parameterize docker group

2024-09-28 11:53:40 +03:00 · 2024-09-28 11:53:40 +03:00 · b0529477f4
parent fb0137cd2c
commit b0529477f4
4 changed files with 6 additions and 5 deletions
--- a/README.adoc
+++ b/README.adoc
@ -4,6 +4,7 @@

 . Run `create-keys.sh` to generate SSH keys used for Jenkins controller to talk to Jenkins agent;
 . Run `echo -n 'password' > adminpassword` to setup password for admin user (watchout to not add newlines);
+. Run `echo "DOCKER_GROUP=$(getent group docker | cut -d: -f3)" > .env` to setup agent's group so it can access docker socket;
 . Run `docker compose up -d`;
 . (Optionally) Add `update.sh` script to be run by cron periodically.

@ -21,6 +22,7 @@ Jobs often need secrets, however these secrets should be scoped per-user / proje

 == Points of Improvement

+. Fix the goofy docker group mess;
 . Externalize user management (eg LDAP);
 . Use vaults for secret storage;
 . Change agent from persistent ssh to an adhoc provisioned instance.
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -17,6 +17,8 @@ services:
    build:
      context: .
      dockerfile: jenkins-agent.Dockerfile
+      args:
+        DOCKER_GROUP: '${DOCKER_GROUP}'
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro

--- a/jenkins-agent.Dockerfile
+++ b/jenkins-agent.Dockerfile
@ -1,4 +1,5 @@
 FROM jenkins/ssh-agent:latest
 COPY --from=docker:dind /usr/local/bin/docker /usr/local/bin/
-RUN groupadd docker -g 971
+ARG DOCKER_GROUP
+RUN groupadd docker -g $DOCKER_GROUP
 RUN usermod -aG docker jenkins
--- a/jenkins.yml
+++ b/jenkins.yml
@ -67,10 +67,6 @@ jobs:
      folder('index_scheme_org') {
        displayName: 'index.scheme.org'
      }
-  - script: >
-      folder('index_scheme_org2') {
-        displayName: 'index.scheme.org2'
-      }
  - script: >
      multibranchPipelineJob('index_scheme_org/build') {
        displayName: 'Build and deploy'