Allow volume mounts for services
Problem to solve
Allow volume mounts for services.
Further details
There are scenarios where you want to run systemd within a Docker container. For example if you want to test Ansible artifacts against an environment which mostly behaves like a bare metal system but should be provided within a container.
To run systemd within a container the container:
- needs to be runned privileged
- needs to mount
-v /sys/fs/cgroup:/sys/fs/cgroup:ro
Currently the volumes defined in the config.toml of a runner are only applied to the job executor containers. However it should be possible to define also volumes for services.
Proposal
Allow following:
sudo docker run --rm gitlab/gitlab-runner register -h
...
--docker-service-volumes value Bind mount a volumes to services [$DOCKER_SERVICE_VOLUMES]Or allow the --docker-volumes aka DOCKER_VOLUMES also to be mounted to services. However, there may be also a better solution than my proposal.
What does success look like, and how can we measure that?
Currently my pipeline uses a workaround where I start a unique systemd target container within a pre-test job and remove this container in a post-test job. this only works because of I am using a dedicated Docker daemon for my builds:
...
start-target:
stage: pre-test
script:
- docker network create "gitlab-ci-$CI_PIPELINE_ID"
- docker run -d --name "target-$CI_PIPELINE_ID" --privileged --network "gitlab-ci-$CI_PIPELINE_ID" -v /sys/fs/cgroup:/sys/fs/cgroup:ro "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG}"
test-ssh-port:
stage: test
script: docker run --rm --network "gitlab-ci-$CI_PIPELINE_ID" busybox:latest /bin/sh -c "echo exit | telnet target-$CI_PIPELINE_ID 22"
stop-target:
stage: post-test
script:
- docker rm -vf "target-$CI_PIPELINE_ID"
- docker network remove "gitlab-ci-$CI_PIPELINE_ID"
when: always
...This whole workaround could be condensed to this single job if the service would be have /sys/fs/croup mounted to:
test-ssh-port:
stage: test
image: busybox:latest
services:
- name: "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG}"
alias: target
script: echo exit | telnet target 22