我正在尝试在 GitLab 中构建 CI 管道。我想问一下如何让 docker 在 GitLab CI 中工作。
来自本期:https://gitlab.com/gitlab-org/gitlab-runner/issues/4501#note_195033385
我按照两种方式的说明进行操作。使用 TLS 和未使用 TLS。 但它仍然卡住了。同样的错误
Cannot connect to the Docker daemon at tcp://localhost:2375/. Is the docker daemon running
我已尝试解决此问题。跟随下面,
其中使用
.gitlab-ci.yml
和 config.toml 在 Runner 中启用 TLS。
这是我的
.gitlab-ci.yml
:
image: docker:19.03
variables:
DOCKER_HOST: tcp://localhost:2375/
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: "/certs"
IMAGE_NAME: image_name
services:
- docker:19.03-dind
stages:
- build
publish:
stage: build
script:
- docker build -t$IMAGE_NAME:$(echo $CI_COMMIT_SHA | cut -c1-10) .
- docker push $IMAGE_NAME:$(echo $CI_COMMIT_SHA | cut -c1-10)
only:
- master
这是我的
config.toml
:
[[runners]]
name = MY_RUNNER
url = MY_HOST
token = MY_TOKEN_RUNNER
executor = "docker"
[runners.custom_build_dir]
[runners.docker]
tls_verify = false
image = "docker:stable"
privileged = true
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/certs/client", "/cache"]
shm_size = 0
.gitlab-ci.yml
:
image: docker:18.09
variables:
DOCKER_HOST: tcp://localhost:2375/
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
IMAGE_NAME: image_name
services:
- docker:18.09-dind
stages:
- build
publish:
stage: build
script:
- docker build -t$IMAGE_NAME:$(echo $CI_COMMIT_SHA | cut -c1-10) .
- docker push $IMAGE_NAME:$(echo $CI_COMMIT_SHA | cut -c1-10)
only:
- master
这是我的
config.toml
:
[[runners]]
environment = ["DOCKER_TLS_CERTDIR="]
有人有想法吗?
解决方案
您可以看到已接受的答案。此外,就我而言, 另一个。从 Linux 服务器看来根本原因是 GitLab 托管没有连接 Docker 的权限。让我们检查 您服务器上的 GitLab 和 Docker 之间的权限连接。
您想要将
DOCKER_HOST
设置为 tcp://docker:2375
。它是一个“服务”,即在单独的容器中运行,默认情况下以图像名称命名,而不是本地主机。
这是一个应该有效的
.gitlab-ci.yml
片段:
# Build and push the Docker image off of merges to master; based off
# of Gitlab CI support in https://pythonspeed.com/products/pythoncontainer/
docker-build:
stage: build
image:
# An alpine-based image with the `docker` CLI installed.
name: docker:stable
# This will run a Docker daemon in a container (Docker-In-Docker), which will
# be available at thedockerhost:2375. If you make e.g. port 5000 public in Docker
# (`docker run -p 5000:5000 yourimage`) it will be exposed at thedockerhost:5000.
services:
- name: docker:dind
alias: thedockerhost
variables:
# Tell docker CLI how to talk to Docker daemon; see
# https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker-executor
DOCKER_HOST: tcp://thedockerhost:2375/
# Use the overlayfs driver for improved performance:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
script:
# Download bash:
- apk add --no-cache bash python3
# GitLab has a built-in Docker image registry, whose parameters are set automatically.
# See https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#using-the-gitlab-contai
#
# CHANGEME: You can use some other Docker registry though by changing the
# login and image name.
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
- docker build -t "$CI_REGISTRY_IMAGE" .
- docker push "$CI_REGISTRY_IMAGE"
# Only build off of master branch:
only:
- master
您可以尝试禁用tls
services:
- name: docker:dind
entrypoint: ["dockerd-entrypoint.sh", "--tls=false"]
script:
- export DOCKER_HOST=tcp://127.0.0.1:2375 && docker build --pull -t ${CI_REGISTRY_IMAGE} .
因为有一篇有趣的读物https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27300
docker:dind v20 如果没有显式禁用 TLS,则会休眠 16 秒,这会导致构建容器早于 dockerd 容器启动的竞争条件
尝试使用此
.gitlab-ci.yml
文件。当我指定 DOCKER_HOST 时它对我有用
docker-build:
stage: build
image:
# An alpine-based image with the `docker` CLI installed.
name: docker:stable
# This will run a Docker daemon in a container (Docker-In-Docker), which will
# be available at thedockerhost:2375. If you make e.g. port 5000 public in Docker
# (`docker run -p 5000:5000 yourimage`) it will be exposed at thedockerhost:5000.
services:
- name: docker:dind
alias: thedockerhost
variables:
DOCKER_HOST: tcp://thedockerhost:2375/
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
script:
# Download bash:
- apk add --no-cache bash python3
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
- docker build -t "$CI_REGISTRY_IMAGE" .
- docker push "$CI_REGISTRY_IMAGE"
only:
- master
您可以从 .gitlab-ci 文件中删除 DOCKER_HOST。这个技巧会发挥魔法。
对我来说,接受的答案不起作用。相反,我为跑步者配置了 TLS 证书卷
[[runners]]
...
[runners.docker]
...
volumes = ["/certs/client", "/cache"]
我在 .gitlab-ci.yaml 中为证书目录添加了一个变量
variables:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: "/certs"
根据这篇文章: https://about.gitlab.com/blog/2019/07/31/docker-in-docker-with-docker-19-dot-03/#configure-tls
使用docker和特权模式:
sudo gitlab-runner register -n \
--url "https://gitlab.com/" \
--registration-token REGISTRATION_TOKEN \
--executor docker \
--description "My Docker Runner" \
--docker-image "docker:24.0.5" \
--docker-privileged \
--docker-volumes "/certs/client"
上一个命令创建一个类似于以下示例的 config.toml 条目:
[[runners]]
url = "https://gitlab.com/"
token = TOKEN
executor = "docker"
[runners.docker]
tls_verify = false
image = "docker:24.0.5"
privileged = true
disable_cache = false
volumes = ["/certs/client", "/cache"]
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
您现在可以在作业脚本中使用 docker。您应该包含 docker:24.0.5-dind 服务:
default:
image: docker:24.0.5
services:
- docker:24.0.5-dind
before_script:
- docker info
variables:
DOCKER_TLS_CERTDIR: "/certs"
build:
stage: build
script:
- docker build -t my-docker-image .
- docker run my-docker-image /script/to/run/tests