I have the following .gitlab-ci.yml task for an elixir project:
image: docker:latest
services:
- docker:dind
stages:
- build
- test
- release
- deploy
variables:
TEMP_IMAGE: registry.gitlab.com/farmmix/homepage/farmmix_homepage:$CI_COMMIT_SHA
before_script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN registry.gitlab.com
build:
stage: build
script:
- cd src
- docker build --pull -t $TEMP_IMAGE .
- docker push $TEMP_IMAGE
test:
stage: test
variables:
DB_DATABASE: test
DB_USERNAME: postgres
DB_PASSWORD: postgres
DB_URL: postgres
script:
- echo $TEMP_IMAGE
- docker pull $TEMP_IMAGE
- docker pull postgres:9.5-alpine
- docker run --name postgres -e POSTGRES_DB=$DB_DATABASE -e POSTGRES_USER=$DB_USERNAME -e POSTGRES_PASSWORD=$DB_PASSWORD -d postgres:9.5-alpine
- docker run --link postgres $TEMP_IMAGE ecto.create ecto.migrate test
The $TEMP_IMAGE is an existing image that gets created at a previous build task.
If I run it locally with gitlab-runner exec docker --docker-privileged test, it works fine.
However, gitlab runner gives me the following:
... AFTER INITIALIZATION ...
Skipping Git submodules setup
$ docker login -u gitlab-ci-token -p $CI_JOB_TOKEN registry.gitlab.com
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded
$ echo $TEMP_IMAGE
registry.gitlab.com/farmmix/homepage/farmmix_homepage:b0c30097a320933f7d5390d7037960e34d2ef7d
$ docker pull $TEMP_IMAGE
b0c30097a320933f7d5390d7037960e34d2ef7d0: Pulling from farmmix/homepage/farmmix_homepage
605ce1bd3f31: Pulling fs layer
...
e0c7f5df971a: Pull complete
Digest: sha256:ce7a1bf2378628902e171a22ee386af6c79e8d2340b6241ab70e83173e32ce28
Status: Downloaded newer image for registry.gitlab.com/farmmix/homepage/farmmix_homepage:b0c30097a320933f7d5390d7037960e34d2ef7d0
$ docker pull postgres:9.5-alpine
9.5-alpine: Pulling from library/postgres
550fe1bea624: Pulling fs layer
04bf519c70df: Pulling fs layer
...
0dca1c6b5036: Pull complete
Digest: sha256:fc3b8fcc8ba568492ce89fd8723a949f586e2919d7884b9b1d8064237ba105d7
Status: Downloaded newer image for postgres:9.5-alpine
$ docker run --name postgres -e POSTGRES_DB=$DB_DATABASE -e POSTGRES_USER=$DB_USERNAME -e POSTGRES_PASSWORD=$DB_PASSWORD -d postgres:9.5-alpine
Unable to find image 'of:latest' locally
docker: Error response from daemon: pull access denied for of, repository does not exist or may require 'docker login'.
See 'docker run --help'.
ERROR: Job failed: exit code 125
I cannot even find anything on the internet of this 'of:latest' error. I tried running the docker run command without the -e arguments but the same error appeared so it's not that the env vars are causing any trouble.
I'm running out of ideas. Do any of you guys suspect what the solution might be?
EDIT: Added complete .gitlab-ci.yml content
EDIT2: Added echo and output of job
$ docker run --name postgres -e POSTGRES_DB=$DB_DATABASE -e POSTGRES_USER=$DB_USERNAME -e POSTGRES_PASSWORD=$DB_PASSWORD -d postgres:9.5-alpine
Unable to find image 'of:latest' locally
docker: Error response from daemon: pull access denied for of, repository does not exist or may require 'docker login'.
One of your variables almost certainly contains the string " of " in it. You could test this by adding a line:
echo docker run --name postgres -e POSTGRES_DB=$DB_DATABASE -e POSTGRES_USER=$DB_USERNAME -e POSTGRES_PASSWORD=$DB_PASSWORD -d postgres:9.5-alpine
first to see what it's trying to run. With variables, it's a good practice to quote them to avoid any issues with special characters or spaces:
docker run --name postgres -e "POSTGRES_DB=$DB_DATABASE" -e "POSTGRES_USER=$DB_USERNAME" -e "POSTGRES_PASSWORD=$DB_PASSWORD" -d postgres:9.5-alpine
Related
I am trying to run a process in gitlab ci that mimics the clients use case to make sure our modifications do not disrupt their use case. This is the specific job that is failing.
docker-source:
stage: build
image: carlallen/docker:buildx
services:
- name: docker:dind
command: ["dockerd", "--host=tcp://0.0.0.0:2375"]
alias: 'docker'
script:
- echo "Building..."
