我无法login到docker中的Gitlab Containerregistry
我有这个项目结构
/sameer |_ /certs |_ localhost-auth.crt |_ localhost-auth.csr |_ localhost-auth.key |_ /projects |_ /sampleapp |_ ...[several python files] |_ Dockerfile |_ .gitlab-ci.yml |_ docker-compose.yml 我有这个docker-compose.yml文件。
version: '2.2' services: redis: restart: always image: sameersbn/redis:latest # ports: # - "6379:6379" #optional command: - --loglevel warning volumes: - redis:/var/lib/redis:Z postgresql: restart: always image: sameersbn/postgresql:9.5-3 volumes: - postgresql:/var/lib/postgresql:Z environment: - DB_USER=gitlab - DB_PASS=password - DB_NAME=gitlabhq_production - DB_EXTENSION=pg_trgm gitlab: cpu_count: 2 # as described here: https://docs.gitlab.com/ce/install/requirements.html#cpu mem_limit: 4000000000 # as described here: https://docs.gitlab.com/ce/install/requirements.html#memory restart: always image: sameersbn/gitlab:10.1.1 # build: # context: ./images/gitlab # dockerfile: Dockerfile ## args: ## buildno: 1 volumes: - gitlab-data:/home/git/data:Z - gitlab-logs:/var/log/gitlab - ./certs:/certs depends_on: - redis - postgresql ports: - "80:80" - "2222:22" external_links: - "registry:registry" environment: - DEBUG=false - DB_ADAPTER=postgresql - DB_HOST=postgresql - DB_PORT=5432 - DB_USER=gitlab - DB_PASS=password - DB_NAME=gitlabhq_production - REDIS_HOST=redis - REDIS_PORT=6379 - GITLAB_HTTPS=false # <--- for some reason breaks when true - SSL_SELF_SIGNED=true # <--- - GITLAB_HOST=192.168.99.101 # <--- - GITLAB_PORT=80 - GITLAB_SSH_PORT=2222 - GITLAB_SHELL_SSH_PORT=2222 - GITLAB_RELATIVE_URL_ROOT= - GITLAB_SECRETS_DB_KEY_BASE=secret - GITLAB_SECRETS_SECRET_KEY_BASE=secret - GITLAB_SECRETS_OTP_KEY_BASE=secret - GITLAB_REGISTRY_ENABLED=true - GITLAB_REGISTRY_HOST=localhost # <--- - GITLAB_REGISTRY_PORT=5000 - GITLAB_REGISTRY_API_URL=https://localhost:5000/ # Internal address to the registry, will be used by GitLab to directly communicate with API. - GITLAB_REGISTRY_CERT_PATH=/certs/localhost-auth.crt # <--- - GITLAB_REGISTRY_KEY_PATH=/certs/localhost-auth.key # <--- # Read : #https://hub.docker.com/r/sameersbn/gitlab-ci-multi-runner/ #https://docs.gitlab.com/runner/ #http://docs.gitlab.com/runner/register/index.html runner: restart: always image: gitlab/gitlab-runner:latest # build: # context: ./images/gitlab-runner # dockerfile: Dockerfile ## args: ## buildno: 1 volumes: - /var/run/docker.sock:/var/run/docker.sock # so the DinD can connect to the host's docker endpoint - ./certs:/etc/gitlab-runner/certs # Read # https://docs.gitlab.com/runner/commands/README.html#using-environment-variables environment: - RUNNER_NAME=${GL_DEFAULT_RUNNER_NAME} - CI_SERVER_URL=http://192.168.99.101/ci/ # depending on the host - REGISTRATION_TOKEN=${TOKEN_FROM_GL_UI} # must be grabbed from "Admin Area->Overview->Runners" - RUNNER_EXECUTOR=docker - REGISTER_NON_INTERACTIVE=true # Run registration unattended - REGISTER_RUN_UNTAGGED=true - REGISTER_LOCKED=false - RUNNER_CACHE_DIR=cache - DOCKER_IMAGE=docker:latest - DOCKER_PRIVILEGED=true # If you want to use docker-in-docker mode, you always have to use privileged = true in your Docker containers - DOCKER_VOLUMES=/var/run/docker.sock:/var/run/docker.sock # so the DinD can connect to the host's docker endpoint - CI_SERVER_TLS_CA_FILE=/etc/gitlab-runner/certs/localhost-auth.cert - CI_SERVER_TLS_CERT_FILE=/etc/gitlab-runner/certs/localhost-auth.cert - CI_SERVER_TLS_KEY_FILE=/etc/gitlab-runner/certs/localhost-auth.key # - DOCKER_AUTH_CONFIG= # - CONFIG_FILE= # - RUNNER_TAG_LIST= # - CI_SERVER_TOKEN= #read here : https://m42.sh/gitlab-registry.html registry: restart: always image: registry:2.4.1 ports: - "5000:5000" volumes: - registry-data:/var/lib/registry - ./certs:/certs external_links: - "gitlab:gitlab" environment: - REGISTRY_LOG_LEVEL=debug - REGISTRY_STORAGE_DELETE_ENABLED=true - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry - REGISTRY_AUTH_TOKEN_REALM=https://localhost/jwt/auth # <--- - REGISTRY_AUTH_TOKEN_SERVICE=container_registry - REGISTRY_AUTH_TOKEN_ISSUER=localhost - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/localhost-auth.crt # <--- - SSL_REGISTRY_KEY_PATH=/certs/localhost-auth.key # <--- - SSL_REGISTRY_CERT_PATH=/certs/localhost-auth.crt # <--- - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/localhost-auth.crt # <--- - REGISTRY_HTTP_TLS_KEY=/certs/localhost-auth.key # <--- - REGISTRY_HTTP_SECRET=secret portainer: restart: always image: portainer/portainer:1.15.1 ports: - "9001:9000" volumes: - "/var/run/docker.sock:/var/run/docker.sock" - "/opt/portainer:/data" command: --no-auth # scope: # image: weaveworks/scope:latest #1.6.4 # ports: # - "0.0.0.0:4040:4040" ## network_mode: "host" # pid: "host" # privileged: true # labels: # - "works.weave.role=system" # volumes: # - "/var/run/docker.sock:/var/run/docker.sock:rw" # can be used on Linux only # command: # - "--probe.docker=true" volumes: gitlab-data: gitlab-logs: postgresql: redis: registry-data:
和这个.gitlab-ci.yml文件
#image: docker:latest variables: CI_DEBUG_TRACE: "true" # makes the log extra verbose # When using dind, it's wise to use the overlayfs driver for improved performance. DOCKER_DRIVER: overlay2 # -Gitlab registry vars- # CI_REGISTRY: registry:5000 # CI_REGISTRY: 192.168.99.101:5000 CI_REGISTRY: localhost:5000 ## -Azure registry vars- # AZURE_USER: # AZURE_PASS: # AZURE_REGISTRY_URL: before_script: # -Gitlab registry login- - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY ## -Azure registry login- # - docker login -u $AZURE_USER -p $AZURE_PASS $AZURE_REGISTRY_URL job1: image: docker:latest services: - docker:dind stage: build script: - docker build -t $CI_REGISTRY/my-image . - docker push $CI_REGISTRY/my-image # - docker build -t $AZURE_REGISTRY_URL/my-image . # - docker push $AZURE_REGISTRY_URL/my-image
当我通过docker-compose up -d创build容器docker-compose up -d ,我得到registry被启用,并且我可以看到从Gitlab UI [Projects – > sampleapp – > Registry]连接到Gitlab服务器。
然后我commit并push我的代码,Gitlab接收这个工作并将其转发给Gitlab-runner。 Gitlab-runner将执行.gitlab-ci.yml文件,我正在描述我想要Gitlab-runner容器中的docker-executor(?)login到registry,将我的代码构build到基于提供Dockerfile,然后将其推送到registry。
问题是它不能login到registry!
从我无数次的testing中,我明白出于某种原因,跑步者试图通过gitlabvalidationregistry,但是不能。
我得到的一些错误是:
+ echo $ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY + docker login -u gitlab-ci-token -p xxxxxxxxxxxxxxxxxxxx registry:5000 + : $ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY WARNING! Using --password via the CLI is insecure. Use --password-stdin. Error response from daemon: Get https://registry:5000/v2/: dial tcp: lookup registry on 10.0.2.3:53: server misbehaving
要么
+ echo $ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY + docker login -u gitlab-ci-token -p xxxxxxxxxxxxxxxxxxxx localhost:5000 + : $ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY WARNING! Using --password via the CLI is insecure. Use --password-stdin. Error response from daemon: Get http://localhost:5000/v2/: dial tcp 127.0.0.1:5000: getsockopt: connection refused
要么
+ echo $ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY + docker login -u gitlab-ci-token -p xxxxxxxxxxxxxxxxxxxx 192.168.99.101:5000 + : $ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY WARNING! Using --password via the CLI is insecure. Use --password-stdin. Error response from daemon: Get https://192.168.99.101:5000/v2/: x509: cannot validate certificate for 192.168.99.101 because it doesn't contain any IP SANs
另外,从亚军容器内我可以pinglogin罚款。
正如您在docker-compose.yml文件中所看到docker-compose.yml ,我已经为环境variables提供了证书到所有相关容器的path。
那么,我做错了什么? 任何指针,将不胜感激!