document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-02-28 01:01:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

translating

Browse Source
This commit is contained in:
geekpi 2023-08-17 08:37:39 +08:00
parent 4c48cb3c5b
commit 391f903357
2 changed files with 216 additions and 215 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

215
sources/tech/20230328.2 ⭐️⭐️ How to use Podman in GitLab Runners.md
View File

@ -1,215 +0,0 @@
[#]: subject: "How to use Podman in GitLab Runners"
[#]: via: "https://opensource.com/article/23/3/podman-gitlab-runners"
[#]: author: "Lokesh Mandvekar https://opensource.com/users/lsm5"
[#]: collector: "lkxed"
[#]: translator: "geekpi"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
How to use Podman in GitLab Runners
======
A GitLab Runner is an application that works with GitLab CI/CD to run jobs in a pipeline on GitLab's infrastructure. They're often used to automatically compile applications after code has been committed or to run tests on a code base. You can think of them as cloud-based [Git hooks][1].
The main public [GitLab instance][2] provides many easily accessible shared runners ready for use in your CI pipeline. You can find a list of shared runners in your repository's **Settings** -> **CI/CD** -> **Runners** on GitLab.
![Display available GitLab runners in your repository's settings][3]
There are many reasons you may not want to depend on shared runners and instead stand up your own runners. For example, control over the infrastructure where the runners operate for additional security and/or privacy, flexible runner configuration, or limited CI minutes allotted to your GitLab user account.
GitLab runners depend on an [executor][4] tool to run CI jobs. Many options are available for executors: Docker, Kubernetes, VirtualBox, and so on.
So, what about Podman as an executor?
Since [v4.2.0][5], Podman has native support for GitLab runners. Here's a quick look at two approaches for using Podman as an [executor][6] for GitLab runners.
### Docker executor
You can use Podman as a drop-in replacement for Docker in your GitLab Runner. Here's how:
This example used a CentOS Stream 9 environment in February 2023 using Podman v4.4.0. It should work just as well on any RHEL/CentOS Stream/Fedora environment with a new enough Podman. Check out the [GitLab documentation][7] for prerequisites.
First, install Podman:
```
$ sudo dnf -y install podman
```
Install the **gitlab-runner** package next:
```
# Add the GitLab runner repository
$ curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh" | sudo bash
# Install the gitlab-runner package
$ sudo dnf -y install gitlab-runner
```
Finally, allow the user to execute tasks after logout:
```
$ sudo loginctl enable-linger gitlab-runner
```
#### Configure and register the runner
Use the following steps to configure the Docker executor.
Installing the **gitlab-runner** package creates a **gitlab-runner** user account, but you need root access to manipulate the user account. **gitlab-runner** can be run in user-mode but requires some manual intervention for build processing. In this example, I run it in system-mode with `sudo`. This is what it looks like:
```
$ sudo gitlab-runner register
Runtime platform arch=amd64 os=linux pid=7978 revision=d540b510 version=15.9.1
Running in system-mode.
Enter the GitLab instance URL (for example, https://gitlab.com/):
https://gitlab.com
Enter the registration token:
xxxxxxxxxxxxxxxxx
Enter a description for the runner:
[lmandvek-c9s-gitlab-runner]:
Enter tags for the runner (comma-separated):
Enter optional maintenance note for the runner:
WARNING: Support for registration tokens and runner parameters in the 'register' command has been deprecated in GitLab Runner 15.6 and will be replaced with support for authentication tokens. For more information, see https://gitlab.com/gitlab-org/gitlab/-/issues/380872
Registering runner... succeeded runner=GR13489419oEPYcJ8
Enter an executor: custom, docker, ssh, docker-ssh+machine, docker-ssh, parallels, shell, virtualbox, docker+machine, instance, kubernetes:
docker
Enter the default Docker image (for example, ruby:2.7):
registry.gitlab.com/rhcontainerbot/pkg-builder
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
Configuration (with the authentication token) was saved in "/etc/gitlab-runner/config.toml"
```
You will need some additional configuration to use Podman. Configure the runner to create a network for each job. See the [GitLab documentation][8] for more information.
First, enable the Podman system service along with Env change in `/etc/gitlab-runner/config.toml`:
```
[[runners]]
environment = ["FF_NETWORK_PER_BUILD=1"]
[runners.docker]
host = "unix:///run/user/1001/podman/podman.sock"
```
Restart the runner to implement the change:
```
$ sudo gitlab-runner restart
```
Verify the new runner is visible in your GitLab project's **Settings** -> **CI/CD** -> **Runners**:
![Restart the GitLab runner][9]
Next, verify your CI pipelines are using the runner. Your CI task logs will mention the name of the runner being used along with any additional configuration information, such as feature flags and container image used with the runner executor.
