GitLab CI - Cannot connect to the Docker daemon from within an image - docker

I have a node-based project and following are the first few steps that are required to be executed as part of the build:
npm install
npm run build
docker build -t client .
The last command above builds the following Dockerfile:
FROM docker.artifactory.abc.net/nginx
COPY build /usr/share/nginx/html
COPY default.conf /etc/nginx/conf.d/default.conf
Content of .gitlab-ci.yml:
image: docker.artifactory.abc.net/docker/node:1.0
stages:
- build
- deploy
build:
stage: build
script:
- npm install
- npm run build
- docker build -t client .
In the above Dockerfile, i am using a custom node image (node:1.0) which contains the proxy settings for apk to work and Artifactory configuration so all the dependencies are fetched using Artifactory. Now when i was running this build, i was getting docker: command not found error while executing the last command (docker build -t client .), which is expected because the base image is for node and doesn't contain docker. So i added docker setup instructions to the node Dockerfile based on this link except for the last 3 lines where it's configuring the ENTRYPOINT and CMD.
Now when i ran the build, i got:
$ docker build -t client .
Sending build context to Docker daemon 372.7MB
Step 1 : FROM docker.artifactory.abc.net/nginx
Get https://docker.artifactory.abc.net/v2/nginx/manifests/latest: unknown: Authentication is required
ERROR: Job failed: exit code 1
This error, as per my past experience, had to do with running docker login command. Since the docker setup in official image uses tar, i had to add docker user to /etc/group and then add current user (root) to the docker group. Also added the docker login command as shown below to the Dockerfile:
addgroup docker; \
adduser root docker; \
docker login docker.artifactory.abc.net -u svc-art -p "ZTg6#&kq"; \
After that, if i try building this Dockerfile, i get following error:
+ dockerd -v
Docker version 17.05.0-ce, build v17.05.0-ce
+ docker -v
Docker version 17.05.0-ce, build v17.05.0-ce
+ adduser root docker
+ tail -2 /etc/group
node:x:1000:node
docker:x:101:root
+ docker login docker.artifactory.abc.net -u svc-art -p ZTg6#&kq
Warning: failed to get default registry endpoint from daemon (Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?). Using system default: https://index.docker.io/v1/
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
I also did an ls -ltr /var/run/docker.sock; and the docker socket file was not present inside the image. This seems to be the issue.
Any idea how i can get this working?

Well from the example you have provided I cannot see where you call your docker service, therefore I assume you are not calling it also you are not logging into the registry.
The way your pipeline should look like is something as follows:
image: docker.artifactory.abc.net/docker/node:1.0
stages:
- build
- deploy
build:
image: docker:latest
services:
- docker:dind
stage: build
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN registry.example.com
- docker build -t registry.example.com/group/project/image:latest .
- docker push registry.example.com/group/project/image:latest
You could also find more info here

Related

gitlab when I use the link of Container Registry in the ci file, I will be prompted that the docker is not found

