在容器内运行 GitLab Runner
这描述如何在 Docker 容器中运行 GitLab Runner。
Docker 镜像安装及配置
首先安装 Docker:
curl -sSL https://get.docker.com/ | sh
需要在gitlab-runner容器中装载一个用于配置和其他资源的配置存储卷,:
docker run -d --name gitlab-runner --restart always \
-v /srv/gitlab-runner/config:/etc/gitlab-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
gitlab/gitlab-runner:latest
或者,你可以使用配置容器来装载自定义数据卷:
docker run -d --name gitlab-runner-config \
-v /etc/gitlab-runner \
busybox:latest \
/bin/true
docker run -d --name gitlab-runner --restart always \
--volumes-from gitlab-runner-config \
gitlab/gitlab-runner:latest
如果打算使用 Docker 作为产生 Runners 的方法,则要这样装载 docker socket:
docker run -d --name gitlab-runner --restart always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /srv/gitlab-runner/config:/etc/gitlab-runner \
gitlab/gitlab-runner:latest
注册 runner (查看 Runner 文档了解如何获取令牌):
docker exec -it gitlab-runner gitlab-runner register
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com )
https://gitlab.com
Please enter the gitlab-ci token for this runner
xxx
Please enter the gitlab-ci description for this runner
my-runner
INFO[0034] fcf5c619 Registering runner... succeeded
Please enter the executor: shell, docker, docker-ssh, ssh?
docker
Please enter the Docker image (eg. ruby:2.1):
ruby:2.1
INFO[0037] Runner registered successfully. Feel free to start it, but if it's
running already the config should be automatically reloaded!
Runner 应该已经启动了,已准备好构建项目!
请确保阅读了有关 GitLab Runner 最常见问题的 FAQ。
更新
拉取最新的(latest)版本:
docker pull gitlab/gitlab-runner:latest
停止并删除现有容器:
docker stop gitlab-runner && docker rm gitlab-runner
像原来一样启动容器:
docker run -d --name gitlab-runner --restart always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /srv/gitlab-runner/config:/etc/gitlab-runner \
gitlab/gitlab-runner:latest
注意:您需要使用与原来装载数据卷相同的方法(-v /srv/gitlab-runner/config:/etc/gitlab-runner 或 --volumes-from gitlab-runner)
安装受信的 SSL 服务器证书
如果你的 GitLab CI 服务器在使用自签名 SSL 证书,那应确保 GitLab CI 服务器证书被 gitlab-ci-multi-runner 容器信任,以便它们能够相互通信。
The gitlab/gitlab-runner image is configured to look for the trusted SSL certificates at /etc/gitlab-runner/certs/ca.crt, this can however be changed using the -e "CA_CERTIFICATES_PATH=/DIR/CERT" configuration option.
Copy the ca.crt file into the certs directory on the data volume (or container).
The ca.crt file should contain the root certificates of all the servers you want gitlab-ci-multi-runner to trust. The gitlab-ci-multi-runner container will import the ca.crt file on startup so if your container is already running you may need to restart it for the changes to take effect.
gitlab/gitlab-runner镜像被配置为在/etc/gitlab-runner/certs/ca.crt上查找受信的 SSL 证书,但可以使用-e "CA_CERTIFICATES_PATH=/DIR/CERT"来配置。
将ca.crt文件复制到数据卷(或容器)上的certs目录中。
ca.crt文件应包含所有需要 gitlab-ci-multi-runner 信任的服务器根证书。启动时,gitlab-ci-multi-runner 容器将导入ca.crt文件,因此如果你的容器已经运行,则需重启生效。
Alpine Linux
你还可以使用替代的基于 Alpine Linux 的镜像,文件体积更小:
gitlab/gitlab-runner latest 3e8077e209f5 13 hours ago 304.3 MB
gitlab/gitlab-runner alpine 7c431ac8f30f 13 hours ago 25.98 MB
Alpine Linux image is designed to use only Docker as the method of spawning runners.
原本的 gitlab/gitlab-runner:latest 基于 Ubuntu 14.04 LTS。
SELinux
某些发行版(CentOS,RedHat,Fedora)默认使用 SELinux 来增强底层系统的安全性。
处理这种配置时必须特别小心。
- If you want to use Docker executor to run builds in containers you need to access the
/var/run/docker.sock.
However, if you have a SELinux in enforcing mode, you will see thePermission deniedwhen accessing the/var/run/docker.sock.
Install theselinux-dockersockand to resolve the issue: https://github.com/dpw/selinux-dockersock. -
Make sure that persistent directory is created on host:
mkdir -p /srv/gitlab-runner/config. -
Run docker with
:Zon volumes:
docker run -d --name gitlab-runner --restart always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /srv/gitlab-runner/config:/etc/gitlab-runner:Z \
gitlab/gitlab-runner:latest
More information about the cause and resolution can be found here:
http://www.projectatomic.io/blog/2015/06/using-volumes-with-docker-can-cause-problems-with-selinux/
Pingback引用通告: gitlab ci环境搭建 – 猫头鹰工作室