我想在GitLab CI中建立一个奇异的图像。不幸的是,官方的容器失败了:
Running with gitlab-runner 13.5.0 (ece86343) on gitlab-ci d6913e69
Preparing the "docker" executor
Using Docker executor with image quay.io/singularity/singularity:v3.7.0 ...
Pulling docker image quay.io/singularity/singularity:v3.7.0 ...
Using docker image sha256:46d3827bfb2f5088e2960dd7103986adf90f2e5b4cbea9eeb0b0eacfe10e3420 for quay.io/singularity/singularity:v3.7.0 with digest quay.io/singularity/singularity@sha256:def886335e36f47854c121be0ce0c70b2ff06d9381fe8b3d1894fee689615624 ...
Preparing environment
Running on runner-d6913e69-project-2906-concurrent-0 via <gitlab.url>...
Getting source from Git repository
Fetching changes with git depth set to 50...
Reinitialized existing Git repository in <repo-path>
Checking out 708cc829 as master...
Skipping Git submodules setup
Executing "step_script" stage of the job script
Error: unknown command "sh" for "singularity"
刚开始时,使用这样的工作:
build-singularity:
image: quay.io/singularity/singularity:v3.7.0
stage: singularity
script:
- build reproduction/pipeline/semrepro-singularity/semrepro-singularity.sif reproduction/pipeline/semrepro-singularity/semrepro-singularity.def
only:
changes:
- reproduction/pipeline/semrepro-singularity/semrepro-singularity.def
- reproduction/pipeline/semrepro-singularity/assets/mirrorlist
- .gitlab/ci/build-semrepo-singularity.yml
artifacts:
paths:
- reproduction/pipeline/semrepro-singularity/semrepro-singularity.sif
expire_in: 1 hour
interruptible: true
对我来说,好像GitLab正在尝试使用不存在的shell?他们应该如何工作?在官方示例中,他们使用的是Docker映像的特殊版本,称为-gitlab
,但不幸的是,该版本不再可用。有任何想法吗?我无法想象不可能在CI中建立奇异容器吗?在此先多谢!
编辑:根据@tsnowlan的答案,覆盖入口点可解决上述问题。但是,现在构建因以下原因而失败:
singularity build semrepro-singularity.sif semrepro-singularity.def
INFO: Starting build...
INFO: Downloading library image
84.1MiB / 84.1MiB [========================================] 100 % 28.7 MiB/s 0s
ERROR: unpackSIF failed: root filesystem extraction failed: extract command failed: ERROR : Failed to create user namespace: not allowed to create user namespace: exit status 1
FATAL: While performing build: packer failed to pack: root filesystem extraction failed: extract command failed: ERROR : Failed to create user namespace: not allowed to create user namespace: exit status 1
Cleaning up file based variables
ERROR: Job failed: exit code 1
有任何想法吗?
你需要稍微调整一下它,使其与gitlab CI配合使用。我发现最简单的方法是破坏docker入口点,并使脚本步骤成为完整的奇点构建命令。我们正在使用它来构建v3.6.4的奇点图像,但它也应与v3.7.0一起使用。
例如,
build-singularity:
image:
name: quay.io/singularity/singularity:v3.7.0
entrypoint: [""]
stage: singularity
script:
- singularity build reproduction/pipeline/semrepro-singularity/semrepro-singularity.sif reproduction/pipeline/semrepro-singularity/semrepro-singularity.def
...
编辑:使用的gitlab-runner也必须已privileged
启用。这是gitlab.com共享运行程序的默认设置,但是如果使用自己的运行程序,则需要确保在其配置中进行了设置。
非常感谢!确实,这解决了建筑甚至无法开始的最初问题!但是,它遇到了另一个我在尝试制作自制docker映像时遇到的问题。我以为这可能是我的自定义Docker问题的问题,但显然不是。构建失败,并显示
ERROR: unpackSIF failed: root filesystem extraction failed: extract command failed: ERROR : Failed to create user namespace: not allowed to create user namespace
。有任何想法吗?我忘了须藤。使用它,它应该工作
等待,不,它应该以root用户身份运行。真奇怪
啊哈,是的,我想就是这样。我们运行与一起运行的自己的gitlab-runners
--privileged
。虽然看起来共享跑步者也应该如此:docs.gitlab.com/13.6/ee/user/gitlab_com/…嗯,如果您在托管实例上运行,那么您将不走运,直到他们在运行器上启用特权模式为止。对于docker-in-docker或singularity-in-docker来说这是一个艰巨的要求