I am running docker compose in Bitbucket Pipelines. In the compose file I have Traefik set up like this:
traefik:
image: traefik:v2.11
container_name: traefik
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entryPoints.web.address=:80"
ports:
- "80:80"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
It works on my computer locally, however, I get the following error when running it in Bitbucket Pipelines:
level=error msg="Failed to retrieve information of the docker client and server host: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get \"http://%2Fvar%2Frun%2Fdocker.sock/v1.24/version\": dial unix /var/run/docker.sock: connect: permission denied" providerName=docker
level=error msg="Provider connection error permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get \"http://%2Fvar%2Frun%2Fdocker.sock/v1.24/version\": dial unix /var/run/docker.sock: connect: permission denied, retrying in 556.184722ms" providerName=docker
How can I access the docker.sock?
Hello @Dani Asztalos ,
thank you for reaching out to Community!
Bitbucket Pipelines gives your build access to a Docker daemon when you define a docker service in the step:
- step:
script:
- docker version
services:
- docker
However, this daemon is not accessed using the default UNIX socket under
/var/run/docker.sock
Instead, the pipelines docker daemon is configured to listen to client connections over a TCP socket on localhost and port 2375 :
tcp://localhost:2375
This can be confirmed by printing the $DOCKER_HOST variable as part of your build:
$ echo $DOCKER_HOST
tcp://localhost:2375
Now talking specifically about your use-case, you want to have access to the daemon in a docker in docker (dind) environment (you're inside the build container, and spinning up a traefik container from which you want access to the daemon).
In that scenario, Pipelines exposes the variable BITBUCKET_DOCKER_HOST_INTERNAL so you can access the daemon from a dind container. This variable maps to the private IP address of the docker daemon.
Following is an example docker run command using that variable to access the daemon from inside a container:
- step:
name: Access daemon from inside container
script:
- docker info
- echo $DOCKER_HOST
- echo $BITBUCKET_DOCKER_HOST_INTERNAL
- docker run --env=DOCKER_HOST="tcp://host.docker.internal:2375" --add-host="host.docker.internal:$BITBUCKET_DOCKER_HOST_INTERNAL" --entrypoint=/usr/local/bin/docker docker info
services:
- docker
Where the arguments of docker run are :
Since your build is spinning up the container using composer, you can use the above example as a reference for the necessary mappings/variables and then adapt it to your composer YAML setup.
I hope that information helps! Should you have any questions, feel free to ask.
Thank you, @Dani Asztalos !
Patrik S
Thank you @Patrik S, with your help I was able to pass docker as a tcp url to Traefik.
See the highlighted lines in the compose.yaml below.
traefik:
image: traefik:v2.11
container_name: traefik
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.endpoint=tcp://host.docker.internal:2375" # <-----
- "--providers.docker.exposedbydefault=false"
- "--entryPoints.web.address=:80"
ports:
- "80:80"
- "8080:8080"
extra_hosts:
- "host.docker.internal:$BITBUCKET_DOCKER_HOST_INTERNAL" # <-----
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey @Dani Asztalos ,
You're very welcome!
Happy to hear that using the docker TCP socket did the trick :)
Feel free to reach out to the community if you ever need help.
Patrik S
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.