By Alikyi Null
Built on a RedHat Oracle VM running in windows.
Start here: https://www.jenkins.io/doc/book/installing/docker/
You’ll get the most up to date readings on how to standup this type of environment. You’ll have to do your best to follow these directions to have at least 2 containers running on your system; one for the Jenkins controller and one for the agent which will launch other docker containers internally. Any diversions in these steps are not fatal but you just better know what your doing in order to follow this conceptually.
I had to relearn how volumes work in docker permission wise.
For example the Jenkins controller uses an account named jenkins with a uid/gid of 1000 inside the container so you can have an account called jenkins on the host computer with a matching uid/gid. One of the first problems I had to deal with.
You will have to know something about docker networks, and CA key generation to proceed. Links will be below.
If you get this far you might notice that the Jenkins controller may have issues communicating with the Dind node.
There may be other ways to do this but I went the TLS route and what they don’t tell you is how the Dind instances tries to manage your keys for you but fails miserably.
What I ended up doing was creating my TLS keys on the host and then using the resulting directory to control the file structure in the Dind container. I downloaded the Dockerfile and associated script for the original Dind image and rebuilt the image with a few customizations.
The issue is that every time you launch the image something regenerates your keys with no warnings. The entrypoint script is the culprit.
Look at this shit:
https://github.com/docker-library/docker/tree/master/23.0/dind
Line 118 belongs to a function in this script which constantly overwrites your keys and your left not understanding why the Docker commands your running from your Jenkins controller are not authenticating and telling you stuff about your keys that you didn’t configure. The lines after 118 tells you how the docker service is going to be launched inside of your docker node… (we can’t use the word slave anymore). This service will be looking for private and public keys in the /certs/server directory by default. If the keys are not there then you will be a failure until you fix it.
The Jenkins controller will read from the same volume holding these certs but will only have access to the /certs/client directory from there which will hold the private and public keys for just the client.
You can of course make changes to these docker mounted folders live. I didn’t consider that as an option until the end but… yeah. You will fail as well.
You’ll need a cert, your private and public key for the client (Jenkins Controller) and a cert, the private key and a public key for the server (Dind instance) in their respective folders in order for this to work. After which you’ll be able to run docker commands from your Jenkins workspaces and the commands, images, and containers will be processed by the Dind node.
I wrote this because I thought the problem was the way I was configuring jobs. I was using information from lessons I took a year ago.
I don’t by any means consider this advance information but this took me 4 days to stand up using the information from random blogs and sites. You also may have permission issues so just make sure your volumes gid matches the account your using in your docker instance.
TLS Key Creation for Docker:
Docker Volume Stuff:
https://docs.docker.com/storage/volumes/
Dockerizing A Simple Nodejs App for testing:
