参考:
https://zhuanlan.zhihu.com/p/159201322 讲明白GitLab-CI与GitLab-Runner的关系
https://docs.gitlab.com/runner/install/docker.html 安装 gitlab-runner
gitlab-runner 是与 gitlab 的 ci 结合使用的,用于运行 gitlab-ci 任务。
1 安装 gitlab-runner
1.1 Option 1: Use local system volume mounts to start the Runner container
This example uses the local system for the configuration volume that is mounted into the gitlab-runner container. This volume is used for configs and other resources.
docker run -d --name gitlab-runner --restart always \-v /srv/gitlab-runner/config:/etc/gitlab-runner \-v /var/run/docker.sock:/var/run/docker.sock \gitlab/gitlab-runner:latest
On macOS, use /Users/Shared instead of /srv.
1.2 Option 2: Use Docker volumes to start the Runner container
In this example, you can use a configuration container to mount your custom data volume.
Create the Docker volume:
docker volume create gitlab-runner-config
Start the GitLab Runner container using the volume we just created:
docker run -d --name gitlab-runner --restart always \-v /var/run/docker.sock:/var/run/docker.sock \-v gitlab-runner-config:/etc/gitlab-runner \gitlab/gitlab-runner:latest
1.3 本次安装
1.3.1 选择方式一
安装:
xiaohui@220200700182:/mnt/c/Users/DELL$ docker run -d --name gitlab-runner --restart always \> -v /srv/gitlab-runner/config:/etc/gitlab-runner \> -v /var/run/docker.sock:/var/run/docker.sock \> gitlab/gitlab-runner:latestUnable to find image 'gitlab/gitlab-runner:latest' locallylatest: Pulling from gitlab/gitlab-runner7b1a6ab2e44d: Already exists5580ef77ebbe: Pull completed7b21acbe607: Pull completeDigest: sha256:d2db6b687e9cf5baf96009e43cc3eaebf180f634306cdc74e2400315d35f0dabStatus: Downloaded newer image for gitlab/gitlab-runner:latestb2cdcf5c22f914468e932b1266927e61dea3d285fc87270d332e45ee4432dbe3xiaohui@220200700182:/mnt/c/Users/DELL$
日志: ```latex Runtime platform arch=amd64 os=linux pid=7 revision=5316d4ac version=14.6.0
Starting multi-runner from /etc/gitlab-runner/config.toml… builds=0
Running in system-mode.
Configuration loaded builds=0
listen_address not defined, metrics & debug endpoints disabled builds=0
[session_server].listen_address not defined, session endpoints disabled builds=0
ERROR: Failed to load config stat /etc/gitlab-runner/config.toml: no such file or directory builds=0
ERROR: Failed to load config stat /etc/gitlab-runner/config.toml: no such file or directory builds=0
报错:<br />ERROR: Failed to load config stat /etc/gitlab-runner/config.toml: no such file or directory builds=0<br />官网提过 issue :[https://gitlab.com/gitlab-org/gitlab-runner/-/issues/1285](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/1285) 大致意思是 gitlab-runner 需要这个config.toml 文件,该文件可以通过 register 来产生。<br />下面就要 register。<a name="RMWCI"></a># 2 register runner参考:[https://docs.gitlab.com/runner/register/index.html#docker](https://docs.gitlab.com/runner/register/index.html#docker)<a name="wdWdM"></a>## 2.1 根据提示,填写相关参数方式 register(本次采用,存在问题,gitlab 建立的CI/CD任务 padding)The following steps describe launching a short-lived gitlab-runner container to register the container you created during install. After you finish registration, the resulting configuration is written to your chosen configuration volume (for example, /srv/gitlab-runner/config) and is loaded by the runner using that configuration volume.<br />To register a runner using a Docker container:1. Run the register command based on the mount type:For local system volume mounts:For local system volume mounts:```shelldocker run --rm -it -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register
If you used a configuration volume other than /srv/gitlab-runner/config during install, be sure to update the command with the correct volume.
For Docker volume mounts:
docker run --rm -it -v gitlab-runner-config:/etc/gitlab-runner gitlab/gitlab-runner:latest register
- Enter your GitLab instance URL (also known as the gitlab-ci coordinator URL).
- Enter the token you obtained to register the runner.
- Enter a description for the runner. You can change this value later in the GitLab user interface.
- Enter the tags associated with the runner, separated by commas. You can change this value later in the GitLab user interface.
- Enter any optional maintenance note for the runner.
- Provide the runner executor. For most use cases, enter docker.
- If you entered docker as your executor, you are asked for the default image to be used for projects that do not define one in .gitlab-ci.yml.
注册需要 token:Admin Area -> Overview -> Runners
本次运行:
# 异常注册,因为gitlab 地址写错了,着急的看下面正常的xiaohui@220200700182:/mnt/c/Users/DELL$ docker run --rm -it -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner registerRuntime platform arch=amd64 os=linux pid=7 revision=5316d4ac version=14.6.0Running in system-mode.Enter the GitLab instance URL (for example, https://gitlab.com/):http://localhost/Enter the registration token:n7h7thpUt-LAVXkoeg6tEnter a description for the runner:[c76e0e0de4d2]: test-runnerEnter tags for the runner (comma-separated):demo,javaERROR: Registering runner... failed runner=n7h7thpU status=couldn't execute POST against http://localhost/api/v4/runners: Post http://localhost/api/v4/runners: dial tcp 127.0.0.1:80: connect: connection refusedPANIC: Failed to register the runner. You may be having network problems.
