Im using the following .gitlab-ci.yml :
stages:
- build
docker-build:
# Use the official docker image.
image:
name: docker:latest
entrypoint: [""]
stage: build
services:
- docker:dind
variables:
DOCKER_HOST: tcp://docker:2375/
DOCKER_DRIVER: overlay2
script:
- docker-compose -f compose_testfile.yaml down
...(and so on)
But I get the error:
/builds/testaccount/testproject/compose_testfile.yaml: no such file or directory
the compose-file is on the machine where the gitlab-runner is installed on, how can I access this file from the .gitlab-ci.yml in docker-build ?
You need to add the compose config file to the repository, just as you do with the gitlab pipeline config.
Related
I have an issue with gitlab runner using docker:dind service.
I'm trying to run a docker-compose file with simple volume on a job, here the job :
test_e2e:
image: tmaier/docker-compose
stage: test
services:
- docker:dind
variables:
GIT_STRATEGY: none
GIT_CHECKOUT: "false"
DOCKER_DRIVER: overlay2
before_script:
- ls
script:
- cp .env.dist .env
- docker-compose -f docker-compose.yml -f docker-compose-ci.yml up -d
The job start normally but a container in docker-compose-ci.yml doesn't seem to mount the volume as specified in it, here docker-compose-ci.yml
version: '3.3'
services:
wait_app:
image: dadarek/wait-for-dependencies
networks:
- internal
depends_on:
- traefik
- webapp
command: webapp:3000
cypress:
# the Docker image to use from https://github.com/cypress-io/cypress-docker-images
image: "cypress/included:6.5.0"
networks:
- internal
depends_on:
- traefik
- webapp
- api
- mysql
- redis
environment:
# pass base url to test pointing at the web application
- CYPRESS_baseUrl=http://app.localhost:3000
working_dir: /cypress
volumes:
- ./cypress/:/cypress
Here if I make an "docker exec app_cypress_1 sh -c "ls -al" || 1" of /cypress folder inside the container cypress, I will have nothing even though I do have files in there on the host.
But I tried on a different version of the runner 13.7.0 instead of 13.5.0, and it work as expected.
Where could be the issue ? Is it the gitlab runner are maybe there is another parameter that I can change to make it work ?
Thank you
I'm trying to build the CI pipeline in GitLab. I'd like to ask about making the docker work in GitLab CI.
From this issue: https://gitlab.com/gitlab-org/gitlab-runner/issues/4501#note_195033385
I'm follow the instruction for both ways. With TLS and not used TLS.
But It's still stuck. Which in same error
Cannot connect to the Docker daemon at tcp://localhost:2375/. Is the docker daemon running
I've try to troubleshooting this problem. follow by below,
enable TLS
Which used .gitlab-ci.yml and config.toml for enable TLS in Runner.
This my .gitlab-ci.yml:
image: docker:19.03
variables:
DOCKER_HOST: tcp://localhost:2375/
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: "/certs"
IMAGE_NAME: image_name
services:
- docker:19.03-dind
stages:
- build
publish:
stage: build
script:
- docker build -t$IMAGE_NAME:$(echo $CI_COMMIT_SHA | cut -c1-10) .
- docker push $IMAGE_NAME:$(echo $CI_COMMIT_SHA | cut -c1-10)
only:
- master
And this my config.toml:
[[runners]]
name = MY_RUNNER
url = MY_HOST
token = MY_TOKEN_RUNNER
executor = "docker"
[runners.custom_build_dir]
[runners.docker]
tls_verify = false
image = "docker:stable"
privileged = true
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/certs/client", "/cache"]
shm_size = 0
Disable TLS
.gitlab-ci.yml:
image: docker:18.09
variables:
DOCKER_HOST: tcp://localhost:2375/
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
IMAGE_NAME: image_name
services:
- docker:18.09-dind
stages:
- build
publish:
stage: build
script:
- docker build -t$IMAGE_NAME:$(echo $CI_COMMIT_SHA | cut -c1-10) .
- docker push $IMAGE_NAME:$(echo $CI_COMMIT_SHA | cut -c1-10)
only:
- master
And this my config.toml:
[[runners]]
environment = ["DOCKER_TLS_CERTDIR="]
Anyone have idea?
