我正在尝试
我正在尝试在 docker 配置中为正在运行的 gitlab 实例获取一个 docker,但是我无法让它工作。
这是我想要做的:
- 启动“docker in docker”镜像
- 在另一个 docker 镜像中启动 gitlab runner
- 从 gitlab CI 在 docker 中使用 docker。
所有这些都在 Ubuntu 18.04 下运行。以下是命令
创建网络
sudo docker 网络创建 gitlab-runner-net
在docker中启动docker:
sudo docker run --privileged --name gitlab-dind -d \
--network gitlab-runner-net --network-alias gitlab-runner-net \
-e DOCKER_TLS_CERTDIR=/certs \
-v docker-certs-ca:/certs/ca \
-v docker-certs-client:/certs/client \
-v /var/lib/docker \
docker:19.03.13-dind --storage-driver=overlay2
对于跑步者来说
sudo docker run -d --name gitlab-runner --restart always --network gitlab-runner-net -v /srv/gitlab-runner/config.toml:/etc/gitlab-runner/config.toml -e DOCKER_TLS_CERTDIR=/certs -v docker-certs-client:/certs/client:ro -e DOCKER_HOST=tcp://gitlab-dind:2376 gitlab/gitlab-runner:alpine
这是 config.toml
concurrent = 1
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "gitlab-did"
url = „cleaned“
token = „cleaned
executor = "docker"
[runners.custom_build_dir]
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
[runners.cache.azure]
[runners.docker]
host = "tcp://gitlab-dind:2376"
tls_verify = false
image = "docker:19.03.13"
privileged = true
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/cache", "/certs"]
shm_size = 0
容器启动正常,gitlab runner 注册成功。但我使用了以下 .gitlab-ci.yml
图片:docker:19.03.12 服务:
- docker:19.03.12-dind
之前脚本:
- docker 信息
构建:阶段:构建脚本:-docker build -t my-docker-image .-docker run my-docker-image /script/to/run/tests
结果是
> Running with gitlab-runner 13.4.1 (e95f89a0) on gitlab-did FPGoD8Ms
> Preparing the "docker" executor 00:09 ERROR: Failed to remove network
> for build ERROR: Preparation failed: Error response from daemon:
> Client sent an HTTP request to an HTTPS server. (docker.go:985:0s)
> Will be retried in 3s ... ERROR: Failed to remove network for build
> ERROR: Preparation failed: Error response from daemon: Client sent an
> HTTP request to an HTTPS server. (docker.go:985:0s) Will be retried in
> 3s ... ERROR: Failed to remove network for build ERROR: Preparation
> failed: Error response from daemon: Client sent an HTTP request to an
> HTTPS server. (docker.go:985:0s) Will be retried in 3s ... ERROR: Job
> failed (system failure): Error response from daemon: Client sent an
> HTTP request to an HTTPS server. (docker.go:985:0s)
我花了好几天时间试图修复这个问题。我尝试了太多设置,以至于我完全失去了对它的了解。
有人有什么建议吗?
答案1
通过设置环境变量 DOCKER_TLS_CERTDIR="" 禁用 TLS
来源:https://gitlab.com/gitlab-org/gitlab-runner/-/issues/4501
答案2
我有一个类似的用例(Jenkins CI),遇到了同样的问题。我可以通过完全不使用 docker 中的 docker 来解决这个问题。相反,我将 /var/run/docker.sock 挂载到 docker 容器中(即-v /var/run/docker.sock:/var/run/docker.sock
)。docker 守护进程的 URL 变为unix:///var/run/docker.sock
。
这个建议来自https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/这是直接从dockerhub上的docker镜像中引用的。
我需要在容器上进行的唯一更改是确保我的用户是 docker 组的一部分,并且 docker 组在主机和容器上具有相同的 gid。
答案3
在 gitlab-ci 作业中使用 docker-buildx 时出现此错误。
如果你使用 kubernetes runner 和 tls 设置 dind,如下所述这里,
使用以下命令使用 tls 配置设置 docker-buildx:
docker context create docker-tls --docker "host=tcp://docker:2376,ca=/certs/client/ca.pem,cert=/certs/client/cert.pem,key=/certs/client/key.pem" && docker-buildx create --driver=docker-container --use docker-tls
其余配置如下所示(helm,gitlab-runner)
runners:
config: |
[[runners]]
name = "..."
environment = [
...
"DOCKER_HOST=tcp://docker:2376",
"DOCKER_TLS_VERIFY=1",
"DOCKER_TLS_CERTDIR=/certs",
"DOCKER_CERT_PATH=$DOCKER_TLS_CERTDIR/client"
]
[runners.kubernetes]
image = "ubuntu:latest eg."
privileged = true
[[runners.kubernetes.volumes.empty_dir]]
name = "docker-certs"
mount_path = "/certs/client"
medium = "Memory"
并定义gitlab-ci服务来启动docker-in-docker镜像。
"services": ["docker:dind"],