Podman as a drop-in replacement for Docker in GitLab Runner Docker Executor on Linux - GA
Release notes
As of GitLab 15.3, Podman 4.2+ is supported as a drop-in replacement for Docker in GitLab Runner.
Note: Versions of Podman earlier that 4.2 are not supported as those versions do not include the fixes required for compatibility with GitLab Runner.
Documentation on how to use Podman to run Docker commands
Overview
Red Hat does not include the Docker container engine in OpenShift and Red Hat Enterprise Linux 8 (RHEL 8). "For RHEL 8, Docker is not included and not supported by Red Hat."
As Red Hat points out in the RHEL documentation, their strategy is positioning OpenShift as the project for running containers. However, "OpenShift’s container engine is disconnected from single-node uses," which means that users of RHEL 8 that need RedHat supported tools for running containers can run the following tools:
- podman - Client tool for managing containers. Can replace most features of the docker command for working with individual containers and images.
- buildah - Client tool for building OCI-compliant container images.
- skopeo - Client tool for copying container images to and from container registries. Includes features for signing and authenticating images as well.
- runc - Container runtime client for running and working with Open Container Initiative (OCI) format containers.
Proposal
Transition Podman as a drop-in replacement for Docker in the GitLab Runner Docker Executor on Linux from beta to GA.
Instructions to test Podman
- Get a Fedora 35 VM, whether that's going to be through virtualization on your laptop with e.g. Vagrant (Intel) or in a cloud provider, such as GCP.
- SSH into your VM and install Podman by following the Fedora 35 instructions: https://podman.io/getting-started/installation.
- Download the Docker CLI since GitLab Runner uses that for certain checks in the tests:
export DOCKERVERSION=20.10.17
curl -fsSLO https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKERVERSION}.tgz \
&& sudo tar xzvf docker-${DOCKERVERSION}.tgz --strip 1 \
-C /usr/local/bin docker/docker \
&& rm docker-${DOCKERVERSION}.tgz
- Enable the podman socket and link it so the Docker CLI can use it:
systemctl enable --now --user podman.socket
unset DOCKER_HOST
unset DOCKER_TLS_VERIFY
unset DOCKER_TLS_CERTDIR
sudo ln -s /run/user/$(id -u)/podman/podman.sock /var/run/docker.sock
docker ps
- Install
go1.17
curl -sSL https://git.io/g-install | sh -s
bash
g download 1.17
g set 1.17
go version
- Install git and clone GitLab Runner:
sudo dnf install git gcc -y
git clone https://gitlab.com/gitlab-org/gitlab-runner.git && cd gitlab-runner
git checkout 2ae0a5c2ddeff5d4cb5247bcdf1511c306a12ace
git clone https://gitlab.com/gitlab-org/ci-cd/gitlab-runner-pipeline-tests/gitlab-test tmp/gitlab-test
- Run the tests
go test -timeout 30s -run 'TestDockerCommandMultistepBuild/Failure_on_release_step._After_script_runs.' -
tags integration -v gitlab.com/gitlab-org/gitlab-runner/executors/docker
- To run all integration test
go test -timeout 30s -tags integration -v gitlab.com/gitlab-org/gitlab-runner/executors/docker
If testing a custom Podman binary
# Copy binary to VM to e.g. `$HOME/podman`
sudo systemctl stop podman podman.socket
sudo mv /usr/bin/podman ~/podman.bak
sudo mv ~/podman /usr/bin/podman
sudo systemctl start podman.socket
Disclaimer
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.