无法连接到位于 tcp://localhost:2375/ 的 Docker 守护进程。 docker 守护进程是否正在运行。在 GitLab 上

问题描述 投票:0回答:6

我正在尝试在 GitLab 中构建 CI 管道。我想问一下如何让 docker 在 GitLab CI 中工作。

来自本期:https://gitlab.com/gitlab-org/gitlab-runner/issues/4501#note_195033385

我按照两种方式的说明进行操作。使用 TLS 和未使用 TLS。 但它仍然卡住了。同样的错误

Cannot connect to the Docker daemon at tcp://localhost:2375/. Is the docker daemon running

我已尝试解决此问题。跟随下面,

  1. 启用TLS

其中使用 

.gitlab-ci.yml
和 config.toml 在 Runner 中启用 TLS。

这是我的

.gitlab-ci.yml

image: docker:19.03
variables:
  DOCKER_HOST: tcp://localhost:2375/
  DOCKER_DRIVER: overlay2
  DOCKER_TLS_CERTDIR: "/certs"
  IMAGE_NAME: image_name

services:
  - docker:19.03-dind

stages:
  - build

publish:
  stage: build
  script:
    - docker build -t$IMAGE_NAME:$(echo $CI_COMMIT_SHA | cut -c1-10) .
    - docker push $IMAGE_NAME:$(echo $CI_COMMIT_SHA | cut -c1-10)
  only:
    - master

这是我的

config.toml

[[runners]]
  name = MY_RUNNER
  url = MY_HOST
  token = MY_TOKEN_RUNNER
  executor = "docker"
  [runners.custom_build_dir]
  [runners.docker]
    tls_verify = false
    image = "docker:stable"
    privileged = true
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/certs/client", "/cache"]                      
    shm_size = 0
  1. 禁用 TLS

.gitlab-ci.yml

image: docker:18.09
variables:
  DOCKER_HOST: tcp://localhost:2375/
  DOCKER_DRIVER: overlay2
  DOCKER_TLS_CERTDIR: ""
  IMAGE_NAME: image_name

services:
  - docker:18.09-dind

stages:
  - build

publish:
  stage: build
  script:
    - docker build -t$IMAGE_NAME:$(echo $CI_COMMIT_SHA | cut -c1-10) .
    - docker push $IMAGE_NAME:$(echo $CI_COMMIT_SHA | cut -c1-10)
  only:
    - master

这是我的

config.toml

[[runners]]
  environment = ["DOCKER_TLS_CERTDIR="]

有人有想法吗?

解决方案

您可以看到已接受的答案。此外,就我而言, 另一个。从 Linux 服务器看来根本原因是 GitLab 托管没有连接 Docker 的权限。让我们检查 您服务器上的 GitLab 和 Docker 之间的权限连接。

docker gitlab gitlab-ci gitlab-ci-runner
6个回答
55
投票

您想要将 

DOCKER_HOST
设置为 
tcp://docker:2375
。它是一个“服务”,即在单独的容器中运行,默认情况下以图像名称命名,而不是本地主机。

这是一个应该有效的 

.gitlab-ci.yml
片段:

# Build and push the Docker image off of merges to master; based off
# of Gitlab CI support in https://pythonspeed.com/products/pythoncontainer/
docker-build:
  stage: build

  image:
    # An alpine-based image with the `docker` CLI installed.
    name: docker:stable

  # This will run a Docker daemon in a container (Docker-In-Docker), which will
  # be available at thedockerhost:2375. If you make e.g. port 5000 public in Docker
  # (`docker run -p 5000:5000 yourimage`) it will be exposed at thedockerhost:5000.
  services:
   - name: docker:dind
     alias: thedockerhost

  variables:
    # Tell docker CLI how to talk to Docker daemon; see
    # https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker-executor
    DOCKER_HOST: tcp://thedockerhost:2375/
    # Use the overlayfs driver for improved performance:
    DOCKER_DRIVER: overlay2
    DOCKER_TLS_CERTDIR: ""

  script:
    # Download bash:
    - apk add --no-cache bash python3
    # GitLab has a built-in Docker image registry, whose parameters are set automatically.
    # See https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#using-the-gitlab-contai
    #
    # CHANGEME: You can use some other Docker registry though by changing the
    # login and image name.
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
    - docker build -t "$CI_REGISTRY_IMAGE" .
    - docker push "$CI_REGISTRY_IMAGE"

