Docker GitLab-CE: ulimit - docker

on saturday I tried to install Gitlab-CE on a new root Ubuntu Server. I got this error:
/opt/gitlab/embedded/bin/runsvdir-start: line 24: ulimit: pending signals: cannot modify limit: Operation not permitted
/opt/gitlab/embedded/bin/runsvdir-start: line 37: /proc/sys/fs/file-max: Read-only file system
After setting the password and login (first time), gitlab shows me 404!
I already tried docker exec -it gitlab update-permissions, increase ulimit and so on!
sudo docker run -i \
--hostname ubuntu \
--publish 10443:443 --publish 10080:80 --publish 10022:22 \
--sysctl net.core.somaxconn=1024 \
--ulimit sigpending=62793 \
--ulimit nproc=131072 \
--ulimit nofile=60000 \
--ulimit core=0 \
--name gitlab \
--restart always \
--volume /srv/gitlab/config:/etc/gitlab \
--volume /srv/gitlab/logs:/var/log/gitlab \
--volume /srv/gitlab/data:/var/opt/gitlab \
--volume /srv/gitlab/logs/reconfigure:/var/log/gitlab/reconfigure \
gitlab/gitlab-ce:latest
I definitely spent 15 hours on Google and tried out fixes. So far no chance

Had the same issue and was able to get my local Docker gitlab-ce working by adding:
--privileged
See this issue:3047

Related

psql:/home/git/gitlab/db/structure.sql:9: ERROR: permission denied to create extension "btree_gist"

I installed docker-gitlab from here
Step 1. Launch a postgresql container
docker run --name gitlab-postgresql -d \
--env 'DB_NAME=gitlabhq_production' \
--env 'DB_USER=gitlab' --env 'DB_PASS=password' \
--env 'DB_EXTENSION=pg_trgm' \
--volume /srv/docker/gitlab/postgresql:/var/lib/postgresql \
sameersbn/postgresql:12-20200524
Step 2. Launch a redis container
docker run --name gitlab-redis -d \
--volume /srv/docker/gitlab/redis:/data \
redis:6.2
Step 3. Launch the gitlab container
docker run --name gitlab -d \
--link gitlab-postgresql:postgresql --link gitlab-redis:redisio \
--publish 10022:22 --publish 10080:80 \
--env 'GITLAB_PORT=10080' --env 'GITLAB_SSH_PORT=10022' \
--env 'GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alpha-numeric-string' \
--env 'GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alpha-numeric-string' \
--env 'GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alpha-numeric-string' \
--volume /srv/docker/gitlab/gitlab:/home/git/data \
sameersbn/gitlab:14.8.0
But i got these errors from gitlab container:
database 'gitlabhq_production' already exists
2022-02-28T17:02:02.425099812Z psql:/home/git/gitlab/db/structure.sql:9: ERROR: permission denied to create extension "btree_gist"
2022-02-28T17:02:02.425125024Z HINT: Must be superuser to create this extension.
2022-02-28T17:02:02.426554719Z rake aborted!
2022-02-28T17:02:02.426575880Z failed to execute:
2022-02-28T17:02:02.426586706Z psql --set ON_ERROR_STOP=1 --quiet --no-psqlrc --file /home/git/gitlab/db/structure.sql --single-transaction gitlabhq_production
2022-02-28T17:02:02.426598928Z
2022-02-28T17:02:02.426609892Z Please check the output above for any errors and make sure that `psql` is installed in your PATH and has proper permissions.

How to forward local-user's groups to the container?

My docker command is pretty rich, but still I am not able to see all the local-user's groups when I am inside container. Question is how can I do that?
So from outside docker:
$>>groups
<$USER> adm cdrom sudo dip video plugdev lpadmin sambashare docker
My docker-run command:
docker run -it \
--restart=on-failure:5 \
--name amr_sdk_docker \
--user "$(id --user):$(id --group)" \
--group-add "$(id --group)" \
--hostname "$(hostname)" \
--env "USER=$(whoami)" \
--env "DISPLAY=$DISPLAY" \
--env="QT_X11_NO_MITSHM=1" \
--network=host \
--security-opt apparmor:unconfined \
--security-opt=no-new-privileges \
--pids-limit 128 \
--volume /tmp/.X11-unix:/tmp/.X11-unix \
--volume "${HOME}":/home/"$(whoami)":rw \
--volume "${HOME}"/.cache:/.cache:rw \
--volume /run/user:/run/user \
--volume /var/run/nscd/socket:/var/run/nscd/socket:ro \
--volume /etc/ssl/certs/:/etc/ssl/certs/:ro \
--volume /etc/ssh/:/etc/ssh/:ro \
--volume /usr/share/ca-certificates:/usr/share/ca-certificates:ro \
--volume /etc/passwd:/etc/passwd:ro \
--volume /etc/group:/etc/group:ro \
--volume /usr/local/share/ca-certificates:/usr/local/share/ca-certificates:ro \
--volume /dev:/dev \
--volume /lib/modules:/lib/modules \
--volume /tmp:/tmp:rw \
--privileged \
<image_name:tag>
And after above command, from inside container:
$ groups
<$USER>
I'm not sure I understand your problem exactly, however you are currently passing only the effective group ID with --group-add. This is already taken care of by:
--user "$(id --user):$(id --group)"
What you might be missing is adding a --group-add argument for each of your local group IDs, which can be identified for your user on the host with:
id --groups

GitLab: Can’t register runner (with correct token!) - clean/latest docker install

