Docker-in-docker build works remotely but fails locally
I have a very simple .gitlab-ci.yml example, intented to test the docker-in-docker build method. Here it is :
test:
image: docker
services:
- docker:dind
script:
- docker run hello-worldI have a gitlab runner installed on my local machine, configured to run this project (and this project only), and the shared runners are deactivated, so the build happens on my machine. Here is the result of the build when it is started by gitlab :
Running with gitlab-ci-multi-runner 1.6.0 (01b3ea1)
Using Docker executor with image docker ...
Pulling docker image docker:dind ...
Starting service docker:dind ...
Waiting for services to be up and running...
Pulling docker image docker ...
Running on runner-xxxxxxxx-project-333-concurrent-0 via my-local-machine...
Fetching changes...
HEAD is now at xxxxxxxx Commit message
From https://my.gitlab/me/test
xxxxxxxx .. xxxxxxxx master -> origin/master
Checking out xxxxxxxx as master...
$ docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
c04b14da8d14: Pulling fs layer
c04b14da8d14: Verifying Checksum
c04b14da8d14: Download complete
c04b14da8d14: Pull complete
Digest: sha256:0256e8a36e2070f7bf2d0b0763dbabdd67798512411de4cdcf9431a1feb60fd9
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker Hub account:
https://hub.docker.com
For more examples and ideas, visit:
https://docs.docker.com/engine/userguide/
Build succeededWhich is exactly what I expected.
Now, let's try it locally, for example to test a new configuration without having to push it : gitlab-runner exec docker test :
Running with gitlab-ci-multi-runner 1.6.0 (01b3ea1)
Using Docker executor with image docker ...
Pulling docker image docker:dind ...
Starting service docker:dind ...
Waiting for services to be up and running...
*** WARNING: Service runner--project-1-concurrent-0-docker probably didn't start properly.
API error (500): Cannot link to a non running container: /runner--project-1-concurrent-0-docker AS /runner--project-1-concurrent-0-docker-wait-for-service/runner--project-1-concurrent-0-docker
2016-10-13T12:49:52.861367062Z mount: mounting none on /sys/kernel/security failed: Permission denied
2016-10-13T12:49:52.861393833Z Could not mount /sys/kernel/security.
2016-10-13T12:49:52.861398011Z AppArmor detection and --privileged mode might break.
2016-10-13T12:49:52.863341395Z mount: mounting none on /tmp failed: Permission denied
*********
Pulling docker image docker ...
Running on runner--project-1-concurrent-0 via my-local-machine...
Cloning repository...
Cloning into '/builds/project-1'...
done.
Checking out xxxxxxxx as master...
$ docker run hello-world
docker: Cannot connect to the Docker daemon. Is the docker daemon running on this host?.
See 'docker run --help'.
ERROR: Build failed: exit code 125
FATAL: exit code 125Which is pretty embarrassing.
Various information about my system :
# docker --version
Docker version 1.12.1, build 23cf638
# gitlab-runner --version
Version: 1.6.0
Git revision: 01b3ea1
Git branch: 1-6-stable
GO version: go1.6.3
Built: Thu, 22 Sep 2016 17:47:32 +0000
OS/Arch: linux/amd64
# uname -a
Linux my-local-machine 3.19.0-69-generic #77~14.04.1-Ubuntu SMP Tue Aug 30 01:29:21 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/gitlab-runner/config.toml
concurrent = 1
check_interval = 0
[[runners]]
name = "my-local-machine"
url = "https://my.gitlab/ci"
token = "xxxxxxxxxxxxxxxxxxxxxxxxx"
executor = "docker"
[runners.docker]
tls_verify = false
image = "ubuntu:14.04"
privileged = true
disable_cache = false
volumes = ["/cache"]
[runners.cache]
[runners.kubernetes]
host = ""
cert_file = ""
key_file = ""
ca_file = ""
image = ""
namespace = ""
privileged = false
cpus = ""
memory = ""
service_cpus = ""
service_memory = ""I also note that I don't have any issue as long as I don't try to use docker-in-docker. Builds simply running in docker work well.
Does anybody have an idea of what is happening ?