我尝试在LXD容器中使用docker executor运行GitLab Runner。 已经完成一半,但仍无法正常运行。
有人碰巧启动了它并可以运行它吗?
答案 0 :(得分:1)
您必须将Docker容器设置为以特权身份运行。 检查运行程序config.toml文件并进行如下设置:
[runners.docker]
tls_verify = false
image = "docker:stable"
privileged = true
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/cache"]
shm_size = 0
[runners.cache]
Insecure = false
还要确保已使用参数启动了LXC容器:
lxc启动-详细的IMAGE CONTAINER_NAME -c security.nesting = true -c security.privileged = true
还要检查LXC配置文件是否设置如下:
config:
raw.lxc: |-
lxc.apparmor.profile = unconfined
lxc.cgroup.devices.allow = a
lxc.mount.auto=proc:rw sys:rw
lxc.cap.drop=
description: Default LXD profile
devices:
eth0:
name: eth0
nictype: bridged
parent: lxdbr0
type: nic
root:
path: /
pool: lxd-pa
type: disk
name: default
如果即使这些设置也不会改变docker容器的行为,请尝试在LXC容器上禁用apparmor
答案 1 :(得分:0)
通过以下步骤来解决所有问题
答案 2 :(得分:0)
使用上面的“ docker-in-docker executor”步骤时,我得到:
ERROR: Preparation failed: Error response from daemon: OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \"process_linux.go:367: setting cgroup config for procHooks process caused \\\"failed to write a *:* rwm to devices.allow: write /sys/fs/cgroup/devices/docker/e55913c80640ad080bf04445658e8cc801cae570fddfa40d05405e025e160625/devices.allow: operation not permitted\\\"\"": unknown (executor_docker.go:714:0s)
lxd版本:3.0.1 ubuntu服务器18.04.1