{"id":3942,"date":"2021-05-10T02:11:51","date_gmt":"2021-05-09T17:11:51","guid":{"rendered":"https:\/\/tech.akat.info\/?p=3942"},"modified":"2021-05-10T02:11:51","modified_gmt":"2021-05-09T17:11:51","slug":"jenkins%e3%82%b3%e3%83%b3%e3%83%86%e3%83%8a%e3%81%8b%e3%82%89docker%e3%82%b3%e3%83%9e%e3%83%b3%e3%83%89%e3%82%92%e5%ae%9f%e8%a1%8c%e3%81%99%e3%82%8bdocker-outside-of-docker","status":"publish","type":"post","link":"https:\/\/tech.akat.info\/?p=3942","title":{"rendered":"Jenkins\u30b3\u30f3\u30c6\u30ca\u304b\u3089docker\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3059\u308b(Docker-outside-of-Docker)"},"content":{"rendered":"

CI\u30b5\u30fc\u30d0\u3092\u30b3\u30f3\u30c6\u30ca\u3067\u8d77\u52d5\u3057\u3066docker\u30b3\u30de\u30f3\u30c9\u3092\u5229\u7528\u3057\u305f\u3044\u3068\u304d\u3001Docker-outside-of-Docker(DooS)\u3068\u3044\u3046\u624b\u6cd5\u304c\u3042\u308b\u3002<\/p>\n

Docker-outside-of-Docker<\/h2>\n

Docker\u30b3\u30f3\u30c6\u30ca\u5185\u304b\u3089Docker\u3092\u4f7f\u3046\u3053\u3068\u306b\u3064\u3044\u3066<\/a>\u3092\u53c2\u8003\u306b\u3084\u3063\u3066\u307f\u305f\u3002<\/p>\n

\u30db\u30b9\u30c8\u306edocker.sock\u3092\u30b3\u30f3\u30c6\u30ca\u3078\u5171\u6709\u3059\u308b\u3053\u3068\u3067docker\u30b3\u30de\u30f3\u30c9\u304c\u5b9f\u884c\u53ef\u80fd\u306b\u306a\u308b\u3002
\n\u305f\u3060\u3057\u30b3\u30f3\u30c6\u30ca\u306b\u30db\u30b9\u30c8\u3078\u306e\u30a2\u30af\u30bb\u30b9\u6a29\u9650\u3092\u4e0e\u3048\u308b\u5371\u967a\u6027\u3092\u7406\u89e3\u3057\u3066\u304b\u3089\u5229\u7528\u3059\u308b\u3053\u3068\u3002<\/p>\n

