How to run Bamboo Data Center Docker Runner Using a Docker Image from a Private Docker Registry with Bamboo Elastic Agents
プラットフォームについて: Data Center - この記事は、Data Center プラットフォームのアトラシアン製品に適用されます。
このナレッジベース記事は製品の Data Center バージョン用に作成されています。Data Center 固有ではない機能の Data Center ナレッジベースは、製品のサーバー バージョンでも動作する可能性はありますが、テストは行われていません。サーバー*製品のサポートは 2024 年 2 月 15 日に終了しました。サーバー製品を利用している場合は、アトラシアンのサーバー製品のサポート終了のお知らせページにて移行オプションをご確認ください。
*Fisheye および Crucible は除く
目的
The Bamboo Data Center Docker Runner is a valuable feature that enables isolated builds and deployments within a Docker container. By utilizing the Docker Runner, the build process remains unaffected by other processes in the environment where it operates. This ensures the reliability and reproducibility of the environment, even at a later time or in a different setting.
However, the Bamboo Data Center Docker Runner relies on a required Docker image, and if this image is sourced from a private Docker registry, newly instantiated Bamboo elastic agents will not have the necessary credentials to pull these Docker images. This article explains how to pull an image from a private Docker registry when using the Bamboo Docker Runner on Bamboo Elastic agents
環境
The following steps have been validated in the following environments but may be applicable to other versions as well:
- Bamboo Data Centre Version 9.6.4
- Docker Version 24.0.5
- Bamboo Elastic Ubuntu AMI
How Bamboo Data Center works with Docker Runner on Bamboo Elastic agent
Docker Runner operates at the level of Bamboo jobs. A job is the unit of distribution of work per Bamboo build agents and it is itself made of a set of tasks that run sequentially. When a job is distributed with Docker Runner the steps below are carried out:
- Bamboo first sends a request to AWS to start a new EC2 from a given AMI.
- Bamboo passes user-data to the EC2 with information about Bamboo URL, startup Script and many more.
- The Elastic agent starts after some activities.
- Bamboo starts a Docker container from the user provided Docker image on the Elastic agent.
- Bamboo converts all tasks in a job to an executable script which is then copied into the Docker container for isolated execution.
- When a job is done, Bamboo removes a running container, this time without a script.
- When the user provided Docker image is from Private Docker registry, you may encounter the error below due to missing Docker credentials.
Exit code: 125, output: STDOUT: Beginning to execute external process for build 'test - planbj - Default Job #8 (TEST-PLAN-JOB1-8)'\n ... running command line: \n/usr/bin/docker run --volume /home/bamboo/bamboo-agent-home/xml-data/build-dir/TEST-PLAN-JOB1:/home/bamboo/bamboo-agent-home/xml-data/build-dir/TEST-PLAN-JOB1 --volume /home/bamboo/bamboo-agent-home/temp:/home/bamboo/bamboo-agent-home/temp --detach --name 08db5e7d-2783-49db-a9bf-3901a6971f7c622594 private_docker_registry_URL/artifactory/bamboo-test/mysql/ tail -f /dev/null\n ... in: /home/bamboo/bamboo-agent-home/xml-data/build-dir/TEST-PLAN-JOB1\nSTDERR: docker: invalid reference format.STDERR: See 'docker run --help'.
DD-MM-YYYY HH:MM:SS Failed to start docker container 08db5e7d-2783-49db-a9bf-3901a6971f7c622594
DD-MM-YYYY HH:MM:SS com.atlassian.bamboo.docker.DockerException: Error running Docker run command
...
DD-MM-YYYY HH:MM:SS at com.atlassian.bamboo.security.ImpersonationHelper.runWith(ImpersonationHelper.java:26)
DD-MM-YYYY HH:MM:SS at com.atlassian.bamboo.security.ImpersonationHelper.runWithSystemAuthority(ImpersonationHelper.java:17)
DD-MM-YYYY HH:MM:SS at com.atlassian.bamboo.security.ImpersonationHelper$1.run(ImpersonationHelper.java:41)
DD-MM-YYYY HH:MM:SS at java.base/java.lang.Thread.run(Thread.java:829)
DD-MM-YYYY HH:MM:SS Caused by: com.atlassian.utils.process.ProcessException: Error executing /usr/bin/docker run --volume /home/bamboo/bamboo-agent-home/xml-data/build-dir/TEST-PLAN-JOB1:/home/bamboo/bamboo-agent-home/xml-data/build-dir/TEST-PLAN-JOB1 --volume /home/bamboo/bamboo-agent-home/temp:/home/bamboo/bamboo-agent-home/temp --detach --name 08db5e7d-2783-49db-a9bf-3901a6971f7c622594 private_docker_registry_URL/artifactory/bamboo-test/mysql/ tail -f /dev/null
...
DD-MM-YYYY HH:MM:SS Error response from daemon: No such container: 08db5e7d-2783-49db-a9bf-3901a6971f7c622594 - This can be fixed by ensuring that the credentials, which are stored in the ~/
.docker/config.jsonfile of the Bamboo user's home directory in the EC2 instance.
ソリューション
The following steps are required:
Generate the Docker credentials manually using. I was using a JFROG artifactory in my case.
$ docker --config /var/tmp login <PRIVATE_DOCKER_REGISTRY> $ cat /var/tmp/config.json { "auths": { "artifactory.jfrog.io": { "auth": "ZmFtYm9vdGVzdMpOdXRyZW5kb0A2Nzg9" } } }- From the top navigation bar select
> Elastic Bamboo > Image configurations. - Select your preferred elastic image configuration and select edit
- Scroll down to Instance startup script section.
Add the script below and save. Ensure to replace with the contents of your $HOME/.docker/config.json and your private Docker Registry URL
#!/bin/bash export HOME=/home/bamboo cd $HOME mkdir .docker && chmod 700 .docker cat > .docker/config.json << EOF { "auths": { "artifactory.jfrog.io": { "auth": "ZmFtYm9vdGVzdMpOdXRyZW5kb0A2Nzg9" } } } EOF chown -R bamboo:bamboo .docker- The config.json will be different in your case, kindly substitute appropriately.
- Now you can test running a build plan using a Bamboo Data Center Docker Runner on a Bamboo elastic agent using a docker image from a private Docker registry.
For related issues concerning Bamboo remote agents, particularly on how to handle tasks when the job is running inside a Bamboo Docker Runner, please refer to the Knowledge Base article titled, How to access images in private repository using a Bamboo Docker Tasks when the job is running inside a Bamboo Docker Runner (DinD).