Closed ignaciolg closed 4 months ago
+1, am running into the same issue. I am running Gitness behind Traefik and this is pretty annoying.
Following this approach I have found that it is not possible to run pipelines, as they create the Drone container expecting to have access to Gitness using the 'http://host.docker.internal:3000/' address
I believe this is configurable using GITNESS_URL_CONTAINER https://github.com/harness/gitness/blob/a9895959ca593d81fc4a9da7a8e26ac77572ca97/types/config.go#L99-L104
Hello, any update on this?
@bradrydzewski GITNESS_URL_CONTAINER
(not documented at all, Configuration) is the one I thought could work but... it does not.
Here is a simple docker-compose.yml file with just traefik
and gitness
version: '3.8'
services:
traefik:
container_name: traefik
image: traefik:latest
restart: always
networks:
- my_net
ports:
- '80:80/tcp'
volumes:
- ./config/traefik.yml:/etc/traefik/traefik.yml
- ./logs/:/logs/
- /var/run/docker.sock:/var/run/docker.sock:ro
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.traefik.rule=Host(`traefik.localhost`)'
- 'traefik.http.routers.traefik.service=api@internal'
- 'traefik.http.routers.traefik.entrypoints=web'
gitness:
container_name: gitness
image: harness/gitness:latest
restart: always
networks:
- my_net
ports:
- '3000:3000'
environment:
- GITNESS_DEBUG=true
- GITNESS_URL_BASE=http://gitness.localhost
- GITNESS_HTTP_PORT=3000
- GITNESS_URL_CONTAINER=http://gitness:3000
- GITNESS_PRINCIPAL_ADMIN_PASSWORD=password
- GITNESS_TOKEN_COOKIE_NAME=gitness_code_token
volumes:
- gitness_data:/data
- /var/run/docker.sock:/var/run/docker.sock
labels:
- 'traefik.enable=true'
- 'traefik.http.services.gitness.loadbalancer.server.port=3000'
- 'traefik.http.routers.gitness.rule=Host(`gitness.localhost`)'
- 'traefik.http.routers.gitness.entrypoints=web'
volumes:
gitness_data:
name: 'gitness_data'
networks:
my_net:
name: my_net
traefik
confile file is a basic one, nothing special
# API and dashboard configuration
api:
# Dashboard
dashboard: true
insecure: false
# Docker configuration backend
providers:
docker:
watch: true
exposedByDefault: false
swarmMode: false
# Traefik Logging & Access Logging
log:
level: ERROR
filePath: /logs/traefik.log
accesslog:
filePath: /logs/traefik_access.log
# Entrypoint
entryPoints:
web:
address: ':80'
With this setup I can create project/repo/pipeline, clone, commit etc. All is working fine except running the pipeline failing at the clone step.
Cloning with 0 retries Initialized empty Git repository in /gitness/.git/ + git fetch origin +refs/heads/main: fatal: unable to access 'http://gitness.localhost/git/playground/go-hello.git/': Failed to connect to gitness port 80 after 2 ms: Connection refused
I tried severals values for GITNESS_URL_CONTAINER
but no way. E.g.
- GITNESS_URL_CONTAINER=http://gitness.localhost
- GITNESS_URL_CONTAINER=http://<container_name>
- GITNESS_URL_CONTAINER=http://<container_name>:3000
- GITNESS_URL_CONTAINER=http://127.0.0.1:3000
- GITNESS_URL_CONTAINER=http://<internal_container_ip>:3000
I tried to set the GITNESS_URL_INTERNAL
env variable too
Who can help? Thanks
@ignaciolg @indaco @cozyGalvinism thanks for trying out Gitness and for your insight! I think I understand the problem - currently we didn't have a way in gitness so that all created containers get added to a specific network or list of networks (this functionality does exist in drone: https://docs.drone.io/runner/docker/configuration/reference/drone-runner-networks/).
