i have two project on gitlab with same CI config file and ci variables. When i try to build dockerfile, one project passed, but second say:
Error: Cannot perform an interactive login from a non TTY device
config:
image: docker:latest
services:
- docker:dind
stages:
- build
variables:
CONTAINER_IMAGE: sleezy/go-hello-world:${CI_COMMIT_SHORT_SHA}
build:
stage: build
script:
- docker login -u ${DOCKER_USER} -p ${DOCKER_PASSWORD}
- docker build -t ${CONTAINER_IMAGE} .
- docker tag ${CONTAINER_IMAGE} ${CONTAINER_IMAGE}
- docker tag ${CONTAINER_IMAGE} sleezy/go-hello-world:latest
- docker push ${CONTAINER_IMAGE}
How i said, everything is same, variables, dockerhub account - username, password, config, even gitlab runner version, so i really dont know why? Any help, thanks.
Related
I am trying to build a super-simple CI/CD pipeline using GitLab CI.
Upon running it I get presented with the error:
Server:
ERROR: Cannot connect to the Docker daemon at tcp://docker:2375.
Is the docker daemon running?
My .gitlab-ci.yml is :
image: docker:latest
variables:
DOCKER_HOST: tcp://docker:2375
services:
- name: docker:dind
entrypoint: ["env", "-u", "DOCKER_HOST"]
command: ["dockerd-entrypoint.sh"]
before_script:
- docker --version
docker_build:
stage: build
image: docker:latest
services:
- docker:dind
script:
- docker build -t arieltar/hubsec:1.1 .
- docker push arieltar/hubsec:1.1
Based on the error message I would ask, does the gitlab-runner user belong to the docker group?
You will need to decide if you want to use Docker-in-Docker with, or without TLS. This requires changing /etc/gitlab-runner/config.toml settings, and assigning the DOCKER_TLS_CERTDIR in your .gitlab-ci.yml file. See the Docker-in-docker section of the GitLab docs.
Please check below things as prelim.
Whether docker is running or not
Login with gitlab-user if you are running pipeline with gitlab user and check if that user can access or run docker ps without sudo :).
add below entry if pt1. and pt2 satisfied.
services:
name: docker:dind
entrypoint: ["dockerd-entrypoint.sh", "--tls=false"]
script:
export DOCKER_HOST=tcp://127.0.0.1:2375 && docker build -t arieltar/hubsec:1.1 .
I have 3 server
Gitlab
Gitlab Runner
Harbor Registry
When I run CI/CD on Gitlab but it cannot login to Harbor Registry. This is error.
Get https://172.21.5.247/v1/users/: x509: cannot validate certificate for 172.21.5.247 because it doesn't contain any IP SANs
When I try login docker on server Gitlab and Gitlab Runner is successfully. I added "insecure-registries" to two server.
.gitlab.ci.yml file
image: docker:18-git
variables:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
DOCKER_HOST: tcp://localhost:2375
stages:
- build
- push
services:
- name: docker:dind
command: ["--insecure-registry=172.21.5.247:443"]
before_script:
- echo $HARBOR_USERNAME
- echo -n $HARBOR_PASSWORD | docker login -u $HARBOR_USERNAME -p $HARBOR_PASSWORD $HARBOR_REGISTRY
- docker version
- docker info
after_script:
- docker logout $HARBOR_REGISTRY
Build:
stage: build
script:
- docker pull $HARBOR_REGISTRY_IMAGE:latest || true
- >
docker build
--pull
--cache-from $HARBOR_REGISTRY_IMAGE:latest
--tag $HARBOR_REGISTRY_IMAGE:$CI_COMMIT_SHA .
- docker push $HARBOR_REGISTRY_IMAGE:$CI_COMMIT_SHA
Push_When_tag:
stage: push
only:
- tags
script:
- docker pull $HARBOR_REGISTRY_IMAGE:$CI_COMMIT_SHA
- docker tag $HARBOR_REGISTRY_IMAGE:$CI_COMMIT_SHA $HARBOR_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
- docker push $HARBOR_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
It have error in docker login.
Since Harbor 2.2 minor release you are able to create a harbor robot login,
afterwards write these credentials to Settings->CI/CD->Variables:
-HARBOR_ROBOT_USER (Important! you have to escape the $ in the robot username eg. robot$$myuser robot account name containing "$" will cause...)
-HARBOR_ROBOT_PASSWORD
Now you are able to use these Variables in before script as follows
- HARBOR_ROBOT_PASSWORD=${HARBOR_ROBOT_PASSWORD}
- HARBOR_ROBOT_USER=${HARBOR_ROBOT_USER}
## login process to harbor docker registry
echo $HARBOR_ROBOT_PASSWORD | docker login --username $HARBOR_ROBOT_USER --password-stdin ${HARBOR_REGISTRY}
I set up a private gitlab registry on a docker host. On the same host I'm trying to build test images and push them to said registry.
For some reason, this is not working. Here is my gitlab ci config:
stages:
- build_testing
- analytics
- testing
- build_deployment
variables:
MYSQL_RANDOM_ROOT_PASSWORD: 'true'
MYSQL_USER: 'dev'
MYSQL_PASSWORD: 'dev'
MYSQL_DATABASE: 'debitor_management_test'
# image: 10.11.12.41/laravel:v1
# services:
# - name: mariadb:10.1
# alias: mysql
image: docker:stable
services:
- name: docker:dind
command: ["--insecure-registry=10.11.12.41:443"]
build_testing:
stage: build_testing
script:
- docker build -t 10.11.12.41/debitor_management_testing .
