I am new bie to gitlab-runner, i have tried to setup gitlab-runner-autoscaling but i am unable to download ecr images in a build. When i try to ssh into docker-machine i am able to download images, i even tried to ssh into the VM and tried to pull ecr images as root and as ubuntu user(ubuntu 16.04 AMI), it only fails while running a build .
Please let me know how i can troubleshoot.
1. How can i find the command gitlab-runner is using to pull ecr image/
2. How to find the user its running the docker command.
Runner config:
[[runners]]
name = "registry-test4"
limit = 1
url = "http://gitlab.xxxxxxxx.com/"
token = "xxxxxxxxxxxxxxx"
executor = "docker+machine"
[runners.docker]
tls_verify = false
image = "ruby:2.1"
privileged = false
disable_cache = false
volumes = ["/cache"]
shm_size = 0
[runners.cache]
[runners.machine]
IdleCount = 1
MachineDriver = "amazonec2"
MachineName = "gitlab-runner-ci-%s"
MachineOptions = ["amazonec2-iam-instance-profile=xxxxxxxxxxx", "amazonec2-ssh-user=ubuntu", "amazonec2-region=us-east-1", "amazonec2-instance-type=t2.large", "amazonec2-ami=ami-xxxxx", "amazonec2-vpc-id=vpc-xxxxx", "amazonec2-subnet-id=subnet-xxxxx", "amazonec2-zone=a", "amazonec2-root-size=32", "amazonec2-keypair-name=spot", "amazonec2-ssh-keypath=/root/.ssh/spot", "amazonec2-userdata=/etc/gitlab-runner/bootstrap.sh", "amazonec2-request-spot-instance=true", "amazonec2-security-group=docker_machine_git_as_prod", "amazonec2-security-group=consul-agent-prod", "amazonec2-private-address-only", "amazonec2-spot-price=x.xx"]
OffPeakPeriods = ["* * 5-11 * * mon-fri *", "* * * * * sat,sun *"]
OffPeakTimezone = ""
OffPeakIdleCount = 1
OffPeakIdleTime = 1200
Error:
Running with gitlab-runner 10.2.0 (0a75cdd1)
on registry-test4 (31b91ac3)
Using Docker executor with image xxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/dev/sbt:latest ...
Using docker image sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxfor predefined container...
Pulling docker image xxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/dev/sbt:latest ...
ERROR: Preparation failed: Error response from daemon: Get https://xxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/v2/dev/sbt/manifests/latest: no basic auth credentials
Will be retried in 3s ...
.gitlab-ci.yml
---
main:
image: xxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/dev/sbt:latest
script: sbt +runCI
Solved this issue , by installing ecr binary
https://github.com/awslabs/amazon-ecr-credential-helper
on gitlab-runner server passing these parameters in /root/.docker/config.json. (earlier ecr was installed only on the VM docker-machine was provisioning.)
{
"credsStore": "ecr-login"
}
Related
Since docker introduced the pull rate limit i'm running a pull-through registry.
I have done the setup with the documentation on dockers site (https://docs.docker.com/registry/recipes/mirror/#configure-the-cache).
In my runners config.toml two volumes will be mounted, one for the docker socket and another one for the daemon.json.
But everytime i want to build something i get the following error message that i have reached my pull rate limit:
Running with gitlab-runner 13.11.0 (7f7a4bb0)
on srv-gitlab-ba5 vXWs_kze
Preparing the "docker" executor
00:25
Using Docker executor with image alpine:3.12 ...
WARNING: Pulling GitLab Runner helper image from Docker Hub. Helper image is migrating to registry.gitlab.com, for more information see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#migrate-helper-image-to-registrygitlabcom
Pulling docker image gitlab/gitlab-runner-helper:x86_64-7f7a4bb0 ...
Using docker image sha256:25f27e06750273451a8211bbe80dc14f5d2bb389ff912ae0adffb477fa26058f for gitlab/gitlab-runner-helper:x86_64-7f7a4bb0 with digest gitlab/gitlab-runner-helper#sha256:20ff486a25738d42d2bca770092d2c4b1ae28881de3b599877ab954d3654a08a ...
Pulling docker image alpine:3.12 ...