Solution
You can see at the accepted answer. Moreover, In my case and
another one. Looks like the root cause it from the Linux server that
GitLab hosted doesn't has permission to connect Docker. Let's check
the permission connectivity between GitLab and Docker on your server.
You want to set DOCKER_HOST to tcp://docker:2375. It's a "service", i.e. running in a separate container, by default named after the image name, rather than localhost.
Here's a .gitlab-ci.yml snippet that should work:
# Build and push the Docker image off of merges to master; based off
# of Gitlab CI support in https://pythonspeed.com/products/pythoncontainer/
docker-build:
stage: build
image:
# An alpine-based image with the `docker` CLI installed.
name: docker:stable
# This will run a Docker daemon in a container (Docker-In-Docker), which will
# be available at thedockerhost:2375. If you make e.g. port 5000 public in Docker
# (`docker run -p 5000:5000 yourimage`) it will be exposed at thedockerhost:5000.
services:
- name: docker:dind
alias: thedockerhost
variables:
# Tell docker CLI how to talk to Docker daemon; see
# https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker-executor
DOCKER_HOST: tcp://thedockerhost:2375/
# Use the overlayfs driver for improved performance:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
script:
# Download bash:
- apk add --no-cache bash python3
# GitLab has a built-in Docker image registry, whose parameters are set automatically.
# See https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#using-the-gitlab-contai
#
# CHANGEME: You can use some other Docker registry though by changing the
# login and image name.
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
- docker build -t "$CI_REGISTRY_IMAGE" .
- docker push "$CI_REGISTRY_IMAGE"
# Only build off of master branch:
only:
- master
You can try to disable tls
services:
- name: docker:dind
entrypoint: ["dockerd-entrypoint.sh", "--tls=false"]
script:
- export DOCKER_HOST=tcp://127.0.0.1:2375 && docker build --pull -t ${CI_REGISTRY_IMAGE} .
As there is an interesting reading https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27300
docker:dind v20 sleeps for 16 seconds if you don't have TLS explicitly disabled, and that causes race condition where build container starts earlier than dockerd container
Try with this .gitlab-ci.yml file. It worked for me when I specified the DOCKER_HOST
docker-build:
stage: build
image:
# An alpine-based image with the `docker` CLI installed.
name: docker:stable
# This will run a Docker daemon in a container (Docker-In-Docker), which will
# be available at thedockerhost:2375. If you make e.g. port 5000 public in Docker
# (`docker run -p 5000:5000 yourimage`) it will be exposed at thedockerhost:5000.
services:
- name: docker:dind
alias: thedockerhost
variables:
DOCKER_HOST: tcp://thedockerhost:2375/
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
script:
# Download bash:
- apk add --no-cache bash python3
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
- docker build -t "$CI_REGISTRY_IMAGE" .
- docker push "$CI_REGISTRY_IMAGE"
only:
- master
For me the accepted answer didn't work. Instead I configured the TLS certificate volume for the runner
[[runners]]
...
[runners.docker]
...
volumes = ["/certs/client", "/cache"]
and I added a variable for the certificate directory in my .gitlab-ci.yaml
variables:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: "/certs"
according to this article:
https://about.gitlab.com/blog/2019/07/31/docker-in-docker-with-docker-19-dot-03/#configure-tls
and this one:
https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#docker-in-docker-with-tls-enabled-in-the-docker-executor
You can remove the DOCKER_HOST from the .gitlab-ci file. That trick will do magic.
I have the address of my docker registry in an GitLab-CI environment variable.
How can I use it in the context of a service command in my .gitlab-ci.yml?
services:
- name: docker:dind
command: ["--insecure-registry=$CI_REGISTRY"] # this does not work
build:
stage: build
script:
- docker build -t "$CI_REGISTRY_IMAGE" . # this works properly
- docker push "$CI_REGISTRY_IMAGE"
In GitLab, I have this .gitlab-ci.yml configuration to build a Docker image:
build:
stage: build
image: docker:stable
services:
- docker:stable-dind
script:
- docker build --tag example .
and it works. When I replace the image I'm using to build with google/cloud-sdk:latest:
build:
stage: build
image: google/cloud-sdk:latest
services:
- docker:stable-dind
script:
- docker build --tag example .
