Develop Reference

GitLab Runner not using Registry Mirror

Since docker introduced the pull rate limit i'm running a pull-through registry.
I have done the setup with the documentation on dockers site (https://docs.docker.com/registry/recipes/mirror/#configure-the-cache).
In my runners config.toml two volumes will be mounted, one for the docker socket and another one for the daemon.json.
But everytime i want to build something i get the following error message that i have reached my pull rate limit:
Running with gitlab-runner 13.11.0 (7f7a4bb0)
on srv-gitlab-ba5 vXWs_kze
Preparing the "docker" executor
00:25
Using Docker executor with image alpine:3.12 ...
WARNING: Pulling GitLab Runner helper image from Docker Hub. Helper image is migrating to registry.gitlab.com, for more information see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#migrate-helper-image-to-registrygitlabcom
Pulling docker image gitlab/gitlab-runner-helper:x86_64-7f7a4bb0 ...
Using docker image sha256:25f27e06750273451a8211bbe80dc14f5d2bb389ff912ae0adffb477fa26058f for gitlab/gitlab-runner-helper:x86_64-7f7a4bb0 with digest gitlab/gitlab-runner-helper#sha256:20ff486a25738d42d2bca770092d2c4b1ae28881de3b599877ab954d3654a08a ...
Pulling docker image alpine:3.12 ...
WARNING: Failed to pull image with policy "always": toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit (manager.go:205:2s)
ERROR: Preparation failed: failed to pull image "alpine:3.12" with specified policies [always]: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit (manager.go:205:2s)
Will be retried in 3s ...
My config.toml for the runner looks like:
concurrent = 5
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "srv-gitlab-ba5"
url = "***"
token = "***"
executor = "docker"
[runners.cache]
Type = "s3"
Shared = true
[runners.cache.s3]
ServerAddress = "***"
AccessKey = "***"
SecretKey = "***"
BucketName = "gitlab-cache"
Insecure = false
[runners.docker]
tls_verify = false
image = "docker:19.03.8"
privileged = false
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/etc/docker:/etc/docker:ro", "/cache"]
shm_size = 0
docker-compose.yml for the runner:
version: "3.7"
services:
gitlab_runner:
image: {self build image with config.toml above}
restart: always
container_name: gitlab-runner
privileged: true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/docker:/etc/docker:ro
Can someone tell me if my configuration is correct or is it possible that i forgot something?
I have googled a lot but didn't find the correct solution for my problem.

If you do not switch off instance runner very often, try to avoid using option "always"
WARNING: Failed to pull image with policy "always"
To switch this value, set up gitlab-runner registry with --docker-pull-policy "if-not-present"
then docker will keep layers of images and will not pull it every time from docker registry, no clue then to create additional registry

Why fails my gitlab-runner (in Docker Container) since a few days, I didn't change anything

I have a Ubuntu 18.04 server. On this server is running an gitlab-ce 12.7.5 instance in a docker container and a gitlab-runner 12.8.0 also in a docker container. Since a few days all the pipelines ar failing with:
*Running with gitlab-runner 12.8.0 (1b659122)
on ddddd kbuTsA6j
Using Docker executor with image ubuntu:18.04 ...
00:02
Pulling docker image ubuntu:18.04 ...
Using docker image sha256:2c047404e52d7f17bdac4121a13cd844447b74e13063f8cb8f8b314467feed06 for ubuntu:18.04 ...
ERROR: Job failed (system failure): Error response from daemon: OCI runtime create failed: container_linux.go:370: starting container process caused: process_linux.go:459: container init caused: process_linux.go:422: setting cgroup config for procHooks process caused: resulting devices cgroup doesn't match target mode: unknown (executor_docker.go:810:0s)*
The config.toml file of the gitlab-runner container looks like this:
concurrent = 1
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "ddddd"
url = "https://myreplacedname.stratoserver.net:8929/"
token = "kbuTsA6jgE_GrM"
tls-ca-file = "/etc/gitlab-runner/certs/myreplacedname.stratoserver.net.crt"
executor = "docker"
[runners.custom_build_dir]
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
[runners.docker]
tls_verify = false
image = "docker:19.03.1"
privileged = true
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/srv/gitlab-runner/config:/etc/gitlab-runner", "/cache", "/builds:/builds"]
shm_size = 0
Until a few days ago, everything worked fine. I would be very happy if you could help me. Thank you!

I spent several days trying to find a solution to the same problem. I found out that assigning the value false to the privileged field of your [runners.docker] section solves this problem.
So, in your case, the resulting configuration will look like this:
concurrent = 1
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "ddddd"
url = "https://myreplacedname.stratoserver.net:8929/"
token = "kbuTsA6jgE_GrM"
tls-ca-file = "/etc/gitlab-runner/certs/myreplacedname.stratoserver.net.crt"
executor = "docker"
[runners.custom_build_dir]
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
[runners.docker]
tls_verify = false
image = "docker:19.03.1"
privileged = false
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/srv/gitlab-runner/config:/etc/gitlab-runner", "/cache", "/builds:/builds"]
shm_size = 0
Of course, to apply these changes, you must restart your gitlab-runner instance after performing these actions. I hope it helps you, too.

GitLab with Docker runner on localhost: how to expose host to container?