Note: It seems everyone else with this problem is using the wrong token - I'm using the one from the Admin Area -> Overview -> Runners under "Set up a shared Runner manually", so I'm sure it's correct.
I'm trying to get a basic setup of GitLab with one shared runner working from docker containers, but I keep getting this when I try to register:
ERROR: Registering runner... forbidden (check registration token) runner=Ds-3E59o
PANIC: Failed to register this runner. Perhaps you are having network problems
These are the steps I take (tested from fresh by removing /srv/gitlab):
Run GitLab:
# As per https://docs.gitlab.com/omnibus/docker/#pre-configure-docker-container.
sudo docker run --detach \
--hostname gitlab.example.com \
--env GITLAB_OMNIBUS_CONFIG="external_url 'http://gitlab.example.com/'; gitlab_rails['lfs_enabled'] = true;" \
--publish 443:443 --publish 80:80 --publish 22:22 \
--name gitlab \
--restart always \
--volume /srv/gitlab/config:/etc/gitlab \
--volume /srv/gitlab/logs:/var/log/gitlab \
--volume /srv/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce:latest
Run the runner:
# As per: https://docs.gitlab.com/runner/install/docker.html#docker-image-installation.
docker run -d --name gitlab-runner --restart always \
-v /srv/gitlab-runner/config:/etc/gitlab-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
gitlab/gitlab-runner:latest
Wait for gitlab to start, set root password, login as root, go to Configure GitLab -> Overview -> Runners, copy the access token.
Attempt to register the runner:
# As per: https://docs.gitlab.com/runner/register/index.html#one-line-registration-command.
docker run --rm -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register \
--non-interactive \
--executor "docker" \
--docker-image alpine:latest \
--url "http://gitlab.example.com/" \
--registration-token "VMTMR8TysySosb6xuTLZ" \
--description "docker-runner" \
--tag-list "docker" \
--run-untagged="true" \
--locked="false" \
--access-level="not_protected"
At this point, I get the error shown above.
I know it seem weird to run the runner and register it while it's running but 1. the documentation has it this way and 2. I get the same result when registering first.
Am I doing something stupid?
(Note: Copied from forum.gitlab.com, but I wasn't having much luck there: https://forum.gitlab.com/t/cant-register-runner-clean-latest-docker-install/30884)
I tried using host networking (i.e. adding --network host) to the gitlab container, and it worked. No idea why but I'd appreciate any insight anyone has.

Run Jenkins on different port on a docker container

I'm trying to run Jenkins on docker by using a different port. By default Jenkins is running on port 8080, but this port is used by different service in my machine. I would like to run Jenkins on a different port.
I have used the following command without any success:
docker run \
-u root \
--rm \
-d \
--name jenkins \
-p 8081:8081 \
-p 50000:50000 \
--env JAVA_OPTS="--httpPort=8081" \
-v jenkins-data:/var/jenkins_home \
-v /var/run/docker.sock:/var/run/docker.sock \
jenkinsci/blueocean
Any ideas?
--env JAVA_OPTS="--httpPort=8081" \
not JAVA_OPTS, change it like this:
-e JENKINS_OPTS="--httpPort=8081"
Use this:
docker run \
-u root \
--rm \
-d \
--name jenkins \
-p 8081:8080 \
-p 50000:50000 \
-v jenkins-data:/var/jenkins_home \
-v /var/run/docker.sock:/var/run/docker.sock \
jenkinsci/blueocean

Issue connecting GitLab runner with GitLab

GitLab is currently running on a given host as container and i am trying to setup GitLab runner on the same host in another container:
GitLab script (GitLab version: 9.3.9):
[root#rado1 gitlab_runner]# cat gitlab.sh
#!/bin/bash
sudo docker run --detach \
--hostname gitlab.example.com \
--publish 443:443 --publish 80:80 --publish 2222:22 \
--name gitlab \
--restart always \
--volume /mnt/data/gitlab/config:/etc/gitlab \
--volume /mnt/data/gitlab/logs:/var/log/gitlab \
--volume /mnt/data/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce:latest
GitLab Runner script:
[root#rado1 gitlab_runner]# cat gitlab_runner.sh
docker run --name gitlab-ci-multi-runner -d --restart=always \
--volume /mnt/data/gitlab/gitlab-runner:/home/gitlab_ci_multi_runner/data \
--env='CI_SERVER_URL=http://gitlab/ci' --env='RUNNER_TOKEN=6cE9HefxGFfbAdadS4eT' \
--env='RUNNER_DESCRIPTION=runnerA' --env='RUNNER_EXECUTOR=shell' \
--link gitlab \
sameersbn/gitlab-ci-multi-runner:1.1.4-7
GitLab is running on HTTPS.
Now when i try running gitlab_runner.sh, i get the following error:
ERROR: Registering runner... failed runner=6cE9Hefx
status=couldn't execute POST against http://gitlab/ci/api/v1/runners/register.json:
Post http://gitlab/ci/api/v1/runners/register.json:
dial tcp 172.17.0.2:80: getsockopt: connection refused
PANIC: Failed to register this runner. Perhaps you are having network problems
I can see that 172.17.0.2 is GitLab IP only as shown below in Rancher UI:
I finally got it working. I renamed the container to gitlab.abc.net and updated the config for gitlab runner script to the following:
[root#rado1 gitlab_runner]# cat gitlab_runner.sh
docker run --name gitlab-ci-multi-runner -d --restart=always \
--volume /mnt/data/gitlab/gitlab-runner:/home/gitlab_ci_multi_runner/data \
--env='CI_SERVER_URL=https://gitlab.abc.net/ci' --env='RUNNER_TOKEN=6cE9HefxGFfbAdadS4eT' \
--env='RUNNER_DESCRIPTION=runnerA' --env='RUNNER_EXECUTOR=shell' \
--link gitlab.abc.net \
sameersbn/gitlab-ci-multi-runner:1.1.4-7

Resources