# 这是正常的注册xiaohui@220200700182:/mnt/c/Users/DELL$ docker run --rm -it -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner registerRuntime platform arch=amd64 os=linux pid=7 revision=5316d4ac version=14.6.0Running in system-mode.Enter the GitLab instance URL (for example, https://gitlab.com/):http://192.168.0.187Enter the registration token:n7h7thpUt-LAVXkoeg6tEnter a description for the runner:[1de3f2de2be8]: test-runnerEnter tags for the runner (comma-separated):demo,javaRegistering runner... succeeded runner=n7h7thpUEnter an executor: docker, docker-ssh, ssh, docker+machine, custom, shell, virtualbox, docker-ssh+machine, kubernetes, parallels:dockerEnter the default Docker image (for example, ruby:2.6):sonarsource/sonar-scanner-cli:latestRunner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!xiaohui@220200700182:/mnt/c/Users/DELL$
完成注册后,gitlab-runner log 中就没有 error 了。但后面有了警告:
ERROR: Failed to load config stat /etc/gitlab-runner/config.toml: no such file or directory builds=0 ERROR: Failed to load config stat /etc/gitlab-runner/config.toml: no such file or directory builds=0 Configuration loaded builds=0 Runtime platform arch=amd64 os=linux pid=8 revision=5316d4ac version=14.6.0 Starting multi-runner from /etc/gitlab-runner/config.toml... builds=0 Running in system-mode. Configuration loaded builds=0 listen_address not defined, metrics & debug endpoints disabled builds=0 [session_server].listen_address not defined, session endpoints disabled builds=0 WARNING: Checking for jobs... failed runner=U-AyQY9g status=couldn't execute POST against http://192.168.0.187/api/v4/jobs/request: Post http://192.168.0.187/api/v4/jobs/request: EOF WARNING: Checking for jobs... failed runner=U-AyQY9g status=couldn't execute POST against http://192.168.0.187/api/v4/jobs/request: Post http://192.168.0.187/api/v4/jobs/request: EOF WARNING: Checking for jobs... failed runner=U-AyQY9g status=couldn't execute POST against http://192.168.0.187/api/v4/jobs/request: Post http://192.168.0.187/api/v4/jobs/request: EOF WARNING: Checking for jobs... failed runner=U-AyQY9g status=couldn't execute POST against http://192.168.0.187/api/v4/jobs/request: Post http://192.168.0.187/api/v4/jobs/request: EOF WARNING: Checking for jobs... failed runner=U-AyQY9g status=couldn't execute POST against http://192.168.0.187/api/v4/jobs/request: Post http://192.168.0.187/api/v4/jobs/request: EOF WARNING: Checking for jobs... failed runner=U-AyQY9g status=couldn't execute POST against http://192.168.0.187/api/v4/jobs/request: Post http://192.168.0.187/api/v4/jobs/request: EOF WARNING: Checking for jobs... failed runner=U-AyQY9g status=502 Bad Gateway WARNING: Checking for jobs... failed runner=U-AyQY9g status=502 Bad Gateway WARNING: Checking for jobs... failed runner=U-AyQY9g status=502 Bad Gateway WARNING: Checking for jobs... failed runner=U-AyQY9g status=502 Bad Gateway WARNING: Checking for jobs... failed runner=U-AyQY9g status=502 Bad Gateway WARNING: Checking for jobs... failed runner=U-AyQY9g status=502 Bad Gateway WARNING: Checking for jobs... failed runner=U-AyQY9g status=502 Bad Gateway WARNING: Checking for jobs... failed runner=U-AyQY9g status=502 Bad Gateway WARNING: Checking for jobs... failed runner=U-AyQY9g status=502 Bad Gateway WARNING: Checking for jobs... failed runner=U-AyQY9g status=502 Bad Gateway WARNING: Checking for jobs... failed runner=U-AyQY9g status=502 Bad Gateway WARNING: [runWait] received stop signal builds=0 stop-signal=quit WARNING: Starting graceful shutdown, waiting for builds to finish StopSignal=quit builds=0
gitlab 上面的 job 也是 pending
同时,查看 gitlab,可以看到注册了一个 shared runner:
2.2 One-line registration command
If you want to use the non-interactive mode to register a runner, you can either use the register subcommands or use their equivalent environment variables.
