docker - Setting up Gitlab using Docker on Windows host, issue with shared folders

Question

TLDR;

Does anyone know how to solve the "Failed asserting that ownership of "/var/opt/gitlab/git-data" was git" error?

Background:

I want to set up the Gitlab Docker on WindowsServer2012R2 running Docker toolbox, version 17.04.0-ce, build 4845c56.

Issue/Question

I can't get the shared folder to work properly on the D drive of the server. I read that I needed to add the folder to the VirtualBox VM, which I did via the settings/shared folder menu in the VB GUI. I set a name "gitlab" to the path "D:\data\gitlab" then checked auto-mount, make permanent, and set it to full access.

I started the docker machine and ran "docker-machine ssh $machine-name". I noticed that there was no /media directory and so I added a folder at the home directory (/home/docker/gitlab) and then mounted the shared folder using the following command I found in several forums:

sudo mount -t vboxsf gitlab /home/docker/gitlab

At this point I can add files to the Windows host directory or the Docker VM and it seems to work fine and the test files show up.

Now when I spin up the Gitlab Docker image, I use the following command modified from their documentation:

docker run --detach --hostname gitlab.example.com --publish 80:80 --name gitlab --volume /home/docker/gitlab:/etc/gitlab:Z --volume /home/docker/gitlab/logs:/var/log/gitlab:Z --volume /home/docker/gitlab/data:/var/opt/gitlab:Z gitlab/gitlab-ce

Now I know that it appears to be writing to the shared drive, because all of these files are generated, but then it crashes after a few seconds and I receive the following error log.

Error Log:

Thank you for using GitLab Docker Image!
Current version: gitlab-ce=9.3.6-ce.0

Configure GitLab for your system by editing /etc/gitlab/gitlab.rb file
And restart this container to reload settings.
To do it use docker exec:

  docker exec -it gitlab vim /etc/gitlab/gitlab.rb
  docker restart gitlab

For a comprehensive list of configuration options please see the Omnibus GitLab readme
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md

If this container fails to start due to permission problems try to fix it by executing:

  docker exec -it gitlab update-permissions
  docker restart gitlab

Installing gitlab.rb config...
Generating ssh_host_rsa_key...
Generating public/private rsa key pair.
Your identification has been saved in /etc/gitlab/ssh_host_rsa_key.
Your public key has been saved in /etc/gitlab/ssh_host_rsa_key.pub.
The key fingerprint is:
SHA256:GyFlf9tl7ZuEbuE+dwZUYiyahdsRzpC1T7kwyUvoD+o root@gitlab.example.com
The key's randomart image is:
+---[RSA 2048]----+
|        o .+oo   |
|       o .o*+o+.o|
|      . . o*@+oo+|
|       . o+o.Oo= |
|        S o o++..|
|         + oo + o|
|        o   .+ + |
|       .    o. .o|
|        E    .o..|
+----[SHA256]-----+
Generating ssh_host_ecdsa_key...
Generating public/private ecdsa key pair.
Your identification has been saved in /etc/gitlab/ssh_host_ecdsa_key.
Your public key has been saved in /etc/gitlab/ssh_host_ecdsa_key.pub.
The key fingerprint is:
SHA256:Kb99jG8EtMuTSdIuqBT3GLeD1D0wwTEcQhKgVJUlBjs root@gitlab.example.com
The key's randomart image is:
+---[ECDSA 256]---+
| .o+=*=+=+       |
|..  oo..=..      |
|.  E   . * .     |
|    o + +.B      |
|     +.BS* *     |
|    . +o= B .    |
|   . .  .o =     |
|    .    o. +    |
|        . .+.    |
+----[SHA256]-----+
Generating ssh_host_ed25519_key...
Generating public/private ed25519 key pair.
Your identification has been saved in /etc/gitlab/ssh_host_ed25519_key.
Your public key has been saved in /etc/gitlab/ssh_host_ed25519_key.pub.
The key fingerprint is:
SHA256:lVxpu0UoyNPWVY6D9c+m/bUTyvKP6vuR4cTOYwQ0j+U root@gitlab.example.com
The key's randomart image is:
+--[ED25519 256]--+
|       . o +.=o..|
|        +.=o@o.+ |
|         o+=.Eo o|
|         .  + .o.|
|        S    B  +|
|            B o= |
|            .Oo +|
|           ..o+.+|
|          .+*+.oo|
+----[SHA256]-----+
Preparing services...
Starting services...
Configuring GitLab package...
/opt/gitlab/embedded/bin/runsvdir-start: line 24: ulimit: pending signals: cannot modify limit: Operation not permitted
/opt/gitlab/embedded/bin/runsvdir-start: line 34: ulimit: max user processes: cannot modify limit: Operation not permitted
/opt/gitlab/embedded/bin/runsvdir-start: line 37: /proc/sys/fs/file-max: Read-only file system
Configuring GitLab...

