github.com/secure-build/gitlab-runner@v12.5.0+incompatible/docs/install/docker.md (about) 1 # Run GitLab Runner in a container 2 3 This is how you can run GitLab Runner inside a Docker container. 4 5 ## General GitLab Runner Docker image usage 6 7 GitLab Runner Docker images (based on [Ubuntu or Alpine Linux](#docker-images)) 8 are designed as wrappers around the standard `gitlab-runner` command, like if 9 GitLab Runner was installed directly on the host. 10 11 The general rule is that every GitLab Runner command that normally would be executed 12 as: 13 14 ```bash 15 gitlab-runner [Runner command and options...] 16 ``` 17 18 can be executed with: 19 20 ```bash 21 docker run [chosen docker options...] gitlab/gitlab-runner [Runner command and options...] 22 ``` 23 24 For example, getting the top-level help information for GitLab Runner command could be 25 executed as: 26 27 ```bash 28 docker run --rm -t -i gitlab/gitlab-runner --help 29 30 NAME: 31 gitlab-runner - a GitLab Runner 32 33 USAGE: 34 gitlab-runner [global options] command [command options] [arguments...] 35 36 VERSION: 37 10.7.0 (7c273476) 38 39 (...) 40 ``` 41 42 In short, the `gitlab-runner` part of the command is replaced with 43 `docker run [docker options] gitlab/gitlab-runner`, while the rest of Runner's 44 command stays as it is described in the [register documentation](../register/index.md). 45 The only difference is that the `gitlab-runner` command is executed inside of a 46 Docker container. 47 48 ## Docker image installation 49 50 1. Install Docker first: 51 52 ```bash 53 curl -sSL https://get.docker.com/ | sh 54 ``` 55 56 1. You need to mount a config volume into the `gitlab-runner` container to 57 be used for configs and other resources: 58 59 ```bash 60 docker run -d --name gitlab-runner --restart always \ 61 -v /srv/gitlab-runner/config:/etc/gitlab-runner \ 62 -v /var/run/docker.sock:/var/run/docker.sock \ 63 gitlab/gitlab-runner:latest 64 ``` 65 66 TIP: **Tip:** 67 On macOS, use `/Users/Shared` instead of `/srv`. 68 69 Or, you can use a config container to mount your custom data volume: 70 71 ```bash 72 docker run -d --name gitlab-runner-config \ 73 -v /etc/gitlab-runner \ 74 busybox:latest \ 75 /bin/true 76 ``` 77 78 And then, run the Runner: 79 80 ```bash 81 docker run -d --name gitlab-runner --restart always \ 82 -v /var/run/docker.sock:/var/run/docker.sock \ 83 --volumes-from gitlab-runner-config \ 84 gitlab/gitlab-runner:latest 85 ``` 86 87 1. Register the runner you just launched by following the instructions in the 88 [Docker section of Registering Runners](../register/index.md#docker). 89 The runner won't pick up any jobs until it's registered. 90 91 Make sure that you read the [FAQ](../faq/README.md) section which describes 92 some of the most common problems with GitLab Runner. 93 94 ## Update configuration 95 96 If you change the configuration in `config.toml`, you might need to restart the runner to apply the change. 97 Make sure to restart the whole container instead of using `gitlab-runner restart`: 98 99 ```bash 100 docker restart gitlab-runner 101 ``` 102 103 ## Upgrade version 104 105 Pull the latest version (or a specific tag): 106 107 ```bash 108 docker pull gitlab/gitlab-runner:latest 109 ``` 110 111 Stop and remove the existing container: 112 113 ```bash 114 docker stop gitlab-runner && docker rm gitlab-runner 115 ``` 116 117 Start the container as you did originally: 118 119 ```bash 120 docker run -d --name gitlab-runner --restart always \ 121 -v /var/run/docker.sock:/var/run/docker.sock \ 122 -v /srv/gitlab-runner/config:/etc/gitlab-runner \ 123 gitlab/gitlab-runner:latest 124 ``` 125 126 NOTE: **Note:** 127 You need to use the same method for mounting you data volume as you 128 did originally (`-v /srv/gitlab-runner/config:/etc/gitlab-runner` or 129 `--volumes-from gitlab-runner-config`). 