I was having really hard time to make gitlab runner work on new redhat server’s docker replacement – podman.
Here are few tips for future record

How to make it work

  1. Create all necessary folders
  2. run container in privileged mode so that mount won’t report error such as mount: permission denied (are you root?)
  3. also need to use z after mouting point to surpress SELinux
  4. mount all necessary folder and share them for gitlab-runner to call
  5. use DOCKER_HOST=unix:///var/run/docker.sock instead of DOCKER_HOST=tcp://127.0.0.1:2375.
  6. to run mutilple runners on same host, need to create seperate docker-dind and associate its runner container.

Final code:

mkdir -p /opt/podman/gitlab-runner
mkdir -p /opt/podman/dind/docker
touch /opt/podman/gitlab-runner/config.toml

podman run -d \
        --privileged \
        --restart=always \
        --name dind \
        -e DOCKER_TLS_CERTDIR="" \
        -v docker_run:/var/run:z \
        -v /opt/podman/dind/docker:/etc/docker:z \
        docker:19.03.13-dind

podman run -d \
        --privileged \
        --restart=always \
        --name gitlab-runner \
        -e DOCKER_HOST=unix:///var/run/docker.sock \
        -v /opt/podman/gitlab-runner/config.toml:/etc/gitlab-runner/config.toml:z \
        --volumes-from dind \
        gitlab/gitlab-runner:latest

To make gitlab runner bypass iptables and use host networks, we need to enable host network on both podman and gitlab level. And because this approach based on dind docker, so that we need have both dind and gitlab runner container running in this mode.

podman run -d \
        --privileged \
        --network=host \
        --restart=always \
        --name backup-runner \
        -e DOCKER_HOST=unix:///var/run/docker.sock \
        -v /opt/podman/backup-runner/config.toml:/etc/gitlab-runner/config.toml:z \
        --volumes-from backup-dind \
        gitlab/gitlab-runner:latest

podman run -d \
        --privileged \
        --network=host \
        --restart=always \
        --name backup-dind \
        -e DOCKER_TLS_CERTDIR="" \
        -v docker_run:/var/run:z \
        -v /opt/podman/backup-dind/docker:/etc/docker:z \
        docker:19.03.13-dind

gitlab runner enable host mode
[[runners]]
  [runners.docker]
    network_mode = "host"