To display a list of all the register subcommands, run the following command:(这个命令,需要在容器中执行,或者采用 docker exec -it containerID gitlab-runner register -h)
gitlab-runner register -h
help 结果(此次是进入容器执行的)
# gitlab-runner register -hRuntime platform arch=amd64 os=linux pid=33 revision=5316d4ac version=14.6.0NAME:gitlab-runner register - register a new runnerUSAGE:gitlab-runner register [command options] [arguments...]OPTIONS:-c value, --config value Config file (default: "/etc/gitlab-runner/config.toml") [$CONFIG_FILE]--template-config value Path to the configuration template file [$TEMPLATE_CONFIG_FILE]--tag-list value Tag list [$RUNNER_TAG_LIST]-n, --non-interactive Run registration unattended [$REGISTER_NON_INTERACTIVE]--leave-runner Don't remove runner if registration fails [$REGISTER_LEAVE_RUNNER]-r value, --registration-token value Runner's registration token [$REGISTRATION_TOKEN]--run-untagged Register to run untagged builds; defaults to 'true' when 'tag-list' is empty [$REGISTER_RUN_UNTAGGED]--locked Lock Runner for current project, defaults to 'true' [$REGISTER_LOCKED]--access-level value Set access_level of the runner to not_protected or ref_protected; defaults to not_protected [$REGISTER_ACCESS_LEVEL]--maximum-timeout value What is the maximum timeout (in seconds) that will be set for job when using this Runner (default: "0") [$REGISTER_MAXIMUM_TIMEOUT]--paused Set Runner to be paused, defaults to 'false' [$REGISTER_PAUSED]--name value, --description value Runner name (default: "b2cdcf5c22f9") [$RUNNER_NAME]--limit value Maximum number of builds processed by this runner (default: "0") [$RUNNER_LIMIT]--output-limit value Maximum build trace size in kilobytes (default: "0") [$RUNNER_OUTPUT_LIMIT]--request-concurrency value Maximum concurrency for job requests (default: "0") [$RUNNER_REQUEST_CONCURRENCY]-u value, --url value Runner URL [$CI_SERVER_URL]-t value, --token value Runner token [$CI_SERVER_TOKEN]--tls-ca-file value File containing the certificates to verify the peer when using HTTPS [$CI_SERVER_TLS_CA_FILE]--tls-cert-file value File containing certificate for TLS client auth when using HTTPS [$CI_SERVER_TLS_CERT_FILE]--tls-key-file value File containing private key for TLS client auth when using HTTPS [$CI_SERVER_TLS_KEY_FILE]--executor value Select executor, eg. shell, docker, etc. [$RUNNER_EXECUTOR]--builds-dir value Directory where builds are stored [$RUNNER_BUILDS_DIR]--cache-dir value Directory where build cache is stored [$RUNNER_CACHE_DIR]--clone-url value Overwrite the default URL used to clone or fetch the git ref [$CLONE_URL]--env value Custom environment variables injected to build environment [$RUNNER_ENV]--pre-clone-script value Runner-specific command script executed before code is pulled [$RUNNER_PRE_CLONE_SCRIPT]--pre-build-script value Runner-specific command script executed after code is pulled, just before build executes [$RUNNER_PRE_BUILD_SCRIPT]--post-build-script value Runner-specific command script executed after code is pulled and just after build executes [$RUNNER_POST_BUILD_SCRIPT]--debug-trace-disabled When set to true Runner will disable the possibility of using the CI_DEBUG_TRACE feature [$RUNNER_DEBUG_TRACE_DISABLED]--shell value Select bash, cmd, pwsh or powershell [$RUNNER_SHELL]--custom_build_dir-enabled Enable job specific build directories [$CUSTOM_BUILD_DIR_ENABLED]--cache-type value Select caching method [$CACHE_TYPE] --cache-path value Name of the path to prepend to the cache URL [$CACHE_PATH]--cache-shared Enable cache sharing between runners. [$CACHE_SHARED]--cache-s3-server-address value A host:port to the used S3-compatible server [$CACHE_S3_SERVER_ADDRESS]--cache-s3-access-key value S3 Access Key [$CACHE_S3_ACCESS_KEY]--cache-s3-secret-key value S3 Secret Key [$CACHE_S3_SECRET_KEY]--cache-s3-bucket-name value Name of the bucket where cache will be stored [$CACHE_S3_BUCKET_NAME]--cache-s3-bucket-location value Name of S3 region [$CACHE_S3_BUCKET_LOCATION]--cache-s3-insecure Use insecure mode (without https) [$CACHE_S3_INSECURE]--cache-s3-authentication_type value IAM or credentials [$CACHE_S3_AUTHENTICATION_TYPE]--cache-gcs-access-id value ID of GCP Service Account used to access the storage [$CACHE_GCS_ACCESS_ID]--cache-gcs-private-key value Private key used to sign GCS requests [$CACHE_GCS_PRIVATE_KEY]--cache-gcs-credentials-file value File with GCP credentials, containing AccessID and PrivateKey [$GOOGLE_APPLICATION_CREDENTIALS]--cache-gcs-bucket-name value Name of the bucket where cache will be stored [$CACHE_GCS_BUCKET_NAME]--cache-azure-account-name value Account name for Azure Blob Storage [$CACHE_AZURE_ACCOUNT_NAME]--cache-azure-account-key value Access key for Azure Blob Storage [$CACHE_AZURE_ACCOUNT_KEY]--cache-azure-container-name value Name of the Azure container where cache will be stored [$CACHE_AZURE_CONTAINER_NAME]--cache-azure-storage-domain value Domain name of the Azure storage (e.g. blob.core.windows.net) [$CACHE_AZURE_STORAGE_DOMAIN]--feature-flags value Enable/Disable feature flags https://docs.gitlab.com/runner/configuration/feature-flags.html (default: "{}") [$FEATURE_FLAGS]--ssh-user value User name [$SSH_USER]--ssh-password value User password [$SSH_PASSWORD]--ssh-host value Remote host [$SSH_HOST]--ssh-port value Remote host port [$SSH_PORT]--ssh-identity-file value Identity file to be used [$SSH_IDENTITY_FILE]--ssh-disable-strict-host-key-checking value Disable SSH strict host key checking [$DISABLE_STRICT_HOST_KEY_CHECKING]--ssh-known-hosts-file value Location of known_hosts file. Defaults to ~/.ssh/known_hosts [$KNOWN_HOSTS_FILE]--docker-host