Docker的網路-Drone+Drone Runner+SonarQube+Gitlab堆疊

# Docker的網路-Drone+Drone Runner+SonarQube+Gitlab堆疊昨天完成了SonarQube與Maven的整合，今天想繼續把CICD平台繼續堆疊起來。先說我遇到了幾個問題： 1. gitlab docker啟動後，root密碼需要下指令查找 > sudo docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password 參考： https://docs.gitlab.com/ee/install/docker.html 2. gitlab有內建healthcheck機制，可直接使用，不過drone沒有，所以runner暫時等drone啟動後獨立執行。 4. gitlab設定的application redirect URI要留意，注意可以讓gitlab跟drone連線的到的路徑。 ![](https://hackmd.io/_uploads/Hy9JybTeT.png) 4. gitlab針對main有保護，所以remote push要特別開。參考： https://hoohoo.top/blog/resolved-gitlab-forcepush-to-master-error-you-are-not-allowed-to-force-push-push/ ![](https://hackmd.io/_uploads/r1hJ4WTlT.png) 5. Drone無法activate repository，問題來自於gitlab有限制本地網路的請求。參考： https://www.58jb.com/html/there-was-a-problem-enabling-your-repository.html ![](https://hackmd.io/_uploads/BJlt1W6gT.png) 6. drone執行腳本時會去找gitlab的external_url，這部份的連線目前我還沒排除，不確定是HOST要連得到還是drone container要連得到，會出現連線錯誤，所以目前一直在config/gitlab.rb修改external_url，看是那一個ip才會正常，另外也發現external_url不能塞:8080這類port。參考： https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-f 7. drone需要信用gitlab repose，才可以啟動priviledged的docker，必須指定管理帳號(gitlab跟drone溝通的帳號)，才能設定gitlab repos為trusted 參考： https://docs.drone.io/server/user/admin/ https://0-8-0.docs.drone.io/privileged-mode/ https://blog.csdn.net/qq_32828933/article/details/107244631 ### compsoe yaml - CICD docker-compose yaml ``` version: "3" name: cicd services: gitlab: image: gitlab/gitlab-ce:16.4.1-ce.0 restart: always networks: ap_net: ipv4_address: 172.18.0.2 ports: - 8080:80 - 8443:443 - 22:22 volumes: - "/home/ted/project/gitlab/config:/etc/gitlab" - "/home/ted/project/gitlab/logs:/var/log/gitlab" - "/home/ted/project/gitlab/data:/var/opt/gitlab" sonarqube: image: sonarqube:8.9.10-community volumes: - "/home/ted/project/sonarqube/data:/opt/sonarqube/data" - "/home/ted/project/sonarqube/logs:/opt/sonarqube/logs" - "/home/ted/project/sonarqube/extensions:/opt/sonarqube/extensions" ports: - 9000:9000 networks: ap_net: ipv4_address: 172.18.0.3 drone: image: drone/drone:2.20.0 volumes: - "/home/ted/project/drone:/data" environment: - DRONE_GITLAB_SERVER=http://172.18.0.2 - DRONE_GITLAB_CLIENT_ID=0xxxxx - DRONE_GITLAB_CLIENT_SECRET=xxxx - DRONE_RPC_SECRET=xxxx - DRONE_SERVER_HOST=172.18.0.4 - DRONE_SERVER_PROTO=http depends_on: gitlab: condition: service_healthy ports: - 80:80 - 8000:443 networks: ap_net: ipv4_address: 172.18.0.4 networks: ap_net: external: true ``` - Runner Yaml ``` version: "3" name: runner services: drone-runner: image: drone/drone-runner-docker:1 volumes: - /var/run/docker.sock:/var/run/docker.sock ports: - 3000:3000 environment: - DRONE_RPC_PROTO=http - DRONE_RPC_HOST=172.18.0.4 - DRONE_RPC_SECRET=xxxx - DRONE_RUNNER_NAME=my-first-runner networks: ap_net: ipv4_address: 172.18.0.5 networks: ap_net: external: true ``` - 執行結果 ![](https://hackmd.io/_uploads/S1lK4b6xT.png) 可以看到等gitlab healthy之後，drone才會啟動。 - Runner啟動 ![](https://hackmd.io/_uploads/ryFhNbpga.png) 目前卡在drone去讀取gitlab的程式碼執行腳本，測試過各類的ip都還是無法運作，只能繼續再除錯了... 更新：因為drone會啟動一個container:drone/git，它跑得IP跟ap_net的網段不同，以致於連線異常，所以這部份腳本會再看如何調整。參考： https://stackoverflow.com/questions/46277180/drone-ci-failing-on-clone-step ``` version: "3" name: runner services: drone-runner: image: drone/drone-runner-docker:1 volumes: - /var/run/docker.sock:/var/run/docker.sock ports: - 3000:3000 environment: - DRONE_RPC_PROTO=http - DRONE_RPC_HOST=172.18.0.4 - DRONE_RPC_SECRET=xxxx - DRONE_RUNNER_CAPACITY=2 - DRONE_RUNNER_NAME=my-first-runner - DRONE_RUNNER_NETWORKS=ap_net networks: ap_net: ipv4_address: 172.18.0.5 networks: ap_net: external: true ``` 增加了一行： ``` - DRONE_RUNNER_NETWORKS=ap_net ``` 就可以正常執行了。 - 腳本 ``` kind: pipeline type: docker name: default steps: - name: greeting image: alpine commands: - echo hello - echo world ``` ![](https://hackmd.io/_uploads/HkOjCb6ga.png) 很開心，終於完成這個案例。