On Tue, Dec 5, 2017 at 10:36 AM, Alan Christie < [email protected]> wrote:
> Thanks Ben. It does seem sensible to use build strategies but prior to a > wholesale migration to OpenShift, and for existing workflows that may > contain docker and docker-compose commands is there any reasonable option > other than a an external (cloud/proprietary/dedicated) docker-enabled > slave? I can, for example, just have a Docker slave available (outside the > OpenShift cluster) but that’s not ideal. > > Is there an _unsafe_ route I might be able to use now? > use DOCKER_HOST env variable and point to a host w/ a public docker. The alternative is to try to use a hostpath volume definition in your slave pod template but then you also need to run the slave pod as privileged. > I understand the issues around sharing a docker.sock but it seems to be an > acceptable strategy for many. And, for a controlled environment, just > mounting docker.sock is a rather neat (quick-n-dirty) solution. > > It may be that, was you say there’s no sensible route down the > OpenShift/CICD road other than build strategies. It’s just that for > existing/legacy projects not having docker.sock is quite a hill to climb. > > Thanks for your advice though, that has been gratefully received. > > Alan. > > On 5 Dec 2017, at 13:41, Ben Parees <[email protected]> wrote: > > > > > > On Dec 5, 2017 07:57, "Alan Christie" <[email protected]> > wrote: > > I’m using Jenkins from the CI/CD catalogue and am able to spin up slaves > and use an `ImageStream` to identify my own slave image. That’s useful, but > what I want to be able to do is build and run Docker images, primarily for > unit/functional test purposes. The _sticking point_, it seems, is the > ability to mount the host's `docker.sock`, without this I’m unable to run > any Docker commands in my Docker containers. > > Q. Is there a way to mount the Jenkins/OpenShift host’s > /var/run/docker.sock in my slave so that I can run Docker commands? > > > Not safely. (mounting the host docker socket is giving out root access to > your host). > > You could use a remote docker host with a certificate for access I > believe. (that's still handing out root access on the docker host but at > least it's a little protected) > > If not, what is the recommended/best practice for building/running/pushing > Docker images from a slave agent? > > > Define docker build strategies in openshift and trigger them from your > jenkins job. > > > Alan > > _______________________________________________ > dev mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/dev > > > > -- Ben Parees | OpenShift
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