I get this error:
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
I've seen plenty of articles talking about this but they all offer one of three solutions:
Run the dind service
Define DOCKER_HOST to tcp://localhost:2375/
Define DOCKER_HOST to tcp://docker:2375/
I'm already doing 1, so I tried 2 and 3:
build:
stage: build
image: google/cloud-sdk:latest
services:
- docker:stable-dind
variables:
DOCKER_HOST: tcp://localhost:2375/
script:
- docker build --tag example .
Both failed with this error:
Cannot connect to the Docker daemon at tcp://localhost:2375/. Is the docker daemon running?
What am I missing?
tcp://docker:2375 actually works, but when I was trying I had - export DOCKER_HOST=tcp://localhost:2375 in the script from a previous experiment so my changes in the variables section had no effect.
I am trying to set up a job with gitlab CI to build a docker image from a dockerfile, but I am behind a proxy.
My .gitlab-ci.yml is as follows:
image: docker:stable
variables:
DOCKER_HOST: tcp://docker:2375
DOCKER_DRIVER: overlay2
HTTP_PROXY: $http_proxy
HTTPS_PROXY: $http_proxy
http_proxy: $http_proxy
https_proxy: $http_proxy
services:
- docker:dind
before_script:
- wget -O - www.google.com # just to test
- docker search node # just to test
- docker info # just to test
build:
stage: build
script:
- docker build -t my-docker-image .
wget works, meaning that proxy setup is correct, in theory
But the commands docker search, docker info and docker build do not work, apparently because of a proxy issue.
An excerpt from the job output:
$ docker search node
Warning: failed to get default registry endpoint from daemon (Error response from daemon:
[and here comes a huge raw HTML output including the following message: "504 - server did not respond to proxy"]
It appears docker does not read from the environment variables to setup proxy.
Note: I am indeed using a runner in --privileged mode, as the documentation instructs to do.
How do I fix this?
If you want to be able to use docker-in-docker (dind) in gitlab CI behind proxy, you will also need to setup no_proxy variable in your gitlab-ci.yml file. NO_PROXY for host "docker".
This is the gitlab-ci.yml that works with my dind:
image: docker:19.03.12
variables:
DOCKER_TLS_CERTDIR: "/certs"
HTTPS_PROXY: "http://my_proxy:3128"
HTTP_PROXY: "http://my_proxy:3128"
NO_PROXY: "docker"
services:
- docker:19.03.12-dind
before_script:
- docker info
build:
stage: build
script:
- docker run hello-world
Good luck!
Oddly, the solution was to use a special dind (docker-in-docker) image provided by gitlab instead, and it works without setting up services and anything. The .gitlab-ci.yml that worked was as follows:
image: gitlab/dind:latest
before_script:
- wget -O - www.google.com
- docker search node
- docker info
build:
stage: build
script:
- docker build -t my-docker-image .
Don't forget that the gitlab-runner must be registered with the --privileged flag.
I was unable to get docker-in-docker (dind) working behind our corporate proxy.
In particular, even when following the instructions here a docker build command would still fail when executing FROM <some_image> as it was not able to download the image.
I had far more success using kaniko which appears to be Gitlabs current recommendation for doing Docker builds.
A simple build script for a .NET Core project then looks like:
build:
stage: build
image: $BUILD_IMAGE
script:
- dotnet build
- dotnet publish Console--output publish
artifacts:
# Upload all build artifacts to make them available for the deploy stage.
when: always
paths:
- "publish/*"
expire_in: 1 week
kaniko:
stage: dockerise
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
script:
# Construct a docker-file
- echo "FROM $RUNTIME_IMAGE" > Dockerfile
- echo "WORKDIR /app" >> Dockerfile
- echo "COPY /publish ." >> Dockerfile
- echo "CMD [\"dotnet\", \"Console.dll\"]" >> Dockerfile
# Authenticate against the Gitlab Docker repository.
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
# Run kaniko
- /kaniko/executor --context . --dockerfile Dockerfile --destination $CI_REGISTRY_IMAGE:$VersionSuffix