130 131 ## Reading GitLab Runner logs 132 133 When GitLab Runner is started as a foreground task (whether it's a locally installed binary or 134 inside of a Docker Container), the logs are printed to the standard output. When 135 GitLab Runner is started as a system service (e.g. with Systemd), the logs are in most 136 cases logged through Syslog or other system logging mechanism. 137 138 With GitLab Runner started as a Docker based service, since the `gitlab-runner ...` command is 139 the main process of the container, the logs can be read using the `docker logs` command. 140 141 For example, if GitLab Runner was started with the following command: 142 143 ```bash 144 docker run -d --name gitlab-runner --restart always \ 145 -v /var/run/docker.sock:/var/run/docker.sock \ 146 -v /srv/gitlab-runner/config:/etc/gitlab-runner \ 147 gitlab/gitlab-runner:latest 148 ``` 149 150 you may get the logs with: 151 152 ```bash 153 docker logs gitlab-runner 154 ``` 155 156 where `gitlab-runner` is the name of the container, set with `--name gitlab-runner` by 157 the first command. 158 159 You may find more information about handling container logs at the [Docker documentation 160 page](https://docs.docker.com/engine/reference/commandline/logs/). 161 162 ## Installing trusted SSL server certificates 163 164 If your GitLab CI server is using self-signed SSL certificates then you should 165 make sure the GitLab CI server certificate is trusted by the GitLab Runner 166 container for them to be able to talk to each other. 167 168 The `gitlab/gitlab-runner` image is configured to look for the trusted SSL 169 certificates at `/etc/gitlab-runner/certs/ca.crt`, this can however be changed using the 170 `-e "CA_CERTIFICATES_PATH=/DIR/CERT"` configuration option. 171 172 Copy the `ca.crt` file into the `certs` directory on the data volume (or container). 173 The `ca.crt` file should contain the root certificates of all the servers you 174 want GitLab Runner to trust. The GitLab Runner container will 175 import the `ca.crt` file on startup so if your container is already running you 176 may need to restart it for the changes to take effect. 177 178 ## Docker images 179 180 The following Docker images are available: 181 182 - `gitlab/gitlab-runner:latest` based on Ubuntu. 183 - `gitlab/gitlab-runner:alpine` based on Alpine with much a smaller footprint 184 (~160/350 MB Ubuntu vs ~45/130 MB Alpine compressed/decompressed). 185 186 TIP: **Tip:** 187 See [gitlab-org/gitlab-runner](https://gitlab.com/gitlab-org/gitlab-runner/tree/master/dockerfiles) 188 source for possible build instructions for both Ubuntu and Alpine images. 189 190 ## SELinux 191 192 Some distributions (CentOS, RedHat, Fedora) use SELinux by default to enhance the security of the underlying system. 193 194 The special care must be taken when dealing with such configuration. 195 196 1. If you want to use Docker executor to run builds in containers you need to access the `/var/run/docker.sock`. 197 However, if you have a SELinux in enforcing mode, you will see the `Permission denied` when accessing the `/var/run/docker.sock`. 198 Install the `selinux-dockersock` and to resolve the issue: <https://github.com/dpw/selinux-dockersock>. 199 1. Make sure that persistent directory is created on host: `mkdir -p /srv/gitlab-runner/config`. 200 1. Run docker with `:Z` on volumes: 201 202 ```bash 203 docker run -d --name gitlab-runner --restart always \ 204 -v /var/run/docker.sock:/var/run/docker.sock \ 205 -v /srv/gitlab-runner/config:/etc/gitlab-runner:Z \ 206 gitlab/gitlab-runner:latest 207 ``` 208 209 More information about the cause and resolution can be found here: 210 <http://www.projectatomic.io/blog/2015/06/using-volumes-with-docker-can-cause-problems-with-selinux/>