Gitlab CI运行程序无法公开嵌套Docker容器的端口 [英] Gitlab CI runner not able to expose ports of nested Docker containers
问题描述
使用GitLab CI以及 gitlab-ci-multi-runner 时,我无法获得内部启动的Docker容器以将其端口暴露给主机,即在其中运行构建的Docker映像。
When using GitLab CI, as well as the gitlab-ci-multi-runner, I'm unable to get internally-started Docker containers to expose their ports to the "host", which is the Docker image in which the build is running.
我的 .gitlab-ci.yml 文件:
test:
image: docker
stage: test
services:
- docker:dind
script:
- APP_CONTAINER_ID=`docker run -d --privileged -p "9143:9143" appropriate/nc nc -l 9143`
- netstat -a
- docker exec $APP_CONTAINER_ID netstat -a
- nc -v localhost 9143
我的命令:
gitlab-ci-multi-runner exec docker --docker-privileged test
输出:
$ netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 runner--project-1-concurrent-0:54664 docker:2375 TIME_WAIT
tcp 0 0 runner--project-1-concurrent-0:54666 docker:2375 TIME_WAIT
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
$ docker exec $APP_CONTAINER_ID netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:9143 0.0.0.0:* LISTEN
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
$ nc -v localhost 9143
ERROR: Build failed: exit code 1
FATAL: exit code 1
我在这里做错了什么?
原始问题随后的内容-上面的内容较短,易于测试的示例
我有一个应用图片在端口 9143 上分配。它的启动和配置是通过 docker-compose.yml 管理的,在我的本地计算机上,通过 docker-compose up -我可以无问题地访问 localhost:9143 。
I have an application image that listens on port 9143. Its startup and config is managed via docker-compose.yml, and works great on my local machine with docker-compose up - I can access localhost:9143 without issue.
但是,在GitLab CI上运行时(< c $ c> gitlab.com 版本),则该端口似乎没有暴露。
However, when running on GitLab CI (the gitlab.com version) via a shared runner, the port doesn't seem to be exposed.
我的 .gitlab-ci.yml :
test:
image: craigotis/buildtools:v1
stage: test
script:
- docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN registry.gitlab.com/craigotis/myapp
- docker-compose up -d
- sleep 60 # a temporary hack to get the logs
- docker-compose logs
- docker-machine env
- docker-compose port app 9143
- netstat -a
- docker-compose ps
- /usr/local/bin/wait-for-it.sh -h localhost -p 9143 -t 60
- cd mocha
- npm i
- npm test
- docker-compose down
输出为:
$ docker-compose logs
...
app_1 | [Thread-1] INFO spark.webserver.SparkServer - == Spark has ignited ...
app_1 | [Thread-1] INFO spark.webserver.SparkServer - >> Listening on 0.0.0.0:9143
app_1 | [Thread-1] INFO org.eclipse.jetty.server.Server - jetty-9.0.z-SNAPSHOT
app_1 | [Thread-1] INFO org.eclipse.jetty.server.ServerConnector - Started ServerConnector@6919dc5{HTTP/1.1}{0.0.0.0:9143}
...
$ docker-compose port app 9143
0.0.0.0:9143
$ netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 runner-e11ae361-project-1925166-concurrent-0:53646 docker:2375 TIME_WAIT
tcp 0 0 runner-e11ae361-project-1925166-concurrent-0:53644 docker:2375 TIME_WAIT
tcp 0 0 runner-e11ae361-project-1925166-concurrent-0:53642 docker:2375 TIME_WAIT
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
$ docker-compose ps
stty: standard input: Not a tty
Name Command State Ports
----------------------------------------------------------------------------------------
my_app_1 wait-for-it.sh mysql_serve ... Up 8080/tcp, 0.0.0.0:9143->9143/tcp
mysql_server docker-entrypoint.sh --cha ... Up 3306/tcp
$ /usr/local/bin/wait-for-it.sh -h localhost -p 9143 -t 60
wait-for-it.sh: waiting 60 seconds for localhost:9143
wait-for-it.sh: timeout occurred after waiting 60 seconds for localhost:9143
我的 docker-compose.yml 的内容:
version: '2'
networks:
app_net:
driver: bridge
services:
app:
image: registry.gitlab.com/craigotis/myapp:latest
depends_on:
- "db"
networks:
- app_net
command: wait-for-it.sh mysql_server:3306 -t 60 -- java -jar /opt/app*.jar
ports:
- "9143:9143"
db:
image: mysql:latest
networks:
- app_net
container_name: mysql_server
environment:
- MYSQL_ALLOW_EMPTY_PASSWORD=true
似乎就像我的应用程序容器正在监听 9143 一样,正确地暴露给共享的GitLab运行程序,但似乎并没有真正暴露出来。在我的本地计算机上工作正常-是否需要一些特殊的解决方法/调整才能使此工作在内部运行在GitLab上的Docker容器?
It seems like my application container is listening on 9143, and it's properly exposed to the shared GitLab runner, but it doesn't seem to actually be exposed. It works fine on my local machine - is there some special workaround/tweak I need to make this work inside a Docker container running on GitLab?
推荐答案
gitlab上的官方 gitab-ci。 com文档是指 PostgreSQL示例
The offical gitab-ci on gitlab.com documentation refers to the example of PostgreSQL
Its working CI does not try to connect to localhost, but rather to the service name
services关键字仅定义了另一个正在运行的Docker映像在构建过程中,并链接到image关键字定义的docker image。这样,您就可以在构建期间访问服务映像。
The
serviceskeyword defines just another docker image that is run during your build and is linked to the docker image that the image keyword defines. This allows you to access the service image during build time.
MySQL的服务容器将以主机名 mysql 进行访问。
因此,要访问数据库服务,您必须连接到名为 mysql 的主机,而不是套接字或 localhost 。
The service container for MySQL will be accessible under the hostname mysql.
So, in order to access your database service you have to connect to the host named mysql instead of a socket or localhost.
您可以检查是否适用于您的情况,然后尝试访问您的应用程序服务在 app:9143 中,而不是 localhost:9143 。
You could check if this applies in your case, and try accessing your application service in app:9143 instead of localhost:9143.
这篇关于Gitlab CI运行程序无法公开嵌套Docker容器的端口的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
