Add support for interactive web terminal to Docker executor
Description
So far we have added support in the interactive web terminal for kubernetes and shell executors; this issue adds support for the docker executor, which is used both by onsite installations on extensively on gitlab.com. This is purely a limitation of the runner and no other systems should be involved.
Proposal
Have the docker executor implement the InteractiveTerminal and Conn interface from the terminal package. Use gitlab-terminal to proxy connection to the WebSocket, issue for gitlab-terminal to add support can be found in gitlab-terminal#3 (closed)
Keep container runner when terminal attached
By design, docker will stop the container when the pid 1 is finished. Meaning when the script has finished running it will stop the container, which is not what we want if the user is connected to the terminal, we want to keep the container running. Doing this requires behavioural changes to the docker executor inside of the runner, which are listed blow.
Add tail -f /dev/null
Adding tail -f /dev/null at the end of the script will keep the container running forever and then the runner is responsible of stoping the container either when the user closes the terminal connection, or the main script as finished.
Pros:
- Don't change current runner behaviour
Cons:
- If
tailis not present in the container this will not work - Will be quite hard to know when to kill the container if the user is connected, or if the script is still running (since the script will run forever)
Run container in detached mode
For certain containers, it is possible to keep the container running by doing the following docker run -t -d centos this will the container running since the default command is bash. After we start the container like that we will execute the script via docker exec and then stop the container when the exec is done or when the terminal connection is closed/timed out
Pros:
- Cleaner solution
- No hacks
- Same flow as the kubernetes executor
Cons:
- Changing workflow of runner
Limitation of Docker executor
For the Docker executor, as soon as the build script is finished (meaning what the user specified to run in .gitlab-ci.yml) the terminal will close. So:
- Build starts
- User connect to terminal, build script is running at the same time
- Build script finished
Now, normally what would happen is the timeout countdown starts ticking (this works for k8s and shell executors). For Docker, this will close immediately. The reason for that is a technical one on how docker behaves by default.
As direct result it would be, for the Docker executor, the terminal is only available while the build is running.
This will be resolved via #3605, giving users a way to enable this behavior.
Links to related issues and merge requests / references
gitlab-org/gitlab-ce#25990