Private Gitlab Runner for code quality without Docker-in-Docker - docker

I want to run the code quality widget in our repo. Actually i want to register an gitlab runner on my kubernetes cluster to execute docker builds. I am trying to install the gitlab runner via Kubernetes Helm Charts.
this is my helm chart: `
gitlabUrl: https://blabla/
runnerRegistrationToken: blabla
runners:
config: |
[[runners]]
[runners.docker]
tls_verify = false
image = "docker:stable"
privileged = false
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/cache", "/var/run/docker.sock:/var/run/docker.sock", "/tmp/builds:/tmp/builds"]
shm_size = 0
[runners.cache]
Type = "s3"
Path = "runner"
Shared = true
[runners.cache.s3]
ServerAddress = "s3.amazonaws.com"
BucketName = "blabla"
BucketLocation = "us-west-1"
Insecure = false
imagePullPolicy: IfNotPresent
unfortunately this does not work. i get the output Cannot connect to the Docker daemon at tcp://localhost:2375. Is the docker daemon running?
Can anyone please help with the correct configuration for this problem?
my sources are:
https://docs.gitlab.com/ee/user/project/merge_requests/code_quality.html#set-up-a-private-runner-for-code-quality-without-docker-in-docker
https://docs.gitlab.com/runner/install/kubernetes.html
https://gitlab.com/gitlab-org/charts/gitlab-runner/blob/master/values.yaml
Thanks in advance. You are my last hope

docker daemon error can be resolved by using the following code:
privileged = true

Related

Gitlab runner failing ERROR: Cannot connect to the Docker daemon at local runner

I have a local runner that cannot connect to the docker daemon.
I tried adding an alias to the service and it still failed
ERROR: Cannot connect to the Docker daemon at tcp://docker:2375/. Is the docker daemon running?
ERROR: Cannot connect to the Docker daemon at tcp://thealias:2375/. Is the docker daemon running?
gitlab-ci
push_image:
image: docker:20.10.16-dind
services:
- docker:20.10.16-dind
before_script:
- docker info
- docker login ext_registry.com -u $NEXUS_USER -p $NEXUS_PASS
script:
- docker build -t ext_registry.com.liberty.edu:5000/occ/groupsyncer:latest .
gitlab-runner.toml
[[runners]]
name = "docker-runner"
url = "https://gitlab.example.com/"
token = REDACTED
executor = "docker"
cache_dir="/cache"
clone_url = "https://gitlab.example.com"
[runners.custom_build_dir]
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
[runners.cache.azure]
[runners.docker]
volumes = ["/opt/gitlab-runner/cache:/cache:rw"]
tls_verify = false
image = "docker:20.10.16"
privileged = true
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
shm_size = 0
In my case the error came from not sharing the docker sock.
[runners.docker]
volumes = ["/var/run/docker.sock:/var/run/docker.sock","/opt/gitlab-runner/cache:/cache:rw"]
Also make sure the gitlab-runner has permissions to docker.
usermod -aG docker gitlab-runner

Why fails my gitlab-runner (in Docker Container) since a few days, I didn't change anything

I have a Ubuntu 18.04 server. On this server is running an gitlab-ce 12.7.5 instance in a docker container and a gitlab-runner 12.8.0 also in a docker container. Since a few days all the pipelines ar failing with:
*Running with gitlab-runner 12.8.0 (1b659122)
on ddddd kbuTsA6j
Using Docker executor with image ubuntu:18.04 ...
00:02
Pulling docker image ubuntu:18.04 ...
Using docker image sha256:2c047404e52d7f17bdac4121a13cd844447b74e13063f8cb8f8b314467feed06 for ubuntu:18.04 ...
ERROR: Job failed (system failure): Error response from daemon: OCI runtime create failed: container_linux.go:370: starting container process caused: process_linux.go:459: container init caused: process_linux.go:422: setting cgroup config for procHooks process caused: resulting devices cgroup doesn't match target mode: unknown (executor_docker.go:810:0s)*
The config.toml file of the gitlab-runner container looks like this:
concurrent = 1
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "ddddd"
url = "https://myreplacedname.stratoserver.net:8929/"
token = "kbuTsA6jgE_GrM"
tls-ca-file = "/etc/gitlab-runner/certs/myreplacedname.stratoserver.net.crt"
executor = "docker"
[runners.custom_build_dir]
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
[runners.docker]
tls_verify = false
image = "docker:19.03.1"
privileged = true
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/srv/gitlab-runner/config:/etc/gitlab-runner", "/cache", "/builds:/builds"]
shm_size = 0
Until a few days ago, everything worked fine. I would be very happy if you could help me. Thank you!
I spent several days trying to find a solution to the same problem. I found out that assigning the value false to the privileged field of your [runners.docker] section solves this problem.
So, in your case, the resulting configuration will look like this:
concurrent = 1
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "ddddd"
url = "https://myreplacedname.stratoserver.net:8929/"
token = "kbuTsA6jgE_GrM"
tls-ca-file = "/etc/gitlab-runner/certs/myreplacedname.stratoserver.net.crt"
executor = "docker"
[runners.custom_build_dir]
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
[runners.docker]
tls_verify = false
image = "docker:19.03.1"
privileged = false
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/srv/gitlab-runner/config:/etc/gitlab-runner", "/cache", "/builds:/builds"]
shm_size = 0
Of course, to apply these changes, you must restart your gitlab-runner instance after performing these actions. I hope it helps you, too.

