在容器内运行 GitLab Runner

在容器内运行 GitLab Runner

这描述如何在 Docker 容器中运行 GitLab Runner。

Docker 镜像安装及配置

首先安装 Docker:

curl -sSL https://get.docker.com/ | sh

需要在gitlab-runner容器中装载一个用于配置和其他资源的配置存储卷,:

docker run -d --name gitlab-runner --restart always \
  -v /srv/gitlab-runner/config:/etc/gitlab-runner \
  -v /var/run/docker.sock:/var/run/docker.sock \
  gitlab/gitlab-runner:latest

或者,你可以使用配置容器来装载自定义数据卷:

docker run -d --name gitlab-runner-config \
    -v /etc/gitlab-runner \
    busybox:latest \
    /bin/true

docker run -d --name gitlab-runner --restart always \
    --volumes-from gitlab-runner-config \
    gitlab/gitlab-runner:latest

如果打算使用 Docker 作为产生 Runners 的方法,则要这样装载 docker socket:

docker run -d --name gitlab-runner --restart always \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v /srv/gitlab-runner/config:/etc/gitlab-runner \
  gitlab/gitlab-runner:latest

注册 runner (查看 Runner 文档了解如何获取令牌):

docker exec -it gitlab-runner gitlab-runner register

Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com )
https://gitlab.com
Please enter the gitlab-ci token for this runner
xxx
Please enter the gitlab-ci description for this runner
my-runner
INFO[0034] fcf5c619 Registering runner... succeeded
Please enter the executor: shell, docker, docker-ssh, ssh?
docker
Please enter the Docker image (eg. ruby:2.1):
ruby:2.1
INFO[0037] Runner registered successfully. Feel free to start it, but if it's
running already the config should be automatically reloaded!

Runner 应该已经启动了,已准备好构建项目!

请确保阅读了有关 GitLab Runner 最常见问题的 FAQ

更新

拉取最新的(latest)版本:

docker pull gitlab/gitlab-runner:latest

停止并删除现有容器:

docker stop gitlab-runner && docker rm gitlab-runner

像原来一样启动容器:

docker run -d --name gitlab-runner --restart always \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v /srv/gitlab-runner/config:/etc/gitlab-runner \
  gitlab/gitlab-runner:latest

注意:您需要使用与原来装载数据卷相同的方法(-v /srv/gitlab-runner/config:/etc/gitlab-runner--volumes-from gitlab-runner

安装受信的 SSL 服务器证书

如果你的 GitLab CI 服务器在使用自签名 SSL 证书,那应确保 GitLab CI 服务器证书被 gitlab-ci-multi-runner 容器信任,以便它们能够相互通信。

The gitlab/gitlab-runner image is configured to look for the trusted SSL certificates at /etc/gitlab-runner/certs/ca.crt, this can however be changed using the -e "CA_CERTIFICATES_PATH=/DIR/CERT" configuration option.

Copy the ca.crt file into the certs directory on the data volume (or container).
The ca.crt file should contain the root certificates of all the servers you want gitlab-ci-multi-runner to trust. The gitlab-ci-multi-runner container will import the ca.crt file on startup so if your container is already running you may need to restart it for the changes to take effect.

gitlab/gitlab-runner镜像被配置为在/etc/gitlab-runner/certs/ca.crt上查找受信的 SSL 证书,但可以使用-e "CA_CERTIFICATES_PATH=/DIR/CERT"来配置。

ca.crt文件复制到数据卷(或容器)上的certs目录中。
ca.crt文件应包含所有需要 gitlab-ci-multi-runner 信任的服务器根证书。启动时,gitlab-ci-multi-runner 容器将导入ca.crt文件,因此如果你的容器已经运行,则需重启生效。

Alpine Linux

你还可以使用替代的基于 Alpine Linux 的镜像,文件体积更小:

gitlab/gitlab-runner    latest              3e8077e209f5        13 hours ago        304.3 MB
gitlab/gitlab-runner    alpine              7c431ac8f30f        13 hours ago        25.98 MB

Alpine Linux image is designed to use only Docker as the method of spawning runners.

原本的 gitlab/gitlab-runner:latest 基于 Ubuntu 14.04 LTS。

SELinux

某些发行版(CentOS,RedHat,Fedora)默认使用 SELinux 来增强底层系统的安全性。

处理这种配置时必须特别小心。

  1. If you want to use Docker executor to run builds in containers you need to access the /var/run/docker.sock.
    However, if you have a SELinux in enforcing mode, you will see the Permission denied when accessing the /var/run/docker.sock.
    Install the selinux-dockersock and to resolve the issue: https://github.com/dpw/selinux-dockersock.

  2. Make sure that persistent directory is created on host: mkdir -p /srv/gitlab-runner/config.

  3. Run docker with :Z on volumes:

docker run -d --name gitlab-runner --restart always \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v /srv/gitlab-runner/config:/etc/gitlab-runner:Z \
  gitlab/gitlab-runner:latest

More information about the cause and resolution can be found here:
http://www.projectatomic.io/blog/2015/06/using-volumes-with-docker-can-cause-problems-with-selinux/

Leave a Reply

Your email address will not be published.