I've got problems trying to run both GitLab CE and the GitLab CI Runner in Docker containers.
This is how I run the GitLab CE container:
docker run --detach \
--name gitlab \
--hostname gitlab.local \
--publish 80:80 \
--restart always \
--env GITLAB_OMNIBUS_CONFIG="external_url 'http://gitlab.local/';" \
--volume ~/volumes/gitlab/config:/etc/gitlab \
--volume ~/volumes/gitlab/logs:/var/log/gitlab \
--volume ~/volumes/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce
Then I can connect to GitLab without problems on the host both through the locally bound interface — i.e. http://localhost — and the container IP — i.e. http://gitlab.local after adding e.g. 172.17.0.2 gitlab gitlab.local on my hosts file).
The problems arise when I try to register a GitLab CI Runner container, through:
docker run --rm --tty --interactive \
--name gitlab-runner-register \
--add-host "gitlab.local:172.17.0.2" \
--link=gitlab \
--volume ~/volumes/gitlab-runner:/etc/gitlab-runner \
gitlab/gitlab-runner \
register \
--non-interactive \
--executor "docker" \
--docker-image alpine:3 \
--url "http://gitlab.local/" \
--registration-token "XXXXXXXXXXXX" \
--description "docker-runner" \
--tag-list "docker" \
--run-untagged \
--locked="false"
The errors I get are:
ERROR: Registering runner... failed runner=XXXXXX status=couldn't execute POST against http://gitlab.local/api/v4/runners: Post http://gitlab.local/api/v4/runners: dial tcp 172.17.0.2:80: getsockopt: connection refused
PANIC: Failed to register this runner. Perhaps you are having network problems
Some help? Thanks in advance!
UPDATE: I've also tried to link a BusyBox to the gitlab container. Pinging it works like a charm, but wgetting it gives Connection refused:
$ docker run --rm --link=gitlab busybox ping -c 1 gitlab
PING gitlab (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.124 ms
--- gitlab ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.124/0.124/0.124 ms
$ docker run --rm --link=gitlab busybox wget http://gitlab
Connecting to gitlab (172.17.0.2:80)
wget: can't connect to remote host (172.17.0.2): Connection refused
So networking is working fine and probably the "issue" is more related to the binding. As demonstration of this, I've tried to run a python http server in the gitlab container in order to retry the wget command and... it works:
$ docker run --rm --link=gitlab busybox wget http://gitlab:8000
Connecting to gitlab:8000 (172.17.0.2:8000)
index.html 100% |********************************| 1065 0:00:00 ETA
Related
I installed Gitlab using Docker image on a Ubuntu virtual machine running on a MAC M1 as follows (https://hub.docker.com/r/yrzr/gitlab-ce-arm64v8):
docker run \
--detach \
--restart always \
--name gitlab-ce \
--privileged \
--memory 4096M \
--publish 22:22 \
--publish 80:80 \
--publish 443:443 \
--hostname 127.0.0.1 \
--env GITLAB_OMNIBUS_CONFIG=" \
nginx['redirect_http_to_https'] = true; "\
--volume /srv/gitlab-ce/conf:/etc/gitlab:z \
--volume /srv/gitlab-ce/logs:/var/log/gitlab:z \
--volume /srv/gitlab-ce/data:/var/opt/gitlab:z \
yrzr/gitlab-ce-arm64v8:latest
All seems to be working correctly on localhost, except that I can't access the metrics, I got unable to connect error on:
Prometheus: http://localhost:9090
Grafana: http://localhost/-/grafana
I tried enabling metrics as in the documentation, and docker exec -it gitlab-ce gitlab-ctl reconfigure
What I'm missing?
Thanks
When Gitlab uses localhost this will resolve the localhost on the container and not the host (so your Mac).
There are two options to solve this:
Use host.docker.internal instead of localhost (this resolves to the internal IP address used by the host) - see this doc for more info
Configure your container to use the host network by adding this to the docker run command: --network=host which will let your container and host to share the same network stack (however, this is not supported nu Docker Desktop for mac according to this)
I am very new to docker so please bear with me. I am following the documentation on https://docs.docker.com/registry/deploying/#running-a-domain-registry
I have spin up 2 nodes on play-with-docker.com for my learning.
On Node1 I am able to set up a private registry successfully using the following command
docker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v "$(pwd)"/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v "$(pwd)"/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2
I was also able to pull and push images from Node1 to the registry. However, when I go on Node2 and try to log in to the registry it gives the following error:
[node2] (local) root#192.168.0.7 ~
$ docker login 192.168.0.8:5000
Username: testuser
Password:
Error response from daemon: Get https://192.168.0.8:5000/v2/: dial tcp 192.168.0.8:5000: connect: connection refused
please let me know what am I missing?
Node2 can't access port 5000 on 192.168.0.8. This looks like a network issue.
Are your nodes in the same network?
Are there firewall rules that might be blocking access to port 5000?
Are you sure 192.168.0.8 is the correct IP address of your Node1 machine?