  # Only build off of master branch:
  only:
    - master
7
投票

您可以尝试禁用tls

services:
- name: docker:dind
  entrypoint: ["dockerd-entrypoint.sh", "--tls=false"]
script:
- export DOCKER_HOST=tcp://127.0.0.1:2375 && docker build --pull -t ${CI_REGISTRY_IMAGE} .

因为有一篇有趣的读物https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27300

docker:dind v20 如果没有显式禁用 TLS,则会休眠 16 秒,这会导致构建容器早于 dockerd 容器启动的竞争条件

2
投票

尝试使用此 

.gitlab-ci.yml
文件。当我指定 DOCKER_HOST 时它对我有用

docker-build:
  stage: build

  image:
    # An alpine-based image with the `docker` CLI installed.
    name: docker:stable

  # This will run a Docker daemon in a container (Docker-In-Docker), which will
  # be available at thedockerhost:2375. If you make e.g. port 5000 public in Docker
  # (`docker run -p 5000:5000 yourimage`) it will be exposed at thedockerhost:5000.
  services:
   - name: docker:dind
     alias: thedockerhost

  variables:
    DOCKER_HOST: tcp://thedockerhost:2375/
    DOCKER_DRIVER: overlay2
    DOCKER_TLS_CERTDIR: ""

  script:
    # Download bash:
    - apk add --no-cache bash python3
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
    - docker build -t "$CI_REGISTRY_IMAGE" .
    - docker push "$CI_REGISTRY_IMAGE"

  only:
    - master
1
投票

您可以从 .gitlab-ci 文件中删除 DOCKER_HOST。这个技巧会发挥魔法。

1
投票

对我来说,接受的答案不起作用。相反,我为跑步者配置了 TLS 证书卷

[[runners]]
...
  [runners.docker]
    ...
    volumes = ["/certs/client", "/cache"]

我在 .gitlab-ci.yaml 中为证书目录添加了一个变量

variables:
  DOCKER_DRIVER: overlay2
  DOCKER_TLS_CERTDIR: "/certs"

根据这篇文章: https://about.gitlab.com/blog/2019/07/31/docker-in-docker-with-docker-19-dot-03/#configure-tls

还有这个: https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#docker-in-docker-with-tls-enabled-in-the-docker-executor

0
投票

使用docker和特权模式:

sudo gitlab-runner register -n \
  --url "https://gitlab.com/" \
  --registration-token REGISTRATION_TOKEN \
  --executor docker \
  --description "My Docker Runner" \
  --docker-image "docker:24.0.5" \
  --docker-privileged \
  --docker-volumes "/certs/client"
  • 此命令注册一个新的运行程序以使用 docker:24.0.5 镜像 (如果在工作级别没有指定)。开始构建并 服务容器,它使用特权模式。如果你想使用 Docker-in-Docker,您必须始终在您的 Docker 容器。
  • 此命令为服务挂载 /certs/client 并构建 容器,Docker 客户端需要它才能使用
    该目录中的证书。

上一个命令创建一个类似于以下示例的 config.toml 条目:

[[runners]]
  url = "https://gitlab.com/"
  token = TOKEN
  executor = "docker"
  [runners.docker]
    tls_verify = false
    image = "docker:24.0.5"
    privileged = true
    disable_cache = false
    volumes = ["/certs/client", "/cache"]
  [runners.cache]
    [runners.cache.s3]
    [runners.cache.gcs]

您现在可以在作业脚本中使用 docker。您应该包含 docker:24.0.5-dind 服务:

default:
  image: docker:24.0.5
  services:
    - docker:24.0.5-dind
  before_script:
    - docker info

variables:
  DOCKER_TLS_CERTDIR: "/certs"

build:
  stage: build
  script:
    - docker build -t my-docker-image .
    - docker run my-docker-image /script/to/run/tests
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.