WARNING: Failed to pull image with policy "always": toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit (manager.go:205:2s)
ERROR: Preparation failed: failed to pull image "alpine:3.12" with specified policies [always]: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit (manager.go:205:2s)
Will be retried in 3s ...
My config.toml for the runner looks like:
concurrent = 5
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "srv-gitlab-ba5"
url = "***"
token = "***"
executor = "docker"
[runners.cache]
Type = "s3"
Shared = true
[runners.cache.s3]
ServerAddress = "***"
AccessKey = "***"
SecretKey = "***"
BucketName = "gitlab-cache"
Insecure = false
[runners.docker]
tls_verify = false
image = "docker:19.03.8"
privileged = false
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/etc/docker:/etc/docker:ro", "/cache"]
shm_size = 0
docker-compose.yml for the runner:
version: "3.7"
services:
gitlab_runner:
image: {self build image with config.toml above}
restart: always
container_name: gitlab-runner
privileged: true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/docker:/etc/docker:ro
Can someone tell me if my configuration is correct or is it possible that i forgot something?
I have googled a lot but didn't find the correct solution for my problem.
If you do not switch off instance runner very often, try to avoid using option "always"
WARNING: Failed to pull image with policy "always"
To switch this value, set up gitlab-runner registry with --docker-pull-policy "if-not-present"
then docker will keep layers of images and will not pull it every time from docker registry, no clue then to create additional registry
I’m trying to use the gitlab-runner with docker-ssh. Here is how my config.toml looks like:
[[runners]]
name = “CI/CD docker-ssh alfa”
url = “https://gitlab.com/”
token = “<SOME_TOKEN>“
executor = “docker-ssh”
[runners.ssh]
user = “myuser”
password = “my password”
[runners.docker]
tls_verify = false
image = “ubuntu:latest”
privileged = false
disable_cache = false
volumes = ["/cache"]
shm_size = 0
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
But I got this error:
Running with gitlab-runner 11.3.0 (d78e9e67)
on CI/CD docker-ssh alfa 1f147b76
Using Docker executor with image ubuntu:latest …
ERROR: Preparation failed: build directory needs to be absolute and non-root path
Will be retried in 3s …
Using Docker executor with image ubuntu:latest …
ERROR: Preparation failed: build directory needs to be absolute and non-root path
So I tried to change the build directory and here hows my config.toml file looks like now:
[[runners]]
name = “CI/CD docker-ssh alfa”
url = “https://gitlab.com/”
token = “<SOME_TOKEN>“
executor = “docker-ssh”
builds_dir = “/home/myuser/“
[runners.ssh]
user = “myuser”
password = “my password”
[runners.docker]
tls_verify = false
image = “ubuntu:latest”
privileged = false
disable_cache = false
volumes = [”/cache"]
shm_size = 0
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
But I got this new error:
Running with gitlab-runner 11.3.0 (d78e9e67)
on CI/CD docker-ssh alfa 1f147b76
Using Docker executor with image ubuntu:latest …
WARNING: Since GitLab Runner 10.0 docker-ssh and docker-ssh+machine executors are marked as DEPRECATED and will be removed in one of the upcoming releases
Pulling docker image ubuntu:latest …
Using docker image sha256:cd6d8154f1e16e38493c3c2798977c5e142be5e5d41403ca89883840c6d51762 for ubuntu:latest …
ERROR: Preparation failed: dial tcp 172.17.0.2:22: getsockopt: connection refused
Will be retried in 3s …
Any idea what am I doing wrong?
Stick with an HTTPS URL, and try fixing instead the error:
build directory needs to be absolute and non-root path
See this thread
I was running my CI on an old gitlab-ci-multi-runner 9.5.1.
I update to gitlab-runner 10.8.0 and now it’s ok.
Or this thread:
Set build_dir="C:\\gitlab-runner\\builds" in the config.toml.
I tried to configure a gitlab-runner.
This is the tutorial I used: https://docs.gitlab.com/runner/install/docker.html
The steps were no problem, but when I actually ran the Runner it stops with the error below. The only online resource referencing this problem is this one: https://gitlab.com/gitlab-org/gitlab-runner/issues/1762
But I can't see a solution in there.
The Gitlab Version is: 10.4.3
Output of the Runner:
Running with gitlab-runner 10.7.2 (b5e03c94)
on Runner for .NET Core 2 0945b842
Using Docker executor with image gitlab/gitlab-runner:latest ...
