Setup a Gitlab Runner with docker-in-docker Support

 Posted on 2019-11-16  |  Christian Mäder

Personally, I prefer to set up my own Gitlab Runners. The reasons being that I don’t have to wait for a runner to become available and they’re usually faster then the Gitlab Shared Runners.

Assumptions

This guide assumes you have a system with Ubuntu 18.04 which is permanently connected to the internet. A very cheap and easy way to do this is using Vultr. (Use my affiliate link and get $50 to test their platform.)

Optional: Enable Automatic Updates

As I am a lazy person, I usually enable automatic updates on my Gitlab Runners. Sometimes an update may break things, but most of the time they run smoothly.

# Install Unattended Upgrades package
sudo apt update
sudo apt install unattended-upgrades

# Configure Unattended Upgrades
cat << EOF | sudo tee /etc/apt/apt.conf.d/50unattended-upgrades
# Enable Upgrade for all package types
Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
        "${distro_id}:${distro_codename}-security";
        "${distro_id}ESM:${distro_codename}";
        "${distro_id}:${distro_codename}-updates";
        "${distro_id}:${distro_codename}-proposed";
        "${distro_id}:${distro_codename}-backports";
};
Unattended-Upgrade::DevRelease "false";
# Cleanup
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
# Reboot during the night
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "02:00";
EOF

# Enable Unattended Upgrades
cat << EOF | sudo tee /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOF

Install Docker

The next step is to install Docker:

# Remove any version of Docker that came with your distro
sudo apt remove docker docker-engine docker.io
# Install secure transport
sudo apt install apt-transport-https ca-certificates curl software-properties-common
# Add the GPG key for the Docker repository
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
# Add the Docker repository
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
# Install Docker
sudo apt update
sudo apt install docker-ce

# Optional: Add yourself to the Docker group
sudo usermod -aG docker $USER

Install the Gitlab Runner

Now it’s time to install the Gitlab Runner.

# Install the repository
curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh | sudo bash

# Install the gitlab-runner package
sudo apt install gitlab-runner

# Install the Docker cleanup script
cat << EOF | sudo tee /usr/bin/clear-docker-cache
#!/bin/sh
# (c) Gitlab
# https://gitlab.com/gitlab-org/gitlab-runner/blob/master/packaging/root/usr/share/gitlab-runner/clear-docker-cache

set -e
docker version >/dev/null 2>/dev/null

echo Clearing docker cache...

CONTAINERS=\$(docker ps -a -q \\
             --filter=status=exited \\
             --filter=status=dead \\
             --filter=label=com.gitlab.gitlab-runner.type=cache)

if [ -n "\${CONTAINERS}" ]; then
    docker rm -v \${CONTAINERS}
fi
EOF
sudo chmod a+x /usr/bin/clear-docker-cache

Register the Gitlab Runner

The next step is to register the Gitlab runner with your Gitlab group/project. You get the token to register the runner when you go to your group/project, then Settings and then CI / CD. On that page expand Runners. Then there’s a section called Set up a group Runner manually where the token is displayed.

$ sudo gitlab-runner register
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com )
https://gitlab.com
Please enter the gitlab-ci token for this runner
ABCabc_ABCabc
Please enter the gitlab-ci description for this runner
[hostname] myserver
Please enter the gitlab-ci tags for this runner (comma separated):
docker,linux
Please enter the executor: ssh, docker+machine, docker-ssh+machine, kubernetes, docker, parallels, virtualbox, docker-ssh, shell:
docker
Please enter the Docker image (eg. ruby:2.1):
alpine:latest

Enable Docker-in-Docker

The enable docker-in-docker some changes to the gitlab runner configuration are required.

cat << EOF | sudo patch /etc/gitlab-runner/config.toml
--- /etc/gitlab-runner/config.toml
+++ /etc/gitlab-runner/config.toml
@@ -9,15 +9,16 @@
   url = "https://gitlab.com/"
   token = "xyzXYZxyzXYZ"
   executor = "docker"
+  environment = ["DOCKER_TLS_CERTDIR=/certs","DOCKER_DRIVER=overlay2"]
   [runners.custom_build_dir]
   [runners.docker]
     tls_verify = false
     image = "alpine:latest"
-    privileged = false
+    privileged = true
     disable_entrypoint_overwrite = false
     oom_kill_disable = false
     disable_cache = false
-    volumes = ["/cache"]
+    volumes = ["/certs/client", "/cache"]
     shm_size = 0
   [runners.cache]
     [runners.cache.s3]
EOF

Enable the Gitlab Runner

Since we changed the configuration, we need to restart the Gitlab runner. This is a good chance to ensure that it loads automatically when the system starts.

sudo systemctl enable docker gitlab-runner
sudo systemctl restart docker gitlab-runner

Use the Gitlab Runner in your jobs

When you want to use your runner, you can either add docker to the tags section of your .gitlab-ci.yml. Or you can configure the Gitlab CI runner to be used for any job.

If you want that, go to the CI / CD section in the Settings of your group/project. Again, expand the Runners section. Here you should find your runner. Now on the pencil icon next to it.

On this page you have to tick the checkbox Indicates whether this runner can pick jobs without tags.

Don’t forget to Save changes.

Now, all your ci jobs will be executed by your private Gitlab runner 🚀.

Gitlab  Docker