home
  jenkins-integrations:
    image:           jenkins/jenkins:lts
    container_name:  jenkins-integrations
    restart:         always
    ports:
      - ${JENKINS_INTEGRATIONS_HOST_PORT_8080}:${JENKINS_PORT_8080}
      - ${JENKINS_INTEGRATIONS_HOST_PORT_50000}:${JENKINS_PORT_50000}
    environment:
      - JENKINS_OPTS=--prefix=${JENKINS_INTEGRATIONS_PREFIX}
      - JAVA_OPTS=-Duser.timezone=${TZ}
    volumes:
      - ${JENKINS_INTEGRATIONS_HOME_DIR}:/var/jenkins_home
  portainer:
    image:           portainer/portainer
    container_name:  portainer
    restart:         always
    environment:
      - TZ=${TZ}
    ports:
      - ${PORTAINER_PORT_9000}:9000
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock
      - ${DOCKERCONFDIR}/portainer:/data
    command:         -H unix:///var/run/docker.sock
  watchtower:
    image:           v2tec/watchtower
    container_name:  watchtower
    restart:         always
    environment:
      - TZ=${TZ}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    command:         --schedule 0 0 4 * * * --cleanup
eekfonky
  • 289
  • 1
  • 4
  • 12

1 Answers1

1

Please have a look here: https://github.com/jenkinsci/docker/blob/master/README.md under Usage. It says NOTE: Avoid using a bind mount from a folder on the host machine into /var/jenkins_home, as this might result in file permission issues (the user used inside the container might not have rights to the folder on the host machine)...

So the reason why your docker run works is because of -v jenkins-core:/var/jenkins_home where jenkins-core is a docker volume. In the compose however you use a bind mount to some folder on the host.

Alwinius
  • 150
  • 4
  • How do I get around this? – eekfonky Aug 13 '18 at 20:57
  • You can change JENKINS_INTEGRATIONS_HOME_DIR and JENKINS_CORE_HOME_DIR to be a one word like jenkinsintegrationdata and docker will create a volume for you in /var/lib/docker/volumes. – Alwinius Aug 15 '18 at 00:55
  • Cool, I'll try that. I find volumes and bind mounts confusing so far. Do you know any good resources to study this further? – eekfonky Aug 15 '18 at 19:28
  • I only use these two for reference: https://docs.docker.com/compose/compose-file/#volumes and https://docs.docker.com/storage/volumes/ but I don't know if they provide a good overview since they go into details very quickly – Alwinius Aug 16 '18 at 04:05