This is how you can run GitLab Runner inside a Docker container.
GitLab Runner Docker images (both based on Ubuntu and Alpine Linux)
are designed as wrappers around the standard gitlab-runner command, like if
GitLab Runner was installed directly on the host.
The general rule is that every GitLab Runner command that normally would be executed as:
gitlab-runner [Runner command and options...]can be executed with:
docker run [chosen docker options...] gitlab/gitlab-runner [Runner command and options...]For example, getting the top-level help information for GitLab Runner command could be executed as:
docker run --rm -t -i gitlab/gitlab-runner --help
NAME:
gitlab-runner - a GitLab Runner
USAGE:
gitlab-runner [global options] command [command options] [arguments...]
VERSION:
10.7.0 (7c273476)
(...)In short, the gitlab-runner part of the command is replaced with
docker run [docker options] gitlab/gitlab-runner, while the rest of Runner's
command stays as it is described in the register documentation.
The only difference is that the gitlab-runner command is executed inside of a
Docker container.
-
Install Docker first:
curl -sSL https://get.docker.com/ | sh -
You need to mount a config volume into the
gitlab-runnercontainer to be used for configs and other resources:docker run -d --name gitlab-runner --restart always \ -v /srv/gitlab-runner/config:/etc/gitlab-runner \ -v /var/run/docker.sock:/var/run/docker.sock \ gitlab/gitlab-runner:latest
TIP: Tip: On macOS, use
/Users/Sharedinstead of/srv.Or, you can use a config container to mount your custom data volume:
docker run -d --name gitlab-runner-config \ -v /etc/gitlab-runner \ busybox:latest \ /bin/trueAnd then, run the Runner:
docker run -d --name gitlab-runner --restart always \ -v /var/run/docker.sock:/var/run/docker.sock \ --volumes-from gitlab-runner-config \ gitlab/gitlab-runner:latest
Make sure that you read the FAQ section which describes some of the most common problems with GitLab Runner.
Pull the latest version:
docker pull gitlab/gitlab-runner:latestStop and remove the existing container:
docker stop gitlab-runner && docker rm gitlab-runnerStart the container as you did originally:
docker run -d --name gitlab-runner --restart always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /srv/gitlab-runner/config:/etc/gitlab-runner \
gitlab/gitlab-runner:latestNOTE: Note:
You need to use the same method for mounting you data volume as you
did originally (-v /srv/gitlab-runner/config:/etc/gitlab-runner or
--volumes-from gitlab-runner).
When GitLab Runner is started as a foreground task (whether it's a locally installed binary or inside of a Docker Container), the logs are printed to the standard output. When GitLab Runner is started as a system service (e.g. with Systemd), the logs are in most cases logged through Syslog or other system logging mechanism.
With GitLab Runner started as a Docker based service, since the gitlab-runner ... command is
the main process of the container, the logs can be read using the docker logs command.
For example, if GitLab Runner was started with the following command:
docker run -d --name gitlab-runner --restart always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /srv/gitlab-runner/config:/etc/gitlab-runner \
gitlab/gitlab-runner:latestyou may get the logs with:
docker logs gitlab-runnerwhere gitlab-runner is the name of the container, set with --name gitlab-runner by
the first command.
You may find more information about handling container logs at the Docker documentation page.
If your GitLab CI server is using self-signed SSL certificates then you should make sure the GitLab CI server certificate is trusted by the gitlab-runner container for them to be able to talk to each other.
The gitlab/gitlab-runner image is configured to look for the trusted SSL
certificates at /etc/gitlab-runner/certs/ca.crt, this can however be changed using the
-e "CA_CERTIFICATES_PATH=/DIR/CERT" configuration option.
Copy the ca.crt file into the certs directory on the data volume (or container).
The ca.crt file should contain the root certificates of all the servers you
want gitlab-runner to trust. The gitlab-runner container will
import the ca.crt file on startup so if your container is already running you
may need to restart it for the changes to take effect.
You can also use alternative Alpine Linux based image with much smaller footprint:
gitlab/gitlab-runner latest 3e8077e209f5 13 hours ago 304.3 MB
gitlab/gitlab-runner alpine 7c431ac8f30f 13 hours ago 25.98 MB
Alpine Linux image is designed to use only Docker as the method of spawning runners.
The original gitlab/gitlab-runner:latest is based on Ubuntu 16.04 LTS.
Some distributions (CentOS, RedHat, Fedora) use SELinux by default to enhance the security of the underlying system.
The special care must be taken when dealing with such configuration.
-
If you want to use Docker executor to run builds in containers you need to access the
/var/run/docker.sock. However, if you have a SELinux in enforcing mode, you will see thePermission deniedwhen accessing the/var/run/docker.sock. Install theselinux-dockersockand to resolve the issue: https://github.com/dpw/selinux-dockersock. -
Make sure that persistent directory is created on host:
mkdir -p /srv/gitlab-runner/config. -
Run docker with
:Zon volumes:
docker run -d --name gitlab-runner --restart always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /srv/gitlab-runner/config:/etc/gitlab-runner:Z \
gitlab/gitlab-runner:latestMore information about the cause and resolution can be found here: http://www.projectatomic.io/blog/2015/06/using-volumes-with-docker-can-cause-problems-with-selinux/