I'm learning to use GitLab CI.
Just now I'm using GitLab on localhost (external_url "http://localhost"). And I've registered a Docker runner with vanilla ubuntu:20.04 image and tried to run some test job on it.
Alas, it tries to clone my repo from localhost repository in the container, but cannot do it, because my localhost's port 80 is not visible from container.
Running with gitlab-runner 13.5.0 (ece86343)
on docker0 x8pHJPn7
Preparing the "docker" executor
Using Docker executor with image ubuntu:20.04 ...
Pulling docker image ubuntu:20.04 ...
Using docker image sha256:d70eaf7277eada08fca944de400e7e4dd97b1262c06ed2b1011500caa4decaf1 for ubuntu:20.04 with digest ubuntu#sha256:fff16eea1a8ae92867721d90c59a75652ea66d29c05294e6e2f898704bdb8cf1 ...
Preparing environment
Running on runner-x8phjpn7-project-6-concurrent-0 via gigant...
Getting source from Git repository
Fetching changes with git depth set to 50...
Reinitialized existing Git repository in /builds/root/ci_fuss/.git/
fatal: unable to access 'http://localhost:80/root/ci_fuss.git/': Failed to connect to localhost port 80: Connection refused
Uploading artifacts for failed job
Uploading artifacts...
WARNING: report.xml: no matching files
ERROR: No files to upload
Cleaning up file based variables
ERROR: Job failed: exit code 1
How can I can my Docker runner to expose host's localhost:80 as container's localhost:80?

Well, i have coped with this stuff.
I have added network_mode = "host"to my runner configuration in /etc/gitlab-runner/config.toml to make my docker use host network connections.
Also I've added --pull_policy="if-not-present" to first search for container image locally, then in remote repo.
[[runners]]
name = "docker0"
url = "http://localhost/"
token = "TTBRFis_W_yJJpN1LLzV"
executor = "docker"
[runners.custom_build_dir]
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
[runners.cache.azure]
[runners.docker]
tls_verify = false
image = "exposed_ctr:latest"
privileged = false
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/cache"]
shm_size = 0
network_mode = "host"
pull_policy = "if-not-present"

gitlab runner - network_mode = "host"

I want to setup CI/CD in GitLab.
So i installed docker and the gitlab-runner on linux, created a config for a runner and started everything. So far so good.
The runner works, and docker works.
But i am using the linux subsystem from windows, so i need to run the docker container with parameter "--network host" otherwise they not gonna work.
So right now i try to configure the gitlab-runner to use the host network via the "network_mode" parameter. But it does not work. I get the same error as if i would run a docker container directly and without the "--network host".
The error:
WARNING: Preparation failed: Error response from daemon: oci runtime error: container_linux.go:265: starting container process caused "process_linux.go:368: container init caused \"process_linux.go:351: running prestart hook 0 caused \\"error running hook: exit status 1, stdout: , stderr: time=\\\\"2019-04-12T18:42:33+02:00\\\\" level=fatal msg=\\\\"failed to add interface vethfc7c8d1 to sandbox: failed to get link by name \\\\\\\\"vethfc7c8d1\\\\\\\\": Link not found\\\\" \\n\\"\"" (executor_docker.go:423:16s) job=123project=123 runner=123
This is my config:
concurrent = 1
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "MyHostName"
url = "https://my.gitlab.url/"
token = "SoMeFaNcYcOdE-e"
executor = "docker"
[runners.docker]
tls_verify = false
image = "beevelop/ionic:latest"
privileged = true
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/cache"]
shm_size = 0
network_mode = "host"
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
My question is how do i force the gitlab runner to create the containers to use the host network like with the docker parameter: "--network host"

I was unable to solve the problem directly, but i found an alternative way which is a lot better.
I configured the GitLab Container Registry
of the repository to upload and white list a custom docker image and then enabled the Shared Runners of my company. The custom image i uploaded was created via a Dockerfile using docker for windows, avoiding the struggle of the buggy docker in the linux subsystem of windows. Now i can execute my CI pipeline flawlessly and have full control over the used image and do not have to keep my local machine running.

Gitlab-runner docker container is using the Gitlab container_id as the clone url

I am trying to configure a simple Gitlab-ci build pipeline and am running all of the components in docker containers. I followed the general guides on docs.gitlab.com and got a runner registered with gitlab. But when a build kicks off, the runner tries to clone the repository in question and seems to use the gitlab instance's container-id in place of the url, and I get an unreachable-host error:
Cloning repository...
Cloning into '/builds/root/ci-demo'...
fatal: unable to access 'http://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx#cdfd596f2bc4/root/ci-demo.git/': Could not resolve host: cdfd596f2bc4
ERROR: Job failed: exit code 1
Is there something obvious that I've overlooked? There are quite a few similar questions on SO and the internet in general, but none seem to have a problem with the target container-id being substituted for the url.
gitlab-runner's config.toml:
concurrent = 1
check_interval = 0
[[runners]]
name = "runner_name"
url = "http://[ipaddr]:[port]/"
token = "xxxxxxx"
executor = "docker"
[runners.docker]
tls_verify = false
image = "maven:latest"
privileged = false
disable_cache = false
volumes = ["/cache"]
shm_size = 0
[runners.cache]