Building Docker Images with Local GitLab Runner (from Docker)

I have tried to set up a local gitlab-runner in a Docker container on my Ubuntu server so that I can build and push Docker images. I am able to set up and register the runner, but when trying to check the setup with a test repository the CI outputs the following error message when executing the job:

ERROR: Preparation failed: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

I am quite new to this so I do not know what might be the issue.

The server is running Ubuntu 18.04 on which I have installed Docker 19.03.5 and Docker Compose 1.25.0.

I created the following directory for the gitlab-runner:

.
│
└── gitlab
	│
    ├── config.toml
	│   │
	│   └── config.toml
	│
	└── docker-compose.yml

docker-compose.yml content:

version: '3'

services:
  gitlab-runner:
    image: gitlab/gitlab-runner:latest
    container_name: gitlab_runner
    restart: always
    volumes:
      - ./config/:/etc/gitlab-runner/
      - /var/run/docker.sock:/var/run/docker.sock

I then registered the runner:

docker-compose run --rm gitlab-runner register -n \
  --url https://gitlab.com/ \
  --registration-token *<token>* \
  --executor docker \
  --description "My Docker Runner" \
  --docker-image "docker:stable" \
  --docker-volumes /var/run/docker.sock:/var/run/docker.sock

The config.toml file was the updated like this:

[[runners]]
  name = "My Docker Runner"
  url = "https://gitlab.com/"
  token = "*<token>*"
  executor = "docker"
  [runners.docker]
    tls_verify = false
    image = "docker:stable"
    privileged = false
    disable_cache = false
    volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/cache"]
    shm_size = 0
  [runners.cache]

I then started the gitlab-runner container:

docker-compose up -d

I created a Dockerfile in GitLab repository just for test:

FROM python:latest

RUN apt-get update

The .gitlab-ci.yml i set up like this:

image: docker:stable

stages:
    - build

build:
    stage: build
    script:
    - docker info
    - docker build -t docker_python_test .

This is the output from the runner:

1 Running with gitlab-runner 12.5.0 (577f813d)
2   on Docker Runner Test 001 *<token>*
3
ERROR: Preparation failed: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? (executor_docker.go:980:0s)
00:09
4 Will be retried in 3s ...
5 ERROR: Preparation failed: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? (executor_docker.go:980:0s)
6 Will be retried in 3s ...
7 ERROR: Preparation failed: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? (executor_docker.go:980:0s)
8 Will be retried in 3s ...
10 ERROR: Job failed (system failure): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? (executor_docker.go:980:0s)

Hi,

ok, so you are using the socket binding method instead of dind. I would have guess now that one needs to start the dind service, but that shouldn’t be needed here.

Still, with running the GitLab Runner itself in a container, you’ll need to pass the docker.sock two container levels deep. I’d look into Ubuntu first, it has apparmor enabled by default and this may prevent access to the docker socket here. Apparmor is a similar thing to SELinux.

Cheers,
Michael

Thanks for your feedback!

Before I did an attempt on this I did some research and read several places that the Docker-in-Docker approach was not recommended, thus I did an attempted using the socket binding, although I do not fully understand how this works.

I am not familiar with the Ubuntu apparmor, I have not seen it mentioned in relation to Docker before. Is this something that is typically changed when setting up Docker on Linux? The only thing I have done on the Ubuntu server other than installing Docker if setting up SSH and UFW? Might there also be a chance that the issue is related to something with the firewall and/or users/groups?

I attempted to stop the apparmor, but this did not seem to have any effect.

Hi,

ok, the Docker daemon should be running as otherwise the GitLab runner itself wouldn’t do anything in docker-compose. Dumb question here - are you sure that this specific runner is executing the job, likewise do you happen to have any other runners taking over the task and creating wrong results here?

My blind guess is that you are using a different runner with the shell executor on a host where Docker is not running.

In terms of the socket, please try to find out who is attached to it and its permissions on the host system.

ls -lah /var/run/docker.sock

lsof /var/run/docker.sock

Cheers,
Michael