- docker --version
- docker buildx
- docker buildx create --use --config buildkit.toml --driver-opt network=host --buildkitd-flags '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host' --name test_name
- docker run -d -p 5000:5000 --restart=always --name registry registry:2
- ./build-docker.sh
$ docker --version
Docker version 19.03.14, build 5eb3275
$ docker buildx
Usage: docker buildx [OPTIONS] COMMAND
Build with BuildKit
Options:
--builder string Override the configured builder instance
Management Commands:
imagetools Commands to work on images in registry
Commands:
bake Build from a file
build Start a build
create Create a new builder instance
du Disk usage
inspect Inspect current builder instance
ls List builder instances
prune Remove build cache
rm Remove a builder instance
stop Stop builder instance
use Set the current builder instance
version Show buildx version information
Run 'docker buildx COMMAND --help' for more information on a command.
$ docker buildx create --use --config buildkit.toml --driver-opt network=host --buildkitd-flags '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host' --name test_name
test_name
$ docker run -d -p 5000:5000 --restart=always --name registry registry:2
docker: error during connect: Post http://docker:2375/v1.40/containers/create?name=registry: dial tcp: lookup docker on XXX.XX.X.X:53: no such host.
See 'docker run --help'.
Thank you for the help!
Do not override the command or entrypoint for the docker:dind image. Use environment variables to control the behavior.
variables:
DOCKER_HOST: 'docker'
DOCKER_TLS_CERTDIR: "" # disable tls, force use of port 2375
services:
- docker:dind
script:
- docker info # verify connection/server details
If this doesn't work, then you are probably using a self-hosted runner that is not configured correctly for use with docker-in-docker. You should follow the docker in docker guide and make sure you runner is setup according to the documentation.
In Gitlab CI, when I want to push my image, I get:
Cannot connect to the Docker daemon at tcp://docker:2375. Is the docker daemon running?
Here is the code:
docker-push:
stage: publish
image: docker:stable
services:
- docker:dind
before_script:
- *inject-gopath
- docker login -u gitlab-ci-token -p $GITLAB_PERSONAL_ACCESS_TOKEN $REGISTRY_URL
# $CI_BUILD_TOKEN
script:
- docker build --build-arg GITLAB_TOKEN=${GITLAB_PERSONAL_ACCESS_TOKEN} --target=prod -t $REGISTRY_PACKAGE_API_NAME:$CI_BUILD_ID .
- docker build --build-arg GITLAB_TOKEN=${GITLAB_PERSONAL_ACCESS_TOKEN} --target=prod -t $REGISTRY_PACKAGE_API_NAME:latest .
- docker push $REGISTRY_PACKAGE_API_NAME:$CI_BUILD_ID
- docker push $REGISTRY_PACKAGE_API_NAME:latest
Here is the output:
Pulling docker image docker:stable ...
Using docker image sha256:23fb2c9b38b59433ea1913eafa12d2e15651ca0d08819dc7067d27d8f92e0428 for docker:stable ...
Running on runner-wmKFtEwx-project-7124308-concurrent-0 via ubuntu...
Fetching changes...
Removing release/
HEAD is now at 9c4894a Merge branch '5-supprimer-les-threads' into 'master'
Checking out 9c4894af as master...
Skipping Git submodules setup
Downloading artifacts for build (324707453)...
Downloading artifacts from coordinator... ok id=324707453 responseStatus=200 OK token=SVLY__Jy
$ mkdir -p $(dirname ${PACKAGE_PATH}) && ln -s ${CI_PROJECT_DIR} ${PACKAGE_PATH} && cd ${PACKAGE_PATH}
$ docker login -u gitlab-ci-token -p $GITLAB_PERSONAL_ACCESS_TOKEN $REGISTRY_URL
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
$ docker build --build-arg GITLAB_TOKEN=${GITLAB_PERSONAL_ACCESS_TOKEN} --target=prod -t $REGISTRY_PACKAGE_API_NAME:$CI_BUILD_ID .
Cannot connect to the Docker daemon at tcp://docker:2375. Is the docker daemon running?
ERROR: Job failed: exit code 1
Weird thing is that I am in the image docker-stable, so I should have docker available, and previous step docker login is working well...
Is it a bug from Gitlab, or something I am doing wrong ?
PD: I am using Gitlab.com
PD2: I can push the image manually without any issue
As per comment it is just a GitLab problem.
There is no guarantee, with a free runner, that it will always work. In this case the docker deamon is not available so your build will keep failing until the runner is restarted when GitLab detects the error.
