Deploying cointainers from Gitlab-ci

Hi there,

I am experimenting about a full Continous integration/Continous deployment workflow just using Gitlab (with pipelines and docker registry) and Rancher. Actually Gitlab is really cool platform providing everything very well integrated.

I am in the last phase: using rancher-compose to deploy the container in my Rancher infrastructure. I am using a Gitlab-Runner to execute the CI/CD pipelines and now I need to have the rancher-compose-cli inside the container where is been everything executed. Any suggestion to have the cli inside the runner? Should I use an ubuntu base image, then download an install the debian package?

I have seen there is a docker version of docker-compose. Because inside the runner I have docker, I could use it to lunch the deployment, but I am passing a lot of private information (keys) through a third-person container.

Thanks for suggestions.,

Hi! We are doing a similar thing to test out gitlab ci. I kind of hacked a working system together for this. I created a custom gitlab runner image from gitlab-runner that has docker, docker-compose and rancher-compose installed and they are running and registered with gitlab.

Our current pipeline is defined in 3 stages in .gitlab-ci.yml. The publish stage pushes the built images into the private repo, tagged propertly. The deploy stage is set to manual so if you push the button in Gitlab it runs the deployment phase for that version. The gozerthedeployer.sh script is just a wrapper around make that issues announcement of start and end and result to slack using curl posting to a webhook. In a previous version, the gozer script also just installed the compose tools that it needed in the runner if they were missing, which can avoid the need for a custom runner image.

image: docker:git

stages:
  - build
  - publish
  - deploy

.shared: &template
  tags:
    - docker
  only:
    - BRANCH

build_job:
  <<: *template
  stage: build
  script:
    - make TAG=$CI_BUILD_REF_NAME VER=$CI_PIPELINE_ID build

publish_job:
  <<: *template
  stage: publish
  script:
    - make TAG=$CI_BUILD_REF_NAME VER=$CI_PIPELINE_ID tag push

deploy_job:
  <<: *template
  stage: deploy
  script:
    - cd envs && ./gozerthedeployer.sh REDACTED
  when: manual
  environment: REDACTED

Maybe some of that will help

@sra please, could you provide me any point with information about how to create these customs runners? or, do you know if we could use some docker image as base including rancher-compose?

In any case, very useful information with you pipeline, thank you very much.

Are you trying to start new services in Rancher or upgrade existing ones?

If you are upgrading, which is what I do, then I can help you.

Hi - here is most of the Dockerfile that I build our runners with.

FROM gitlab/gitlab-runner:latest

RUN curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | sudo bash

RUN apt-get update && \
    apt-get -y install \
            make \
            rsync \
            curl \
            nano \
            sshpass \
            git-lfs \
            awscli \
            zip \
        --no-install-recommends && \
    rm -r /var/lib/apt/lists/* # 150901

RUN git lfs install

# add missing SSL certificate https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1261855
RUN curl -o /usr/local/share/ca-certificates/como.crt \
      https://gist.githubusercontent.com/schmunk42/5abeaf7ca468dc259325/raw/2a8e19139d29aeea2871206576e264ef2d45a46d/comodorsadomainvalidationsecureserverca.crt \
 && update-ca-certificates

RUN curl -L https://get.docker.com/builds/Linux/x86_64/docker-1.10.3 > /usr/local/bin/docker-1.10.3 && \
    chmod +x /usr/local/bin/docker-1.10.3 && \
    ln -s /usr/local/bin/docker-1.10.3 /usr/local/bin/docker

#RUN curl -L https://get.docker.com/builds/Linux/x86_64/docker-1.11.0.tgz > /tmp/docker-1.11.0.tgz && \
#    cd /tmp && tar -xzf ./docker-1.11.0.tgz && \
#    rm /tmp/docker-1.11.0.tgz && \
#    mv /tmp/docker/docker /usr/local/bin/docker && \
#    chmod +x /usr/local/bin/docker

RUN curl -L https://github.com/docker/compose/releases/download/1.7.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose && \
    chmod +x /usr/local/bin/docker-compose

ENV TERM=linux

RUN wget https://github.com/Yelp/dumb-init/releases/download/v1.0.0/dumb-init_1.0.0_amd64.deb
RUN dpkg -i dumb-init_*.deb
ENTRYPOINT ["/usr/bin/dumb-init", "/entrypoint"]
CMD ["run", "--user=root", "--working-directory=/usr/local/gitlab-runner"]

COPY auth.json /root/.docker/config.json
RUN chmod 700 /root/.docker
RUN chmod 600 /root/.docker/config.json

The auth.json file is what is saved when you docker login to a private repository.
I run it with:

docker run -d  --restart always -v /var/run/docker.sock:/var/run/docker.sock \
            -v /usr/local/gitlab-runner/config:/etc/gitlab-runner \
            -v /usr/local/gitlab-runner/builds:/usr/local/gitlab-runner/builds \
            --name gitlab-runner PRIVATEREPO/gitlab-runner

You have to one-time register it with gitlab like a normal runner

docker exec -it gitlab-runner gitlab-runner register

Not sure if that was what you were asking about, but there it is. I think I got most of that docker file from a docker-in-docker setup somewhere.

Yeaah thank you, that is exactly what I need it

I’ve written a tool to make upgrading Rancher services from gitlab-ci.yml files a lot easier (if you don’t keep your rancher-compose.yml files in the repo)

If you add a RANCHER_URL, RANCHER_ACCESS_KEY and RANCHER_SECRET_KEY secret variables to your project, you just need to add a new stage to your .gitlab-ci.yml file to have it upgrade the service in Rancher:

deploy:rancher:
  stage: deploy
  image: cdrx/rancher-gitlab-deploy
  script: upgrade

No further configuration is necessary if the group and project name in GitLab match the stack and service name in Rancher. If your stack or service name is different, you can pass --stack abc and/or --service xyz to the script: upgrade line.

Docs are on GitHub here https://github.com/cdrx/rancher-gitlab-deploy

We’ve built a small solution that does not make assumptions about project or service names, but uses a configurable service URL instead: https://github.com/Uber5/gitlab2rancher-deploy

Maybe useful for some? It’s just a NodeJS package, so quite lightweight.

We also built a solution, check it out at:

https://docs.google.com/presentation/d/1FdB6myROKGYwkBoddskk7GQKblQBxPrTfBy3hA5RfiA/edit?usp=sharing

here how we do it:

Is there any way i can ask you some questions about the gitlab runner in detail? @sra

I sent a private message

After some help from @sra and others i finally came to this solution:

deploy_qa:
  before_script:
    - export RANCHER_SECRET_KEY=$(echo $RANCHER_SECRET_KEY_DEV)
    - export RANCHER_ACCESS_KEY=$(echo $RANCHER_ACCESS_KEY_DEV)
  stage: deploy_qa_environment
  image: badouralix/rancher-cli
  script:
    - "rancher env ls"
    - "rancher stacks create mytestbranchname -f rancher/docker-compose.yml -r rancher/rancher-compose.yml"
  except:
    - master
  when: manual

Its not perfect, but it is a good way to start from

Love to suggest JSON tool which saved my lot of time to debug JSON data.