- ping -c 5 10.11.12.41
- docker push 10.11.12.41/debitor_management_testing
The ping command is working, but the docker push fails with
$ docker push 10.11.12.41/debitor_management_testing
The push refers to repository [10.11.12.41/debitor_management_testing]
Get https://10.11.12.41/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
ERROR: Job failed: exit code 1
How can I get this to work?
The error suggests that the CI runner cannot communicate with 10.11.12.41.
Every GitLab repository has an associated Container Registry for storing Docker images. You might better off using that rather than running a custom registry for storing images. GitLab CI provides predefined variables to your CI jobs such as CI_REGISTRY, CI_REGISTRY_IMAGE, CI_REGISTRY_USER, and CI_REGISTRY_PASSWORD to help you access the registry associated with your repository.
If you use the built-in registry, you can write your build_testing job like the following.
build_testing:
stage: build_testing
script:
- docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker image build -tag $CI_REGISTRY_IMAGE .
- docker image push $CI_REGISTRY_IMAGE
My school has a personal gitlab setup, but it doesn't have a registry setup for docker images.
What I want to do is run my pipeline with docker, so that I can build, test etc in a docker environment.
Right now i am trying random stuff because I don't know what I am doing. This is what I have now:
Gitlab-ci:
image: docker:latest
services:
- docker:dind
before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
build-master:
stage: build
script:
- docker build --pull -t "$CI_REGISTRY_IMAGE" .
- docker push "$CI_REGISTRY_IMAGE"
build:
stage: build
script:
- docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" .
- docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
My secret variables on gitlab:
My error message in the pipeline:
Something else I tried uses a gitlab repo. This uses the docker image for ros correctly, but in my application I also use opencv, so I want to add more to the docker image. If i know how to do that in the example below, thats also an option. On top of this, in the example below i can't run tests.
Gitlab-ci:
image: ros:kinetic-ros-core
stages:
- build
variables:
ROS_PACKAGES_TO_INSTALL: ""
USE_ROSDEP: "true"
cache:
paths:
- ccache/
before_script:
- git clone https://gitlab.com/VictorLamoine/ros_gitlab_ci.git
- source ros_gitlab_ci/gitlab-ci.bash
catkin_make:
stage: build
script:
- catkin_make
catkin_build:
stage: build
script:
- catkin build --summarize --no-status --force-color
As I said I have tried many things, this is just the latest thing I have tried. How can I run my runners and gitlab-ci with docker without a gitlab registry?
Just use it withouth registry.
You just need to insert this to gitlab runner config file:
pull_policy = "if-not-present"
Thats enough, and remove commands like:
docker push ...
docker pull ...
Or even insert "|| true" at the end of the push pull command if you want to keep push pull in case, like this:
docker pull ... || true;
Which keeps your code to continue if command fail.
Just dont forget that : pull_policy = "if-not-present" , which allow You to run docker image withouth pull and push.
As image is in case if mussing builded, this works.
example:
[[runners]]
name = "Runner name"
url = ...
...
executor = "docker"
[runners.docker]
image = ...
pull_policy = "if-not-present"
...
You can change these secret variables to point to docker-hub registry server.
You have to create your account on that https://hub.docker.com/ and then use that details to configure - gitlab secret variables.
I have a gitlab CI setup where i would like build and push docker images, the first problem was that my nexus repo wasn't https.
The actual error message was this:
Error response from daemon: Get http://some.host:port/v2/: http:
server gave HTTP response to HTTPS client
To build docker images we use docker:latest image, and i can't find the way to add our host as insecure registry in .gitlab-ci.yml
So a self signed my nexus repository in hope it will solve, but it's not worked either and giver the following error message:
Error response from daemon: Get https://some.host:port/v2/: x509:
certificate signed by unknown authority
this is my current CI setup:
image: docker:latest
services:
- docker:dind
before_script:
- docker info
- docker login -u USER -p PASSWORD some.host:port
stages:
- build
build-image:
stage: build
script:
- docker build -t some.host:port/image:alpine .
- docker push some.host:port/image:alpine
only:
- master
when: manual
So is there a simple solution or an existing docker image where i can configure insecure registries may be some docker magic with command line i really need to create an own image to solve this?
You can launch docker dind with different command. See below url for more details
https://docs.gitlab.com/ce/ci/docker/using_docker_images.html#setting-a-command-for-the-service. So you need to update your .gitlab.ci.yml
image: docker:latest
services:
- name: docker:dind
command: [ "--insecure-registry=some.host:port" ]
before_script:
- docker info
- docker login -u USER -p PASSWORD some.host:port
stages:
- build
build-image:
stage: build
script:
- docker build -t some.host:port/image:alpine .
- docker push some.host:port/image:alpine
only:
- master
when: manual
Then you can use a insecure http registry
Worked for me with slight modification in syntax, Command expects array.
services:
- name: docker:dind
command: ["--insecure-registry=some.host:port"]