GitLab Runner - Docker executor in LXD container

I try to run GitLab Runner with docker executor inside LXD container.
Have it done half way through but still not functioning properly.
Did anybody happen to have it up and running and could share how to do it ?
You have to set your docker container to run as privileged.
Check the runner config.toml file and set like this:
[runners.docker]
tls_verify = false
image = "docker:stable"
privileged = true
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/cache"]
shm_size = 0
[runners.cache]
Insecure = false
Also make sure that you have launched your LXC container with the paramaters:
lxc launch --verbose IMAGE CONTAINER_NAME -c security.nesting=true -c security.privileged=true
Plus check the LXC profile to be set like this:
config:
raw.lxc: |-
lxc.apparmor.profile = unconfined
lxc.cgroup.devices.allow = a
lxc.mount.auto=proc:rw sys:rw
lxc.cap.drop=
description: Default LXD profile
devices:
eth0:
name: eth0
nictype: bridged
parent: lxdbr0
type: nic
root:
path: /
pool: lxd-pa
type: disk
name: default
In case that even those settings won't change the docker container behavior, try to disable apparmor on the LXC container
Problem sorted out by doing everything by below steps
install lxd container as per https://stgraber.org/2016/04/13/lxd-2-0-docker-in-lxd-712/
install gitlab-runner as per https://docs.gitlab.com/runner/install/linux-repository.html
https://docs.gitlab.com/ee/ci/docker/using_docker_build.html

Gitlab-runner docker container is using the Gitlab container_id as the clone url

I am trying to configure a simple Gitlab-ci build pipeline and am running all of the components in docker containers. I followed the general guides on docs.gitlab.com and got a runner registered with gitlab. But when a build kicks off, the runner tries to clone the repository in question and seems to use the gitlab instance's container-id in place of the url, and I get an unreachable-host error:
Cloning repository...
Cloning into '/builds/root/ci-demo'...
fatal: unable to access 'http://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx#cdfd596f2bc4/root/ci-demo.git/': Could not resolve host: cdfd596f2bc4
ERROR: Job failed: exit code 1
Is there something obvious that I've overlooked? There are quite a few similar questions on SO and the internet in general, but none seem to have a problem with the target container-id being substituted for the url.
gitlab-runner's config.toml:
concurrent = 1
check_interval = 0
[[runners]]
name = "runner_name"
url = "http://[ipaddr]:[port]/"
token = "xxxxxxx"
executor = "docker"
[runners.docker]
tls_verify = false
image = "maven:latest"
privileged = false
disable_cache = false
volumes = ["/cache"]
shm_size = 0
[runners.cache]

Running docker gitlab-runner with net=host option

I've also been having enormous problem setting up docker gitlab-runner containers with net="host" option. Even though in version 1.1 option "docker-network-mode" was introduced I cannot make it work. My config.toml in gitlab-runner container is:
[[runners]]
name = "name"
url = "giturl"
token = "token"
executor = "docker"
[runners.docker]
tls_verify = false
image = "maven:3.3.9-jdk-8"
network_mode = "host"
privileged = false
disable_cache = false
volumes = ["/cache"]
and runner does not work with net=host mode. Anyone made it work?

Resources