run jenkins pipeline agent with sudo

I have faced the same issue. After analysing the console log, I have found that the reason is that the Docker Jenkins Plugin starts a new container with a specific option -u 107:112:

...docker run -t -d -u 107:112 ......

After trying many options such as: add jenkins to sudo group (it did not work because jenkins user does not exist in container), add USER root into Dockerfile, ... but none of them do the trick.

Finally I have found a solution that is using args in docker agent to overwrite the -u option. This is my Jenkinsfile:

pipeline {    agent {        docker {            image 'ubuntu'            args '-u root:sudo -v $HOME/workspace/myproject:/myproject'        }    }    stages {        stage("setup_env") {            steps {                sh 'apt-get update -y'                sh 'apt-get install -y git build-essential gcc cmake make'            }        }        stage("install_dependencies") {            steps {                sh 'apt-get install -y libxml2-dev'            }        }        stage("compile_dpi") {            steps {                sh 'cd /myproject && make clean && make -j4'            }        }        stage("install_dpi") {            steps {                sh 'cd /myproject && make install'            }        }        stage("test") {            steps {                sh 'do some test here'            }        }    }    post {        success {            echo 'Do something when it is successful'            bitbucketStatusNotify(buildState: 'SUCCESSFUL')        }        failure {            echo 'Do something when it is failed'            bitbucketStatusNotify(buildState: 'FAILED')        }    }}

There's maybe a security issue here but it is not the problem in my case.

You can work around that by:

1- In your Dockerfile add jenkins to the sudoers file:

RUN echo "jenkins ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers

2- Add an extra step in your Jenkinsfile to give jenkins the right permissions to use docker:

pipeline {    agent none    stages {        stage("Fix the permission issue") {            agent any            steps {                sh "sudo chown root:jenkins /run/docker.sock"            }        }        stage('Step 1') {            agent {                docker {                    image 'nezarfadle/tools'                    reuseNode true                }            }            steps {                sh "ls /"            }        }    }}

I'd solve the problem differently, matching the jenkins group id inside the container to that of the docker socket you've mounted a volume. I do this with an entrypoint that runs as root, looks up the gid of the socket, and if that doesn't match that of the gid inside the current container, it does a groupmod to correct it inside the container. Then I drop privileges to the jenkins user to launch Jenkins. This entrypoint run on every startup, but fairly transparently to the Jenkins app that is launched.

All the steps to perform this are included in this github repo: https://github.com/sudo-bmitch/jenkins-docker/