Build Docker Image with drone-agent on Synology NAS

Drone Support
1

Hi All,
since i’m googling around and could not find the solution by myself, i’m posting here my setup and the problem i’m facing.
I’m runing drone and dronte-agent on my Synology DS620slim. Container works fine. Here my docker-compose setup:

Summary 
version: "2.0"

services:
  drone-server:
    image: drone/drone:latest
    container_name: drone-server
    ports:
      - 4005:80
    volumes:
      - /volume1/docker/drone:/var/lib/drone/
    restart: unless-stopped
    environment:
      - DRONE_OPEN=true
      - DRONE_GITEA=true
      - DRONE_DEBUG=true
      - DRONE_ADMIN=username
      - DRONE_USER_CREATE=username:username,admin:true
      - DRONE_GIT_ALWAYS_AUTH=false
      - DRONE_AGENTS_ENABLED=true
      - DRONE_GITEA_SERVER=https://git.domain.tld
      - DRONE_GITEA_CLIENT_ID=
      - DRONE_GITEA_CLIENT_SECRET=
      - DRONE_RPC_SECRET=
      - DRONE_SERVER_HOST=drone.domain.tld
      - DRONE_SERVER_PROTO=https

  drone-agent:
    image: drone/agent:latest
    container_name: drone-agent
    command: agent
    restart: unless-stopped
    depends_on:
      - drone-server
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /volume1/docker/drone/drone-agent:/data
    environment:
      - DRONE_RPC_PROTO=https
      - DRONE_RPC_HOST=drone.domain.tld
      - DRONE_RPC_SECRET=
      - DRONE_RUNNER_CAPACITY=1
      - DRONE_RUNNER_NAME=${HOSTNAME}

when i push my .drone.yml

pipeline: 
  build:
    image: docker
    commands:
      - docker build . < Dockerfile -t r4o/drone-test:latest
      - docker run

I get this error:

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

What I’ve done so far:

  • I’ve checked that the /var/run/docker.sock is there with chmod 660
  • tried an other .drone.yml like this:
Summary 
kind: pipeline
name: default

steps:
- name: drone
  image: docker:dind
  volumes:
  - name: dockersock
    path: /var/run/docker.sock
  commands:
  - docker ps -a

volumes:
- name: dockersock
  host:
    path: /var/run/docker.sock

build:
  image: docker
  commands:
    - docker build . < Dockerfile -t domain/drone-test:latest
    - docker run

Is there root permission problem? I run docker with sudo rights like sudo docker-compose up -d.
Is this docker-in-docker problematic?

I can’t really narrow down the problem.

Many thanks!

PS: I’m aware of the FAQ on here also different solution approach. I couldn’t get it to work.

2

Hey there, I see problems with both of the yaml files that you have posted. The first yaml you posted uses syntax that is only supported by Drone version 0.8 and below which is a few years old and is end of life (are you using Drone 0.8 ?). The second yaml you posted uses syntax that is compatible with Drone version 1.x and higher, however, the “build” attribute is not a valid attribute.

3

Hi, thank you for the fast help!
No, I’m using the latest Drone and Agent images from dockerhub.

I’ve tried various yaml config and i’m new to the whole CI pipelining commands. How should look the .drone.yml for creating a docker image from a Dockerfile on Gitea repo?
repo file structure:
¦- Dockerfile
¦-.drone.yml
¦-index.html
¦-…

This .drone.yml gives me an error:

kind: pipeline
name: default
type: docker

steps:
- name: build
  image: domain/drone-test
  auto_tag: true
  commands:
    - docker build

Image should be stored localy and run after create…

Thank you so much for the support!

regards

4

Hi all, it’s me again :wink:

I’ve found a good tutorial which gives me a basic to start with my .drone.yml.

kind: pipeline
type: docker
name: default

steps:
- name: build
  image: docker:dind
  volumes:
  - name: dockersock
    path: /var/run
  commands:
  - sleep 5 ## give docker enough time to start
  - docker ps -a

services:
- name: docker
  image: docker:dind
  privileged: true
  volumes:
  - name: dockersock
    path: /var/run

volumes:
- name: dockersock
  temp: {}

The only think… i get an default error. I assume is a typo?

Would appreciate any help on this.
Thank you all!

Source:
https://readme.drone.io/pipeline/docker/examples/services/docker_dind/

5

Please post the full error you get. Did you set your repository to trusted (which is required for doid and priviliged builds; understand the security risks if you set it to trusted, ie anyone with access to the repo can wipe your disk).

Anyway, if your goal is to build docker images, I would highly recommend you to set up a docker registry (it is not hard: Deploy a registry server | Docker Documentation )

If you have a registry, you can build the docker containers using the docker plugin, which does not need to be run in trusted mode (which is much safer). Having a registry will also help you deploy your containers in later steps. This is the full drone file we use for our containers:

kind: pipeline
type: docker
name: build fluves container
steps:
 - name: docker
   image: plugins/docker
   settings:
     repo: your-registry/imagename
     tags:
      - latest

More info here: Docker | Drone

6

Hi Johan,

thanks for your help!
Error Logs:

{"arch":"amd64","build":41,"error":"linter: untrusted repositories cannot enable privileged mode","level":"warning","machine":"244a1d7219d4","msg":"runner: yaml lint errors","os":"linux","pipeline":"default","repo":"tld/dronte-test","stage":1,"stage-id":39,"time":"2021-04-18T20:04:27Z"}

I’ll try with the regestry and hope i have more luck.

7

Success!!!

Thanks to the help and example of @johanvdw last post, I’ve managed to get the docker pushed to my private docker registry.

kind: pipeline
type: docker
name: build
steps:
  - name: docker
    image: plugins/docker
    settings:
      storage_driver: vfs
      insecure: true
      registry: 192.168.1.111:4003
      repo: 192.168.1.111:4003/test/drone
      tags:
        - latest

Now I can move on and deploy it with the confidence that drone and agent are working correctly.

Thanks for the help and effort! :slight_smile:

8

Nice to hear!
Just FYI, the error you got previously was indeed telling you that your repository was not set to trusted, which is required for DOID. Anyway, I think the new setup is better.