How to make podman run gitlab runner
I was having really hard time to make gitlab runner work on new redhat server’s docker replacement – podman.
Here are few tips for future record
How to make it work
- Create all necessary folders
- run container in privileged mode so that mount won’t report error such as
mount: permission denied (are you root?) - also need to use
zafter mouting point to surpress SELinux - mount all necessary folder and share them for gitlab-runner to call
- use
DOCKER_HOST=unix:///var/run/docker.sockinstead ofDOCKER_HOST=tcp://127.0.0.1:2375. - to run mutilple runners on same host, need to create seperate docker-dind and associate its runner container.
Final code:
mkdir -p /opt/podman/gitlab-runner
mkdir -p /opt/podman/dind/docker
touch /opt/podman/gitlab-runner/config.toml
podman run -d \
--privileged \
--restart=always \
--name dind \
-e DOCKER_TLS_CERTDIR="" \
-v docker_run:/var/run:z \
-v /opt/podman/dind/docker:/etc/docker:z \
docker:19.03.13-dind
podman run -d \
--privileged \
--restart=always \
--name gitlab-runner \
-e DOCKER_HOST=unix:///var/run/docker.sock \
-v /opt/podman/gitlab-runner/config.toml:/etc/gitlab-runner/config.toml:z \
--volumes-from dind \
gitlab/gitlab-runner:latest
To make gitlab runner bypass iptables and use host networks, we need to enable host network on both podman and gitlab level. And because this approach based on dind docker, so that we need have both dind and gitlab runner container running in this mode.
podman run -d \
--privileged \
--network=host \
--restart=always \
--name backup-runner \
-e DOCKER_HOST=unix:///var/run/docker.sock \
-v /opt/podman/backup-runner/config.toml:/etc/gitlab-runner/config.toml:z \
--volumes-from backup-dind \
gitlab/gitlab-runner:latest
podman run -d \
--privileged \
--network=host \
--restart=always \
--name backup-dind \
-e DOCKER_TLS_CERTDIR="" \
-v docker_run:/var/run:z \
-v /opt/podman/backup-dind/docker:/etc/docker:z \
docker:19.03.13-dind
gitlab runner enable host mode
[[runners]]
[runners.docker]
network_mode = "host"
