Docker DIND executor doesn't mount the /var/run/docker.sock volume for certain Docker images
Summary
Background: We're using the Docker DIND executor for our .NET projects, that use a custom Docker image to perform the build/deploy of the repos into Docker images. The Dockerfile for this custom Docker image looks like this:
FROM microsoft/dotnet:1.1.2-sdk
# Install AWS CLI and dependencies
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
apt-transport-https \
ca-certificates \
curl \
gnupg2 \
software-properties-common \
python-dev \
build-essential \
python-pip \
&& pip install --upgrade pip \
&& pip install awscli \
&& apt-get remove -y python-pip \
&& curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - \
&& apt-key fingerprint 0EBFCD88 \
&& add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" \
&& apt-get update \
&& apt-get install -y --no-install-recommends docker-ce
CMD ["bash"]The issue: Our build jobs recently started failing when running any Docker commands in the job that the Docker socket cannot be reached.
It appears to that the host's Docker socket is not being mounted as a volume for the container at /var/run/docker.sock. Curiously, this only appears to be a problem with the Docker image created by the Dockerfile above. We also have Node projects that use a different upstream Docker image and everything is working as intended.
We can also run the image on the effected runner with
Steps to reproduce
- Create a new GitLab repo with a .gitlab-ci.yml file similar to the following:
image: zgre/dotnet-aws:release
services:
- docker:dind
build_docker_image:
script:
- docker build -t $IMAGE_NAME .Note: the zgre/dotnet-aws:release image is public on Docker Hub and is built using the Dockerfile noted in the summary.
- Add a Dockerfile to the repo. Any Dockerfile should do, but I've added a boilerplate Dockerfile below:
FROM microsoft/dotnet:1.1.2-sdk
RUN echo "This is a boilerplate Dockerfile"- Run the build using GitLab CI.
Actual behavior
The build job fails with output similar to the following:
Running with gitlab-ci-multi-runner 9.5.0 (413da38)
on Shared Docker Runner (d7acc1c0)
Using Docker executor with image zgre/dotnet-aws:release ...
Starting service docker:dind ...
Pulling docker image docker:dind ...
Using docker image docker:dind ID=sha256:7731e67e3def0af852ea8ab3788063fc640ce359d399b86fe5a009e6d814f625 for docker service...
Waiting for services to be up and running...
Using docker image sha256:b2778269fd24e6ada4e96b890743ebc4c4e527ddbd7e9a1abec3a657ea769104 for predefined container...
Pulling docker image zgre/dotnet-aws:release ...
Using docker image zgre/dotnet-aws:release ID=sha256:726a1f78a42dcbd642f6681586158e49f5bf8440592508eca3ee40aecbcf2796 for build container...
Running on runner-d7acc1c0-project-142-concurrent-0 via ip-10-90-253-81...
Cloning repository...
Cloning into '/builds/####/#####'...
Checking out e06c10a4 as release...
Skipping Git submodules setup
$ docker build -t $IMAGE_NAME .
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
ERROR: Job failed: exit code 1Further troubleshooting shows that the Docker socket hasn't been mounted at /var/run/docker.sock in the container:
$ ls -la /var/run/
total 12
drwxr-xr-x 3 root root 4096 Jul 23 00:00 .
drwxr-xr-x 1 root root 4096 Aug 31 22:38 ..
drwxrwxrwt 2 root root 4096 Jul 23 00:00 lock
-rw-rw-r-- 1 root utmp 0 Jul 23 00:00 utmpExpected behavior
The docker build command shouldn't fail because it can't connect to the /var/run/docker.sock
Environment description
The runner is being used on Amazon Linux 2017.03 https://aws.amazon.com/amazon-linux-ami/2017.03-release-notes/.
Output of docker version:
Client:
Version: 17.03.1-ce
API version: 1.27
Go version: go1.7.5
Git commit: 7392c3b/17.03.1-ce
Built: Tue May 30 17:59:44 2017
OS/Arch: linux/amd64
Server:
Version: 17.03.1-ce
API version: 1.27 (minimum version 1.12)
Go version: go1.7.5
Git commit: 7392c3b/17.03.1-ce
Built: Tue May 30 17:59:44 2017
OS/Arch: linux/amd64
Experimental: falseUsed GitLab Runner version
Version: 1.10.4
Git revision: b32125f
Git branch: 1-10-stable
GO version: go1.7.5
Built: Tue, 31 Jan 2017 14:39:18 +0000
OS/Arch: linux/amd64