To test your TCP connection use telnet. For example telnet 192.168.0.8 5000 (assuming 192.168.0.8 is the correct IP address).
I have two swarm services which are started like this:
docker service create --replicas 2 \
--publish 8000 \
--network example \
--detach \
--name="user_service" example.com/user_service:prod
docker service create --replicas 2 \
--publish 8000 \
--network example \
--detach \
--name="company_service" example.com/company_service:prod
When I enter inside of user_service container and make request to company_service, I get this:
curl http://company_service:8000
# Returns
{"name": "Company Service"}
However, when I remove company_service like this
docker service rm company_service
Then recreate it with command at the beggining. When I try to make request from user_service, I get this:
curl http://company_service:8000
curl: (7) Failed to connect to company_service port 8000: Connection refused
How to force all existing services in same network to resolve again recreated service?
Attached "user_service" and "company_service" services to one network(overlay), then you can communicate with each other by their name.
The objective is to get a mixed OS Docker swarm running using Linux servers and Windows 10 Machines running Docker For Windows
Currently Windows workers are theoretically supported on mixed os swarms provided the --endpoint-mode flag is set to 'dnsrr'. This is explained here. However attempts to use traefik to route to a simple docker whoami image stefanscherer/whoami image have failed.
Minimal Failing Example
// On (Linux) Manager Node:
docker swarm init --advertise-addr <hostaddress> --listen-addr <hostaddress>:2377
// On (Windows 10) Worker Node:
docker swarm join <jointoken>
// On Manager Node:
docker network create --driver=overlay traefik-net
docker service create \
--name traefik \
--constraint=node.role==manager \
--publish 80:80 --publish 8080:8080 \
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
--network traefik-net \
traefik \
--docker \
--docker.swarmmode \
--docker.domain=traefik \
--docker.watch \
--web
docker service create \
--name whoami \
--label traefik.enable=true \
--label traefik.frontend.rule=Host:whoami.docker \
--label traefik.protocol=http \
--label traefik.docker.network=traefik-net \
--label traefik.backend.loadbalancer.method=drr \
--label traefik.backend=whoami \
--network traefik-net \
--mode global\
--label traefik.port=80 \
stefanscherer/whoami
Traefik successfully sets up backend rules, to check the routing I used the traefik dashboard to find out the URL that is routed to by the rule e.g. '10.0.0.12:8080'. I then compare this with the IP address of each task, the task can be viewed with docker service ps, and their address' found using
docker inspect <taskID> \
--format '{{ range .NetworksAttachments }}{{ .Addresses }}{{ end }}'
The Problem
A HTTP request with a header 'Host:whoami.docker' sent to the IP of the manager will succeed when routed to the manager and fail with 504 Gateway Timeout when routed to the Windows Task on the Windows worker.
You're missing setting --endpoint-mode=dnsrr to your whoami service.
docker service create \
--name whoami \
--label traefik.enable=true \
--label traefik.frontend.rule=Host:whoami.docker \
--label traefik.protocol=http \
--label traefik.docker.network=traefik-net \
--label traefik.backend.loadbalancer.method=drr \
--label traefik.backend=whoami \
--network traefik-net \
--mode global\
--label traefik.port=80 \
--endpoint-mode=dnsrr
stefanscherer/whoami
Setting endpoint-mode dnsrr will disable VIP address which probably is causing the issue.
I had the same problem when using the stefanscherer/whoami image. Using microsoft/dotnet-samples:aspnetapp works though, so the error seems related to the image.
I'm using the following setup:
Ubuntu 16.04
Docker 18.03.1-ce
Run as Manager
Runs traefik
Windows 1803
Docker 18.03.1-ee-2
Runs as Worker (joining as Manager did not work)
Runs microsoft/dotnet-samples:aspnetapp
I am trying to run Kong API Gateway using a docker container. I followed the instructions on hub.docker.com/_/kong/, started Cassandra database and Kong.
I have Cassandra running using the below command:
docker run -d --name kong-database \
-p 9042:9042 \
cassandra:3
and Kong running using the below command:
docker run -d --name kong \
--link kong-database:kong-database \
-e "KONG_DATABASE=cassandra" \
-e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \
-p 8000:8000 \
-p 8443:8443 \
-p 8001:8001 \
-p 7946:7946 \
-p 7946:7946/udp \
kong:latest
Both containers are running. (I don't have enough reputations to embed pictures here right now so please see a screenshot here:
my container list)
However when I do:
$ curl http://127.0.0.1:8001
I got this:
curl: (7) Failed to connect to 127.0.0.1 port 8001: Connection refused
Can anyone let me know what is the possible reason?
Ok, check the logs of the kong container to find any errors if there are any(docker logs kong).
If there aren't any errors, please check whether there is any active process running on the port or not(sudo netstat -anp | grep 8001). That will help us know whether the docker-container port 8001 was properly binded to server port 8001 and also the ip on which the port is running.
If there is process running on that port, then it might be an issue of running docker on bridge network which is not able to bind the port with localhost. try re-running the container with network host(--net host). Then it should work fine.