value Docker daemon address [$DOCKER_HOST]--docker-cert-path value Certificate path [$DOCKER_CERT_PATH]--docker-tlsverify Use TLS and verify the remote [$DOCKER_TLS_VERIFY]--docker-hostname value Custom container hostname [$DOCKER_HOSTNAME]--docker-image value Docker image to be used [$DOCKER_IMAGE]--docker-runtime value Docker runtime to be used [$DOCKER_RUNTIME]--docker-memory value Memory limit (format: <number>[<unit>]). Unit can be one of b, k, m, or g. Minimum is 4M. [$DOCKER_MEMORY]--docker-memory-swap value Total memory limit (memory + swap, format: <number>[<unit>]). Unit can be one of b, k, m, or g. [$DOCKER_MEMORY_SWAP]--docker-memory-reservation value Memory soft limit (format: <number>[<unit>]). Unit can be one of b, k, m, or g. [$DOCKER_MEMORY_RESERVATION]--docker-cpuset-cpus value String value containing the cgroups CpusetCpus to use [$DOCKER_CPUSET_CPUS]--docker-cpus value Number of CPUs [$DOCKER_CPUS]--docker-cpu-shares value Number of CPU shares (default: "0") [$DOCKER_CPU_SHARES]--docker-dns value A list of DNS servers for the container to use [$DOCKER_DNS]--docker-dns-search value A list of DNS search domains [$DOCKER_DNS_SEARCH]--docker-privileged Give extended privileges to container [$DOCKER_PRIVILEGED]--docker-disable-entrypoint-overwrite Disable the possibility for a container to overwrite the default image entrypoint [$DOCKER_DISABLE_ENTRYPOINT_OVERWRITE]--docker-userns value User namespace to use [$DOCKER_USERNS_MODE]--docker-cap-add value Add Linux capabilities [$DOCKER_CAP_ADD]--docker-cap-drop value Drop Linux capabilities [$DOCKER_CAP_DROP]--docker-oom-kill-disable Do not kill processes in a container if an out-of-memory (OOM) error occurs [$DOCKER_OOM_KILL_DISABLE]--docker-oom-score-adjust value Adjust OOM score (default: "0") [$DOCKER_OOM_SCORE_ADJUST]--docker-security-opt value Security Options [$DOCKER_SECURITY_OPT]--docker-devices value Add a host device to the container [$DOCKER_DEVICES]--docker-gpus value Request GPUs to be used by Docker [$DOCKER_GPUS]--docker-disable-cache Disable all container caching [$DOCKER_DISABLE_CACHE]--docker-volumes value Bind-mount a volume and create it if it doesn't exist prior to mounting. Can be specified multiple times once per mountpoint, e.g. --docker-volumes 'test0:/test0' --docker-volumes 'test1:/test1' [$DOCKER_VOLUMES]--docker-volume-driver value Volume driver to be used [$DOCKER_VOLUME_DRIVER]--docker-cache-dir value Directory where to store caches [$DOCKER_CACHE_DIR]--docker-extra-hosts value Add a custom host-to-IP mapping [$DOCKER_EXTRA_HOSTS]--docker-volumes-from value A list of volumes to inherit from another container [$DOCKER_VOLUMES_FROM]--docker-network-mode value Add container to a custom network [$DOCKER_NETWORK_MODE]--docker-links value Add link to another container [$DOCKER_LINKS]--docker-wait-for-services-timeout value How long to wait for service startup (default: "0") [$DOCKER_WAIT_FOR_SERVICES_TIMEOUT]--docker-allowed-images value Image allowlist [$DOCKER_ALLOWED_IMAGES]--docker-allowed-services value Service allowlist [$DOCKER_ALLOWED_SERVICES]--docker-pull-policy value Image pull policy: never, if-not-present, always [$DOCKER_PULL_POLICY]--docker-shm-size value Shared memory size for docker images (in bytes) (default: "0") [$DOCKER_SHM_SIZE]--docker-tmpfs value A toml table/json object with the format key=values. When set this will mount the specified path in the key as a tmpfs volume in the main container, using the options specified as key. For the supported options, see the documentation for the unix 'mount' command (default: "{}") [$DOCKER_TMPFS]--docker-services-tmpfs value A toml table/json object with the format key=values. When set this will mount the specified path in the key as a tmpfs volume in all the service containers, using the options specified as key. For the supported options, see the documentation for the unix 'mount' command (default: "{}") [$DOCKER_SERVICES_TMPFS]--docker-sysctls value Sysctl options, a toml table/json object of key=value. Value is expected to be a string. (default: "{}") [$DOCKER_SYSCTLS]--docker-helper-image value [ADVANCED] Override the default helper image used to clone repos and upload artifacts [$DOCKER_HELPER_IMAGE]--docker-helper-image-flavor value Set helper image flavor (alpine, ubuntu), defaults to alpine [$DOCKER_HELPER_IMAGE_FLAVOR]--parallels-base-name value VM name to be used [$PARALLELS_BASE_NAME]--parallels-template-name value VM template to be created [$PARALLELS_TEMPLATE_NAME]--parallels-disable-snapshots Disable snapshoting to speedup VM creation [$PARALLELS_DISABLE_SNAPSHOTS]--parallels-time-server value Timeserver to sync the guests time from. Defaults to time.apple.com [$PARALLELS_TIME_SERVER]--parallels-allowed-images value Image (base_name) allowlist [$PARALLELS_ALLOWED_IMAGES]--virtualbox-base-name value VM name to be used [$VIRTUALBOX_BASE_NAME]--virtualbox-base-snapshot value Name or UUID of a specific VM snapshot to clone [$VIRTUALBOX_BASE_SNAPSHOT]--virtualbox-base-folder value Folder in which to save the new VM. If empty, uses VirtualBox default [$VIRTUALBOX_BASE_FOLDER]--virtualbox-disable-snapshots Disable snapshoting to speedup VM creation [$VIRTUALBOX_DISABLE_SNAPSHOTS]--virtualbox-allowed-images value Image allowlist [$VIRTUALBOX_ALLOWED_IMAGES]--machine-max-growth-rate value Maximum machines being provisioned concurrently, set to 0 for unlimited (default: "0") [$MACHINE_MAX_GROWTH_RATE]--machine-idle-nodes value Maximum idle machines (default: "0") [$MACHINE_IDLE_COUNT]--machine-idle-scale-factor value (Experimental) Defines what factor of in-use machines should be used as current idle value, but never more then defined IdleCount. 