Problem mounting OpenAFS host volume in GitLab-CI runner to make it accesible for Docker

Hi people!

We have setup a CentOS 7 repository in OpenAFS that we access from our images to install some applications.
This process is entirely manual and we’re trying to automate the generation with GitLab-CI.

I’ve set up a runner following the instructions for setting Docker-in-Docker runner.

Then, I’ve modified the /etc/gitlab-runner/config.toml file to specify an OpenAFS host volume (volumes entry):

concurrent = 1
check_interval = 0
    
[[runners]]
  name = "DinD builder"
  url = "https://gitlab.ch/ci"
  token = "xxxxxxxxxxxxxxxxxxxxxx"
  executor = "docker"
  [runners.docker]
    tls_verify = false
    image = "docker:latest"
    privileged = true
    disable_cache = false
    volumes = ["/afs:/afs:ro", "/cache"]
[runners.cache]

In the Dockerfile, we have a RUN command that copies the repo file from AFS to the currently-being-built-image, so we can install the software with yum install:

FROM gitlab-registry.ch/cc7-base
MAINTAINER Somebody
    
RUN echo "set completion-ignore-case On" >> /etc/inputrc
RUN yum update -y && \
        yum install -y \
            gcc \
            git \
            mc \
            python-devel \
            python-pip \
            svn \
            unzip \
            vim
    
RUN cp /afs/<hugePathHere>/Linux/RPM/cc7/custom-repo.repo /etc/yum.repos.d && \
        yum install --enablerepo=custom-repo -y CustomApp
    
CMD /bin/bash

The .gitlab-ci.yml file is:

services:
  - docker:dind
    
build:
  stage: build
  tags:
    - rtf-builder
  before_script:
    - docker info
    - docker login -u $DOCKER_LOGIN_USERNAME -p $DOCKER_LOGIN_PASSWORD gitlab-registry.ch
  script:
    - docker build --pull -t $TO .
    - docker push $TO
  after_script:
    - docker logout gitlab-registry.ch
  variables:
    TO: gitlab-registry.ch/<myUser>/testdockergitlabbuild:$CI_BUILD_REF_NAME

But this always fails, with GitLab-CI telling me that

cp: cannot stat ‘/afs/hugePathHere/Linux/RPM/cc7/custom-repo.repo’:
No such file or directory

  • In the host machine, AFS is accesible and I can manually copy the
    repo file.

  • A container created with docker run --rm --privileged -ti -v /afs:/afs cc7-base
    has AFS accesible.

Am I missing something to make AFS accesible from the Dockerfile?

Best regards,
Adri