GitLab runner using rootless docker

Problem to solve

I’d like to be able to run the CI/CD tasks on my local machine (UbuntuMATE 22.04), using gitlab-runner, which

• is provided within a container, and;
• performs the jobs within another container;

using docker in rootless mode.

Following the instructions on gitlab.com (see below) - the job fails with the following initial output:

Running with gitlab-runner 17.1.0 (fe451d5a)
  on test-add-ci <id>, system ID: <id>
Preparing the "docker" executor
ERROR: Failed to remove network for build
ERROR: Preparation failed: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? (docker.go:958:0s)

After some guesswork, by modifying config.toml (see below) I succeeded in running the CI job within another container (using a ‘node’ image). However, I do not know if there is a simpler approach to setting up the runner.

Steps to reproduce

I installed docker via APT:

sudo apt install docker-ce
# current version
docker --version
# ~$ Docker version 27.0.3, build 7d4bcd8

I then followed the instructions for setting up rootless mode for the docker daemon: https://docs.docker.com/engine/security/rootless/.

• I installed gitlab-runner in a container as per: https://docs.gitlab.com/runner/install/docker.html#option-2-use-docker-volumes-to-start-the-runner-container.
• I registered the runner with name test-add-ci as per: https://docs.gitlab.com/runner/register/index.html?tab=Docker#register-with-a-runner-authentication-token
  • used executor to “docker” as in: https://docs.gitlab.com/ee/ci/docker/using_docker_images.html.

I believe the first problem is that item 2 in Run GitLab Runner in a container doesn’t have the right location for the socket when rootless mode is used:

docker run -d --name gitlab-runner --restart always \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v gitlab-runner-config:/etc/gitlab-runner \
    gitlab/gitlab-runner:latest

Typically the socket is at /run/user/<number>/docker.sock - this can be found via the shell command docker ps. Changing the -v option to point to the correct location did not affect the output.

However, once I set the host within ~/.local/share/docker/volumes/gitlab-runner-config/config.toml via:

  [runners.docker]
    host = "unix:///run/user/<number>/docker.sock"

then the CI/CD pipeline seemed to function correctly. The problem is, I can’t tell if I’ve missed an instruction or if there is a simpler method for setting up the runner.

Configuration

FWIW - I am using node images to run the CI jobs, e.g. my .gitlab-ci.yml is like:

stages:
  - greeting

image: node:20

job:
  stage: greeting
  script:
    - echo "Hello world"

Versions

• Self-managed
• GitLab.com SaaS
• Self-hosted Runners

Versions

• GitLab: via https://gitlab.com “GitLab Enterprise Edition 17.2.0”
• GitLab Runner: 17.1.0