![View CI tasklogs to display the runner][10]
### Podman-in-Podman (pipglr)
[Chris Evich][11] has created [pipglr][12], a Podman-in-Podman setup to stand up your own rootless GitLab Runners using rootless Podman. This approach does not require any changes to your `.gitlab-ci.yaml` configuration, so you can continue using your existing setup as is.
The following is a quick setup guide to help you get this running.
#### Configuration steps
The container image is built automatically from the [pipglr Containerfile][12], so set the image to that repo:
```
$ IMAGE="registry.gitlab.com/qontainers/pipglr:latest"
```
Next, create a Podman secret using your GitLab registration token:
```
$ echo '<actual registration token>' | podman secret create REGISTRATION_TOKEN -
```
Create a blank `config.toml` that will later contain all your runner settings. You must do this step for the following `podman container register runlabel $IMAGE` step to succeed:
```
$ touch ./config.toml # important: file must exist, even if empty.
```
Register your runner. You can repeat this step to register multiple runners. This is useful if you'd like to run several CI tasks in parallel with possibly different sets of tags or configuration options.
```
$ podman container runlabel register $IMAGE
```
Edit the `config.toml`using your editor of choice. Editing is optional but often necessary to change the container image used for the actual CI task. By default, the image is set to: **registry.fedoraproject.org/fedora:latest**
```
$ $EDITOR ./config.toml # if desired
```
Finally, configure access to volumes. Several users are utilized inside the container volumes, so you must specifically configure them to permit access. Runlabels again to the rescue:
```
$ podman container runlabel setupstorage $IMAGE
$ podman container runlabel setupcache $IMAGE
```
#### Test the Runner
It's time to check the configurations. Begin by launching the GitLab Runner container:
```
$ podman container runlabel run $IMAGE
```
Allow the runner user to run services after logout:
```
$ sudo loginctl enable-linger $(id -u)
```
Verify your new runner is visible in your GitLab project's **Settings** -> **CI/CD** -> **Runners**:
![Verify the new runner is visible][13]
Finally, verify your CI pipelines are using your runner:
![Verify the CI pipeline][14]
### Wrap up
There are multiple ways to spin up GitLab runners using Podman, two of which I have outlined here. Try them out, and let me know which works best for you. In case of any problems with the docker executor approach, please log in to file an issue with [Podman upstream][15] or with [GitLab support][16]. In case of trouble with the pipglr method, please [file an issue][17] on pipglr upstream.
Happy GitLab Running with Podman 🙂
--------------------------------------------------------------------------------
via: https://opensource.com/article/23/3/podman-gitlab-runners
作者:[Lokesh Mandvekar][a]
选题:[lkxed][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/lsm5
[b]: https://github.com/lkxed/
[1]: https://www.redhat.com/sysadmin/git-hooks?intcmp=7013a000002qLH8AAM
[2]: https://gitlab.com
[3]: https://opensource.com/sites/default/files/2023-03/podman-shared-runners1.png
[4]: https://docs.gitlab.com/runner/executors/
[5]: https://github.com/containers/podman/releases/tag/v4.2.0
[6]: https://docs.gitlab.com/runner/executors/docker.html
[7]: https://docs.gitlab.com/runner/executors/docker.html#use-podman-to-run-docker-commands
[8]: https://docs.gitlab.com/runner/executors/docker.html#create-a-network-for-each-job
[9]: https://opensource.com/sites/default/files/2023-03/assigned-project-runners2.png
[10]: https://opensource.com/sites/default/files/2023-03/CI-task-logs.png
[11]: https://gitlab.com/cevich
[12]: https://gitlab.com/qontainers/pipglr
[13]: https://opensource.com/sites/default/files/2023-03/assigned-project-runners3.png
[14]: https://opensource.com/sites/default/files/2023-03/verify-CI-pipelines.png
[15]: https://github.com/containers/podman/issues/new/choose
[16]: https://about.gitlab.com/support/#contact-support
[17]: https://gitlab.com/qontainers/pipglr/-/issues/new

216
translated/tech/20230328.2 ⭐️⭐️ How to use Podman in GitLab Runners.md Normal file
View File

@ -0,0 +1,216 @@
[#]: subject: "How to use Podman in GitLab Runners"
[#]: via: "https://opensource.com/article/23/3/podman-gitlab-runners"
[#]: author: "Lokesh Mandvekar https://opensource.com/users/lsm5"
[#]: collector: "lkxed"
[#]: translator: "geekpi"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
如何在 GitLab Runners 中使用 Podman
======
GitLab Runner 是一个与 GitLab CI/CD 配合使用的应用,可在 GitLab 基础设施上的管道中运行作业。它们通常用于在提交代码后自动编译应用或在代码库上运行测试。你可以将它们视为基于云的 [Git hook][1]。
主要的公共 [GitLab 实例][2]提供了许多易于访问的共享 runner可供你在 CI 管道中使用。你可以在 GitLab 上仓库的 **设置** -> **CI/CD** -> **Runners** 中找到共享 runner 的列表。
![Display available GitLab runners in your repository's settings][3]
你可能不想依赖共享 runner 而是选择自己的 runner原因有很多。例如控制 runner 运行的基础设施以实现额外的安全性和/或隐私、灵活的 runner 配置或分配给你的 GitLab 用户帐户的有限 CI 分钟数。
GitLab runner 依赖于 [executor][4] 工具来运行 CI 作业。executor 有许多选项可用Docker、Kubernetes、VirtualBox 等。
那么Podman 作为 executor 呢?
