How to access the hosts docker socket and use the privileged gitlab runner?
I've been trying to get my gitlab runners to build and deploy images on my build server. Read: build AND deploy.
For what I want to achieve I've decided to use the gitlab-runners in docker method, as described here: https://docs.gitlab.com/runner/register/#one-line-registration-command
I've followed the instructions on here to configure the Docker-in-Docker setup:
https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker-executor
In order to avoid any confusion, I have setup the gitlab-runner in a docker container as the one-liner describes: docker run ... gitlab/gitlab-runner register
Now this doesn't allow for the runner to access the hosts docker socket, which I need to deploy (RUN) the images.
So I went back and mounted the socket as described here: https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-socket-binding
This allows the docker access but comes with new problems such as
- Not being able to run commands on the source files as SELinux/apparmor prevents this somehow (e.g.
docker run --volume "CI_PROJECT_DIR:/app" composer installwill state there is nocomposer.jsonfile as the mount is not able to read the files) - The following warning:
*** WARNING: Service runner-MDsojNA1-project-5780282-concurrent-0-docker-0 probably didn't start properly.
Health check error:
ContainerStart: Error response from daemon: Cannot link to a non running container: /runner-MDsojNA1-project-5780282-concurrent-0-docker-0 AS /runner-MDsojNA1-project-5780282-concurrent-0-docker-0-wait-for-service/service (executor_docker.go:1321:0s)
Service container logs:
2019-01-06T16:25:45.837219552Z mount: permission denied (are you root?)
2019-01-06T16:25:45.838041195Z Could not mount /sys/kernel/security.
2019-01-06T16:25:45.838068264Z AppArmor detection and --privileged mode might break.
2019-01-06T16:25:45.838885730Z mount: permission denied (are you root?)
*********The above errors are gone when I use --docker-privileged but than the runner is not able to access the docker socket from my host machine. Kind of stuck in a loop here.
What would be the solution to this