.gitlab-ci.yml
workflow:
rules:
- if: $CI_COMMIT_BRANCH != "main" && $CI_PIPELINE_SOURCE != "merge_request_event"
when: never
- when: always
variables:
IMAGE_NAME: $CI_REGISTRY_IMAGE
stages:
- test
- build
run_unit_tests:
image: node:16-alpine3.17
stage: test
tags:
- txy
before_script:
- cd app
- npm install
script:
- npm test
artifacts:
when: always
paths:
- app/junit.xml
reports:
junit: app/junit.xml
build_image:
stage: build
tags:
- remoteone
before_script:
- echo "Docker registry url is $CI_REGISTRY"
- echo "Docker registry username is $CI_REGISTRY_USER"
- echo "Docker registry repo is $CI_REGISTRY_IMAGE"
script:
- docker build -t $IMAGE_NAME .
push_image:
stage: build
needs:
- build_image
tags:
- remoteone
before_script:
- echo "Docker registry url is $CI_REGISTRY"
- echo "Docker registry username is $CI_REGISTRY_USER"
- echo "Docker registry repo is $CI_REGISTRY_IMAGE"
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
script:
- docker push $IMAGE_NAME
enter image description here
correspondence of the above variables
$CI_REGISTRY_IMAGE = docker build -t registry.gitlab.com/komorebi-cqd/mynodeapp-cicd-project .
$CI_REGISTRY = docker push registry.gitlab.com/komorebi-cqd/mynodeapp-cicd-project
Dockerfile
FROM node:16-alpine
RUN apk add docker-cli
WORKDIR /usr/src/app
COPY ./app/package*.json ./
RUN npm install
COPY ./app .
EXPOSE 3000
CMD [ "npm" ,"start"]
cicd pipelines build_image error
Running with gitlab-runner 15.5.1 (7178588d)
on one-docker-runner fAyvKeBR
Preparing the "docker" executor
00:03
Using Docker executor with image alpine:3.14 ...
Pulling docker image alpine:3.14 ...
Using docker image sha256:dd53f409bf0bd55eac632f9e694fd190244fef5854a428bf3ae1e2b636577623 for alpine:3.14 with digest alpine#sha256:4c869a63e1b7c0722fed1e402a6466610327c3b83bdddb94bd94fb71da7f638a ...
Preparing environment
00:01
Running on runner-fayvkebr-project-41046722-concurrent-0 via VM-20-2-ubuntu...
Getting source from Git repository
00:02
Fetching changes with git depth set to 20...
Reinitialized existing Git repository in /builds/komorebi-cqd/mynodeapp-cicd-project/.git/
Checking out 023ee3af as main...
Removing app/junit.xml
Skipping Git submodules setup
Downloading artifacts
00:03
Downloading artifacts for run_unit_tests (3502740847)...
Downloading artifacts from coordinator... ok id=3502740847 responseStatus=200 OK token=64_pVtH2
Executing "step_script" stage of the job script
00:01
Using docker image sha256:dd53f409bf0bd55eac632f9e694fd190244fef5854a428bf3ae1e2b636577623 for alpine:3.14 with digest alpine#sha256:4c869a63e1b7c0722fed1e402a6466610327c3b83bdddb94bd94fb71da7f638a ...
$ echo "Docker registry url is $CI_REGISTRY"
Docker registry url is registry.gitlab.com
$ echo "Docker registry username is $CI_REGISTRY_USER"
Docker registry username is gitlab-ci-token
$ echo "Docker registry repo is $CI_REGISTRY_IMAGE"
Docker registry repo is registry.gitlab.com/komorebi-cqd/mynodeapp-cicd-project
$ docker build -t $IMAGE_NAME .
/bin/sh: eval: line 137: docker: not found
Cleaning up project directory and file based variables
00:00
ERROR: Job failed: exit code 127
It prompts docker: not found,i have been searching the Internet for a long time, but there is no specific solution
I have a Docker installed on my server, and there is no problem running Docker PS. However, when I use the gitlab registry, I will be prompted that the Docker does not exist. I do not know where the problem is, and there is no corresponding solution online. I hope someone can tell me why the Docker is not found and how to solve it.
GitLab CI uses Docker to run your pipelines (with the Docker executor) but it doesn't mean that Docker will be available from inside the CI containers.
You can see from the CI output that it uses the alpine:3.14 Docker image to run your commands, unfortunately this image has not Docker installed:
Using Docker executor with image alpine:3.14 ...
The GitLab documentation describes 3 ways to build Docker images with their CI using:
the Shell executor
Docker-in-Docker with the Docker or Kubernetes executor
Docker socket binding
I'd say to go with the Docker-in-Docker approach because the other 2 may result in concurrency issues: concurrent pipelines will use the same Docker daemon which could result in naming collision of Docker objects.
You can read more about my personal experience in 2020 about building Docker images in GitLab CI if that helps.

How to use docker inside Alpine/Any docker image in gitlab ci

I want to build and test my app using dockerfile located in other private repository.
For that I'm using Alpine official docker image in which i run a bash script for cloning my private repo and running docker for building the docker image. This is how my .gitlab-ci.yml looks like.
image: alpine:3.15
stages:
- main
main-job:
stage: main
script:
- apk add --update docker openrc
- rc-update add docker boot
- apk add bash git curl
- bash build.sh $GH_TOKEN $REPO
And I have simple script in build.sh
git clone https://${GH_TOKEN}#github.com/${REPO} source
cd source || exit 1
docker container prune --force || true
docker build . --rm --force-rm --compress --no-cache=true --pull --file Dockerfile -t test-app
docker image ls
docker run --privileged --rm -i test-app
But Docker don't start and spams error.
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.
See 'docker run --help'.
Also tried with other command in ubuntu docker like service start docker , dockerd, service restart docker and others.
But nothing seems to works as i guess we can't run docker inside a docker or something.
Can we have any alternative idea to it?
Looks like you don’t have a docker agent running. You can use the docker in docker service by adding the following:
services:
- docker:dind
See the GitLab-ci docs on building docker images for more info: https://docs.gitlab.com/ee/ci/docker/using_docker_build.html
I've meet the same issue. May be you have to permit gitlab-runner on your host.
sudo usermod -aG docker gitlab-runner
I‘d suggest you build and push your built image to dockerhub. Then you can start the container referencing your prebuilt image.

