Hi, I’m trying to run a Bamboo CI agent on my BalenaFin board. I’ve got the agent running as a container, but I need this container to be able to access the docker daemon so that it can start new containers.
I believe that I can get access to Docker from inside a container by accessing the docker.sock file, which normally lives in the /var/run/ directory, but I can’t find it on my host container, or my child container.
So where does this live? Can we access it?
The closest I can find is this file:
/var/run/docker/libnetwork/1a192e6d36408164a0fcfa6802ee9a092872d699b749c635c26335e417090b59.sock
Hi, yup the socket can be exposed to the container, but it needs to be enabled using a special label on the service in the composefile. I made a basic example a while back using this, you can find it here: https://github.com/shaunmulligan/simple-docker-env-resin and the specific label is here: https://github.com/shaunmulligan/simple-docker-env-resin/blob/master/docker-compose.yml#L10 . The project needs to probably be updated a bit, but I think it should still work and should be a good starting point.
Awesome, thanks for your help Shaun!
I didn’t realise that /var/run/balena.sock is equivalent to /var/run/docker.sock.
I’ll add some additional setup I had to do in case anybody else stumbles upon this:
Once I managed to get the Docker CLI to see the Docker daemon, I started getting a permission denied error:
bamboo@4efb123f7ad1:~$ docker run hello-world
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/balena-engine.sock: Post http://%2Fvar%2Frun%2Fbalena-engine.sock/v1.39/containers/create: dial unix /var/run/balena-engine.sock: connect: permission denied.
I read online that I needed to add the user to the docker group, however I looked through the groups on the host and couldn’t find one called docker. I did find balenena-engine however, which had a group ID of 990. So in my Dockerfile I added a new group called docker, gave it a group ID of 990, and added my user to it:
RUN addgroup docker --gid 990 && adduser ${USERNAME} docker
After I did this everything worked!
1 Like
Great to hear, and thanks for the writeup!