0.0 means use IdleCount as a static number (defaults to 0.0). Must be defined as float number. (default: "0") [$MACHINE_IDLE_SCALE_FACTOR]--machine-idle-count-min value Minimal number of idle machines when IdleScaleFactor is in use. Defaults to 1. (default: "0") [$MACHINE_IDLE_COUNT_MIN]--machine-idle-time value Minimum time after node can be destroyed (default: "0") [$MACHINE_IDLE_TIME]--machine-max-builds value Maximum number of builds processed by machine (default: "0") [$MACHINE_MAX_BUILDS]--machine-machine-driver value The driver to use when creating machine [$MACHINE_DRIVER]--machine-machine-name value The template for machine name (needs to include %s) [$MACHINE_NAME]--machine-machine-options value Additional machine creation options [$MACHINE_OPTIONS]--kubernetes-host value Optional Kubernetes master host URL (auto-discovery attempted if not specified) [$KUBERNETES_HOST]--kubernetes-cert-file value Optional Kubernetes master auth certificate [$KUBERNETES_CERT_FILE]--kubernetes-key-file value Optional Kubernetes master auth private key [$KUBERNETES_KEY_FILE]--kubernetes-ca-file value Optional Kubernetes master auth ca certificate [$KUBERNETES_CA_FILE]--kubernetes-bearer_token_overwrite_allowed Bool to authorize builds to specify their own bearer token for creation. [$KUBERNETES_BEARER_TOKEN_OVERWRITE_ALLOWED]--kubernetes-bearer_token value Optional Kubernetes service account token used to start build pods. [$KUBERNETES_BEARER_TOKEN]--kubernetes-image value Default docker image to use for builds when none is specified [$KUBERNETES_IMAGE]--kubernetes-namespace value Namespace to run Kubernetes jobs in [$KUBERNETES_NAMESPACE]--kubernetes-namespace_overwrite_allowed value Regex to validate 'KUBERNETES_NAMESPACE_OVERWRITE' value [$KUBERNETES_NAMESPACE_OVERWRITE_ALLOWED]--kubernetes-privileged value Run all containers with the privileged flag enabled [$KUBERNETES_PRIVILEGED]--kubernetes-allow-privilege-escalation value Run all containers with the security context allowPrivilegeEscalation flag enabled. When empty, it does not define the allowPrivilegeEscalation flag in the container SecurityContext and allows Kubernetes to use the default privilege escalation behavior. [$KUBERNETES_ALLOW_PRIVILEGE_ESCALATION]--kubernetes-cpu-limit value The CPU allocation given to build containers [$KUBERNETES_CPU_LIMIT]--kubernetes-cpu-limit-overwrite-max-allowed value If set, the max amount the cpu limit can be set to. Used with the KUBERNETES_CPU_LIMIT variable in the build. [$KUBERNETES_CPU_LIMIT_OVERWRITE_MAX_ALLOWED] --kubernetes-cpu-request value The CPU allocation requested for build containers [$KUBERNETES_CPU_REQUEST]--kubernetes-cpu-request-overwrite-max-allowed value If set, the max amount the cpu request can be set to. Used with the KUBERNETES_CPU_REQUEST variable in the build. [$KUBERNETES_CPU_REQUEST_OVERWRITE_MAX_ALLOWED]--kubernetes-memory-limit value The amount of memory allocated to build containers [$KUBERNETES_MEMORY_LIMIT]--kubernetes-memory-limit-overwrite-max-allowed value If set, the max amount the memory limit can be set to. Used with the KUBERNETES_MEMORY_LIMIT variable in the build. [$KUBERNETES_MEMORY_LIMIT_OVERWRITE_MAX_ALLOWED]--kubernetes-memory-request value The amount of memory requested from build containers [$KUBERNETES_MEMORY_REQUEST]--kubernetes-memory-request-overwrite-max-allowed value If set, the max amount the memory request can be set to. Used with the KUBERNETES_MEMORY_REQUEST variable in the build. [$KUBERNETES_MEMORY_REQUEST_OVERWRITE_MAX_ALLOWED]--kubernetes-ephemeral-storage-limit value The amount of ephemeral storage allocated to build containers [$KUBERNETES_EPHEMERAL_STORAGE_LIMIT]--kubernetes-ephemeral-storage-limit-overwrite-max-allowed value If set, the max amount the ephemeral limit can be set to. Used with the KUBERNETES_EPHEMERAL_STORAGE_LIMIT variable in the build. [$KUBERNETES_EPHEMERAL_STORAGE_LIMIT_OVERWRITE_MAX_ALLOWED]--kubernetes-ephemeral-storage-request value The amount of ephemeral storage requested from build containers [$KUBERNETES_EPHEMERAL_STORAGE_REQUEST]--kubernetes-ephemeral-storage-request-overwrite-max-allowed value If set, the max amount the ephemeral storage request can be set to. Used with the KUBERNETES_EPHEMERAL_STORAGE_REQUEST variable in the build. [$KUBERNETES_EPHEMERAL_STORAGE_REQUEST_OVERWRITE_MAX_ALLOWED]--kubernetes-service-cpu-limit value The CPU allocation given to build service containers [$KUBERNETES_SERVICE_CPU_LIMIT]--kubernetes-service-cpu-limit-overwrite-max-allowed value If set, the max amount the service cpu limit can be set to. Used with the KUBERNETES_SERVICE_CPU_LIMIT variable in the build. [$KUBERNETES_SERVICE_CPU_LIMIT_OVERWRITE_MAX_ALLOWED]--kubernetes-service-cpu-request value The CPU allocation requested for build service containers [$KUBERNETES_SERVICE_CPU_REQUEST]--kubernetes-service-cpu-request-overwrite-max-allowed value If set, the max amount the service cpu request can be set to. Used with the KUBERNETES_SERVICE_CPU_REQUEST variable in the build. [$KUBERNETES_SERVICE_CPU_REQUEST_OVERWRITE_MAX_ALLOWED]--kubernetes-service-memory-limit value The amount of memory allocated to build service containers [$KUBERNETES_SERVICE_MEMORY_LIMIT]--kubernetes-service-memory-limit-overwrite-max-allowed value If set, the max amount the service memory limit can be set to. Used with the KUBERNETES_SERVICE_MEMORY_LIMIT variable in the build. [$KUBERNETES_SERVICE_MEMORY_LIMIT_OVERWRITE_MAX_ALLOWED]--kubernetes-service-memory-request value The amount of memory requested for build