Skip to content

Windows gitlab runner fails to start docker image since Docker desktop 4.6.0

Summary

Since Docker Desktop 4.6.0 windows gitlab runner can't run windows images with docker-windows executor
I would like to know if this is Docker Desktop bug, or something was changed and gitlab runner needs an update?

Starting docker container and running echo command from command prompt succeeds, so it seems that error is in gitlab runner

Error from job log:

ERROR: Job failed (system failure): prepare environment: Error response from daemon: hcsshim::CreateComputeSystem 027401adf089aa36dc74e3f57bdb8f15dee5e13ed8afd9dba12a866d9018e49f: Access is denied. (exec.go:73:4s). Check https://docs.gitlab.com/runner/shells/index.html#shell-profile-loading for more information

Steps to reproduce

  • Install Docker desktop 4.5.1 on windows machine
  • Switch to windows containers
  • Install windows gitlab runner
  • Register runner as docker-windows with powershell
  • Run CI job and get success
  • Update Docker Desktop to latest version (4.6.1 at the time of writing)
  • Run CI job again and receive failure
.gitlab-ci.yml 
stages:
  - test

unit-test-job:
  stage: test
  tags:
    - docker-windows
  image: mcr.microsoft.com/windows:20H2
  script:
    - echo "Test"

Actual behavior

Job fails to execute with error

Expected behavior

Successful job execution

Relevant logs and/or screenshots

Successful job log with Docker Desktop 4.5.1 
Running with gitlab-runner 14.9.0 (d1f69508)
  on Virtual mRsyxm9D
Preparing the "docker-windows" executor 00:00
Using Docker executor with image mcr.microsoft.com/windows:20H2 ...
Using locally found image version due to "if-not-present" pull policy
Using docker image sha256:4f70934d23901656a397188f0ed6837534bfcc6ac8062715efac08f092022798 for mcr.microsoft.com/windows:20H2 with digest mcr.microsoft.com/windows@sha256:4938a49c3cd6f21a7047144e0c9c10ef65904701abfee4835b25ba900f66e3f1 ...
Preparing environment 00:06
Running on RUNNER-MRSYXM9D via 
Virtual...
Getting source from Git repository 00:09
Fetching changes with git depth set to 20...
Reinitialized existing Git repository in C:/builds/root/test/.git/
Checking out bd39c877 as main...
git-lfs/2.11.0 (GitHub; windows amd64; go 1.14.2; git 48b28d97)
Skipping Git submodules setup
Executing "step_script" stage of the job script 00:25
Using docker image sha256:4f70934d23901656a397188f0ed6837534bfcc6ac8062715efac08f092022798 for mcr.microsoft.com/windows:20H2 with digest mcr.microsoft.com/windows@sha256:4938a49c3cd6f21a7047144e0c9c10ef65904701abfee4835b25ba900f66e3f1 ...
$ echo "Test"
Test
Job succeeded
Failed job log with Docker Desktop 4.6.1 
Running with gitlab-runner 14.9.0 (d1f69508)
  on Virtual mRsyxm9D
Preparing the "docker-windows" executor 00:00
Using Docker executor with image mcr.microsoft.com/windows:20H2 ...
Using locally found image version due to "if-not-present" pull policy
Using docker image sha256:4f70934d23901656a397188f0ed6837534bfcc6ac8062715efac08f092022798 for mcr.microsoft.com/windows:20H2 with digest mcr.microsoft.com/windows@sha256:4938a49c3cd6f21a7047144e0c9c10ef65904701abfee4835b25ba900f66e3f1 ...
Preparing environment 00:05
ERROR: Job failed (system failure): prepare environment: Error response from daemon: hcsshim::CreateComputeSystem 027401adf089aa36dc74e3f57bdb8f15dee5e13ed8afd9dba12a866d9018e49f: Access is denied. (exec.go:73:4s). Check https://docs.gitlab.com/runner/shells/index.html#shell-profile-loading for more information
Running container and executing echo command in docker from command prompt succeeds 
C:\>docker run --rm mcr.microsoft.com/windows:20H2 powershell echo "Test"
Test

Environment description

I am using custom installation. Tried this on Windows 10 and Windows 11 with same output.

config.toml contents 
concurrent = 1
check_interval = 0

[session_server]
  session_timeout = 1800

[[runners]]
  name = "Virtual"
  url = "REMOVED"
  token = "REMOVED"
  executor = "docker-windows"
  shell = "powershell"
  [runners.custom_build_dir]
  [runners.cache]
    [runners.cache.s3]
    [runners.cache.gcs]
    [runners.cache.azure]
  [runners.docker]
    tls_verify = false
    image = "mcr.microsoft.com/powershell:lts-nanoserver-20h2"
    privileged = false
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["c:\\cache"]
    pull_policy = ["if-not-present"]
    shm_size = 0
docker info from Docker desktop 4.5.1 
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc., v0.7.1)
  compose: Docker Compose (Docker Inc., v2.2.3)
  scan: Docker Scan (Docker Inc., v0.17.0)

Server:
 Containers: 4
  Running: 1
  Paused: 0
  Stopped: 3
 Images: 16
 Server Version: 20.10.12
 Storage Driver: windowsfilter
  Windows:
 Logging Driver: json-file
 Plugins:
  Volume: local
  Network: ics internal l2bridge l2tunnel nat null overlay private transparent
  Log: awslogs etwlogs fluentd gcplogs gelf json-file local logentries splunk syslog
 Swarm: inactive
 Default Isolation: hyperv
 Kernel Version: 10.0 22000 (22000.1.amd64fre.co_release.210604-1628)
 Operating System: Windows 10 Pro N Version 2009 (OS Build 22000.556)
 OSType: windows
 Architecture: x86_64
 CPUs: 22
 Total Memory: 11.86GiB
 Name: Virtual
 ID: AHJR:VHUD:DEUW:UC2V:O5DI:WHQ5:MSBI:4VOH:U6RW:DVUF:COND:3XHR
 Docker Root Dir: C:\ProgramData\Docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
 Product License: Community Engine
docker info from Docker desktop 4.6.1 
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc., v0.8.1)
  compose: Docker Compose (Docker Inc., v2.3.3)
  scan: Docker Scan (Docker Inc., v0.17.0)

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 16
 Server Version: 20.10.13
 Storage Driver: windowsfilter
  Windows:
 Logging Driver: json-file
 Plugins:
  Volume: local
  Network: ics internal l2bridge l2tunnel nat null overlay private transparent
  Log: awslogs etwlogs fluentd gcplogs gelf json-file local logentries splunk syslog
 Swarm: inactive
 Default Isolation: hyperv
 Kernel Version: 10.0 22000 (22000.1.amd64fre.co_release.210604-1628)
 Operating System: Windows 10 Pro N Version 2009 (OS Build 22000.556)
 OSType: windows
 Architecture: x86_64
 CPUs: 22
 Total Memory: 11.86GiB
 Name: Virtual
 ID: AHJR:VHUD:DEUW:UC2V:O5DI:WHQ5:MSBI:4VOH:U6RW:DVUF:COND:3XHR
 Docker Root Dir: C:\ProgramData\Docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
 Product License: Community Engine

Used GitLab Runner version

Version:      14.9.1
Git revision: bd40e3da
Git branch:   14-9-stable
GO version:   go1.17.7
Built:        2022-03-22T21:26:32+0000
OS/Arch:      windows/amd64

Possible fixes

Only fix that works is to downgrade doker desktop to 4.5.1

Edited by SauliusZ