自 [v4.2.0][5] 起Podman 对 GitLab runner 提供了原生支持。以下是使用 Podman 作为 GitLab runner 的 [executor][6] 的两种方法的快速浏览。
### Docker executor
你可以在 GitLab Runner 中使用 Podman 作为 Docker 的直接替代品。就是这样:
本示例使用 2023 年 2 月的 CentOS Stream 9 环境,使用 Podman v4.4.0。它应该可以在任何具有足够新的 Podman 的 RHEL/CentOS Stream/Fedora 环境中正常工作。查看 [GitLab 文档][7]了解先决条件。
首先,安装 Podman
```
$ sudo dnf -y install podman
```
接下来安装 **gitlab-runner** 包:
```
# 添加 GitLab runner 仓库
$ curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh" | sudo bash
# 安装 gitlab-runner 包
$ sudo dnf -y install gitlab-runner
```
最后,允许用户在注销后执行任务:
```
$ sudo loginctl enable-linger gitlab-runner
```
#### 配置并注册 runner
使用以下步骤配置 Docker executor。
安装 **gitlab-runner** 包会创建一个 **gitlab-runner** 用户帐户,但你需要 root 访问权限才能操作该用户帐户。**gitlab-runner** 可以在用户模式下运行,但需要一些手动干预来进行构建处理。在此示例中,我使用 `sudo` 在系统模式下运行它。它看起来是这样的:
```
$ sudo gitlab-runner register
Runtime platform arch=amd64 os=linux pid=7978 revision=d540b510 version=15.9.1
Running in system-mode.
Enter the GitLab instance URL (for example, https://gitlab.com/):
https://gitlab.com
Enter the registration token:
xxxxxxxxxxxxxxxxx
Enter a description for the runner:
[lmandvek-c9s-gitlab-runner]:
Enter tags for the runner (comma-separated):
Enter optional maintenance note for the runner:
WARNING: Support for registration tokens and runner parameters in the 'register' command has been deprecated in GitLab Runner 15.6 and will be replaced with support for authentication tokens. For more information, see https://gitlab.com/gitlab-org/gitlab/-/issues/380872
Registering runner... succeeded runner=GR13489419oEPYcJ8
Enter an executor: custom, docker, ssh, docker-ssh+machine, docker-ssh, parallels, shell, virtualbox, docker+machine, instance, kubernetes:
docker
Enter the default Docker image (for example, ruby:2.7):
registry.gitlab.com/rhcontainerbot/pkg-builder
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
Configuration (with the authentication token) was saved in "/etc/gitlab-runner/config.toml"
```
你将需要一些额外的配置才能使用 Podman。配置 runner 为每个作业创建一个网络。有关更多信息,请参阅 [GitLab 文档][8]。
首先,启用 Podman 系统服务并修改 `/etc/gitlab-runner/config.toml` 中的 Env
```
[[runners]]
environment = ["FF_NETWORK_PER_BUILD=1"]
[runners.docker]
host = "unix:///run/user/1001/podman/podman.sock"
```
重启 runner 以实施更改:
```
$ sudo gitlab-runner restart
```
验证新的 runner 在 GitLab 项目的 **设置** -> **CI/CD** -> **Runners** 中可见:
![Restart the GitLab runner][9]
接下来,验证你的 CI 管道正在使用 runner。你的 CI 任务日志将提及正在使用的 runner 的名称以及任何其他配置信息,例如 runner executor 的功能标志和容器镜像。
![View CI tasklogs to display the runner][10]
### Podman-in-Podmanpipglr
[Chris Evich][11] 创建了 [pipglr][12],这是一个 Podman-in-Podman 设置,用于使用 rootless Podman 来支持你自己的 rootless GitLab Runner。此方法不需要对 `.gitlab-ci.yaml` 配置进行任何更改,因此你可以继续按原样使用现有设置。
以下是帮助你运行此程序的快速设置指南。