service containers [$KUBERNETES_SERVICE_MEMORY_REQUEST]--kubernetes-service-memory-request-overwrite-max-allowed value If set, the max amount the service memory request can be set to. Used with the KUBERNETES_SERVICE_MEMORY_REQUEST variable in the build. [$KUBERNETES_SERVICE_MEMORY_REQUEST_OVERWRITE_MAX_ALLOWED]--kubernetes-service-ephemeral_storage-limit value The amount of ephemeral storage allocated to build service containers [$KUBERNETES_SERVICE_EPHEMERAL_STORAGE_LIMIT]--kubernetes-service-ephemeral_storage-limit-overwrite-max-allowed value If set, the max amount the service ephemeral storage limit can be set to. Used with the KUBERNETES_SERVICE_EPHEMERAL_STORAGE_LIMIT variable in the build. [$KUBERNETES_SERVICE_EPHEMERAL_STORAGE_LIMIT_OVERWRITE_MAX_ALLOWED]--kubernetes-service-ephemeral_storage-request value The amount of ephemeral storage requested for build service containers [$KUBERNETES_SERVICE_EPHEMERAL_STORAGE_REQUEST]--kubernetes-service-ephemeral_storage-request-overwrite-max-allowed value If set, the max amount the service ephemeral storage request can be set to. Used with the KUBERNETES_SERVICE_EPHEMERAL_STORAGE_REQUEST variable in the build. [$KUBERNETES_SERVICE_EPHEMERAL_STORAGE_REQUEST_OVERWRITE_MAX_ALLOWED]--kubernetes-helper-cpu-limit value The CPU allocation given to build helper containers [$KUBERNETES_HELPER_CPU_LIMIT]--kubernetes-helper-cpu-limit-overwrite-max-allowed value If set, the max amount the helper cpu limit can be set to. Used with the KUBERNETES_HELPER_CPU_LIMIT variable in the build. [$KUBERNETES_HELPER_CPU_LIMIT_OVERWRITE_MAX_ALLOWED]--kubernetes-helper-cpu-request value The CPU allocation requested for build helper containers [$KUBERNETES_HELPER_CPU_REQUEST]--kubernetes-helper-cpu-request-overwrite-max-allowed value If set, the max amount the helper cpu request can be set to. Used with the KUBERNETES_HELPER_CPU_REQUEST variable in the build. [$KUBERNETES_HELPER_CPU_REQUEST_OVERWRITE_MAX_ALLOWED]--kubernetes-helper-memory-limit value The amount of memory allocated to build helper containers [$KUBERNETES_HELPER_MEMORY_LIMIT]--kubernetes-helper-memory-limit-overwrite-max-allowed value If set, the max amount the helper memory limit can be set to. Used with the KUBERNETES_HELPER_MEMORY_LIMIT variable in the build. [$KUBERNETES_HELPER_MEMORY_LIMIT_OVERWRITE_MAX_ALLOWED]--kubernetes-helper-memory-request value The amount of memory requested for build helper containers [$KUBERNETES_HELPER_MEMORY_REQUEST]--kubernetes-helper-memory-request-overwrite-max-allowed value If set, the max amount the helper memory request can be set to. Used with the KUBERNETES_HELPER_MEMORY_REQUEST variable in the build. [$KUBERNETES_HELPER_MEMORY_REQUEST_OVERWRITE_MAX_ALLOWED]--kubernetes-helper-ephemeral_storage-limit value The amount of ephemeral storage allocated to build helper containers [$KUBERNETES_HELPER_EPHEMERAL_STORAGE_LIMIT]--kubernetes-helper-ephemeral_storage-limit-overwrite-max-allowed value If set, the max amount the helper ephemeral storage limit can be set to. Used with the KUBERNETES_HELPER_EPHEMERAL_STORAGE_LIMIT variable in the build. [$KUBERNETES_HELPER_EPHEMERAL_STORAGE_LIMIT_OVERWRITE_MAX_ALLOWED]--kubernetes-helper-ephemeral_storage-request value The amount of ephemeral storage requested for build helper containers [$KUBERNETES_HELPER_EPHEMERAL_STORAGE_REQUEST]--kubernetes-helper-ephemeral_storage-request-overwrite-max-allowed value If set, the max amount the helper ephemeral storage request can be set to. Used with the KUBERNETES_HELPER_EPHEMERAL_STORAGE_REQUEST variable in the build. [$KUBERNETES_HELPER_EPHEMERAL_STORAGE_REQUEST_OVERWRITE_MAX_ALLOWED]--kubernetes-allowed-images value Image allowlist [$KUBERNETES_ALLOWED_IMAGES]--kubernetes-allowed-services value Service allowlist [$KUBERNETES_ALLOWED_SERVICES]--kubernetes-pull-policy value Policy for if/when to pull a container image (never, if-not-present, always). The cluster default will be used if not set [$KUBERNETES_PULL_POLICY]--kubernetes-node-selector value A toml table/json object of key:value. Value is expected to be a string. When set this will create pods on k8s nodes that match all the key:value pairs. Only one selector is supported through environment variable configuration. (default: "{}") [$KUBERNETES_NODE_SELECTOR]--kubernetes-node-tolerations value A toml table/json object of key=value:effect. Value and effect are expected to be strings. When set, pods will tolerate the given taints. Only one toleration is supported through environment variable configuration. (default: "{}") [$KUBERNETES_NODE_TOLERATIONS]--kubernetes-image-pull-secrets value A list of image pull secrets that are used for pulling docker image [$KUBERNETES_IMAGE_PULL_SECRETS]--kubernetes-helper-image value [ADVANCED] Override the default helper image used to clone repos and upload artifacts [$KUBERNETES_HELPER_IMAGE]--kubernetes-helper-image-flavor value Set helper image flavor (alpine, ubuntu), defaults to alpine [$KUBERNETES_HELPER_IMAGE_FLAVOR]--kubernetes-terminationGracePeriodSeconds value Duration after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal.DEPRECATED: use KUBERNETES_POD_TERMINATION_GRACE_PERIOD_SECONDS and KUBERNETES_CLEANUP_GRACE_PERIOD_SECONDS instead. [$KUBERNETES_TERMINATIONGRACEPERIODSECONDS]--kubernetes-pod_termination_grace_period_seconds value Pod-level setting which determines the duration in seconds which the pod has to terminate gracefully. After this, the processes are forcibly halted with a kill signal. Ignored if KUBERNETES_TERMINATIONGRACEPERIODSECONDS is specified. [$KUBERNETES_POD_TERMINATION_GRACE_PERIOD_SECONDS]--kubernetes-cleanup_grace_period_seconds