document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #28984 from lkxed/20230328-2-How-to-use-Podman-in-GitLab-Runners

Browse Source 
[手动选题][tech]: 20230328.2 ️ How to use Podman in GitLab Runners.md
This commit is contained in:
六开箱 2023-03-28 19:10:08 +08:00 committed by GitHub
commit 1fee97329f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 215 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

215
sources/tech/20230328.2 ⭐️⭐️ How to use Podman in GitLab Runners.md Normal file
View File

@ -0,0 +1,215 @@
[#]: subject: "How to use Podman in GitLab Runners"
[#]: via: "https://opensource.com/article/23/3/podman-gitlab-runners"
[#]: author: "Lokesh Mandvekar https://opensource.com/users/lsm5"
[#]: collector: "lkxed"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
How to use Podman in GitLab Runners
======
A GitLab Runner is an application that works with GitLab CI/CD to run jobs in a pipeline on GitLab's infrastructure. They're often used to automatically compile applications after code has been committed or to run tests on a code base. You can think of them as cloud-based [Git hooks][1].
The main public [GitLab instance][2] provides many easily accessible shared runners ready for use in your CI pipeline. You can find a list of shared runners in your repository's **Settings** -> **CI/CD** -> **Runners** on GitLab.
![Display available GitLab runners in your repository's settings][3]
There are many reasons you may not want to depend on shared runners and instead stand up your own runners. For example, control over the infrastructure where the runners operate for additional security and/or privacy, flexible runner configuration, or limited CI minutes allotted to your GitLab user account.
GitLab runners depend on an [executor][4] tool to run CI jobs. Many options are available for executors: Docker, Kubernetes, VirtualBox, and so on.
So, what about Podman as an executor?
Since [v4.2.0][5], Podman has native support for GitLab runners. Here's a quick look at two approaches for using Podman as an [executor][6] for GitLab runners.
### Docker executor
You can use Podman as a drop-in replacement for Docker in your GitLab Runner. Here's how:
This example used a CentOS Stream 9 environment in February 2023 using Podman v4.4.0. It should work just as well on any RHEL/CentOS Stream/Fedora environment with a new enough Podman. Check out the [GitLab documentation][7] for prerequisites.
First, install Podman:
```
$ sudo dnf -y install podman
```
Install the **gitlab-runner** package next:
```
# Add the GitLab runner repository
$ curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh" | sudo bash
# Install the gitlab-runner package
$ sudo dnf -y install gitlab-runner
```
Finally, allow the user to execute tasks after logout:
```
$ sudo loginctl enable-linger gitlab-runner
```
#### Configure and register the runner
Use the following steps to configure the Docker executor.
Installing the **gitlab-runner** package creates a **gitlab-runner** user account, but you need root access to manipulate the user account. **gitlab-runner** can be run in user-mode but requires some manual intervention for build processing. In this example, I run it in system-mode with `sudo`. This is what it looks like:
```
$ sudo gitlab-runner register
Runtime platform arch=amd64 os=linux pid=7978 revision=d540b510 version=15.9.1
Running in system-mode.
Enter the GitLab instance URL (for example, https://gitlab.com/):
https://gitlab.com
Enter the registration token:
xxxxxxxxxxxxxxxxx
Enter a description for the runner:
[lmandvek-c9s-gitlab-runner]:
Enter tags for the runner (comma-separated):
Enter optional maintenance note for the runner:
WARNING: Support for registration tokens and runner parameters in the 'register' command has been deprecated in GitLab Runner 15.6 and will be replaced with support for authentication tokens. For more information, see https://gitlab.com/gitlab-org/gitlab/-/issues/380872
Registering runner... succeeded runner=GR13489419oEPYcJ8
Enter an executor: custom, docker, ssh, docker-ssh+machine, docker-ssh, parallels, shell, virtualbox, docker+machine, instance, kubernetes:
docker
Enter the default Docker image (for example, ruby:2.7):
registry.gitlab.com/rhcontainerbot/pkg-builder
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
Configuration (with the authentication token) was saved in "/etc/gitlab-runner/config.toml"
```
You will need some additional configuration to use Podman. Configure the runner to create a network for each job. See the [GitLab documentation][8] for more information.
First, enable the Podman system service along with Env change in `/etc/gitlab-runner/config.toml`:
```
[[runners]]