================================================================================
Error executing action `run` on resource 'ruby_block[directory resource: /var/opt/gitlab/git-data]'
================================================================================

Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Failed asserting that ownership of "/var/opt/gitlab/git-data" was git
---- Begin output of set -x && [ "$(stat --printf='%U' $(readlink -f /var/opt/gitlab/git-data))" = 'git' ] ----
STDOUT:
STDERR: + readlink -f /var/opt/gitlab/git-data
+ stat --printf=%U /var/opt/gitlab/git-data
+ [ UNKNOWN = git ]
---- End output of set -x && [ "$(stat --printf='%U' $(readlink -f /var/opt/gitlab/git-data))" = 'git' ] ----
Ran set -x && [ "$(stat --printf='%U' $(readlink -f /var/opt/gitlab/git-data))" = 'git' ] returned 1

Cookbook Trace:
---------------
/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/libraries/storage_directory_helper.rb:124:in `validate_command'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/libraries/storage_directory_helper.rb:112:in `block in validate'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/libraries/storage_directory_helper.rb:111:in `each_index'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/libraries/storage_directory_helper.rb:111:in `validate'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/libraries/storage_directory_helper.rb:87:in `validate!'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/definitions/storage_directory.rb:35:in `block (3 levels) in from_file'

Resource Declaration:
---------------------
# In /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/definitions/storage_directory.rb

 26:   ruby_block "directory resource: #{params[:path]}" do
 27:     block do
 28:       # Ensure the directory exists
 29:       storage_helper.ensure_directory_exists(params[:path])
 30:
 31:       # Ensure the permissions are set
 32:       storage_helper.ensure_permissions_set(params[:path])
 33:
 34:       # Error out if we have not achieved the target permissions
 35:       storage_helper.validate!(params[:path])
 36:     end
 37:     not_if { storage_helper.validate(params[:path]) }
 38:   end
 39: end

Compiled Resource:
------------------
# Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/definitions/storage_directory.rb:26:in `block in from_file'

ruby_block("directory resource: /var/opt/gitlab/git-data") do
  params {:path=>"/var/opt/gitlab/git-data", :owner=>"git", :group=>nil, :mode=>"0700", :name=>"/var/opt/gitlab/git-data"}
  action [:run]
  retries 0
  retry_delay 2
  default_guard_interpreter :default
  block_name "directory resource: /var/opt/gitlab/git-data"
  declared_type :ruby_block
  cookbook_name "gitlab"
  recipe_name "gitlab-shell"
  block #<Proc:0x000000054a99a8@/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/definitions/storage_directory.rb:27>
  not_if { #code block }
end

Platform:
---------
x86_64-linux

Does anyone know how to solve the "Failed asserting that ownership of "/var/opt/gitlab/git-data" was git" error? I'm still somewhat new to Docker/setting up Gitlab, so it's very possible I could have overlooked something simple. I've spent several hours Googling this, and it seems that others also have a lot of issues getting shared folders to work from Windows using the Docker Toolbox, so hopefully this will help others as well.

