Introductory Note

This a rough thought dump of notes I took and resources I referenced  while configuring drone in a self-hosted air-gapped environment. It is by no menas publish-ready but want to release it anyway. I believe this will give the reader some insights into the inner workings of drone which they may not come across if they worked in a cloud environment with internet connectivity. This will also give you some tips on how to go about debugging some problems you may face with drone. I intend to write a more clear description of the workings of drone I learned how to go about deploying it in your own environment.

Related information is available here (concrete setup scripts) and here.

Filtering docker daemon output for troubleshooting

journalctl -u docker.service --since "2020-03-05 19:48:19" --until "2020-03-05 19:48:30"

Follow it with grep to filter specific keywords.

Don't understand how it was resolved by DRONE_GIT_ALWAYS_AUTH=true

Debugging Drone plugin/docker for building docker image

Configuring settings.insecure=true in the publish step allowed resolution of the Error authenticating: exit status 1 error. This is because the plugins/docker image does not have the root CA installed within that image to authenticate with my private repository behind TLS.

• https://github.com/drone-plugins/drone-docker/issues/156

Building docker images

• https://goinbigdata.com/docker-run-vs-cmd-vs-entrypoint/

Setting up pull based automated deployment

version: '3.3'
services:
    watchtower:
        container_name: watchtower
        volumes:
            - '/var/run/docker.sock:/var/run/docker.sock'
            - /root/.docker/config.json:/config.json
        image: containrrr/watchtower

• https://www.freecodecamp.org/news/how-to-set-up-continuous-deployment-in-your-home-project-the-easy-way-41b84a467eed/

Setting up push based automated deployment

Setting up push based CD requires just a little more effort. More details about this setup including the exact script I have used is provided here.

I had peruse through a lot of the documentation, which with a little context and experience seems remarkably clear. I think it assumes a lot of knowledge that someone who already knows about CI/CD would know so it was slightly challenging at first to understand. Once you understand the basic concepts and how everything works, it becomes fairly predictable.

My use case will be relevant for a small single server deployment and uses a setup that may not be recommeded for heavy production /security levels.

The deployment requires that a drone-exec-runner is running on the host where the docker-compose deployment will occur.

Here are some challenges and things to keep in mind when setting this up:

• Install the exec runner on the host machine. If you create a pipeline using the exec runner, but there is no exec runner installed, the pipeline will stay in pending state.
• You have to create separate pipelines for different types of runners. In our case, we're using the docker and exec runners. However, the drone's default behaviour is to run those pipelines in parallel which doesn't serve our purpose. Hence you have to create dependency on the build pipeline for the deploy pipeline. Make sure the depends_on section is under pipeline and not the steps section.
• By default, the docker-cli running in the exec runner does not the have the ~/.docker/config.json file configured and hence it is not able to authenticate into the private registry. They way I overcame this was by adding a command docker login -u user -p passsword registry.location.url before any other docker commands.
• Make sure you are cd ed into the directory where you want to run docker compose.
• If you run docker-compose up -d in the directory after a new image has been pushed into the private registry, docker compose may not recreate the container with the image as it may think it's already up-to-date. In order avoid this, you have to explicitly do a docker-compose pull. Hence you have to run a command like docker-compose pull && docker-compose up -d.

Resources Drone Git Repo Webhook:

• https://discourse.drone.io/t/nothing-happens-when-i-push-code-no-builds-or-builds-stuck-in-pending/3424

Resources for Deamon log debugging

• https://success.docker.com/article/how-do-i-enable-debug-logging-of-the-docker-daemon
• https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file#daemon
• https://www.linode.com/docs/quick-answers/linux/how-to-use-journalctl/
• https://docs.docker.com/config/daemon/#read-the-logs

Resources Drone Private Repository:

• https://discourse.drone.io/t/how-to-pull-private-images-with-1-0/3155

Resources Drone Clone image:

• https://discourse.drone.io/t/drone-runner-kube-images-in-private-registry-and-air-gapped-environment/6887

Resources Drone Git Repo authentication:

• https://medium.com/easyread/today-i-learned-fix-go-get-private-repository-return-error-terminal-prompts-disabled-8c5549d89045
• https://discourse.drone.io/t/fatal-could-not-read-username-for/6198
• https://confluence.atlassian.com/bitbucketserverkb/ssl-certificate-problem-unable-to-get-local-issuer-certificate-816521128.html

Resources for learning about Drone for CD

• http://paislee.io/how-to-run-a-private-continuous-integration-server-with-drone/
• http://paislee.io/how-to-build-and-deploy-docker-images-with-drone/