Jenkins Docker image, to use bind mounts or not?

3
votes

I am reading through this bit of the Jenkins Docker README and there seems to be a section that contradicts itself from my current understanding. https://github.com/jenkinsci/docker/blob/master/README.md

It seems to me that is says to NOT use a bind mount, and then says that using a bind mount is highly recommended?

NOTE: Avoid using a bind mount from a folder on the host machine into /var/jenkins_home, as this might result in file permission issues (the user used inside the container might not have rights to the folder on the host machine). If you really need to bind mount jenkins_home, ensure that the directory on the host is accessible by the jenkins user inside the container (jenkins user - uid 1000) or use -u some_other_user parameter with docker run.

docker run -d -v jenkins_home:/var/jenkins_home -p 8080:8080 -p 50000:50000 jenkins/jenkins:lts this will run Jenkins in detached mode with port forwarding and volume added. You can access logs with command 'docker logs CONTAINER_ID' in order to check first login token. ID of container will be returned from output of command above.

Backing up data

If you bind mount in a volume - you can simply back up that directory (which is jenkins_home) at any time.

This is highly recommended. Treat the jenkins_home directory as you would a database - in Docker you would generally put a database on a volume.

Do you use bind mounts? Would you recommend them? Why or why not? The documentation seems to be ambiguous.

1
dockerjenkins
I agree, it's weird to discourage it and then recommend it.John Kugelman
We have been using jenkins this way for quite some time. So far, we haven't hit any issues. As they specified, we have the user jenkins on host as well as on jenkins docker container, so we are not hitting file system permissions. For backup, we created a different directory and mounted like home dir. We use thinbackup client for filesystem backup. We push the backup files to our remote artifactory to restore in case of a disk crash. For that, you can have a scheduled job on master jenkins.harshavmb
Could it be that they are discouraging the use of bind mounts on the host machine and encouraging using a bind mount in a volume?gavsyuk
The syntax that is being used is: docker run -d -v jenkins_home:/var/jenkins_home According to "Use volumes" in the Docker documentation, that is creating a volume, not a bind mount. I believe the backup suggestion is intended to guide the user to copy the entire Docker volume when performing a backup.Mark Waite

1 Answers

1
votes

As commented, the syntax used is for a volume:

docker run -d -v jenkins_home:/var/jenkins_home -n jenkins ...

That defines a Docker volume names jenkins_homes, which will be created in:
/var/lib/docker/volumes/jenkins_home.

The idea being that you can easily backup said volume:

$ mkdir ~/backup
$ docker run --rm --volumes-from jenkins -v ~/backup:/backup ubuntu bash -c “cd /var/jenkins_home && tar cvf /backup/jenkins_home.tar .”

And reload it to another Docker instance.

This differs from bind-mounts, which does involve building a new Docker image, in order to be able to mount a local folder owner by your local user (instrad of the default user defined in the official Jenkins image: 1000:1000)

FROM jenkins/jenkins:lts-jdk11

USER root
ENV JENKINS_HOME /var/lib/jenkins
ENV COPY_REFERENCE_FILE_LOG=/var/lib/jenkins/copy_reference_file.log

RUN groupmod -g <yourId>jenkins
RUN usermod -u <yourGid> jenkins

RUN mkdir "${JENKINS_HOME}"
RUN usermod -d "${JENKINS_HOME}" jenkins
RUN chown jenkins:jenkins "${JENKINS_HOME}"
VOLUME /var/lib/jenkins

USER jenkins

Note that you have to declare a new volume (here /var/lib/jenkins), because, as seen in jenkinsci/docker issue 112, the official /var/jenkins_home path is already declared as a VOLUME in the official Jenkins image, and you cannot chown or chmod it.

The advantage of that approach would be to see the content of Jenkins home without having to use Docker.

You would run it with:

docker run -d -p 8080:8080 -p 50000:50000 \
  --mount type=bind,source=/my/local/host/jenkins_home_dev1,target=/var/lib/jenkins \
  --name myjenkins \
  myjenkins:lts-jdk11-2.190.3
sleep 3
docker logs --follow --tail 10 myjenkins