value When cleaning up a pod on completion of a job, the duration in seconds which the pod has to terminate gracefully. After this, the processes are forcibly halted with a kill signal. Ignored if KUBERNETES_TERMINATIONGRACEPERIODSECONDS is specified. [$KUBERNETES_CLEANUP_GRACE_PERIOD_SECONDS]--kubernetes-poll-interval value How frequently, in seconds, the runner will poll the Kubernetes pod it has just created to check its status (default: "0") [$KUBERNETES_POLL_INTERVAL]--kubernetes-poll-timeout value The total amount of time, in seconds, that needs to pass before the runner will timeout attempting to connect to the pod it has just created (useful for queueing more builds that the cluster can handle at a time) (default: "0") [$KUBERNETES_POLL_TIMEOUT]--kubernetes-pod-labels value A toml table/json object of key-value. Value is expected to be a string. When set, this will create pods with the given pod labels. Environment variables will be substituted for values here. (default: "{}")--kubernetes-service-account value Executor pods will use this Service Account to talk to kubernetes API [$KUBERNETES_SERVICE_ACCOUNT]--kubernetes-service_account_overwrite_allowed value Regex to validate 'KUBERNETES_SERVICE_ACCOUNT' value [$KUBERNETES_SERVICE_ACCOUNT_OVERWRITE_ALLOWED]--kubernetes-pod-annotations value A toml table/json object of key-value. Value is expected to be a string. When set, this will create pods with the given annotations. Can be overwritten in build with KUBERNETES_POD_ANNOTATION_* variables (default: "{}")--kubernetes-pod_annotations_overwrite_allowed value Regex to validate 'KUBERNETES_POD_ANNOTATIONS_*' values [$KUBERNETES_POD_ANNOTATIONS_OVERWRITE_ALLOWED]--kubernetes-pod-security-context-fs-group value A special supplemental group that applies to all containers in a pod [$KUBERNETES_POD_SECURITY_CONTEXT_FS_GROUP]--kubernetes-pod-security-context-run-as-group value The GID to run the entrypoint of the container process [$KUBERNETES_POD_SECURITY_CONTEXT_RUN_AS_GROUP]--kubernetes-pod-security-context-run-as-non-root value Indicates that the container must run as a non-root user [$KUBERNETES_POD_SECURITY_CONTEXT_RUN_AS_NON_ROOT]--kubernetes-pod-security-context-run-as-user value The UID to run the entrypoint of the container process [$KUBERNETES_POD_SECURITY_CONTEXT_RUN_AS_USER]--kubernetes-pod-security-context-supplemental-groups value A list of groups applied to the first process run in each container, in addition to the container's primary GID--kubernetes-build_container_security_context-capabilities-add value List of capabilities to add to the build container [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_ADD]--kubernetes-build_container_security_context-capabilities-drop value List of capabilities to drop from the build container [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_DROP]--kubernetes-build_container_security_context-privileged value Run container in privileged mode [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_PRIVILEGED]--kubernetes-build_container_security_context-run-as-user value The UID to run the entrypoint of the container process [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_RUN_AS_USER]--kubernetes-build_container_security_context-run-as-group value The GID to run the entrypoint of the container process [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_RUN_AS_GROUP]--kubernetes-build_container_security_context-run-as-non-root value Indicates that the container must run as a non-root user [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_RUN_AS_NON_ROOT]--kubernetes-build_container_security_context-read-only-root-filesystem value Whether this container has a read-only root filesystem. [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_READ_ONLY_ROOT_FILESYSTEM]--kubernetes-build_container_security_context-allow-privilege-escalation value AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_ALLOW_PRIVILEGE_ESCALATION]--kubernetes-helper_container_security_context-capabilities-add value List of capabilities to add to the build container [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_ADD]--kubernetes-helper_container_security_context-capabilities-drop value List of capabilities to drop from the build container [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_DROP]--kubernetes-helper_container_security_context-privileged value Run container in privileged mode [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_PRIVILEGED]--kubernetes-helper_container_security_context-run-as-user value The UID to run the entrypoint of the container process [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_RUN_AS_USER]--kubernetes-helper_container_security_context-run-as-group value The GID to run the entrypoint of the container process [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_RUN_AS_GROUP]--kubernetes-helper_container_security_context-run-as-non-root value Indicates that the container must run as a non-root user [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_RUN_AS_NON_ROOT]--kubernetes-helper_container_security_context-read-only-root-filesystem value Whether this container has a read-only root filesystem. [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_READ_ONLY_ROOT_FILESYSTEM]--kubernetes-helper_container_security_context-allow-privilege-escalation value AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_ALLOW_PRIVILEGE_ESCALATION]--kubernetes-service_container_security_context-capabilities-add value List of capabilities to add to the build container [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_ADD]--kubernetes-service_container_security_context-capabilities-drop value List of capabilities to drop from the build container [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_DROP]--kubernetes-service_container_security_context-privileged value Run container in privileged mode [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_PRIVILEGED]--kubernetes-service_container_security_context-run-as-user value The UID to run the entrypoint of the container process [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_RUN_AS_USER]--kubernetes-service_container_security_context-run-as-group value The GID to run the entrypoint of the container process [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_RUN_AS_GROUP]--kubernetes-service_container_security_context-run-as-non-root value Indicates that the container must run as a non-root user [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_RUN_AS_NON_ROOT]--kubernetes-service_container_security_context-read-only-root-filesystem value Whether this container has a read-only root filesystem. [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_READ_ONLY_ROOT_FILESYSTEM]--kubernetes-service_container_security_context-allow-privilege-escalation value AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_ALLOW_PRIVILEGE_ESCALATION]--kubernetes-host_aliases value Add a custom host-to-IP mapping--kubernetes-cap-add value Add Linux capabilities [$KUBERNETES_CAP_ADD]--kubernetes-cap-drop value Drop Linux capabilities [$KUBERNETES_CAP_DROP]--kubernetes-dns-policy value How Kubernetes should try to resolve DNS from the created pods. If unset, Kubernetes will use the default 'ClusterFirst'. Valid values are: none, default, cluster-first, cluster-first-with-host-net [$KUBERNETES_DNS_POLICY]--custom-config-exec value Executable that allows to inject configuration values to the executor [$CUSTOM_CONFIG_EXEC]--custom-config-args value Arguments for the config executable --custom-config-exec-timeout value Timeout for the config executable (in seconds) [$CUSTOM_CONFIG_EXEC_TIMEOUT]--custom-prepare-exec value Executable that prepares executor [$CUSTOM_PREPARE_EXEC]--custom-prepare-args value Arguments for the prepare executable--custom-prepare-exec-timeout value Timeout for the prepare executable (in seconds) [$CUSTOM_PREPARE_EXEC_TIMEOUT]--custom-run-exec value Executable that runs the job script in executor [$CUSTOM_RUN_EXEC]--custom-run-args value Arguments for the run executable--custom-cleanup-exec value Executable that cleanups after executor run [$CUSTOM_CLEANUP_EXEC]--custom-cleanup-args value Arguments for the cleanup executable--custom-cleanup-exec-timeout value Timeout for the cleanup executable (in seconds) [$CUSTOM_CLEANUP_EXEC_TIMEOUT]--custom-graceful-kill-timeout value Graceful timeout for scripts execution after SIGTERM is sent to the process (in seconds). This limits the time given for scripts to perform the cleanup before exiting [$CUSTOM_GRACEFUL_KILL_TIMEOUT]--custom-force-kill-timeout value Force timeout for scripts execution (in seconds). Counted from the force kill call; if process will be not terminated, Runner will abandon process termination and log an error [$CUSTOM_FORCE_KILL_TIMEOUT]#
To register a runner using the most common options, you would do:
sudo gitlab-runner register \--non-interactive \--url "https://gitlab.com/" \--registration-token "PROJECT_REGISTRATION_TOKEN" \--executor "docker" \--docker-image alpine:latest \--description "docker-runner" \--maintenance-note "Free-form maintainer notes about this runner" \--tag-list "docker,aws" \--run-untagged="true" \--locked="false" \--access-level="not_protected"
If you’re running the runner in a Docker container, the register command is structured similar to the following:
docker run --rm -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register \--non-interactive \--executor "docker" \--docker-image alpine:latest \--url "https://gitlab.com/" \--registration-token "PROJECT_REGISTRATION_TOKEN" \--description "docker-runner" \--maintenance-note "Free-form maintainer notes about this runner" \--tag-list "docker,aws" \--run-untagged="true" \--locked="false" \--access-level="not_protected"
The --access-level parameter was added in GitLab Runner 12.0. It uses a registration API parameter introduced in GitLab 11.11. Use this parameter during registration to create a [protected runner](https://docs.gitlab.com/ee/ci/runners/configure_runners.html#prevent-runners-from-revealing-sensitive-information). For a protected runner, use the --access-level="ref_protected" parameter. For an unprotected runner, use --access-level="not_protected" instead or leave the value undefined. This value can later be toggled on or off in the project’s **Settings > CI/CD** menu.<br />The --maintenance-note parameter was [added](https://gitlab.com/gitlab-org/gitlab-runner/-/merge_requests/3268) in GitLab Runner 14.8. You can use it to add information related to runner maintenance. The maximum allowed length is 255 characters.
2.3 唉,进入内部 register,处理gitlab job pending 问题
# gitlab-runner register -n \--url "http://192.168.0.187" \--registration-token "n7h7thpUt-LAVXkoeg6t" \--executor docker \--description "Docker Runner" \--docker-image "sonarsource/sonar-scanner-cli:latest" \--docker-volumes /var/run/doc> ker.sock:/var/run/docker.sockRuntime platform arch=amd64 os=linux pid=33 revision=5316d4ac version=14.6.0Running in system-mode.Registering runner... succeeded runner=n7h7thpURunner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!#
现在 gitlab 的job就好了。
接下来又干什么呢?等我想想,还不知道呢。
若有收获,就点个赞吧
0 人点赞
