前端之家

  1. 首页
  2. 问答

如何以特权模式在本地安装的gitlab-runner上使用docker-in-docker

问答

我在备用计算机上安装了GitLab Runner,该计算机用于通过标记某些作业来运行CI作业。但是,我管道中的某些作业需要docker-in-docker,目前我无法在本地gitlab运行程序上运行这些作业。相反,我在gitlab.com的共享运行器上运行它们。我已经通读了说明如何在gitlab-runner中的docker executor中使用特权模式的文档:

https://docs.gitlab.com/runner/executors/docker.html#use-docker-in-docker-with-privileged-mode

这是我用来在机器上注册gitlab-runner的命令:

sudo gitlab-runner register \
  --non-interactive \
  --url "https://gitlab.com/" \
  --registration-token "$PROJECT_REGISTRATION_TOKEN" \
  --executor "docker" \
  --docker-image alpine:latest \
  --description "docker-runner" \
  --tag-list "privileged" \
  --run-untagged="true" \
  --locked="false" \
  --access-level="not_protected"

以下是上述命令生成的/etc/gitlab-runner/config.toml

sudo cat /etc/gitlab-runner/config.toml
[sudo] password for brian: 
concurrent = 1
check_interval = 0

[session_server]
  session_timeout = 1800

[[runners]]
  name = "docker-runner"
  url = "https://gitlab.com/"
  token = "my-token-abcd-1234"
  executor = "docker"
  [runners.custom_build_dir]
  [runners.docker]
    tls_verify = false
    image = "alpine:latest"
    privileged = true
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/cache"]
    pull_policy = "always"
    shm_size = 0
  [runners.cache]
    [runners.cache.s3]
    [runners.cache.gcs]

这是我要在特权模式下运行的工作:

Build backend:
  tags:
    - privileged
  stage: build
  image: docker:stable
  variables:
    DOCKER_HOST: tcp://docker:2375
    DOCKER_DRIVER: overlay2
  services:
    - docker:dind
  before_script:
    - |
      docker login \
        -u $CI_REGISTRY_USER \
        -p $CI_REGISTRY_PASSWORD \
        $CI_REGISTRY
  script:
    - |
      docker build \
        -t $CI_REGISTRY_IMAGE/backend:latest \
        -f backend/scripts/prod/Dockerfile .
    - docker push $CI_REGISTRY_IMAGE/backend:latest
  only:
    changes:
      - backend/**/*

这是我运行此作业时看到的错误:

$ docker login \ # collapsed multi-line command
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
$ docker build \ # collapsed multi-line command
Cannot connect to the Docker daemon at tcp://docker:2375. Is the docker daemon running?

我可以看到该作业正在由我的跑步者接管,并且正在启动本地计算机上的容器,但是如上所述,在docker build命令上它失败了。

我发现在gitlab问题之后,尝试了一种似乎对很多人都有效的解决方案:https://gitlab.com/gitlab-org/gitlab-runner/issues/1986#note_20339074

这里似乎还列出了许多其他解决方案,并且对执行此操作的正确方法也感到困惑。

morenming 回答:如何以特权模式在本地安装的gitlab-runner上使用docker-in-docker

我在编写问题时就解决了问题,但我想分享一下以帮助使此解决方案更容易找到。

以上线程(https://gitlab.com/gitlab-org/gitlab-runner/issues/1986)的末尾链接到有帮助的文章:https://about.gitlab.com/blog/2019/07/31/docker-in-docker-with-docker-19-dot-03/

如本文所述,禁用TLS对我有用。

保持与我在问题中所描述的相同,并添加

DOCKER_TLS_CERTDIR: ""
对该作业的variables部分进行

允许该作业继续进行而没有错误。

gitlabgitlab-cigitlab-ci-runner
本文链接:https://www.f2er.com/3143286.html

大家都在问