Cannot connect to the Docker daemon at tcp://docker:2375. Is the docker daemon running? in docker push via Gitlab CI

In Gitlab CI, when I want to push my image, I get:
Cannot connect to the Docker daemon at tcp://docker:2375. Is the docker daemon running?
Here is the code:
docker-push:
stage: publish
image: docker:stable
services:
- docker:dind
before_script:
- *inject-gopath
- docker login -u gitlab-ci-token -p $GITLAB_PERSONAL_ACCESS_TOKEN $REGISTRY_URL
# $CI_BUILD_TOKEN
script:
- docker build --build-arg GITLAB_TOKEN=${GITLAB_PERSONAL_ACCESS_TOKEN} --target=prod -t $REGISTRY_PACKAGE_API_NAME:$CI_BUILD_ID .
- docker build --build-arg GITLAB_TOKEN=${GITLAB_PERSONAL_ACCESS_TOKEN} --target=prod -t $REGISTRY_PACKAGE_API_NAME:latest .
- docker push $REGISTRY_PACKAGE_API_NAME:$CI_BUILD_ID
- docker push $REGISTRY_PACKAGE_API_NAME:latest
Here is the output:
Pulling docker image docker:stable ...
Using docker image sha256:23fb2c9b38b59433ea1913eafa12d2e15651ca0d08819dc7067d27d8f92e0428 for docker:stable ...
Running on runner-wmKFtEwx-project-7124308-concurrent-0 via ubuntu...
Fetching changes...
Removing release/
HEAD is now at 9c4894a Merge branch '5-supprimer-les-threads' into 'master'
Checking out 9c4894af as master...
Skipping Git submodules setup
Downloading artifacts for build (324707453)...
Downloading artifacts from coordinator... ok id=324707453 responseStatus=200 OK token=SVLY__Jy
$ mkdir -p $(dirname ${PACKAGE_PATH}) && ln -s ${CI_PROJECT_DIR} ${PACKAGE_PATH} && cd ${PACKAGE_PATH}
$ docker login -u gitlab-ci-token -p $GITLAB_PERSONAL_ACCESS_TOKEN $REGISTRY_URL
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
$ docker build --build-arg GITLAB_TOKEN=${GITLAB_PERSONAL_ACCESS_TOKEN} --target=prod -t $REGISTRY_PACKAGE_API_NAME:$CI_BUILD_ID .
Cannot connect to the Docker daemon at tcp://docker:2375. Is the docker daemon running?
ERROR: Job failed: exit code 1
Weird thing is that I am in the image docker-stable, so I should have docker available, and previous step docker login is working well...
Is it a bug from Gitlab, or something I am doing wrong ?
PD: I am using Gitlab.com
PD2: I can push the image manually without any issue
As per comment it is just a GitLab problem.
There is no guarantee, with a free runner, that it will always work. In this case the docker deamon is not available so your build will keep failing until the runner is restarted when GitLab detects the error.
Notice this is my assumption given that often the error comes and then after a few hours it is gone. As you can see also my Gitlab Forums Thread received no reply from anyone so I am afraid I dont think you will be able to fix this. If mission critical then run your own runner so you can restart it on failure

