我能';t登录docker中的Gitlab容器注册表
我有这个项目结构我能';t登录docker中的Gitlab容器注册表,docker,docker-compose,gitlab,docker-registry,gitlab-ci-runner,Docker,Docker Compose,Gitlab,Docker Registry,Gitlab Ci Runner,我有这个项目结构 /sameer |_ /certs |_ localhost-auth.crt |_ localhost-auth.csr |_ localhost-auth.key |_ /projects |_ /sampleapp |_ ...[several python files] |_ Dockerfile |_ .gitlab-ci.yml |_ docker-compose.yml 我有这个do
/sameer
|_ /certs
|_ localhost-auth.crt
|_ localhost-auth.csr
|_ localhost-auth.key
|_ /projects
|_ /sampleapp
|_ ...[several python files]
|_ Dockerfile
|_ .gitlab-ci.yml
|_ docker-compose.yml
我有这个docker compose.yml
文件
version: '2.2'
services:
redis:
restart: always
image: sameersbn/redis:latest
# ports:
# - "6379:6379" #optional
command:
- --loglevel warning
volumes:
- redis:/var/lib/redis:Z
postgresql:
restart: always
image: sameersbn/postgresql:9.5-3
volumes:
- postgresql:/var/lib/postgresql:Z
environment:
- DB_USER=gitlab
- DB_PASS=password
- DB_NAME=gitlabhq_production
- DB_EXTENSION=pg_trgm
gitlab:
cpu_count: 2 # as described here: https://docs.gitlab.com/ce/install/requirements.html#cpu
mem_limit: 4000000000 # as described here: https://docs.gitlab.com/ce/install/requirements.html#memory
restart: always
image: sameersbn/gitlab:10.1.1
# build:
# context: ./images/gitlab
# dockerfile: Dockerfile
## args:
## buildno: 1
volumes:
- gitlab-data:/home/git/data:Z
- gitlab-logs:/var/log/gitlab
- ./certs:/certs
depends_on:
- redis
- postgresql
ports:
- "80:80"
- "2222:22"
external_links:
- "registry:registry"
environment:
- DEBUG=false
- DB_ADAPTER=postgresql
- DB_HOST=postgresql
- DB_PORT=5432
- DB_USER=gitlab
- DB_PASS=password
- DB_NAME=gitlabhq_production
- REDIS_HOST=redis
- REDIS_PORT=6379
- GITLAB_HTTPS=false # <--- for some reason breaks when true
- SSL_SELF_SIGNED=true # <---
- GITLAB_HOST=192.168.99.101 # <---
- GITLAB_PORT=80
- GITLAB_SSH_PORT=2222
- GITLAB_SHELL_SSH_PORT=2222
- GITLAB_RELATIVE_URL_ROOT=
- GITLAB_SECRETS_DB_KEY_BASE=secret
- GITLAB_SECRETS_SECRET_KEY_BASE=secret
- GITLAB_SECRETS_OTP_KEY_BASE=secret
- GITLAB_REGISTRY_ENABLED=true
- GITLAB_REGISTRY_HOST=localhost # <---
- GITLAB_REGISTRY_PORT=5000
- GITLAB_REGISTRY_API_URL=https://localhost:5000/ # Internal address to the registry, will be used by GitLab to directly communicate with API.
- GITLAB_REGISTRY_CERT_PATH=/certs/localhost-auth.crt # <---
- GITLAB_REGISTRY_KEY_PATH=/certs/localhost-auth.key # <---
# Read :
#https://hub.docker.com/r/sameersbn/gitlab-ci-multi-runner/
#https://docs.gitlab.com/runner/
#http://docs.gitlab.com/runner/register/index.html
runner:
restart: always
image: gitlab/gitlab-runner:latest
# build:
# context: ./images/gitlab-runner
# dockerfile: Dockerfile
## args:
## buildno: 1
volumes:
- /var/run/docker.sock:/var/run/docker.sock # so the DinD can connect to the host's docker endpoint
- ./certs:/etc/gitlab-runner/certs
# Read
# https://docs.gitlab.com/runner/commands/README.html#using-environment-variables
environment:
- RUNNER_NAME=${GL_DEFAULT_RUNNER_NAME}
- CI_SERVER_URL=http://192.168.99.101/ci/ # depending on the host
- REGISTRATION_TOKEN=${TOKEN_FROM_GL_UI} # must be grabbed from "Admin Area->Overview->Runners"
- RUNNER_EXECUTOR=docker
- REGISTER_NON_INTERACTIVE=true # Run registration unattended
- REGISTER_RUN_UNTAGGED=true
- REGISTER_LOCKED=false
- RUNNER_CACHE_DIR=cache
- DOCKER_IMAGE=docker:latest
- DOCKER_PRIVILEGED=true # If you want to use docker-in-docker mode, you always have to use privileged = true in your Docker containers
