1. 首页
  2. 问题
  3. Gitlab CI运行程序无法公开嵌套Docker容器的端口
一尘不染

Gitlab CI运行程序无法公开嵌套Docker容器的端口

docker

当使用GitLab CI以及时gitlab-ci-multi- runner,我无法获取内部启动的Docker容器以将其端口暴露给“主机”,即构建在其中运行的Docker映像。

我的.gitlab-ci.yml档案:

test:
  image: docker
  stage: test
  services:
    - docker:dind
  script:
    - APP_CONTAINER_ID=`docker run -d --privileged -p "9143:9143" appropriate/nc nc -l 9143`
    - netstat -a
    - docker exec $APP_CONTAINER_ID netstat -a
    - nc -v localhost 9143

我的命令:

gitlab-ci-multi-runner exec docker --docker-privileged test

输出:

$ netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 runner--project-1-concurrent-0:54664 docker:2375             TIME_WAIT
tcp        0      0 runner--project-1-concurrent-0:54666 docker:2375             TIME_WAIT
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path

$ docker exec $APP_CONTAINER_ID netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:9143            0.0.0.0:*               LISTEN
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path

$ nc -v localhost 9143
ERROR: Build failed: exit code 1
FATAL: exit code 1

我在这里做错了什么?

原始问题后继-上面是一个简短,易于测试的示例

我有一个监听端口的应用程序映像9143。它的启动和配置是通过进行管理的docker- compose.yml,并且可以在我的本地计算机上正常使用docker-compose up-我可以localhost:9143毫无问题地进行访问。

但是,gitlab.com通过共享运行程序在GitLab CI(版本)上运行时,该端口似乎没有暴露。

我的相关部分.gitlab-ci.yml

test:
  image: craigotis/buildtools:v1
  stage: test
  script:
    - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN registry.gitlab.com/craigotis/myapp
    - docker-compose up -d
    - sleep 60 # a temporary hack to get the logs
    - docker-compose logs
    - docker-machine env
    - docker-compose port app 9143
    - netstat -a
    - docker-compose ps
    - /usr/local/bin/wait-for-it.sh -h localhost -p 9143 -t 60
    - cd mocha
    - npm i
    - npm test
    - docker-compose down

输出为:

$ docker-compose logs
...
app_1  | [Thread-1] INFO spark.webserver.SparkServer - == Spark has ignited ...
app_1  | [Thread-1] INFO spark.webserver.SparkServer - >> Listening on 0.0.0.0:9143
app_1  | [Thread-1] INFO org.eclipse.jetty.server.Server - jetty-9.0.z-SNAPSHOT
app_1  | [Thread-1] INFO org.eclipse.jetty.server.ServerConnector - Started ServerConnector@6919dc5{HTTP/1.1}{0.0.0.0:9143}
...

$ docker-compose port app 9143
0.0.0.0:9143

$ netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 runner-e11ae361-project-1925166-concurrent-0:53646 docker:2375             TIME_WAIT   
tcp        0      0 runner-e11ae361-project-1925166-concurrent-0:53644 docker:2375             TIME_WAIT   
tcp        0      0 runner-e11ae361-project-1925166-concurrent-0:53642 docker:2375             TIME_WAIT   
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path

$ docker-compose ps
stty: standard input: Not a tty
    Name                  Command               State                Ports               
----------------------------------------------------------------------------------------
my_app_1   wait-for-it.sh mysql_serve ...   Up      8080/tcp, 0.0.0.0:9143->9143/tcp 
mysql_server   docker-entrypoint.sh --cha ...   Up      3306/tcp

$ /usr/local/bin/wait-for-it.sh -h localhost -p 9143 -t 60
wait-for-it.sh: waiting 60 seconds for localhost:9143
wait-for-it.sh: timeout occurred after waiting 60 seconds for localhost:9143

我的内容docker-compose.yml

version: '2'

networks:
    app_net:
        driver: bridge

services:
    app:
        image: registry.gitlab.com/craigotis/myapp:latest
        depends_on:
        - "db"
        networks:
        - app_net
        command: wait-for-it.sh mysql_server:3306 -t 60 -- java -jar /opt/app*.jar
        ports:
        - "9143:9143"

    db:
        image: mysql:latest
        networks:
        - app_net
        container_name: mysql_server
        environment:
        - MYSQL_ALLOW_EMPTY_PASSWORD=true

看起来 像我的应用程序容器被监听9143,它的正确曝光到共享GitLab亚军,但它似乎并没有真正被暴露。它在我的本地计算机上运行良好-
是否需要一些特殊的解决方法/调整才能使它在GitLab上运行的Docker容器 工作?


阅读 325

收藏
2020-06-17

共1个答案

一尘不染

gitlab.com文档上的官方gitab-
ci是指PostgreSQL示例

它的工作CI不会尝试连接到localhost,而是连接到服务名称

services关键字定义仅仅是您的构建过程中运行,并链接到泊坞窗图像,该图像的关键字定义了另一个码头工人的形象。这样,您就可以在构建期间访问服务映像。

MySQL的服务容器可以在主机名下访问mysql
因此,为了访问数据库服务,您必须连接到名为的主机,mysql而不是套接字或localhost

您可以检查是否适用于您的情况,然后尝试访问中的应用服务app:9143而不是localhost:9143

2020-06-17