Custom Gitlab Runner Failing - Cannot connect to the Docker daemon

Question

These are the steps I followed to setup a custom Gitlab runner:

1. Install Gitlab runner by following the instructions here: https://docs.gitlab.com/runner/install/linux-repository.html

2. Register a runner with docker exectuor and docker:19 image

3. Write gitlab-ci.yml as follow:

image: docker:19.03.1

services:
  - name: docker:19.03.1-dind
    alias: docker

stages:
- build

build:
  stage: build
  variables:
    IMAGE_TAG: repo.azurecr.io/some-repo
    DOCKER_HOST: tcp://172.17.0.1:2375
    DOCKER_TLS_CERTDIR: ''
  script:
    - docker login someacr.azurecr.io -u "$SERVICE_PRINCIPAL_USER" -p "$SERVICE_PRINCIPAL_PASSWORD"
    - if [[ "$CI_COMMIT_REF_NAME" == "develop" ]]; then docker build -t $IMAGE_TAG .; fi

4. Running the pipeline throws this error:

Login succeeded
if [[ "$CI_COMMIT_REF_NAME" == "develop" ]]; then docker build -t $IMAGE_TAG .; fi
Cannot connect to the Docker daemon at tcp://172.17.0.1:2375. Is the docker daemon running?
Cleaning up project directory and file based variables
00:02
ERROR: Job failed: exit code 1

This is what I have tried so far:

1. privileged: true in /etc/gitlab-runner/config.toml
2. dind:19 docker image in gitlab-ci.yml
3. adding volumes = ["/var/run/docker.sock /var/run/docker.sock" "/cache"] in /etc/gitlab-runner/config.toml
4. used DOCKER_TLS_CERTDIR: '' in gitlab-ci.yml as variable
5. populating DOCKER_HOST variable with DOCKER_HOST: tcp://172.17.0.1:2375
6. much more...

All these changes result in either of the 2 issues described in Gitlab Runner Troubleshooting here: https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#troubleshooting

1. docker: Cannot connect to the Docker daemon at tcp://docker:2375. Is the docker daemon running?
2. Docker no such host error.

Answer 1

In order to have the least issues with docker:dind within a gitlab ci, four parameters have to be correctly set:

• The service should be set 'docker:20.10.16-dind' or later.
• DOCKER_TLS_CERTDIR variable should be set to "" otherwise it seems it tries to use TLS.
• DOCKER_HOST variable should be set "tcp://docker:2375"
• And FF_NETWORK_PER_BUILD should be set to true. It allows communication between the docker service and image used.

A sample partial .gitlab-ci.yml file would be:

variables: 
  DOCKER_DIND: "docker:20.10.16-dind"                                                          
  DOCKER_TLS_CERTDIR: ""
  DOCKER_HOST: "tcp://docker:2375"
  FF_NETWORK_PER_BUILD: "true"

job_name:
  image: julienlecomte/docker-make
  services:                                                                                   
    - $DOCKER_DIND                                                                            
  script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY

Answer 2

Your DOCKER_HOST variable value is not correct.

Use DOCKER_HOST: "tcp://docker:2375"

adding volumes = ["/var/run/docker.sock /var/run/docker.sock" "/cache"] in /etc/gitlab-runner/config.toml

I would recommend removing the volume mount of /var/run/docker.sock from the runner configuration here. This is not necessary when leveraging the docker:dind service container method. Though, it technically won't cause issues.

privileged: true in /etc/gitlab-runner/config.toml
[...]
used DOCKER_TLS_CERTDIR: '' in gitlab-ci.yml as variable

These changes are good, keep these changes.