- DOCKER_VOLUMES=/var/run/docker.sock:/var/run/docker.sock # so the DinD can connect to the host's docker endpoint
- CI_SERVER_TLS_CA_FILE=/etc/gitlab-runner/certs/localhost-auth.cert
- CI_SERVER_TLS_CERT_FILE=/etc/gitlab-runner/certs/localhost-auth.cert
- CI_SERVER_TLS_KEY_FILE=/etc/gitlab-runner/certs/localhost-auth.key
# - DOCKER_AUTH_CONFIG=
# - CONFIG_FILE=
# - RUNNER_TAG_LIST=
# - CI_SERVER_TOKEN=
#read here : https://m42.sh/gitlab-registry.html
registry:
restart: always
image: registry:2.4.1
ports:
- "5000:5000"
volumes:
- registry-data:/var/lib/registry
- ./certs:/certs
external_links:
- "gitlab:gitlab"
environment:
- REGISTRY_LOG_LEVEL=debug
- REGISTRY_STORAGE_DELETE_ENABLED=true
- REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry
- REGISTRY_AUTH_TOKEN_REALM=https://localhost/jwt/auth # <---
- REGISTRY_AUTH_TOKEN_SERVICE=container_registry
- REGISTRY_AUTH_TOKEN_ISSUER=localhost
- REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/localhost-auth.crt # <---
- SSL_REGISTRY_KEY_PATH=/certs/localhost-auth.key # <---
- SSL_REGISTRY_CERT_PATH=/certs/localhost-auth.crt # <---
- REGISTRY_HTTP_TLS_CERTIFICATE=/certs/localhost-auth.crt # <---
- REGISTRY_HTTP_TLS_KEY=/certs/localhost-auth.key # <---
- REGISTRY_HTTP_SECRET=secret
portainer:
restart: always
image: portainer/portainer:1.15.1
ports:
- "9001:9000"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "/opt/portainer:/data"
command: --no-auth
# scope:
# image: weaveworks/scope:latest #1.6.4
# ports:
# - "0.0.0.0:4040:4040"
## network_mode: "host"
# pid: "host"
# privileged: true
# labels:
# - "works.weave.role=system"
# volumes:
# - "/var/run/docker.sock:/var/run/docker.sock:rw" # can be used on Linux only
# command:
# - "--probe.docker=true"
volumes:
gitlab-data:
gitlab-logs:
postgresql:
redis:
registry-data:
当我通过docker compose up-d
创建容器时,我将启用注册表,并且我可以从Gitlab UI[Projects->sampleapp->registry]看到它与Gitlab服务器连接
然后我commit
和push
我的代码,Gitlab接收作业并将其转发给Gitlab runner。Gitlab runner将执行.Gitlab ci.yml
文件,我在其中描述我希望Gitlab runner容器中的docker executor(?)登录到注册表,根据提供的docker文件将代码构建到容器中,然后将其推送到注册表
问题是它没有登录到注册表
从我无数次的测试中,我了解到,出于某种原因,运行程序试图[通过gitlab]对注册表进行身份验证,但无法
我得到的一些错误是:
+ echo $ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
+ docker login -u gitlab-ci-token -p xxxxxxxxxxxxxxxxxxxx registry:5000
+ :
$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://registry:5000/v2/: dial tcp: lookup registry on 10.0.2.3:53: server misbehaving
或
或
此外,从runner容器内部,我可以ping
registry fine
正如您在docker compose.yml
文件中所看到的,我已经提供了证书到所有相关容器的路径作为环境变量
那么,我做错了什么?任何指针将不胜感激 我有几乎相同的问题,但我有一个外部服务器上运行的Docker注册表。运行程序可以使用Regsitry进行身份验证,但在Gitlab EE中,注册表页是空的,没有图像。看起来像是一个授权问题。你同时发现问题了吗?没有…我不试了。我使用Azure私有注册表,一切都很顺利。好的,谢谢你的提醒。
+ echo $ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
+ docker login -u gitlab-ci-token -p xxxxxxxxxxxxxxxxxxxx registry:5000
+ :
$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://registry:5000/v2/: dial tcp: lookup registry on 10.0.2.3:53: server misbehaving
+ echo $ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
+ docker login -u gitlab-ci-token -p xxxxxxxxxxxxxxxxxxxx localhost:5000
+ :
$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get http://localhost:5000/v2/: dial tcp 127.0.0.1:5000: getsockopt: connection refused
+ echo $ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
+ docker login -u gitlab-ci-token -p xxxxxxxxxxxxxxxxxxxx 192.168.99.101:5000
+ :
$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://192.168.99.101:5000/v2/: x509: cannot validate certificate for 192.168.99.101 because it doesn't contain any IP SANs