Cannot connect to the Docker daemon using DinD for GitLab-CE Pipeline
Summary
When using docker:dind, trying to use a variety of configurations to get it working, I continue to get the same Cannot connect to the Docker daemon at <some address>. Is the docker daemon running?
or similar.
I previously used the Docker Socket binding method, which worked, but now in GitLab 11.11+, it's no longer possible, as described here.
Configuration
I currently self-host all containers in a Rancher (v1.6.28) environment.
.gitlab-ci.yml
image: docker:latest
services:
- docker:dind
stages:
- Build Base
- Build Variants
- Push Images
variables:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
build-base:
stage: Build Base
artifacts:
expire_in: 1 week
paths:
- ./images/
except:
- pushes
tags:
- docker
before_script:
- mkdir ./images
script:
- docker build --pull --build-arg "GRAV_VERSION=$GRAV_VERSION" -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA" .
- docker save --output "./images/$CI_COMMIT_SHORT_SHA.tar" "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA"
GitLab Runner docker-compose.yml
version: '2'
services:
gitlab-runner-config:
image: gitlab/gitlab-runner:alpine # Alpine Linux image is designed to use only Docker as the method of spawning runners
command:
- register
environment: # Options can be found by running "gitlab-runner register". More info found at https://docs.gitlab.com/runner/configuration/advanced-configuration.html
REGISTER_NON_INTERACTIVE: true # Run registration unattended
CI_SERVER_URL: http://gitlab/ # Runner URL
REGISTRATION_TOKEN: ${GITLAB_TOKEN} # Runner's registration token
RUNNER_EXECUTOR: docker # Select executor, eg. shell, docker, etc.
RUNNER_NAME: ${GITLAB_RUNNER_DESCRIPTION} # Runner name
RUNNER_TAG_LIST: ${GITLAB_TAGS} # Tag list
REGISTER_LOCKED: false # Lock Runner for current project
DOCKER_IMAGE: docker:latest # Docker image to be used
DOCKER_PRIVILEGED: true # Give extended privileges to container
DOCKER_EXTRA_HOSTS: gitlab:${GITLAB_IP} # Add a custom host-to-IP mapping
DOCKER_HOST: tcp://localhost:2376 # Docker daemon address
DOCKER_TLS_CERTDIR: "" # HOTFIX?
external_links:
{{- if .Values.GITLAB_LINK}}
- ${GITLAB_LINK}:gitlab
{{- end}}
labels:
io.rancher.container.pull_image: always
io.rancher.container.start_once: true
{{- if .Values.HOST_LABEL}}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end}}
traefik.enable: false
volumes:
- /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
- /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
- GitLab-Runner:/etc/gitlab-runner
gitlab-runner:
image: gitlab/gitlab-runner:alpine # Alpine Linux image is designed to use only Docker as the method of spawning runners
command:
- run
{{- if .Values.GITLAB_LINK}}
external_links:
- ${GITLAB_LINK}:gitlab
{{- end}}
labels:
io.rancher.container.pull_image: always
{{- if .Values.HOST_LABEL}}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end}}
io.rancher.sidekicks: gitlab-runner-config
traefik.enable: false
privileged: true
restart: always
volumes:
- /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
- /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
- GitLab-Runner:/etc/gitlab-runner
volumes:
GitLab-Runner:
driver: local
GitLab Runner config.toml
Configuration Variations
Using all combinations of:
- With and without
DOCKER_TLS_CERTDIR: ""
as suggested here -
DOCKER_HOST:
-
tcp://localhost:2375
this docs page describes howlocalhost
is used in a Kubernetes environment only, but it seems my in my Rancher environment, usinglocalhost
is the only one that actually resolves when the container does a hostname lookup. tcp://localhost:2376
tcp://docker:2375
tcp://docker:2376
-
Results
Excluding instances when using DOCKER_TLS_CERTDIR: ""
, as it did not make a difference when having it in my .gitlab-ci.ml
or in the Runners' environment / config.toml.
Plea for Help
I hugely appreciate anything anyone might be able to suggest! I'm quite probably just overlooking something I hope, but cannot seem to figure it out.