\r\n# docker run -v \/var\/run\/docker.sock:\/var\/run\/docker.sock -it docker \/bin\/sh\r\n\/ # docker run -itd alpine \/bin\/sh\r\n<\/pre>\n
\u30db\u30b9\u30c8\u304b\u3089\u78ba\u8a8d\u3059\u308b\u3068\u30012\u3064\u30b3\u30f3\u30c6\u30ca\u304c\u8d77\u52d5\u3057\u3066\u3044\u308b\u3053\u3068\u304c\u78ba\u8a8d\u3067\u304d\u308b\u3002<\/p>\n
\r\n# docker ps\r\nCONTAINER ID   IMAGE     COMMAND                  CREATED              STATUS              PORTS     NAMES\r\n056d0304d800   alpine    "\/bin\/sh"                13 seconds ago       Up 11 seconds                 optimistic_wiles\r\n6a8086171286   docker    "docker-entrypoint.s\u2026"   About a minute ago   Up About a minute             crazy_buck\r\n<\/pre>\n
Jenkins\u30b3\u30f3\u30c6\u30ca\u3067docker\u30b3\u30de\u30f3\u30c9\u3092\u5229\u7528\u3057\u3066\u307f\u308b<\/h2>\n
Docker\u3067\u52d5\u304fJenkins\u304b\u3089\u4ed6\u306e\u30b3\u30f3\u30c6\u30ca\u3092\u64cd\u4f5c\u3059\u308b<\/a>\u3092\u53c2\u8003\u306b\u3084\u3063\u3066\u307f\u305f\u3002
\n\u203bdocker.sock\u306e\u6240\u6709\u30b0\u30eb\u30fc\u30d7\u3092.env\u30d5\u30a1\u30a4\u30eb\u306b\u8a18\u8f09\u3057\u3066\u3044\u308b\u3002<\/p>\n
\r\n# cat \/etc\/lsb-release\r\nDISTRIB_ID=Ubuntu\r\nDISTRIB_RELEASE=18.04\r\nDISTRIB_CODENAME=bionic\r\nDISTRIB_DESCRIPTION="Ubuntu 18.04.5 LTS"\r\n\r\n# ls -al \/var\/run\/docker.sock\r\nsrw-rw---- 1 root docker 0  5\u6708  5 02:39 \/var\/run\/docker.sock\r\n\r\n# cat \/etc\/group | grep docker\r\ndocker:x:999:\r\n\r\n# tree -a\r\n.\r\n\u251c\u2500\u2500 .env\r\n\u251c\u2500\u2500 docker-compose.yml\r\n\u2514\u2500\u2500 jenkins\r\n    \u2514\u2500\u2500 Dockerfile\r\n\r\n# cat .env\r\nDOCKER_GROUP_ID=999\r\n\r\n# cat docker-compose.yml\r\nversion: '2'\r\nservices:\r\n  jenkins:\r\n    build:\r\n        context: .\/jenkins\r\n        args:\r\n           - DOCKER_GROUP_ID=${DOCKER_GROUP_ID}\r\n    ports:\r\n        - 8080:8080\r\n    volumes:\r\n        - \/var\/jenkins:\/var\/jenkins_home\r\n        - \/var\/run\/docker.sock:\/var\/run\/docker.sock\r\n\r\n# cat jenkins\/Dockerfile\r\nFROM jenkins\/jenkins:lts\r\n\r\nUSER root\r\n\r\n# add jenkins user\r\nRUN mkdir \/home\/jenkins && chown jenkins:jenkins \/home\/jenkins && usermod -d \/home\/jenkins jenkins\r\n\r\n# add docker group\r\nARG DOCKER_GROUP_ID\r\nRUN groupadd -g ${DOCKER_GROUP_ID} docker && usermod -aG ${DOCKER_GROUP_ID} jenkins\r\n\r\nENV DOCKER_VERSION 18.09.1\r\nRUN curl -fL -o docker.tgz "https:\/\/download.docker.com\/linux\/static\/test\/x86_64\/docker-$DOCKER_VERSION.tgz" && \\\r\n    tar --strip-component=1 -xvaf docker.tgz -C \/usr\/bin\r\n\r\nRUN curl -L https:\/\/github.com\/docker\/compose\/releases\/download\/1.24.1\/docker-compose-`uname -s`-`uname -m` > \/usr\/local\/bin\/docker-compose && chmod +x \/usr\/local\/bin\/docker-compose\r\n\r\nUSER jenkins\r\n\r\n# mkdir \/var\/jenkins\r\n\r\n# chmod 777 \/var\/jenkins\r\n\r\n# docker-compose up -d\r\n\r\n# docker ps\r\nCONTAINER ID   IMAGE             COMMAND                  CREATED          STATUS          PORTS                                                  NAMES\r\nfd1044c12721   jenkins_jenkins   "\/sbin\/tini -- \/usr\/\u2026"   16 minutes ago   Up 11 minutes   0.0.0.0:8080->8080\/tcp, :::8080->8080\/tcp, 50000\/tcp   jenkins_jenkins_1\r\n\r\n# docker exec -it jenkins_jenkins_1 \/bin\/bash\r\njenkins@fd1044c12721:\/$ docker version\r\nClient: Docker Engine - Community\r\n Version:           18.09.1\r\n API version:       1.39\r\n Go version:        go1.10.6\r\n Git commit:        4c52b90\r\n Built:             Wed Jan  9 19:33:22 2019\r\n OS\/Arch:           linux\/amd64\r\n Experimental:      false\r\n\r\nServer: Docker Engine - Community\r\n Engine:\r\n  Version:          20.10.6\r\n  API version:      1.41 (minimum version 1.12)\r\n  Go version:       go1.13.15\r\n  Git commit:       8728dd2\r\n  Built:            Fri Apr  9 22:44:13 2021\r\n  OS\/Arch:          linux\/amd64\r\n  Experimental:     false\r\n containerd:\r\n  Version:          1.4.4\r\n  GitCommit:        05f951a3781f4f2c1911b05e61c160e9c30eaa8e\r\n runc:\r\n  Version:          1.0.0-rc93\r\n  GitCommit:        12644e614e25b05da6fd08a38ffa0cfe1903fdec\r\n docker-init:\r\n  Version:          0.19.0\r\n  GitCommit:        de40ad0\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
CI\u30b5\u30fc\u30d0\u3092\u30b3\u30f3\u30c6\u30ca\u3067\u8d77\u52d5\u3057\u3066docker\u30b3\u30de\u30f3\u30c9\u3092\u5229\u7528\u3057\u305f\u3044\u3068\u304d\u3001Docker-outside-of-Docker(DooS)\u3068\u3044\u3046\u624b\u6cd5\u304c\u3042\u308b\u3002 Docker-outside-of-Docker Docker\u30b3\u30f3\u30c6\u30ca\u5185 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[72],"tags":[],"_links":{"self":[{"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/posts\/3942"}],"collection":[{"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tech.akat.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3942"}],"version-history":[{"count":1,"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/posts\/3942\/revisions"}],"predecessor-version":[{"id":3943,"href":"https:\/\/tech.akat.info\/index.php?rest_route=\/wp\/v2\/posts\/3942\/revisions\/3943"}],"wp:attachment":[{"href":"https:\/\/tech.akat.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3942"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tech.akat.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3942"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tech.akat.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3942"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}