您的位置: 首页  >  技术问答  >  无法在gitlab CI中的unix:///var/run/docker.sock上连接到Docker守护程序

无法在gitlab CI中的unix:///var/run/docker.sock上连接到Docker守护程序

分类: 技术问答 2022-05-21 22:05:02
问题描述:

我看了其他任何问题,但找不到自己的解决方案!我在gitlab中设置了配置项,并使用了gitlab的共享运行器。在构建阶段,我使用docker映像作为基本映像,但是当我使用 docker 命令时,它说:

I looked at any other questions but can't find my own solution! I setting up a CI in gitlab and use the gitlab's shared runner. In build stage I used docker image as base image but when i use docker command it says :


无法通过unix:///var/run/docker.sock连接到Docker守护程序。 docker守护进程正在运行吗?

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

我看着这个主题,但仍然不明白我该怎么办?

I looked at this topic but still don't understand what should I do?


.gitlab-ci.yml:

.gitlab-ci.yml :



stages:
  - test
  - build
  - deploy

job_1:
  image: python:3.6
  stage: test
  script:
    - sh ./sh_script/install.sh
    - python manage.py test -k

job_2:
  image: docker:stable
  stage: build
  before_script:
    - docker info
  script:
    - docker build -t my-docker-image .

我知道gitlab运行程序必须注册才能使用 docker 并共享 /var/run/docker.sock !但是,当使用gitlab自己的运行程序时,该怎么做?

I know that the gitlab runner must registered to use docker and share /var/run/docker.sock! But how to do this when using the gitlab own runner?

啊,那是我可爱的话题-使用 docker 用于 gitlab ci 。您遇到的问题通常称为 docker-in-docker

Ahh, that's my lovely topic - using docker for gitlab ci. The problem you are experiencing is better known as docker-in-docker.

在配置它之前,您可能需要阅读这篇精彩的文章: http://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/

Before configuring it, you may want to read this brilliant post: http://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/

这将使您有所了解什么是问题以及哪种解决方案最适合您。通常有两种主要方法:在 docker 内实际安装 docker 守护程序,并将主机的守护程序共享给容器。选择哪种方法-取决于您的需求。

That will give you a bit of understanding what is the problem and which solution best fits you. Generally there are 2 major approaches: actual installation of docker daemon inside docker and sharing host's daemon to containers. Which approach to choose - depends on your needs.

gitlab 中,您可以采用几种方式,我只是

In gitlab you can go in several ways, I will just share our experience.

方法1-使用 docker:dind 作为服务。

Way 1 - using docker:dind as a service.

设置非常简单。只需将 docker:dind 作为共享服务添加到您的 gitlab-ci.yml 文件,然后使用 docker:latest 作业的图像。

It is pretty simple to setup. Just add docker:dind as a shared service to your gitlab-ci.yml file and use docker:latest image for your jobs. 

image: docker:latest  # this sets default image for jobs
services:
  - docker:dind

专业人士


  • 易于设置。

  • 易于运行-默认情况下,您的源代码可用于您在 cwd 中的工作,因为它们直接被拉到了dockerRunner

  • simple to setup.
  • simple to run - your source codes are available by default to your job in cwd because they are being pulled directly to your docker runner

缺点:您必须为该服务配置Docker注册表,否则将得到 Dockerfile 。对于我来说,这是不能接受的,因为可能要花费一个多小时,具体取决于您拥有的容器数量。

Cons: you have to configure docker registry for that service, otherwise you will get your Dockerfiles built from scratch each time your pipeline starts. As for me, it is unacceptable, because can take more than an hour depending on the number of containers you have.

方法2-共享 /var/run/docker.sock 主机docker守护进程

Way 2 - sharing /var/run/docker.sock of host docker daemon

我们使用docker守护进程设置了自己的docker executor,通过将套接字添加到 /etc/gitlab-runner/config.toml 文件中来共享套接字。因此,我们使容器内的 docker cli 可以使用机器的docker守护程序。 注意-在这种情况下,您不必为执行者提供特权模式。

We setup our own docker executor with docker daemon and shared the socket by adding it in /etc/gitlab-runner/config.toml file. Thus we made our machine's docker daemon available to docker cli inside containers. Note - you DONT need privileged mode for executor in this case.

之后,我们可以同时使用 docker docker-compose 在我们的自定义docker映像中。此外,我们不需要特殊的Docker注册表,因为在这种情况下,我们在所有容器之间共享执行者的注册表。

After that we can use both docker and docker-compose in our custom docker images. Moreover, we dont need special docker registry because in this case we share executor's registry among all containers.

缺点

在这种情况下,您需要以某种方式将源传递到您的容器,因为您只能将它们安装到docker executor,而不安装到从其启动的容器。我们已经停止使用 git clone $ CI_REPOSITORY_URL --branch $ CI_COMMIT_REF_NAME --single-branch / project

You need to somehow pass sources to your containers in this case, because you get them mounted only to docker executor, but not to containers, launched from it. We've stopped on cloning them with command like git clone $CI_REPOSITORY_URL --branch $CI_COMMIT_REF_NAME --single-branch /project

相关推荐