Running my own private GitLab runner looking to try and get a Docker image build and deployed to GitLab’s private registry and getting a strange error following documentation and still failing.
Guides Used
https://docs.gitlab.com/ce/ci/docker/using_docker_build.html
Error
Running with gitlab-ci-multi-runner 1.10.4 (b32125f)
Using Docker executor with image golang:1.8 ...
Starting service docker:dind ...
Pulling docker image docker:dind ...
Waiting for services to be up and running...
*** WARNING: Service runner-8b9bb89d-project-2673423-concurrent-0-docker probably didn't start properly.
API error (500): Cannot link to a non running container: /runner-8b9bb89d-project-2673423-concurrent-0-docker AS /runner-8b9bb89d-project-2673423-concurrent-0-docker-wait-for-service/runner-8b9bb89d-project-2673423-concurrent-0-docker
2017-02-17T06:41:51.383178599Z mount: permission denied (are you root?)
2017-02-17T06:41:51.383210710Z Could not mount /sys/kernel/security.
2017-02-17T06:41:51.383225480Z AppArmor detection and --privileged mode might break.
2017-02-17T06:41:51.383228600Z mount: permission denied (are you root?)
*********
Pulling docker image golang:1.8 ...
Running on runner-8b9bb89d-project-2673423-concurrent-0 via 6daaad86ddaf...
Fetching changes...
Removing redacted
HEAD is now at b3123f6 Build Now!
Checking out b3123f62 as master...
Skipping Git submodules setup
Downloading artifacts for compile-go-1.8-debian (10655603)...
Downloading artifacts from coordinator... ok id=10655603 responseStatus=200 OK token=s5JENjgf
$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN registry.example.com
/bin/bash: line 48: docker: command not found
ERROR: Build failed: exit code 1
.gitlab-ci.yml
stages:
- build
- stage
- production
variables:
CONTAINER_TEST_IMAGE: registry.gitlab.com/REDACTED/REDACTED:$CI_BUILD_REF_NAME
CONTAINER_RELEASE_IMAGE: registry.gitlab.com/REDACTED/REDACTED:latest
compile-go-1.8-debian:
image: golang:1.8
stage: build
script:
# Dumb workaround because I'm too lazy to mess with the $GOPATH
- export BUILDPATH=$(pwd)
- mkdir -pv /go/src/gitlab.com/REDACTED/REDACTED
- cp -Rv ./* /go/src/gitlab.com/REDACTED/REDACTED
- cd /go/src/gitlab.com/REDACTED/REDACTED
- go get -v .
- go build main.go
# Dumb workaround pt2
- cp -v /go/bin/redacted $BUILDPATH/
artifacts:
when: on_success
paths:
- ./redacted
cache:
paths:
- ./redacted
stage-redacted-alpine:
services:
- docker:dind
stage: stage
when: on_success
only:
- master
script:
- docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN registry.example.com
- docker build -t registry.gitlab.com/REDACTED/REDACTED .
- docker push registry.gitlab.com/REDACTED/REDACTED
- docker rm -f redacted-staging
- docker run -d -p 9090:9090 --name redacted-staging registry.gitlab.com/REDACTED/REDACTED
production-redacted-alpine:
image: alpine
stage: production
when: on_success
only:
- production
script:
- echo "Replace me with deploy scripts!"
First you should fix the errors and warnings:
*** WARNING: Service runner-8b9bb89d-project-2673423-concurrent-0-docker probably didn't start properly.
API error (500): Cannot link to a non running container: /runner-8b9bb89d-project-2673423-concurrent-0-docker AS /runner-8b9bb89d-project-2673423-concurrent-0-docker-wait-for-service/runner-8b9bb89d-project-2673423-concurrent-0-docker
2017-02-17T06:41:51.383178599Z mount: permission denied (are you root?)
2017-02-17T06:41:51.383210710Z Could not mount /sys/kernel/security.
2017-02-17T06:41:51.383225480Z AppArmor detection and --privileged mode might break.
2017-02-17T06:41:51.383228600Z mount: permission denied (are you root?)
*********
Doesnt look like you have a healthy runner setup.
You are using a dind image, how does your /etc/gitlab-runner/config.toml look? Have you applied these required steps to make dind work: https://docs.gitlab.com/ce/ci/docker/using_docker_build.html#use-docker-in-docker-executor
Hi Stefanvangastel, thanks for your response.
clarifying intent
Basically, I don’t really mind running this on my local runner. My goal was eventually to have this thing deploy our staging environment but I realized that I have no idea how to make a docker container ( my GitLab runner ) build another container and then push said container image to the GitLab registry.
build container > log into GitLab registry > push container to remote > destroy old running staging instance > deploy new staging image
I quite frankly don’t care exactly how I accomplish this but I assumed that running my own GitLab-CI Runner on my staging server would be more secure than packing an SSH private key into my GitLab repo for deploying the container. I don’t really want to go through the trouble of learning Kubernetes yet either ideally.
config.toml
To answer what my config.toml looked like was mostly a default configuration with the “Docker” executor. I’ve since cleared my config.toml as I’ve been trying to glue together something that might work. What would you suggest to get me started? I can’t seem to find any good examples and I can’t believe I’m the only person looking to build a docker container and then push it to the GitLab registry and then deploy it.
To explain how I got to my conclusions
Most of the stuff I put together were suggestions made from various somewhat similar situations to what I’m trying to accomplish so if my section on deploying and building don’t really make sense I would love to see some suggestions on what I could possibly do to correct my problems.
Your intent is clear and your setup isn’t that bad. I think there could also be some minor issues.
After re-checking your OP I noticed the following:
- You run the docker-dind image as a service. Dont. This has no use, you should specify it in the
image key of your build job.
- I see you login to registry.example.com instead of the registry.gitlab.com I see in your example, typo or redacting inconsistency?
I think your ci file’s stage-redacted-alpine should look like this:
stage-redacted-alpine:
image: docker:dind
stage: stage
when: on_success
only:
- master
script:
- docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN registry.gitlab.com
- docker build -t registry.gitlab.com/REDACTED/REDACTED .
- docker push registry.gitlab.com/REDACTED/REDACTED
- docker rm -f redacted-staging
- docker run -d -p 9090:9090 --name redacted-staging registry.gitlab.com/REDACTED/REDACTED
Thanks for pointing out my copy pasta mistake there. I’ve never used docker:dind before so this whole experience is new.
As for my runner configuration have you any suggestions for how it should be setup for the most part I just ran.
docker run -d --name gitlab-runner --restart always \
-v /srv/gitlab-runner/config:/etc/gitlab-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
gitlab/gitlab-runner:latest
I don’t have the documentation or tutorials I used handy but the configuration setting that I put was the docker executor does that seem logical there doesn’t really seem to be much coverage in the GitLab docs for examples for their usage cases etc. At least that I could find.
I’ve never ran gitlab-runner as a container so dont know for sure but I think you might want to add the --privileged flag to you run command.
Truthfully I would rather not have to run the runner myself and would prefer to use the public CI runners to build the app then send the latest version of the exec into an Alpine container I’m kind of shocked that it seems that there is no coverage anywhere that I can find of people doing this sort of thing.
I would imagine that this whole process would be the logical first step of what to do with these technologies would be to build/compile/test/run your app then once that’s done build a docker container with the latest files/binaries contained within, then have that pushed to the GitLab repository… I’m not really sure what other reason all of this technology even exists for if it isn’t for this…
1 Like