docker volumes not mounted when using docker:dind
john047 opened this issue · comments
What happened:
docker volumes not mounted when using docker:dind
How to reproduce it (as minimally and precisely as possible):
With the following job, the "docker run" command does not mount the project directory:
horusec_sast:
stage: check-code
image: docker:19.03.12
services:
- docker:dind
script:
- export SHARED_PATH="/builds/$CI_PROJECT_PATH/shared"
- mkdir -p ${SHARED_PATH}
- docker run -v /var/run/docker.sock:/var/run/docker.sock -v ${SHARED_PATH}:/mnt -w /mnt horuszup/horusec-cli:latest ls -la /mnt
- docker rmi -f $(docker images --filter=reference=horuszup/horusec-cli:latest --format "{{.ID}}") || true
- docker rm -f $(docker ps -a -q --filter 'exited=0') || true
I configured gitlab-runner (14.8.2) with executor = "docker", privileged = true and volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/cache"] without TLS.
How to solve this problem?
Anything else we need to know?:
Also I have the following logs when the runner starts:
Using Docker executor with image docker:19.03.12 ...
Starting service docker:dind ...
Using locally found image version due to "if-not-present" pull policy
Using docker image sha256:5dbe252bd9afb23859f250989da416b2cd8ab30f4b61a2bc8fca6f9b05d7e665 for docker:dind with digest docker@sha256:a7a9383d0631b5f6b59f0a8138912d20b63c9320127e3fb065cb9ca0257a58b2 ...
Waiting for services to be up and running...
*** WARNING: Service runner-bgwxj1xm-project-298-concurrent-0-dabf48a448e4fe0d-docker-0 probably didn't start properly.
Health check error:
service "runner-bgwxj1xm-project-298-concurrent-0-dabf48a448e4fe0d-docker-0-wait-for-service" timeout
Health check container logs:
Service container logs:
2022-06-23T10:36:12.519285773Z Generating RSA private key, 4096 bit long modulus (2 primes)
2022-06-23T10:36:12.797383520Z ...............................................++++
2022-06-23T10:36:12.973924400Z ....................................++++
2022-06-23T10:36:12.974469522Z e is 65537 (0x010001)
2022-06-23T10:36:12.996145177Z Generating RSA private key, 4096 bit long modulus (2 primes)
2022-06-23T10:36:13.681685455Z ........................................................................................................................................................++++
2022-06-23T10:36:14.005126070Z .......................................................................++++
2022-06-23T10:36:14.005152058Z e is 65537 (0x010001)
2022-06-23T10:36:14.035913417Z Signature ok
2022-06-23T10:36:14.036213472Z subject=CN = docker:dind server
2022-06-23T10:36:14.036737637Z Getting CA Private Key
2022-06-23T10:36:14.050386469Z /certs/server/cert.pem: OK
2022-06-23T10:36:14.054639524Z Generating RSA private key, 4096 bit long modulus (2 primes)
2022-06-23T10:36:14.255263099Z ...........................................++++
2022-06-23T10:36:14.550647095Z .......................................................++++
2022-06-23T10:36:14.551368430Z e is 65537 (0x010001)
2022-06-23T10:36:14.581420313Z Signature ok
2022-06-23T10:36:14.581446517Z subject=CN = docker:dind client
2022-06-23T10:36:14.581803836Z Getting CA Private Key
2022-06-23T10:36:14.596792990Z /certs/client/cert.pem: OK
2022-06-23T10:36:14.693380980Z time="2022-06-23T10:36:14.693077357Z" level=info msg="Starting up"
2022-06-23T10:36:14.695449731Z time="2022-06-23T10:36:14.695322131Z" level=warning msg="could not change group /var/run/docker.sock to docker: group docker not found"
2022-06-23T10:36:14.695669554Z failed to load listeners: can't create unix socket /var/run/docker.sock: device or resource busy
Environment:
- Horusec version (use
horusec version):
Horusec version (use horusec version):
Version: v2.8.0
Git commit: df32c1c
Built: Wed Jun 08 13:57:08 2022
Distribution: normal
I solved the problem in the following way:
horusec_sast:
stage: check-code
image: docker:19.03.12
script:
- docker run -v /var/run/docker.sock:/var/run/docker.sock -v ${CI_PROJECT_DIR}:/mnt horuszup/horusec-cli:latest ls -la /mnt
- docker rmi -f $(docker images --filter=reference=horuszup/horusec-cli:latest --format "{{.ID}}") || true
- docker rm -f $(docker ps -a -q --filter 'exited=0') || true
config.toml: executor = "docker", privileged = false, volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/cache", "/builds:/builds"], without TLS.
Does not work without "/builds:/builds" in config.toml.