Pulling docker image gitlab/gitlab-runner:latest ...
Using docker image sha256:abe39c16d28c87fefad753d02a89f8764a7577439a4851ec1f7d5228df69e48e for gitlab/gitlab-runner:latest ...
Running on runner-0945b842-project-66-concurrent-0 via 32359ca86797...
Fetching changes...
HEAD is now at b180fbf -
From https://<redacted>
b180fbf..3acaee5 <redacted> -> origin/<redacted>
Checking out 3acaee5f as <redacted>...
Skipping Git submodules setup
FATAL: Command sh not found.
FATAL: Command sh not found.
ERROR: Job failed: exit code 1
The .gitlab-ci.yml:
variables:
GIT_SSL_NO_VERIFY: "1"
before_script:
- docker login <redacted>
runnertest:
tags:
- dotnet
script:
- echo 'test'
The config.toml:
concurrent = 1
check_interval = 0
[[runners]]
name = "Runner for .NET Core 2"
url = "<redacted>"
token = "0945b84283ca87d541418edb23bc8c"
executor = "docker"
tls_verify = false
[runners.docker]
environment = ['GIT_SSL_NO_VERIFY=true']
image = "gitlab/gitlab-runner:latest"
privileged = false
disable_cache = false
volumes = ["/cache"]
shm_size = 0
[runners.cache]
I am trying to configure a simple Gitlab-ci build pipeline and am running all of the components in docker containers. I followed the general guides on docs.gitlab.com and got a runner registered with gitlab. But when a build kicks off, the runner tries to clone the repository in question and seems to use the gitlab instance's container-id in place of the url, and I get an unreachable-host error:
Cloning repository...
Cloning into '/builds/root/ci-demo'...
fatal: unable to access 'http://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx#cdfd596f2bc4/root/ci-demo.git/': Could not resolve host: cdfd596f2bc4
ERROR: Job failed: exit code 1
Is there something obvious that I've overlooked? There are quite a few similar questions on SO and the internet in general, but none seem to have a problem with the target container-id being substituted for the url.
gitlab-runner's config.toml:
concurrent = 1
check_interval = 0
[[runners]]
name = "runner_name"
url = "http://[ipaddr]:[port]/"
token = "xxxxxxx"
executor = "docker"
[runners.docker]
tls_verify = false
image = "maven:latest"
privileged = false
disable_cache = false
volumes = ["/cache"]
shm_size = 0
[runners.cache]
runner had been started docker container, the config.toml is:
concurrent = 1
check_interval = 0
[[runners]]
name = "spring-boot-scripts"
url = "http://xxxxx.com/ci"
token = "xxxxxx"
executor = "docker"
builds_dir = "/tmp/builds"
[runners.docker]
tls_verify = false
image = "spring-boot-demo:ci"
privileged = false
disable_cache = true
volumes = ["/cache"]
[runners.cache]
Insecure = false
and .gitlab-ci.yml is:
image: spring-boot-demo:ci
stages:
- build
before_scipts:
- mkdir /tmp/before_scripts
- echo "============before_scripts========="
job1:
stage: build
script:
- sh /home/admin/spring-boot-demo-application/bin/entrypoint.sh
after_scipts:
- mkdir /tmp/after_scripts
- echo "============after_scripts========="
gitlab's output like this,and building task cannot been stopped until cancelled:
Running with gitlab-ci-multi-runner 1.4.2 (bcc1794)
Using Docker executor with image spring-boot-demo:ci ...
Pulling docker image spring-boot-demo:ci ...
WARNING: Cannot pull the latest version of image spring-boot-demo:ci : Error: image library/spring-boot-demo:ci not found
WARNING: Locally found image will be used instead.
Running on runner-278e2660-project-114610-concurrent-0 via 6ca6af37d681...
Cloning repository...
Cloning into '/tmp/builds/spring-boot/startup-scripts'...
Checking out b58711bc as debug...
Now questions is:
if the before_scripts/script/after_scripts would been exec in container,why i can not find the directory /tmp/before_scripts,/tmp/after_scripts and jobs's script not work in container
You can't find the folders because the jobs are not running. You have misspelled "script" in both the before_script and after_script jobs. Also, note that the correct job is not plural and does not have the 's' at the end.
GitLab docs