Gitlabrunner + docker executor - publishing ports

maikenp · August 9, 2018, 7:13am

Hi,

I would like to get some advise on how to accomplish e.g.
docker run -p 443:443
via the gitlabrunner configuration file.

I can not see that there is such an option in the configuration according to this: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-executors
But I might be missing something?

I tried using the “port” option, but it does not seem to be doing what I need.

What would be the best way to accomplish publishing the ports?

Thanks,
Maiken

nightman68 · August 11, 2018, 6:01pm

Hi maikenp,

it’s not really clear what kind of runner you’re trying to configure?! Have a look here for different types.

I guess the port is related to the kind of executor, e.g.:

executor = “ssh”

This executor will communicate over port 22, why this should be changed?

Good luck!

maikenp · August 11, 2018, 7:06pm

Hi, thanks for your reply.

It is a docker executor as the title indicates. I have installed gitlabrunner, and now I want to use the gitlab ci to deploy my services for testing purposes on the gitlab runner machine.

The reason I want to publish e.g. port 443, but also 2811 is that I am deploying services which use these port and others, so I need to be able to connect to those ports. I know that running docker directly (not through gitlabrunner docker executor) with docker -p 443:443 works, I can deploy the services on the gitlab runner machine, and they work as they should. But I need to use gitlabrunner since I am deploying the service via Gitlab CI. So how to pass the publish option e.g. via the config.toml of gitlab-runner?

Or if not in this way, is there any other good way to accomplish the wanted effect?

nightman68 · August 13, 2018, 5:52pm

Have you read this?

maikenp · August 13, 2018, 6:49pm

Yes thanks I have. It could be that I could use docker-in-docker for instance, but it seems over-complicated.

It could also be that I could use “services”.

However, the software that I am testing is a software that is running several services - not external ones, but inherit. So I want to start all the services by deploying the software with GitLab CI - and starting up all the services in one container.

If it is not possible to do something similar to

docker run -it -p 443:443 2811:2811 <mydockerimage> /bin/bash

which would typically be

 [runners.docker]
    publish = ['443:443', '2811:2811']

then I just will have to find alternatives ways to accomplish what I need, although they all seem very cumbersome compared to having a configuration option for this.

mfriedenhagen · August 14, 2018, 4:54pm

If you use multiple service definitions the build container will be able to access the started services on the ports automatically.

E.g.

mytestjob:
services:
- mysql
image: alpine
script:
- nc -v -z mysql 3306

Should just work (note that I am not sure that alpine contains netcat)

For a multi-Service setup with services depending on others, however, this will not work, as the services do not know their dns names. If you reuse the docker-daemon which did start the build container via a mounted socket, you may invent a name and just access the services on the ports. Exposure is only needed when you do not use the bridge interface.

maikenp · August 14, 2018, 9:19pm

Hi,

thanks for that

So you mean mounting the socket with volumes=/var/run/docker.sock:/var/run/docker.sock \ option in config.toml ?

What I basically need to do is ask the client of the program I am deploying on the gitlab-runner machine to submit a job to the web service running on the same machine. This service is configured to listen for jobs on port 443 lets say. My command (which I run as a part of the script section in my gitlab-ci.yml) would something like

mysubmitcommand <ip-adress-machine>  <myjobdescriptionscript>

but I could also do

 mysubmitcommand <ip-adress-machine>:443/<servicename>  <myjobdescriptionscript>

How would I rewrite this according to your suggestion:

Thanks a lot,
Maiken

mfriedenhagen · August 15, 2018, 10:27am

If you already have webservice as docker image with an entrypoint starting the service on port 443 the following should work:

jobname:
  service:
    - myregistry.example.com/webservice
  image: alpine
  script:
    - install-submit-command
    - submit-command myregistry.example.com-webservice

maikenp · August 21, 2018, 4:34pm

Hi again,

in the end I went for the docker socket (docker-in-docker) solution.
Something like the following:

image: docker:stable
stages:
  - deploy_and_test
deploy_staging_el7:
  stage: deploy_and_test
  script:
     - docker run --rm --publish  443:443 --publish 2811:2811 --publish 9000-9100:9000-9100  --publish 9000-9100:9000-9100/udp  <my-custom-centos7-image>

My config.toml looks like:

 [[runners]]
  name = "Docker-runner"
  url = "<my-url>"
  token = "<mytoken>"
    executor = "docker"
   [runners.docker]
     tls_verify = false
    image = "docker:stable"
    privileged = true
    disable_cache = false
    volumes = ["/cache", "/var/run/docker.sock:/var/run/docker.sock"]
    shm_size = 0
  [runners.cache]

Of course would have been much easier just to have config.toml support the publish option to pass to docker, but there you go. Suppose it will be implemented sometime.

xingyu-he · February 29, 2020, 3:35am

Hi, use docker in docker solution. how could i exec this has port mapping docker container and run some script

JaVM · May 2, 2022, 8:36am

I’m still looking for a solution like this one:
Is it somehow implemented ?