environment = ["FF_NETWORK_PER_BUILD=1"]
[runners.docker]
host = "unix:///run/user/1001/podman/podman.sock"
```
Restart the runner to implement the change:
```
$ sudo gitlab-runner restart
```
Verify the new runner is visible in your GitLab project's **Settings** -> **CI/CD** -> **Runners**:
![Restart the GitLab runner][9]
Next, verify your CI pipelines are using the runner. Your CI task logs will mention the name of the runner being used along with any additional configuration information, such as feature flags and container image used with the runner executor.
![View CI tasklogs to display the runner][10]
### Podman-in-Podman (pipglr)
[Chris Evich][11] has created [pipglr][12], a Podman-in-Podman setup to stand up your own rootless GitLab Runners using rootless Podman. This approach does not require any changes to your `.gitlab-ci.yaml` configuration, so you can continue using your existing setup as is.
The following is a quick setup guide to help you get this running.
#### Configuration steps
The container image is built automatically from the [pipglr Containerfile][12], so set the image to that repo:
```
$ IMAGE="registry.gitlab.com/qontainers/pipglr:latest"
```
Next, create a Podman secret using your GitLab registration token:
```
$ echo '<actual registration token>' | podman secret create REGISTRATION_TOKEN -
```
Create a blank `config.toml` that will later contain all your runner settings. You must do this step for the following `podman container register runlabel $IMAGE` step to succeed:
```
$ touch ./config.toml # important: file must exist, even if empty.
```
Register your runner. You can repeat this step to register multiple runners. This is useful if you'd like to run several CI tasks in parallel with possibly different sets of tags or configuration options.
```
$ podman container runlabel register $IMAGE
```
Edit the `config.toml`using your editor of choice. Editing is optional but often necessary to change the container image used for the actual CI task. By default, the image is set to: **registry.fedoraproject.org/fedora:latest**
```
$ $EDITOR ./config.toml # if desired
```
Finally, configure access to volumes. Several users are utilized inside the container volumes, so you must specifically configure them to permit access. Runlabels again to the rescue:
```
$ podman container runlabel setupstorage $IMAGE
$ podman container runlabel setupcache $IMAGE
```
#### Test the Runner
It's time to check the configurations. Begin by launching the GitLab Runner container:
```
$ podman container runlabel run $IMAGE
```
Allow the runner user to run services after logout:
```
$ sudo loginctl enable-linger $(id -u)
```
Verify your new runner is visible in your GitLab project's **Settings** -> **CI/CD** -> **Runners**:
![Verify the new runner is visible][13]
Finally, verify your CI pipelines are using your runner:
![Verify the CI pipeline][14]
### Wrap up
There are multiple ways to spin up GitLab runners using Podman, two of which I have outlined here. Try them out, and let me know which works best for you. In case of any problems with the docker executor approach, please log in to file an issue with [Podman upstream][15] or with [GitLab support][16]. In case of trouble with the pipglr method, please [file an issue][17] on pipglr upstream.
Happy GitLab Running with Podman 🙂
--------------------------------------------------------------------------------
via: https://opensource.com/article/23/3/podman-gitlab-runners
作者:[Lokesh Mandvekar][a]
选题:[lkxed][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/lsm5
[b]: https://github.com/lkxed/
[1]: https://www.redhat.com/sysadmin/git-hooks?intcmp=7013a000002qLH8AAM
[2]: https://gitlab.com
[3]: https://opensource.com/sites/default/files/2023-03/podman-shared-runners1.png
[4]: https://docs.gitlab.com/runner/executors/
[5]: https://github.com/containers/podman/releases/tag/v4.2.0
[6]: https://docs.gitlab.com/runner/executors/docker.html
[7]: https://docs.gitlab.com/runner/executors/docker.html#use-podman-to-run-docker-commands
[8]: https://docs.gitlab.com/runner/executors/docker.html#create-a-network-for-each-job
[9]: https://opensource.com/sites/default/files/2023-03/assigned-project-runners2.png
[10]: https://opensource.com/sites/default/files/2023-03/CI-task-logs.png
[11]: https://gitlab.com/cevich
[12]: https://gitlab.com/qontainers/pipglr
[13]: https://opensource.com/sites/default/files/2023-03/assigned-project-runners3.png
[14]: https://opensource.com/sites/default/files/2023-03/verify-CI-pipelines.png
[15]: https://github.com/containers/podman/issues/new/choose
[16]: https://about.gitlab.com/support/#contact-support
[17]: https://gitlab.com/qontainers/pipglr/-/issues/new