Notice this is my assumption given that often the error comes and then after a few hours it is gone. As you can see also my Gitlab Forums Thread received no reply from anyone so I am afraid I dont think you will be able to fix this. If mission critical then run your own runner so you can restart it on failure
I want to upload my frontend to sentry, but I need to get the folder using docker commands. However when I use image: getsentry/sentry-cli
docker doesn't works and e.g. in before_script I get error that docker doesn't exist
sentry_job:
stage: sentry_job
image: getsentry/sentry-cli
services:
- docker:18-dind
before_script:
- docker login -u gitlab-ci-token -p "$CI_JOB_TOKEN" registry.gitlab.cz
script:
# script...
. # Get the dist folder from the image
- mkdir frontend_dist
- docker run --rm -v $PWD/frontend_dist:/mounted --entrypoint="" $IMAGE /bin/sh -c "cp /frontend/dist /mounted"
- ls frontend_dist
tags:
- dind
How do I fix that?
To achieve what you want, you need to use a single job (to have the same build context) and specify docker:stable as the job image (along with docker:stable-dind as a service).
This setup is called docker-in-docker and this is the standard way to allow a GitLab CI script to run docker commands (see doc).
Thus, you could slightly adapt your .gitlab-ci.yml code like this:
sentry_job:
stage: sentry_job
image: docker:stable
services:
- docker:stable-dind
variables:
IMAGE: "${CI_REGISTRY_IMAGE}:latest"
before_script:
- docker login -u gitlab-ci-token -p "${CI_JOB_TOKEN}" registry.gitlab.cz
script:
- git pull "$IMAGE"
- mkdir -v frontend_dist
- docker run --rm -v "$PWD/frontend_dist:/mounted" --entrypoint="" "$IMAGE" /bin/sh -c "cp -v /frontend/dist /mounted"
- ls frontend_dist
- git pull getsentry/sentry-cli
- docker run --rm -v "$PWD/frontend_dist:/work" getsentry/sentry-cli
tags:
- dind
Note: the git pull commands are optional (they ensure Docker will use the latest version of the images).
Also, you may need to change the definition of variable IMAGE.
I want to run sentry-cli inside my docker image like this:
sentry-frontend:
stage: sentry
services:
- docker:18-dind
before_script:
- docker login -u gitlab-ci-token -p "$CI_JOB_TOKEN" registry.xxx.xx
script:
- export SENTRY_AUTH_TOKEN=xxxxxxxxxxxxxxxxxx
- export IMAGE=$CI_REGISTRY_IMAGE/frontend-builder:$CI_COMMIT_REF_NAME
- export RELEASE_VERSION=$CI_COMMIT_REF_NAME
- docker pull getsentry/sentry-cli
- docker run --rm -v $(pwd):/work getsentry/sentry-cli releases -o org -p frontend new $RELEASE_VERSION
tags:
- dind
However the job fails because
error: API request failed
caused by: sentry reported an error: Authentication credentials were not provided. (http status: 401)
I tried:
- docker run --rm -v $(pwd):/work getsentry/sentry-cli --auth-token xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
however after that I get the same message as I would if I ran
docker run --rm -v $(pwd):/work sentry-cli --help
and after that it fails as if the command was not correct.I can't seem to find any information on how to do that correctly either. How to provide credentials inside that image?
If you want to pass the SENTRY_AUTH_TOKEN environment variable to the container, you can adapt your docker run command like this:
docker run --rm -v "$PWD:/work" -e SENTRY_AUTH_TOKEN="$SENTRY_AUTH_TOKEN" getsentry/sentry-cli releases -o org -p frontend new $RELEASE_VERSION
or more concisely:
docker run --rm -v "$PWD:/work" -e SENTRY_AUTH_TOKEN getsentry/sentry-cli releases -o org -p frontend new $RELEASE_VERSION
(but note that the latter version won't work if docker is an alias of sudo docker)
The relevant documentation page is:
docs.docker.com/engine/reference/commandline/run/
As an aside, note that -v "$PWD:/work" is more efficient than -v "$(pwd):/work" (one less process to spin).
I'm testing gitlab-ci and trying to generate an image on the registry from the Dockerfile.
I have the same code just to test:
#gitlab-ci
image: docker:latest
tages:
- build
- deploy
build_application:
stage: build
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA . -f Dockerfile
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA-test
output:
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
docker is running the image is being pulled but I can not execute docker commands.
In my local environment if a run:
docker run -it docker:latest
I stay inside the container and run docker info i have the same problem. I had to fix it by running the container on this way:
docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock docker:latest
but I do not know how to fix it on gitlab-ci. I configured my runner so:
docker run -d --name gitlab-runner --restart always \
-v /srv/gitlab-runner/config:/etc/gitlab-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
gitlab/gitlab-runner:latest
Maybe someone can put me in the right direction.
thanks
By default it is not possible to run docker-in-docker (DIND) (as a security measure).
This section in the Gitlab docs is your solution. You must use Docker-in-Docker.
After configuring your runner to use DIND your .gitlab-ci.yml will look like this:
#gitlab-ci
image: docker:latest
variables:
DOCKER_DRIVER: overlay2
services:
- docker:dind
before_script:
- docker info
stages:
- build
- deploy
build_application:
stage: build
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA . -f Dockerfile
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA-test