I think that small bit should solve this issue where that env variable can be added to the gitness container docker-compose (say GITNESS_CI_CONTAINER_NETWORKS=my_net
) and then gitness and all created containers would run on the same network. So that, along with the set value of GITNESS_URL_CONTAINER
should allow all containers to interact with gitness.
Let me know if the above makes sense - I do have a PR up for this and have done a basic sanity check using the above traefik config as reference but would be great to hear from you if you think there's a use case that's not being solved. Thanks!
Hi folks, the above has been merged and will be available in the next release. We'll update the documentation with this use case. Let me know if you have any thoughts - thanks!
Hi @vistaarjuneja
First, thank you for helping with a solution.
I've tried with the latest
tag, the unstablegitnessdemo
and the 3.0.0-beta.5
under podman with no succeed. It may be because of how Podman works with networks and spawning new containers, so I will check it later this week with a proper docker environment.
Is there any way to check if the CI runner is connected to the right network?
Here is my docker-compose
❯ cat docker-compose.yml
version: "3"
networks:
homelab:
name: homelab
services:
gitness:
container_name: gitness
image: docker.io/harness/gitness
networks:
- homelab
environment:
- GITNESS_CI_CONTAINER_NETWORKS="homelab"
- GITNESS_URL_CONTAINER=http://gitness:3000
- GITNESS_USER_SIGNUP_ENABLED=false
- GITNESS_URL_BASE=https://my.fancy.domain
- GITNESS_ENCRYPTER_SECRET=random_encrypter_secret
volumes:
- /home/dockerContainers/data/gitness:/data
- /run/user/1000/podman/podman.sock:/var/run/docker.sock
restart: unless-stopped
And this is what I get on the pipeline
To fix my issue #3485 i use GITNESS_URL_CONTAINER to change route to external domain.
version: "3"
services:
gitness:
image: harness/gitness
restart: unless-stopped
volumes:
- ./data/gitness:/data
- /var/run/docker.sock:/var/run/docker.sock
environment:
- GITNESS_URL_BASE=https://gitness.${DOMAIN}
- GITNESS_URL_CONTAINER=https://gitness.${DOMAIN}
labels:
- "traefik.enable=true"
- "traefik.http.routers.gitness.rule=Host(`gitness.${DOMAIN}`)"
- "traefik.http.routers.gitness.entrypoints=websecure"
- "traefik.http.routers.gitness.service=gitness-svc"
- "traefik.http.services.gitness-svc.loadbalancer.server.port=3000"
Gitness v3.0.0-beta.6 has been released.
Docs have been updated with GITNESS_CI_CONTAINER_NETWORKS and GITNESS_URL_CONTAINER variables.
Working on Gitness v3.0.0-beta.6
A note for podman-compose users
I have created a new network called gitness
on my compose.yaml. Not sure why, but podman-compose creates it as gitness_gitness as far as I was able to check using podman network ls
After using podlet to create quadlets (🤦 ) and enabling the service to get gitness up&&running on boot, the network name has changed to systemd-gitness
Using those value on the GITNESS_CI_CONTAINER_NETWORKS worked without problems as you can see on the image.
Keep this in mind
Thank you all! Its great to have a self hosted CI environment integrated on the git platform.
❤️
thanks for trying @ignaciolg ! I'll go ahead and close the ticket, let me know if you face any other issues.
I've tried to use my docker file template to deploy Gitness.
In that docker file, I define specific networks for the stack, and usually, I run everything without exposing ports by exposing the services with a tunnel (Cloudflare) or a proxy (Traefik)
Following this approach I have found that it is not possible to run pipelines, as they create the Drone container expecting to have access to Gitness using the 'http://host.docker.internal:3000/' address, instead of 'http://container_name:3000', accessible from the same docker network.
This results in an error on the first step of the pipeline that says 'unable to access 'http://host.docker.internal:3000/'
Changing the docker file by exposing the port makes it work.
It should be possible to specify the network for the newly created containers + where to find Gitness, as docker environment variables that can be passed on the container creation or as part of any docker file