parameterize docker group
This commit is contained in:
parent
fb0137cd2c
commit
b0529477f4
|
@ -4,6 +4,7 @@
|
|||
|
||||
. Run `create-keys.sh` to generate SSH keys used for Jenkins controller to talk to Jenkins agent;
|
||||
. Run `echo -n 'password' > adminpassword` to setup password for admin user (watchout to not add newlines);
|
||||
. Run `echo "DOCKER_GROUP=$(getent group docker | cut -d: -f3)" > .env` to setup agent's group so it can access docker socket;
|
||||
. Run `docker compose up -d`;
|
||||
. (Optionally) Add `update.sh` script to be run by cron periodically.
|
||||
|
||||
|
@ -21,6 +22,7 @@ Jobs often need secrets, however these secrets should be scoped per-user / proje
|
|||
|
||||
== Points of Improvement
|
||||
|
||||
. Fix the goofy docker group mess;
|
||||
. Externalize user management (eg LDAP);
|
||||
. Use vaults for secret storage;
|
||||
. Change agent from persistent ssh to an adhoc provisioned instance.
|
||||
|
|
|
@ -17,6 +17,8 @@ services:
|
|||
build:
|
||||
context: .
|
||||
dockerfile: jenkins-agent.Dockerfile
|
||||
args:
|
||||
DOCKER_GROUP: '${DOCKER_GROUP}'
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
FROM jenkins/ssh-agent:latest
|
||||
COPY --from=docker:dind /usr/local/bin/docker /usr/local/bin/
|
||||
RUN groupadd docker -g 971
|
||||
ARG DOCKER_GROUP
|
||||
RUN groupadd docker -g $DOCKER_GROUP
|
||||
RUN usermod -aG docker jenkins
|
||||
|
|
|
@ -67,10 +67,6 @@ jobs:
|
|||
folder('index_scheme_org') {
|
||||
displayName: 'index.scheme.org'
|
||||
}
|
||||
- script: >
|
||||
folder('index_scheme_org2') {
|
||||
displayName: 'index.scheme.org2'
|
||||
}
|
||||
- script: >
|
||||
multibranchPipelineJob('index_scheme_org/build') {
|
||||
displayName: 'Build and deploy'
|
||||
|
|
Loading…
Reference in New Issue