alpine cannot access docker daemon when using gitlab-ci

I have a custom gitlab ci that I want to compile a Golang app and build a docker image. I have decided to use alpine docker image for the gitlab runner. I can't seam to get docker started. I have tried to manually start docker and get an error ( * WARNING: docker is already starting ) and if I don't manually start the docker service I get (Fails (Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?) Any one else experience this?
This would not be a duplicate question. Gitlab runner runs the docker alpine container in root (verified by running whoami). For the sake of trying I did try usermod -aG docker $(whoami) and had the same output.
.gitlab-ci.yml
image: alpine
variables:
GO_PROJECT: linkscout
before_script:
- apk add --update go git libc-dev docker openrc
- mkdir -p ~/go/src/${GO_PROJECT}
- cp -r ${CI_PROJECT_DIR}/* ~/go/src/${GO_PROJECT}/
- cd ~/go/src/${GO_PROJECT}
- service docker start # * WARNING: docker is already starting
stages:
- compile
- build
compile:
stage: compile
script:
- go get
- go build -a
build:
stage: build
script:
- docker version # If I don't run (service docker start) I get this message: Fails (Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?)
By default you cannot use Docker-in-docker. You should configure your runner like this. Then, as stated in the explanation also use docker:latest as image instead of alpine.

docker not found with docker:dind + google/cloud-sdk

I'm getting the error docker: command not found while running the following CI script inside gitlab-ci. This error is happening during before_script for the deploy phase.
services:
- docker:dind
stages:
- build
- test
- deploy
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
build:
stage: build
image: docker:latest
script:
- docker info
- docker version
- docker build --pull -t $SERVICE_NAME:$CI_COMMIT_REF_NAME .
- docker image list
- docker tag $SERVICE_NAME:$CI_COMMIT_REF_NAME $CI_REGISTRY_IMAGE/$SERVICE_NAME:$CI_COMMIT_REF_NAME
- docker push $CI_REGISTRY_IMAGE/$SERVICE_NAME:$CI_COMMIT_REF_NAME
test:
image: docker:latest
stage: test
script:
- docker pull $CI_REGISTRY_IMAGE/$SERVICE_NAME:$CI_COMMIT_REF_NAME
- docker image list
- docker run $CI_REGISTRY_IMAGE/$SERVICE_NAME:$CI_COMMIT_REF_NAME npm test
deploy:
image: google/cloud-sdk
stage: deploy
environment: Production
script:
- echo $DEPLOY_KEY_FILE_PRODUCTION > /tmp/GCLOUD_KEYFILE.json
- gcloud auth activate-service-account --key-file /tmp/GCLOUD_KEYFILE.json
- rm /tmp/GCLOUD_KEYFILE.json
- gcloud info
- gcloud components list
only:
- master
I'm a bit confused, because I'm runing docker-in-docker (docker:dind) as a service so the docker command should be made available to all stages (if I understand this correctly), however it's clearly not.
Is it due to an interaction with google/cloud-sdk ?
You probably misunderstood what services mean. From the doc,
The services keyword defines just another docker image that is run during your job and is linked to the docker image that the image keyword defines.
What you need is a custom docker executor that uses dind image and preinstalled with gcloud sdk. You can build such an image with this Dockerfile:
FROM docker:latest
RUN apk add --no-cache \
bash \
build-base \
curl \
git \
libffi-dev \
openssh \
openssl-dev \
python \
py-pip \
python-dev
RUN pip install docker-compose fabric
RUN curl https://sdk.cloud.google.com | bash -s -- --disable-prompts
The question was asked almost 5 years ago, I am unsure if by that time the image google/cloud-sdk shipped without docker binaries, I can't think of anything else for a docker: command not found error more than it was not available in the standard location. Anyways, today 2022 google/cloud-sdk comes with docker and it can interact with the docker service, and since I ended up here several times after running into problems trying to use docker:dind and google/cloud-sdk, I will add the following:
Is possible to use docker from the google/cloud-sdk image, there is no need to create a custom image for your Gitlab CI. The problem is that docker in google/cloud-sdk tries to connect to the socket in /var/run/docker.sock as is presented in the logs:
$ docker build -t gcr.io/$GCP_PROJECT_ID/test:$CI_COMMIT_SHORT_SHA .
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Anyways you can also checks in your logs of the service docker:dind that docker listens in a socket (not reachable from the job container) and a tcp port (reachable via the hostname docker). So, you just need to use the tcp port in your docker commands, either by setting the env variable DOCKER_HOST or adding a -H tcp://docker:2375 as in
$ docker -H tcp://docker:2375 build -t gcr.io/$GCP_PROJECT_ID/test:$CI_COMMIT_SHORT_SHA .
Step 1/8 : FROM python:latest
You forgot to inform the image tag at the top.
image: docker:latest
services:
- docker:dind
...
Works for me! :)
See: https://docs.gitlab.com/ce/ci/docker/using_docker_build.html

Resources