Skip to content
GitLab
Next
    • GitLab: the DevOps platform
    • Explore GitLab
    • Install GitLab
    • How GitLab compares
    • Get started
    • GitLab docs
    • GitLab Learn
  • Pricing
  • Talk to an expert
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    Projects Groups Snippets
  • Sign up now
  • Login
  • Sign in / Register
  • gitlab-runner gitlab-runner
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 2,607
    • Issues 2,607
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 107
    • Merge requests 107
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • GitLab.orgGitLab.org
  • gitlab-runnergitlab-runner
  • Issues
  • #4566
Closed
Open
Issue created Aug 01, 2019 by William Miceli@WilliamMiceli

Cannot connect to the Docker daemon using DinD for GitLab-CE Pipeline

Summary

When using docker:dind, trying to use a variety of configurations to get it working, I continue to get the same Cannot connect to the Docker daemon at <some address>. Is the docker daemon running? or similar.

I previously used the Docker Socket binding method, which worked, but now in GitLab 11.11+, it's no longer possible, as described here.

Configuration

I currently self-host all containers in a Rancher (v1.6.28) environment.

.gitlab-ci.yml
image: docker:latest

services:
  - docker:dind

stages:
  - Build Base
  - Build Variants
  - Push Images

variables:
  DOCKER_DRIVER: overlay2
  DOCKER_TLS_CERTDIR: ""

build-base:
  stage: Build Base
  artifacts:
    expire_in: 1 week
    paths:
      - ./images/
  except:
    - pushes
  tags:
    - docker
  before_script:
    - mkdir ./images
  script:
    - docker build --pull --build-arg "GRAV_VERSION=$GRAV_VERSION" -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA" .
    - docker save --output "./images/$CI_COMMIT_SHORT_SHA.tar" "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA"
GitLab Runner docker-compose.yml
version: '2'

services:
  gitlab-runner-config:
    image: gitlab/gitlab-runner:alpine # Alpine Linux image is designed to use only Docker as the method of spawning runners
    command:
      - register
    environment: # Options can be found by running "gitlab-runner register". More info found at https://docs.gitlab.com/runner/configuration/advanced-configuration.html
      REGISTER_NON_INTERACTIVE: true                # Run registration unattended
      CI_SERVER_URL: http://gitlab/                 # Runner URL
      REGISTRATION_TOKEN: ${GITLAB_TOKEN}           # Runner's registration token
      RUNNER_EXECUTOR: docker                       # Select executor, eg. shell, docker, etc.
      RUNNER_NAME: ${GITLAB_RUNNER_DESCRIPTION}     # Runner name
      RUNNER_TAG_LIST: ${GITLAB_TAGS}               # Tag list
      REGISTER_LOCKED: false                        # Lock Runner for current project
      DOCKER_IMAGE: docker:latest                   # Docker image to be used
      DOCKER_PRIVILEGED: true                       # Give extended privileges to container
      DOCKER_EXTRA_HOSTS: gitlab:${GITLAB_IP}       # Add a custom host-to-IP mapping
      DOCKER_HOST: tcp://localhost:2376             # Docker daemon address
      DOCKER_TLS_CERTDIR: "" # HOTFIX?
    external_links:
    {{- if .Values.GITLAB_LINK}}
      - ${GITLAB_LINK}:gitlab
    {{- end}}
    labels:
      io.rancher.container.pull_image: always
      io.rancher.container.start_once: true
      {{- if .Values.HOST_LABEL}}
      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
      {{- end}}
      traefik.enable: false
    volumes:
      - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
      - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
      - GitLab-Runner:/etc/gitlab-runner
  gitlab-runner:
    image: gitlab/gitlab-runner:alpine # Alpine Linux image is designed to use only Docker as the method of spawning runners
    command:
      - run
    {{- if .Values.GITLAB_LINK}}
    external_links:
      - ${GITLAB_LINK}:gitlab
    {{- end}}
    labels:
      io.rancher.container.pull_image: always
      {{- if .Values.HOST_LABEL}}
      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
      {{- end}}
      io.rancher.sidekicks: gitlab-runner-config
      traefik.enable: false
    privileged: true
    restart: always
    volumes:
      - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
      - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
      - GitLab-Runner:/etc/gitlab-runner

volumes:
  GitLab-Runner:
    driver: local
GitLab Runner config.toml

image

Configuration Variations

Using all combinations of:

  • With and without DOCKER_TLS_CERTDIR: "" as suggested here
  • DOCKER_HOST:
    • tcp://localhost:2375 this docs page describes how localhost is used in a Kubernetes environment only, but it seems my in my Rancher environment, using localhost is the only one that actually resolves when the container does a hostname lookup.
    • tcp://localhost:2376
    • tcp://docker:2375
    • tcp://docker:2376

Results

Excluding instances when using DOCKER_TLS_CERTDIR: "", as it did not make a difference when having it in my .gitlab-ci.ml or in the Runners' environment / config.toml.

image image image image

Plea for Help

I hugely appreciate anything anyone might be able to suggest! I'm quite probably just overlooking something I hope, but cannot seem to figure it out.

Assignee
Assign to
Time tracking