我正在使用 docker compose 在 Ubuntu 22.04.2 LTS 服务器上托管一个带有运行器的 gitlab-ce 实例:
version: '3.7'
services:
web:
image: 'gitlab/gitlab-ce:latest'
restart: always
hostname: 'localhost'
container_name: gitlab-ce
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://192.168.123.178'
ports:
- '80:80'
- '8443:443'
volumes:
- '$GITLAB_HOME/config:/etc/gitlab'
- '$GITLAB_HOME/logs:/var/log/gitlab'
- '$GITLAB_HOME/data:/var/opt/gitlab'
networks:
- gitlab
gitlab-runner:
image: gitlab/gitlab-runner:alpine
container_name: gitlab-runner
restart: always
depends_on:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- '$GITLAB_HOME/gitlab-runner:/etc/gitlab-runner'
networks:
- gitlab
networks:
gitlab:
name: gitlab-network
我从gitlab.rb安装到容器的配置文件中启用了端口 5050 上的容器注册表:
...
registry_external_url 'http://192.168.123.178:5050'
...
我可以确认容器注册表已启用,因为我能够在 gitlab 上的每个项目中使用 AutoDevOps 功能。
我使用以下命令将跑步者注册到项目中:
$ sudo docker exec -it gitlab-runner gitlab-runner register --url "http://gitlab-ce" --clone-url "http://gitlab-ce" --registration-token <registration_token_from_gitlab_web_interface> --executor docker --description "Deployment Runner" --docker-image "docker:stable" --docker-privileged
它生成以下config.toml文件:
[[runners]]
name = "Deployment Runner"
url = "http://gitlab-ce"
id = 6
token = "<token>"
token_obtained_at = 2023-04-28T13:39:30Z
token_expires_at = 0001-01-01T00:00:00Z
executor = "docker"
clone_url = "http://gitlab-ce"
[runners.cache]
MaxUploadedArchiveSize = 0
[runners.docker]
tls_verify = false
image = "docker:stable"
privileged = true
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/cache"]
shm_size = 0
# manually added this
network_mode = "gitlab-network"
现在我设置了一个使用 nginx 容器托管的简单 html 网站。这是.gitlab-ci.yml我用来测试持续部署工作流程的文件:
stages:
- publish
- deploy
variables:
TAG_LATEST: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:latest
TAG_COMMIT: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA
DOCKER_HOST: tcp://docker:2375/
DOCKER_TLS_CERTDIR: ""
publish:
image: docker:latest
stage: publish
services:
- name: docker:dind
command: ["--insecure-registry=localhost:5050"]
script:
- docker build -t $TAG_COMMIT -t $TAG_LATEST .
- docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
- docker push $TAG_COMMIT
- docker push $TAG_LATEST
deploy:
image: alpine:latest
stage: deploy
tags:
- deployment
script:
- chmod og= $ID_RSA
- apk update && apk add openssh-client
- ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY"
- ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker pull $TAG_COMMIT"
- ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker container rm -f my-app || true"
- ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker run -d -p 80:80 --name my-app $TAG_COMMIT"
environment:
name: production
url: http://192.168.123.178
尽管一切看起来都很好,但它在构建阶段返回以下错误:
...
$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get "https://[MASKED]:5050/v2/": dial tcp [MASKED]:5050: connect: connection refused
Cleaning up project directory and file based variables
ERROR: Job failed: exit code 1
编辑:
忘了提及,我还在/etc/docker/deamon.json托管 docker deamon 的服务器中声明了不安全的容器注册表,如下所示:
{ "insecure-registries": ["localhost:5050"] }
我不知道是否应该在 gitlab-runner 容器上做同样的事情。我也不知道怎么办