Cap*_*pCa 4 amazon-web-services gitlab-ci docker-registry
我在自己的机器上托管了一个私人Gitlab.我将我的代码存储在Gitlab中,并希望从Dockerfile构建一个Docker镜像,然后将其推送到我的Amazon ECR注册表.不幸的是,这不起作用,因为它会抛出一个错误:
Flag --email has been deprecated, will be removed in 1.13.
Cannot connect to the Docker daemon. Is the docker daemon running on this host?
/dev/mapper/control: open failed: Operation not permitted
Failure to communicate with kernel device-mapper driver.
Check that device-mapper is available in the kernel.
Command failed
mount: permission denied
Could not mount /sys/kernel/security.
AppArmor detection and --privileged mode might break.
mkdir: cannot create directory '/sys/fs/cgroup/name=systemd': Read-only file system
mount: mount point /sys/fs/cgroup/name=systemd is not a directory
ln: failed to create symbolic link '/sys/fs/cgroup/systemd/name=systemd': Read-only file system
Timed out trying to connect to internal docker host.
gitlab-ci代码如下所示:
stages:
- build
build_airflow:
stage: build
only: [master, develop]
image: gitlab/dind:latest
services:
- docker:dind
script:
- APP=airflow
- sh ./scripts/login-ecs.sh my_fancy_project
login-ecs.sh脚本只是执行eval $(/usr/local/bin/aws ecr get-login --region eu-central-1),应该将图像登录到ECR docker注册表(来源:https://blog.madisonhub.org/gitlab-ci-build-how-to-login-to-ecr/ ).
我找不到问题,所以我希望你能帮助我.
先感谢您.
PS:如果我从aws ecr get-login本地执行命令,它可以正常工作.所以它应该与gitlab做一些事情.我是否必须更改允许私有注册表登录的一些配置?
背景:
您基本上是尝试在docker容器中运行docker server,默认情况下gitlab-ci中不可用.您可以通过运行以下命令来检查docker客户端和服务器的状态:
docker version
在你的gitlab-ci脚本中.这通常是一个好主意,只是为了确保客户端和服务器正常运行.
运行此操作后,您会注意到docker服务器未运行,这就是您收到此错误的原因:
Cannot connect to the Docker daemon. Is the docker daemon running on this host?
解决方案:
有几种方法可以解决这个问题,如Gitlab文档中所述:https://docs.gitlab.com/ce/ci/docker/using_docker_build.html
我们解决它的方法是使用docker -in- docker 执行器,它涉及更新你的Gitlab Runner配置并使用特殊的docker-in-docker(dind)Docker Image运行你的构建.
您需要更新跑步者,使其以特权模式运行.这是一个示例config.toml:
[[runners]]
url = "https://gitlab.com/ci"
token = TOKEN
executor = "docker"
[runners.docker]
tls_verify = false
image = "docker:latest"
privileged = true
disable_cache = false
volumes = ["/cache"]
[runners.cache]
Insecure = false
然后使用docker:latest图像和docker:dind服务.这是一个示例gitlab-ci.yaml代码段:
image: docker:latest
# When using dind, it's wise to use the overlayfs driver for
# improved performance.
variables:
DOCKER_DRIVER: overlay
services:
- docker:dind
before_script:
- docker info
build:
stage: build
script:
- docker version
- docker build -t my-docker-image .
- docker run my-docker-image /script/to/run/tests
另一种方法是设置单独的docker服务器,设置环境变量DOCKER_TLS_VERIFY,DOCKER_HOST以便docker客户端可以安全地连接到服务器.
要启用TLS,您需要按照以下说明操作:https:
//docs.docker.com/engine/security/https/
| 归档时间: |
|
| 查看次数: |
3279 次 |
| 最近记录: |