Gitlab runner using dind results in error server misbehaved

Question

I've been trying to get docker up and running in gitlab-runner but keep getting errors such as one below or Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.

.gitlab-ci.yml

build:
  stage: build
  image: docker:latest
  services:
  - name: docker:dind
    alias: docker
    entrypoint: ["env", "-u", "DOCKER_HOST"]
    command: ["dockerd-entrypoint.sh"]
  variables:
    DOCKER_HOST: tcp://docker:2375/
    DOCKER_DRIVER: overlay2
    DOCKER_TLS_CERTDIR: ""
  script:
    - docker info

results:

$ docker info
Client:
 Debug Mode: false

Server:
ERROR: error during connect: Get http://docker:2375/v1.40/info: dial tcp: lookup docker on 10.233.0.3:53: server misbehaving
errors pretty printing info

Runner is not in privileged mode. Is there a way to build a docker image in runner without privileged mode?

And if no, are there other practices and what important cons does this flag bring?

Answer 1

Ensure that you have privileged set to true in your runner definition. According to the Gitlab documentation here If you want to use Docker-in-Docker, you must always use privileged = true in your Docker containers. It worked for me.

Answer 2

I have seen the server misbehaving when the gitlab-runner was trying to access the DIND docker socket on the unencrypted port 2375 while the docker socket is exposed for encrypted traffic on port 2376 or vice-versa.

For TLS enabled, you have to give the certs directory when registering the runner which would update the 'volumes' directive inside the config.toml section of the runner.

TLS enabled reference: https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#docker-in-docker-with-tls-enabled

TLS disabled reference: https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#docker-in-docker-with-tls-disabled

Answer 3

Haven't managed to get dind working so I've come across kaniko tool and managed to build image push it to gitlab repository and use it in other jobs in this pipeline.

Narrowed down definition of this job in gitlab-ci.yml:

build:
  stage: build
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  script:
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE

Gitlab's documentation.

Answer 4

You are trying to run docker command docker info inside your script which is causing the problem. You have the correct image but you haven't started the docker daemon in script before calling docker info.

If your goal is to run a docker instance inside your build and run some automated test, you need to start(may be configure) the docker daemon in the script part of gitlab ci.

If your goal is to deploy the docker container on your target server, then you should only build the docker image in gitlab ci and deploy the image via ssh to your remote server from your pipeline.