#### 配置步骤
容器镜像是从 [pipglr Containerfile][12] 自动构建的,因此将镜像设置为该仓库:
```
$ IMAGE="registry.gitlab.com/qontainers/pipglr:latest"
```
接下来,使用你的 GitLab 注册令牌创建 Podman 密钥:
```
$ echo '<actual registration token>' | podman secret create REGISTRATION_TOKEN -
```
创建一个空白的 `config.toml`,稍后将包含你的所有 runner 设置。你必须执行此步骤才能使以下 `podman container register runlabel $IMAGE` 步骤成功:
```
$ touch ./config.toml # 重要:文件必须存在,即使是空的。
```
注册你的 runner。你可以重复此步骤来注册多个 runner。如果你想使用可能不同的标签或配置选项集并行运行多个 CI 任务,这非常有用。
```
$ podman container runlabel register $IMAGE
```
使用你选择的编辑器编辑 `config.toml`。编辑是可选的,但通常需要更改用于实际 CI 任务的容器镜像。默认情况下,镜像设置为:**registry.fedoraproject.org/fedora:latest**
```
$ $EDITOR ./config.toml # if desired
```
最后,配置对卷的访问。容器卷内使用多个用户,因此你必须专门配置它们以允许访问。再次使用 runlabel 来完成:
```
$ podman container runlabel setupstorage $IMAGE
$ podman container runlabel setupcache $IMAGE
```
#### 测试 Runner
是时候检查配置了。首先启动 GitLab Runner 容器:
```
$ podman container runlabel run $IMAGE
```
允许 runner 用户在注销后运行服务:
```
$ sudo loginctl enable-linger $(id -u)
```
验证你的新 runner 在 GitLab 项目的 **设置** -> **CI/CD** -> **Runners** 中可见:
![Verify the new runner is visible][13]
最后,验证你的 CI 管道正在使用你的 runner
![Verify the CI pipeline][14]
### 总结
使用 Podman 启动 GitLab runner 有多种方法,我在此处概述了其中两种。尝试一下,然后让我知道哪一个最适合你。如果 docker executor 方法有任何问题,请登录并通过 [Podman 上游][15]或 [GitLab 支持][16]提交问题。如果 pipglr 方法出现问题,请在 pipglr 上游[提交问题][17]。
GitLab 与 Podman 一起运行愉快 🙂
--------------------------------------------------------------------------------
via: https://opensource.com/article/23/3/podman-gitlab-runners
作者:[Lokesh Mandvekar][a]
选题:[lkxed][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/lsm5
[b]: https://github.com/lkxed/
[1]: https://www.redhat.com/sysadmin/git-hooks?intcmp=7013a000002qLH8AAM
[2]: https://gitlab.com
[3]: https://opensource.com/sites/default/files/2023-03/podman-shared-runners1.png
[4]: https://docs.gitlab.com/runner/executors/
[5]: https://github.com/containers/podman/releases/tag/v4.2.0
[6]: https://docs.gitlab.com/runner/executors/docker.html
[7]: https://docs.gitlab.com/runner/executors/docker.html#use-podman-to-run-docker-commands
[8]: https://docs.gitlab.com/runner/executors/docker.html#create-a-network-for-each-job
[9]: https://opensource.com/sites/default/files/2023-03/assigned-project-runners2.png
[10]: https://opensource.com/sites/default/files/2023-03/CI-task-logs.png
[11]: https://gitlab.com/cevich
[12]: https://gitlab.com/qontainers/pipglr
[13]: https://opensource.com/sites/default/files/2023-03/assigned-project-runners3.png
[14]: https://opensource.com/sites/default/files/2023-03/verify-CI-pipelines.png
[15]: https://github.com/containers/podman/issues/new/choose
[16]: https://about.gitlab.com/support/#contact-support
[17]: https://gitlab.com/qontainers/pipglr/-/issues/new