Good news, after doing some more research, ive got the admin part sorted. It seems that docker swarm mode can’t create privileged containers (at this time). However there is a work around…
https://github.com/docker/swarmkit/issues/1030
In short, I had to re-create my docker swarm network (backend) to allow me to manually attach. Then I did the good old docker-compose version of the stack file and manually brought up the containers for server and agents on the relevant machines.
Then I found I could tick trusted under settings. This then allowed the volumes to mount.
The exact config I used is this:
drone-agent
---
version: '3.4'
networks:
backend:
external: true
services:
drone_agent:
container_name: drone_agent
image: drone/agent:0.8.2
command: agent
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- backend
privileged: true
environment:
- DRONE_SERVER=drone-9000.service.consul:9000
- DRONE_SECRET=****************************
- DRONE_DEBUG=true
drone-server
---
version: '3.4'
networks:
backend:
external: true
services:
drone_server:
container_name: drone_server
image: drone/drone:0.8.2
volumes:
- /var/lib/docker/ceph/volumes/drone:/var/lib/drone/
networks:
- backend
privileged: true
environment:
- DRONE_HOST=https://drone.example.com
- DRONE_BITBUCKET=true
- DRONE_BITBUCKET_CLIENT=***********
- DRONE_BITBUCKET_SECRET=***************
- DRONE_SECRET=*********************
- DRONE_DEBUG=true
- DRONE_ADMIN=majestic
I am not sure if you only need privileged on just the agent which is kind of what I would expect so if you or anyone could confirm that its only needed their, ile update the config.
The only thing I am now having issues with is I now get this when trying to build a dockerfile.
Build ****/docker-*****
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.33/build?buildargs=%7B%7D&cachefrom=%5B%5D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&labels=%7B%7D&memory=0&memswap=0&networkmode=default&rm=1&session=66201d8f706a2f279c39d5794e2b063c34334c90e79c73cd3212ae8f54acfe13&shmsize=0&t=******%2Fdocker-******-tmp&target=&ulimits=null: dial unix /var/run/docker.sock: connect: permission denied
Could this be something to do with my image im using for building dockerfiles? what image would anyone suggest to just simply build/compile a Dockerfile in X repo then push it up to dockerhub if all successful? later on like that to auto-deploy but baby steps.
Also if anyones intrested how to re-create network, this is what I did (taken from my own notes)
First of remove the default ingres network which is used to link all servers togeter and is used for the public network.
docker network rm ingress
Replace with ‘frontend’ ingres network
docker network create \
--driver overlay \
--opt encrypted \
--ingress \
--subnet=10.172.0.0/16 \
--gateway=10.172.0.1 \
--opt com.docker.network.driver.overlay.vxlanid_list=4096 \
frontend
Create ‘backend’ swarm backend network
docker network create -d overlay --attachable --opt encrypted --opt com.docker.network.swarm.name=backend backend --subnet 10.30.0.0/16
You only really need to do the backend network but as I forgot to encrypt mine originally when I created the swarm network, I took the time to do that at the same time.
I hope some of this info is helpful to others whos having issues with swarm. If anyone has any solutins to the permissions issue please let me know. Below is the .drone.yml file that im currently messing with…
pipeline:
build:
image: plugin/docker
repo: example/project
action: build
volumes:
- /var/run/docker.sock:/var/run/docker.sock
publish:
docker:
repo: example/project
when:
branch: master
If someone knows a better image or way to just simply build a dockerfile then push to a repo, I would be really greatful if you could share.
Thanks.
Kind Regards,
Majestic
update* fixed drone.yml image
It seems you need to use plugin/docker as the image, now it builds sucessfully.