I am running jenkins off of the official docker container for jenkins. And i have the following dockerfile following the instructions at https://docs.docker.com/engine/installation/linux/debian/
FROM jenkins:2.32.1
# install docker inside this container
USER root
# Install Docker inside Jenkins
RUN apt-get update
RUN apt-get purge "docker.io*"
RUN apt-get update
RUN apt-get install -y apt-transport-https ca-certificates gnupg2
RUN apt-key adv \
--keyserver hkp://ha.pool.sks-keyservers.net:80 \
--recv-keys 58118E89F3A912897C070ADBF76221572C52609D
RUN echo "deb https://apt.dockerproject.org/repo debian-jessie main" > /etc/apt/sources.list.d/docker.list
RUN apt-get update
RUN apt-cache policy docker-engine
RUN apt-get update
RUN apt-get install -y docker-engine
RUN gpasswd -a jenkins docker
USER jenkins
Then i perform the following:
sudo docker service start in bash inside the containerHere is what i get:
root@1e0f4b325d58:/# sudo service docker start
mount: permission denied
rmdir: failed to remove ‘cpu’: Read-only file system
mount: permission denied
rmdir: failed to remove ‘cpuacct’: Read-only file system
mount: permission denied
rmdir: failed to remove ‘net_cls’: Read-only file system
mount: permission denied
rmdir: failed to remove ‘net_prio’: Read-only file system
/etc/init.d/docker: 96: ulimit: error setting limit (Operation not permitted)
You need to run the container as a privileged container if you want to run docker inside docker.
So something like this (1) is required:
docker run --privileged your_image:tag
You also need to be careful with iptables and App Armour, but this works after a bit of tinkering.
The alternative is to give access to the docker daemon inside the container, like so (2):
docker run -v /var/run/docker.sock:/var/run/docker.sock your_image:tag
Ref:
1 https://blog.docker.com/2013/09/docker-can-now-run-within-docker/
2 https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/