gitlab-runner 配置

安装

目录结构

# 宿主机通过root登录，可以使用普通用户登录
[root@yl-mac gitlab-runner]# tree
.
├── config
│   └── config.toml
├── ssh
│   └── config
│   └── id_rsa
│   └── id_rsa.pub
└── docker-compose.yml

# 权限
[root@yl-mac gitlab-runner]# ll
total 12
drwxr-xr-x 2 root root 4096 Sep  9 11:49 config
-rw-r--r-- 1 root root  343 Sep 13 08:33 docker-compose.yml
drwxrwxrwx 2 root root 4096 Sep 13 08:39 ssh

[root@yl-mac gitlab-runner]# ll ssh/
total 16
-rw-r--r-- 1 100 65533   25 Sep 13 08:38 config
-rw------- 1 100 65533 2622 Sep 13 08:38 id_rsa
-rw-r--r-- 1 100 65533  581 Sep 13 08:38 id_rsa.pub
-rw-r--r-- 1 100 65533  692 Sep 13 08:42 known_hosts

docker-compose.xml

不需提前建config目录

提前建ssh目录，并配置权限chmod -R 777 ssh，755、766权限都不行

version: '3.8'
 
services:
  gitlab-runner:
    image: gitlab/gitlab-runner:alpine-v14.0.1
    container_name: gitlab-runner
    hostname: gitlab-runner
    volumes:
      - ./config:/etc/gitlab-runner
      - ./ssh:/home/gitlab-runner/.ssh
      - /var/run/docker.sock:/var/run/docker.sock
#    ports:
#      - "8093:8083"
    restart: always

注册 runner 实例

# 进入容器
docker exec -it gitlab-runner sh
 
# 注册 java 编译类型实例，支持 maven 环境的编译
gitlab-runner register --non-interactive --executor "docker"  --docker-image maven:3.6.1-jdk-8-alpine --docker-volumes '/root/.m2:/root/.m2' --url "gitlab 服务地址" --registration-token "gitlab token" --description "maven" --tag-list "maven" --run-untagged="true" --locked="false" --output-limit="40960" --docker-pull-policy="if-not-present"
# --docker-privileged

# 注册 gradle
gitlab-runner register --non-interactive --executor "docker"  --docker-image gradle:7.1.1-jdk8 --docker-volumes '/root/.gradle:/home/gradle/.gradle' --docker-volumes '/var/run/docker.sock:/var/run/docker.sock' --url "gitlab 服务地址" --registration-token "gitlab token" --description "gradle" --tag-list "gradle" --run-untagged="true" --locked="false" --output-limit="40960" --docker-pull-policy="if-not-present"

# 注册 docker 编译类型实例，支持 docker 镜像打包等环境的编译
gitlab-runner register --non-interactive --executor "docker"  --docker-image docker:20.10.7 --docker-volumes '/var/run/docker.sock:/var/run/docker.sock' --url "gitlab 服务地址" --registration-token "gitlab token" --description "docker" --tag-list "docker" --run-untagged="true" --locked="false" --output-limit="40960" --docker-pull-policy="if-not-present"

# 注册 docker-compose 实例
gitlab-runner register --non-interactive --executor "docker" --docker-image docker/compose:alpine-1.29.2 --docker-volumes '/var/run/docker.sock:/var/run/docker.sock' --url "gitlab 服务地址" --registration-token "gitlab token" --description "docker-compose" --tag-list "docker-compose" --run-untagged="true" --locked="false" -output-limit="40960" --docker-pull-policy="if-not-present"

# 注册 shell 执行环境
gitlab-runner register --non-interactive --executor "shell"  --url "gitlab 服务地址" --registration-token "gitlab token" --description "shell" --tag-list "shell" --run-untagged="true" --locked="false" --output-limit="40960"

# 取消注册：通过 name
# gitlab-runner unregister --name docker
# 取消所有注册
# gitlab-runner unregister --all-runners

注册后，会生成以下gitlab-runner 的config.toml配置文件

concurrent = 1
check_interval = 0

[session_server]
  #listen_address = "[::]:8093" #  listen on all available interfaces on port 8093
  #advertise_address = "ip:8093" # gitlab-runner 服务
  session_timeout = 1800

[[runners]]
  name = "maven"
  url = "gitlab 服务地址"
  token = "gitlab token"
  executor = "docker"
  # 默认是4096
  output_limit = 40960
  [runners.custom_build_dir]
  [runners.cache]
    [runners.cache.s3]
    [runners.cache.gcs]
    [runners.cache.azure]
  [runners.docker]
    tls_verify = false
    image = "maven:3.3.3-jdk-8"
    privileged = false
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/root/.m2:/root/.m2", "/cache"]
    shm_size = 0

[[runners]]
  name = "docker"
  url = "gitlab 服务地址"
  token = "gitlab token"
  executor = "docker"
  # 默认是4096
  output_limit = 40960
  [runners.custom_build_dir]
  [runners.cache]
    [runners.cache.s3]
    [runners.cache.gcs]
    [runners.cache.azure]
  [runners.docker]
    tls_verify = false
    image = "docker:stable"
    privileged = false
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/cache", "/var/run/docker.sock:/var/run/docker.sock"]
    shm_size = 0
[[runners]]
  name = "shell"
  output_limit = 40960
  url = "gitlab 服务地址"
  token = "gitlab token"
  executor = "shell"
  [runners.custom_build_dir]
  [runners.cache]
    [runners.cache.s3]
    [runners.cache.gcs]
    [runners.cache.azure]

下载 gitlab-runner 执行 .gitlab-ci.yml 流水线可能需要使用到的镜像

# 必须
docker pull gitlab/gitlab-runner-helper:x86_64-c1edb478
docker pull registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-c1edb478
# 可能使用到
docker pull docker:20.10.7
docker pull maven:3.6.1-jdk-8-alpine
docker pull node:xxxx
docker pull openjdk:xxxx

gitlab-runner 容器 SSH 免密登录远程主机

生成秘钥

# docker-compose 先做 ssh 目录的持久化，再进入容器执行构建秘钥命令
# 解决权限问题，在宿主机执行
chmod -R 777 ssh
# 以 gilab-runner 用户登录容器（不能使用root）
docker exec -it -u gitlab-runner gitlab-runner sh
cd ~
ssh-keygen -t rsa

配置config

解决 Pseudo-terminal will not be allocated because stdin is not a terminal 问题

# 以 gilab-runner 用户登录容器（不能使用root）
tee ~/.ssh/config <<-'EOF'
StrictHostKeyChecking no
EOF

受控主机

将id_rsa.pub里面的内容追加到受控主机的~/.ssh/authorized_keys即可。

问题

1. Maven 持久化问题

   解决：因为Maven容器默认的路径为：/root/.m2，所以gitlab-runner注册的时候，持久化这个路径就行了，使用--docker-volumes '/root/.m2:/root/.m2'

2. Job’s log exceeded limit of 4194304 bytes.

   解决：在gitlab-runner的config.toml加上output_limit配置，默认是4096（4MB）

3. ERROR: Uploading artifacts as “archive” to coordinator… too large archive

   解决：admin area -> settings -> ci/cd -> Continuous Integration and Deployment -> Maximum artifacts size (MB)

4. Gradle 持久化问题

   解决：因为Gradle容器默认的路径为：/home/gradle/.gradle，所以gitlab-runner注册的时候，持久化这个路径就行了，使用--docker-volumes '/root/.gradle:/home/gradle/.gradle'