It’s not your Dockerfile that’s broken, it’s the environment it’s running in.
Here’s a Jenkins pipeline failing during a docker build step, and what’s actually going wrong.
pipeline {
agent any
stages {
stage('Build Docker Image') {
steps {
script {
sh 'docker build -t myapp:latest .'
}
}
}
}
}
Common Causes for docker build Failures in Jenkins
1. Docker Daemon Not Running or Unreachable
- Diagnosis: On the Jenkins agent node (where the
docker buildcommand is executed), runsudo systemctl status docker. - Fix: If it’s not active, start it with
sudo systemctl start dockerand enable it to start on boot withsudo systemctl enable docker. - Why it works: The
docker buildcommand is a client that talks to the Docker daemon. If the daemon isn’t running, there’s no server to process the build instructions, leading to connection errors.
2. Insufficient Disk Space on the Agent Node
- Diagnosis: Run
df -hon the Jenkins agent node. Look for the filesystem where Docker stores its images and build cache (often/var/lib/docker). If it’s over 90% full, you’ve found your culprit. - Fix:
- Prune unused Docker objects:
docker system prune -a --volumes. This removes stopped containers, dangling images, unused networks, and build cache. - If pruning isn’t enough, you’ll need to free up space on the underlying filesystem by deleting other large files or moving Docker’s data directory to a larger partition (requires stopping Docker and reconfiguring its daemon).
- Prune unused Docker objects:
- Why it works: Docker images and their layers can consume significant disk space. A full disk prevents new layers from being written during the build process.
3. Incorrect Dockerfile Syntax or Missing Build Context
- Diagnosis: Carefully examine the
docker buildoutput for specific syntax errors reported by Docker (e.g., "invalid instruction," "unknown flag"). Also, ensure the.at the end ofdocker build -t myapp:latest .correctly points to the directory containing yourDockerfileand any files needed for the build. - Fix:
- Correct the syntax in your
Dockerfile. For example, ensureRUNcommands are properly formatted and arguments are quoted if necessary. - If the error is related to missing files (e.g.,
COPY failed: file not found), ensure the file is present in the directory specified by the build context (.) and that yourDockerfileis referencing it correctly.
- Correct the syntax in your
- Why it works: The
docker buildcommand interprets instructions from theDockerfile. Any deviation from the expected syntax or a failure to find files it needs toCOPYorADDwill halt the build.
4. Network Issues or Firewall Blocking Access
- Diagnosis: If your
DockerfileusesRUNcommands toapt-get update,yum install, orcurlexternal resources, test connectivity from the Jenkins agent node. Runcurl https://registry-1.docker.io/v2/orping google.com. If these fail, check firewalls. - Fix: Ensure that the Jenkins agent node has outbound access to Docker Hub (or your private registry) and any other external resources required by your
Dockerfile. This might involve configuringufw,firewalld, or cloud provider security groups to allow traffic on ports 443 (HTTPS) and 80 (HTTP). - Why it works: Docker downloads base images and packages specified in
RUNinstructions. Network restrictions prevent these downloads, causing the build to fail.
5. Insufficient Memory or CPU on the Jenkins Agent
- Diagnosis: Monitor the agent node’s resource usage during the build using tools like
toporhtop. If you see high CPU utilization (consistently near 100%) or the system is swapping heavily (indicated by highswpdorswapusage intop), the agent is likely resource-starved. - Fix:
- Allocate more RAM and CPU to the Jenkins agent VM or container.
- Consider using a more powerful agent node.
- Optimize your
Dockerfileto reduce resource consumption (e.g., multi-stage builds to keep final images smaller, chainingRUNcommands to reduce layers).
- Why it works: Docker builds, especially complex ones involving compilation or large package installations, can be resource-intensive. Insufficient memory can lead to the build process being killed by the OS (OOM killer), and insufficient CPU can cause it to take an excessively long time, potentially hitting Jenkins timeouts.
6. Docker Daemon Configuration Issues (e.g., Storage Driver)
- Diagnosis: Check the Docker daemon logs for errors related to storage drivers. On systemd-based systems, this is typically
sudo journalctl -u docker.service. Look for messages about incompatible storage drivers or errors during image layer operations. - Fix: Ensure you’re using a supported and appropriate storage driver for your OS. The default is usually fine, but if it’s been manually changed, it might be misconfigured. Sometimes, simply restarting the Docker daemon (
sudo systemctl restart docker) can resolve transient issues with the storage driver. In more severe cases, you might need to reconfigure Docker’sdaemon.json(e.g.,/etc/docker/daemon.json) to specify a different storage driver, but this is an advanced step. - Why it works: The storage driver is responsible for managing image layers and container filesystems. A misconfigured or incompatible driver can lead to fundamental failures in reading or writing image data during the build.
7. Jenkins User Lacks Permissions to Access Docker Socket
- Diagnosis: If the
docker buildcommand itself fails with a permission denied error related to/var/run/docker.sock, this is the issue. Runls -l /var/run/docker.sockto see its ownership and permissions. - Fix: Add the
jenkinsuser to thedockergroup:sudo usermod -aG docker jenkins. You will need to restart the Jenkins service or restart the agent process for this change to take effect. - Why it works: The
dockercommand-line client communicates with the Docker daemon via a Unix socket (/var/run/docker.sock). Thejenkinsuser needs to be part of thedockergroup to have the necessary read/write permissions on this socket.
You’ll likely hit "unknown flag: --no-cache" next if you try to add a flag without checking the Docker version supported by the daemon.