Gitlab-ci + DinD + Mysql服务权限问题
我创build了两个gitlab作业:
- testing单元(在gitlab上使用php注册的docker)
- Sonar(使用docker服务运行“Letsdeal / docker-sonar-scanner”)
温我用下面的gitlab-ci-multi-runnerconfiguration:
concurrent = 1 check_interval = 0 [[runners]] name = "name-ci" url = "https://uri/ci" token = "token" executor = "docker" [runners.docker] tls_verify = false image = "docker:latest" privileged = true disable_cache = false volumes = ["/cache"] shm_size = 0 [runners.cache] testing单元作业正常工作,但Sonar作业失败,出现以下消息:
service runner-f66e3b66-project-227-concurrent-0-docker-wait-for-service did timeout 2017-07-05T16:13:18.543802416Z mount: mounting none on /sys/kernel/security failed: Permission denied 2017-07-05T16:13:18.543846406Z Could not mount /sys/kernel/security. 2017-07-05T16:13:18.543855189Z AppArmor detection and --privileged mode might break. 2017-07-05T16:13:18.543861712Z mount: mounting none on /tmp failed: Permission denied
当我将“runner.docker”的configuration参数“特权”更改为false时。 声纳工作但testing单元失败:
service runner-f66e3b66-project-227-concurrent-0-mysql-wait-for-service did timeout 2017-07-05T15:08:49.178114891Z 2017-07-05T15:08:49.178257497Z ERROR: mysqld failed while attempting to check config 2017-07-05T15:08:49.178266378Z command was: "mysqld --verbose --help" 2017-07-05T15:08:49.178271850Z 2017-07-05T15:08:49.178276837Z mysqld: error while loading shared libraries: libpthread.so.0: cannot open shared object file: Permission denied
该参数“特权”必须是真实的,才能够在docker使用docker。 但我不明白为什么它会让像MySQL这样的服务遭到破坏。
这是我的gitlab-ci文件:
stage : - test-unit - analyse .php_job_template: &php_job_template image: custom_docker_image before_script: - eval $(ssh-agent -s) && ssh-add <(echo "$SSH_PRIVATE_KEY") - mkdir -p ~/.ssh && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config services : - mysql variables: MYSQL_DATABASE: blabla MYSQL_USER: blabla MYSQL_PASSWORD: blabla MYSQL_ROOT_PASSWORD: blabla test_phpunit_dev: <<: *php_job_template stage: test-unit script: - mysql -h mysql -u blabla -pblabla <<< "SET GLOBAL sql_mode = '';" - php composer.phar install -q - php vendor/bin/phpunit -c tests/phpunit.xml sonar: stage: analyse image: docker:1.12.6 services: - docker:dind script: - docker run --rm -v `pwd`:/build -w /build letsdeal/sonar-scanner:2.7 scan -e
如果有人知道谁来解决这个问题,欢迎您。 谢谢。