Cannot connect to the Docker daemon using DinD for GitLab-CE Pipeline (#4566) · Issues · GitLab.org / gitlab-runner · GitLab

Cannot connect to the Docker daemon using DinD for GitLab-CE Pipeline

### Summary When using docker:dind, trying to use a variety of configurations to get it working, I continue to get the same `Cannot connect to the Docker daemon at <some address>. Is the docker daemon running?` or similar. I previously used the Docker Socket binding method, which worked, but now in GitLab 11.11+, it's no longer possible, [as described here.](https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-socket-binding) ### Configuration I currently self-host all containers in a Rancher (v1.6.28) environment. ##### .gitlab-ci.yml ```yaml image: docker:latest services: - docker:dind stages: - Build Base - Build Variants - Push Images variables: DOCKER_DRIVER: overlay2 DOCKER_TLS_CERTDIR: "" build-base: stage: Build Base artifacts: expire_in: 1 week paths: - ./images/ except: - pushes tags: - docker before_script: - mkdir ./images script: - docker build --pull --build-arg "GRAV_VERSION=$GRAV_VERSION" -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA" . - docker save --output "./images/$CI_COMMIT_SHORT_SHA.tar" "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA" ``` ##### GitLab Runner docker-compose.yml ```yaml version: '2' services: gitlab-runner-config: image: gitlab/gitlab-runner:alpine # Alpine Linux image is designed to use only Docker as the method of spawning runners command: - register environment: # Options can be found by running "gitlab-runner register". More info found at https://docs.gitlab.com/runner/configuration/advanced-configuration.html REGISTER_NON_INTERACTIVE: true # Run registration unattended CI_SERVER_URL: http://gitlab/ # Runner URL REGISTRATION_TOKEN: ${GITLAB_TOKEN} # Runner's registration token RUNNER_EXECUTOR: docker # Select executor, eg. shell, docker, etc. RUNNER_NAME: ${GITLAB_RUNNER_DESCRIPTION} # Runner name RUNNER_TAG_LIST: ${GITLAB_TAGS} # Tag list REGISTER_LOCKED: false # Lock Runner for current project DOCKER_IMAGE: docker:latest # Docker image to be used DOCKER_PRIVILEGED: true # Give extended privileges to container DOCKER_EXTRA_HOSTS: gitlab:${GITLAB_IP} # Add a custom host-to-IP mapping DOCKER_HOST: tcp://localhost:2376 # Docker daemon address DOCKER_TLS_CERTDIR: "" # HOTFIX? external_links: {{- if .Values.GITLAB_LINK}} - ${GITLAB_LINK}:gitlab {{- end}} labels: io.rancher.container.pull_image: always io.rancher.container.start_once: true {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} traefik.enable: false volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - GitLab-Runner:/etc/gitlab-runner gitlab-runner: image: gitlab/gitlab-runner:alpine # Alpine Linux image is designed to use only Docker as the method of spawning runners command: - run {{- if .Values.GITLAB_LINK}} external_links: - ${GITLAB_LINK}:gitlab {{- end}} labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} io.rancher.sidekicks: gitlab-runner-config traefik.enable: false privileged: true restart: always volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - GitLab-Runner:/etc/gitlab-runner volumes: GitLab-Runner: driver: local ``` ##### GitLab Runner config.toml ![image](/uploads/6bf91616167e0e9dae79c01ef7a14766/image.png) ### Configuration Variations Using all combinations of: - With and without `DOCKER_TLS_CERTDIR: ""` [as suggested here](https://gitlab.com/gitlab-org/gitlab-ce/issues/64959#note_194582424) - `DOCKER_HOST:` - `tcp://localhost:2375` [this docs page](https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker-workflow-with-docker-executor) describes how `localhost` is used in a Kubernetes environment only, but it seems my in my Rancher environment, using `localhost` is the only one that actually resolves when the container does a hostname lookup. - `tcp://localhost:2376` - `tcp://docker:2375` - `tcp://docker:2376` ### Results Excluding instances when using `DOCKER_TLS_CERTDIR: ""`, as it did not make a difference when having it in my `.gitlab-ci.ml` or in the Runners' environment / config.toml. ![image](/uploads/93d42a55a2385f3b7dbcdb496febd689/image.png) ![image](/uploads/19dc1f4ede032ef4c5c5d7bbb011485a/image.png) ![image](/uploads/cea4d607ac04cadc2f09645c1d942135/image.png) ![image](/uploads/4f44d3427aa602addbe373fc8ed3e48d/image.png) ### Plea for Help I hugely appreciate anything anyone might be able to suggest! I'm quite probably just overlooking something I hope, but cannot seem to figure it out.

issue