Major I'm running Jenkins and Jenkins swarm, both in containers in a Rancher environment with a private registry. I've set up some swarm clients and for the most part everything works well. Except for one scenario:
If I try to run a build with docker.inside on the swarm client while using withRegistry, the authentication fails the to the private registry
I'm not sure if this is a bug, or if I'm doing too much docker nesting.
What I have found is the the docker credentials are written by Jenkins to the swarm container (/root/.docker/config.json), as opposed to in the build container. I think this explains why it's not working.
I thought I could get around it by mounting /root on the swarm container with /root in the build container, but all that did was instead mount /root on the build container with /root in on swarm HOST instead (NOT the swarm container). e.g:
agent {
docker {
image 'shared-rep-01:5001/loans/ci-base'
args '-v /root:/root'
}
}
I can do a 'docker login' in the Jenkinsfile as a workaround, but not ideal, as this makes the use of withReigstry pointless.
Anyhow, like I said not sure if this a bug or not, as this use case doesn't seem all that crazy to me (but feel free to set me straight if it is!)
Here is the Jenkinsfile:
pipeline {
agent {
docker {
image 'shared-rep-01:5001/repo/ci-base'
}
}
stages {
stage('Build and Push Docker Image') {
steps {
script {
docker.withRegistry("$\{env.DOCKERHOST}",'nexusCredentials') {
def image = docker.build("repo/jenkins-test",'.')
image.push()
}
}
}
}
}
}
This ends up with:
[loans-docker-test] Running shell script
+ docker pull shared-rep-01:5001/repo/ci-base
Using default tag: latest
latest: Pulling from repo/ci-base
Digest: sha256:5937a61d8fa675b9e923c282db0c0c03c475a818f951db89c73669bc83a7246d
Status: Image is up to date for shared-rep-01:5001/repo/ci-base:latest
[Pipeline] }
[Pipeline] // stage
[Pipeline] sh
[loans-docker-test] Running shell script
+ docker inspect -f . shared-rep-01:5001/repo/ci-base
.
[Pipeline] withDockerContainer
swarm-client-95db6fe7 seems to be running inside container 2d8a8cca6f9974472269954e810d583e135f8f607b345e7c16288a7b40e06a43
$ docker run -t -d -u 0:0 -w /var/tmp/workspace/loans-docker-test --volumes-from 2d8a8cca6f9974472269954e810d583e135f8f607b345e7c16288a7b40e06a43 -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** --entrypoint cat shared-rep-01:5001/repo/ci-base
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Build and Push Docker Image)
[Pipeline] script
[Pipeline] {
[Pipeline] withEnv
[Pipeline] {
[Pipeline] withDockerRegistry
Wrote authentication to /root/.docker/config.json
[Pipeline] {
[Pipeline] sh
[loans-docker-test] Running shell script
+ docker build -t repo/jenkins-test .
Sending build context to Docker daemon 113.2 kB
Step 1/2 : FROM shared-rep-01:5000/jenkinsci/jenkins
---> f7222aadcfeb
Step 2/2 : ENV TEST test
---> Using cache
---> 3e1e8283f5c2
Successfully built 3e1e8283f5c2
[Pipeline] dockerFingerprintFrom
[Pipeline] sh
[loans-docker-test] Running shell script
+ docker tag --force=true repo/jenkins-test shared-rep-01:5001/repo/jenkins-test:latest
unknown flag: --force
See 'docker tag --help'.
+ docker tag repo/jenkins-test shared-rep-01:5001/repo/jenkins-test:latest
[Pipeline] sh
[loans-docker-test] Running shell script
+ docker push shared-rep-01:5001/repo/jenkins-test:latest
The push refers to a repository [shared-rep-01:5001/repo/jenkins-test]
958bfe9e37a0: Preparing
...
no basic auth credentials