Answer 1

背景

对于我们这些陷入没有本地 docker 的世界的人来说，一种解决方案（也许不是最好的）是使用 vdi 驱动器和共享文件夹。vdi 驱动器可以存在于我们想要的驱动器上（如果您不想使用 C 驱动器，这很重要），并且用于允许 Gitlab docker 能够 chown 任何它想要的东西，所以这是我们将存储的地方持久卷。缺点是 vdi 不像简单的共享文件夹那样透明，因此对于备份，共享文件夹使事情变得更容易/透明。

免责声明

我不是这方面的专家，所以请谨慎行事，对我所说的话持保留态度。

执行步骤

在您想要的任何驱动器上创建一个新的 vdi 驱动器和共享文件夹

1. 关闭要用于 gitlab 的 docker 机器
2. 在 virtualbox 中，进入 docker-machine 上的设置，然后单击Storage，然后单击 Add Hard Disk图标，然后单击Create new disk
3. 选择VDI（VirtualBox 磁盘映像）并单击下一步
4. 选择动态分配，然后单击下一步
5. 通过单击带有绿色胡萝卜符号的文件夹选择要存储 vdi 的名称和位置，然后选择 vdi 可以增长到的最大大小，然后单击创建
6. 现在在设置菜单中，切换到共享文件夹并单击添加新的共享文件夹图标
7. 创建一个gitlabbackups文件夹到您想要的任何位置，然后选择Auto-mount和Make Permanent

现在分区并格式化驱动器

1. 启动/进入 docker 机器（使用 VBox 窗口或docker-machine ssh <your docker machine name>从 cmd 提示符）
2. 运行fdisk -l以列出可用的驱动器，如果您只安装了一个额外的 vdi 驱动器，您应该会看到类似/dev/sdb的内容
3. 接下来的步骤是不可逆的，因此请自行决定执行：输入命令fdisk /dev/sdb然后输入n新分区、p主分区和1
4. 现在格式化新分区（您可能还需要 sudo）：mkfs.ext4 /dev/sdb1

在第二个 vdi 上运行具有持久卷的 docker，并在共享文件夹中运行备份

示例 Dockerfile：

FROM gitlab/gitlab-ce:latest

RUN apt-get update
RUN apt-get install -y cron

# Add a cron job to backup everyday
RUN echo "0 5 * * * /opt/gitlab/bin/gitlab-rake gitlab:backup:create STRATEGY=copy CRON=1" | crontab -
# For an unknown reason, the cron job won't actually run unless cron is restarted
CMD service cron restart && \
    /assets/wrapper

示例 docker-compose.yml：

version: "3.0"
services:
  gitlab:
    build: .
    restart: always
    ports:
      - "80:80"
    volumes:
      # These volumes are on the vdi we created above
      - "/mnt/sdb1/etc/gitlab/:/etc/gitlab"
      - "/mnt/sdb1/var/log/gitlab:/var/log/gitlab"
      - "/mnt/sdb1/var/opt/gitlab:/var/opt/gitlab"
      # This volume sits in the shared folder defined above
      - "/gitlabbackups:/var/opt/gitlab/backups"
    cap_add:
      # These seem to be necessary for the mounted drive to work properly
      # https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities
      - SYS_ADMIN
      - DAC_READ_SEARCH

因为自动挂载 vdi 似乎存在问题，所以请使用启动脚本，例如（假设您使用 D 驱动器，只需根据需要替换 <...> 内的任何内容），示例 run.bat：

@cd /d D:\<path to docker-compose.yml, assuming it's on the D drive>
@docker-machine start <docker machine name>
@FOR /f "tokens=*" %%i IN ('docker-machine env <docker machine name>') DO @%%i
@docker-machine ssh <docker machine name> sudo mount /dev/sdb1 /mnt/sdb1
@docker-compose build
@docker-compose up -d
@REM If the docker machine was completely off, running only 'docker-compose up -d' will 
@REM not mount the volumes properly. Stopping and restarting the container results in 
@REM the volumes mounting properly.
@docker stop <gitlab container name>
@docker start <gitlab container name>
@pause

注意：gitlab 容器名称可以通过运行docker-compose up一次然后docker ps -a查看，但通常遵循约定<directory compose file is in>_<name in the compose file, e.g. gitlab here>_1

假设一切顺利并且您根据您的情况更改了上面 <...> 中的内容，您应该能够运行批处理文件并启动并运行 gitlab，以便将所有内容存储在备用驱动器上，vdi 中的持久工作文件（以绕过 VBox POSIX 限制），以及透明地存储在共享文件夹中的备份。

希望这可以帮助其他无法访问本地 docker 的可怜人。