search

vegardit / docker-gitea-act-runner

Docker image based on debian:stable-slim to run Gitea's act_runner as a Docker container
https://buymeacoffee.com/vegardit
Apache License 2.0
171 stars 19 forks source link

Unable to get dind rootless working on my system due to storage-driver=overlay2 issues? #31

Closed mannp closed 10 months ago

mannp commented 1 year ago

Hi there

Thanks for the images :)

I am trying to get the dind rootless image to work and failing badly at the moment.

Any pointers would be very helpful :)

Thanks in advance

2023-09-29 18:09:54 INFO [/opt/run.sh:26] act_runner version v0.2.6
2023-09-29 18:09:54 INFO [/opt/run.sh:27] Timezone: BST +0100
2023-09-29 18:09:54 INFO [/opt/run.sh:28] Hostname: 8010574e4e83
2023-09-29 18:09:54 INFO [/opt/run.sh:29] IP Addresses: 
 - 192.168.10.16
2023-09-29 18:09:54 INFO [/opt/run.sh:31] Config environment variables: 
 - GITEA_INSTANCE_URL=https://fqdn/
 - GITEA_RUNNER_ACTION_CACHE_DIR=/data/cache/actions
 - GITEA_RUNNER_CONFIG_TEMPLATE_FILE=/opt/config.template.yaml
 - GITEA_RUNNER_GID=100
 - GITEA_RUNNER_LABELS=
 - GITEA_RUNNER_LABELS_DEFAULT=ubuntu-latest:docker://catthehacker/ubuntu:runner-22.04,ubuntu-22.04:docker://catthehacker/ubuntu:runner-22.04,ubuntu-20.04:docker://catthehacker/ubuntu:runner-20.04
 - GITEA_RUNNER_MAX_PARALLEL_JOBS=2
 - GITEA_RUNNER_NAME=gitea-runner
 - GITEA_RUNNER_REGISTRATION_RETRY_INTERVAL=5s
 - GITEA_RUNNER_REGISTRATION_TIMEOUT=30
 - GITEA_RUNNER_REGISTRATION_TOKEN=
 - GITEA_RUNNER_UID=99
2023-09-29 18:09:54 INFO [/opt/run.sh:41] Starting Docker engine (rootless)...
    42    export DOCKER_HOST=unix://$HOME/.docker/run/docker.sock
    43    if [ ! -f $HOME/.config/docker/daemon.json ]; then
    44      # workaround for "Not using native diff for overlay2, this may cause degraded performance for building images: running in a user namespace  storage-driver=overlay2"
    45      mkdir -p $HOME/.config/docker
    46      echo '{"storage-driver":"fuse-overlayfs"}' > $HOME/.config/docker/daemon.json
    47    fi
    48

Docker run;

docker run
  -d
  --name='gitea-runner'
  --privileged=true
  -e TZ="Europe/London"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="gitea-runner"
  -e HOST_CONTAINERNAME="gitea-runner"
  -e 'GITEA_INSTANCE_URL'='https://fqdn/'
  -e 'GITEA_RUNNER_REGISTRATION_TOKEN'='redacted'
  -e 'GITEA_RUNNER_NAME'='gitea-runner'
  -e 'GITEA_RUNNER_ACTION_CACHE_DIR'='/data/cache/actions'
  -e 'GITEA_RUNNER_UID'='99'
  -e 'GITEA_RUNNER_GID'='100'
  -e 'GITEA_RUNNER_MAX_PARALLEL_JOBS'='2'
  -e 'TZ'='Europe/London'
  -v '/mnt/user/data/docker/gitea-runner/':'/data':'rw' 'vegardit/gitea-act-runner:dind-rootless-latest'
sebthom commented 1 year ago

The error output you pasted looks incomplete. It misses the error message directly after the line Starting Docker engine (rootless), something like:

2023-10-02 12:07:29 INFO [/opt/run.sh:41] Starting Docker engine (rootless)...
mkdir: cannot create directory '/data/.config': Permission denied
12:07:29 Error - exited with status 1 in [/opt/run.sh] at line 45:
    42    export DOCKER_HOST=unix://$HOME/.docker/run/docker.sock
    43    if [ ! -f $HOME/.config/docker/daemon.json ]; then
    44      # workaround for "Not using native diff for overlay2, this may cause degraded performance for building images: running in a user namespace  storage-driver=overlay2"
    45      mkdir -p $HOME/.config/docker
    46      echo '{"storage-driver":"fuse-overlayfs"}' > $HOME/.config/docker/daemon.json
    47    fi
    48
mannp commented 1 year ago

There is no error message, but the docker fails to start.

I have included all that docker reports in docker logs

I note that nothing is created in the /data/ directory in persistent storage though.

sebthom commented 1 year ago

Without the error message it is difficult to say what is happening.

From the incomplete log output you get I would guess this is the offending command: https://github.com/vegardit/docker-gitea-act-runner/blob/816b21f4bd8774d6f04b7f5d9f0bfa6fd761135e/image/run.sh#L45

$HOME points to /data/ so the docker user does not seem to have write permission to that directory on the docker host.

Anyways, the issue does not seem to be related to storage-driver=overlay2 but to a write permission issue of the docker deamon or the GITEA_RUNNER_UID/GITEA_RUNNER_GID.

ashish1099 commented 1 year ago

This fixed for me.

securityContext:
  {{- toYaml .Values.podSecurityContext \| nindent 8 }}
  fsGroup: 1000
  runAsUser: 1000
  runAsGroup: 1000