Adventures in Installing and configuring Drone
Introductory Note
This a rough thought dump of notes I took and resources I referenced while configuring drone in a self-hosted air-gapped environment. It is by no menas publish-ready but want to release it anyway. I believe this will give the reader some insights into the inner workings of drone which they may not come across if they worked in a cloud environment with internet connectivity. This will also give you some tips on how to go about debugging some problems you may face with drone. I intend to write a more clear description of the workings of drone I learned how to go about deploying it in your own environment.
Related information is available here (concrete setup scripts) and here.
Filtering docker daemon output for troubleshooting
journalctl -u docker.service --since "2020-03-05 19:48:19" --until "2020-03-05 19:48:30"
Follow it with grep to filter specific keywords.
Don't understand how it was resolved by DRONE_GIT_ALWAYS_AUTH=true
Debugging Drone plugin/docker for building docker image
Configuring settings.insecure=true
in the publish step allowed resolution of the Error authenticating: exit status 1
error. This is because the plugins/docker
image does not have the root CA installed within that image to authenticate with my private repository behind TLS.
Building docker images
Setting up pull based automated deployment
version: '3.3'
services:
watchtower:
container_name: watchtower
volumes:
- '/var/run/docker.sock:/var/run/docker.sock'
- /root/.docker/config.json:/config.json
image: containrrr/watchtower
Setting up push based automated deployment
Setting up push based CD requires just a little more effort. More details about this setup including the exact script I have used is provided here.
I had peruse through a lot of the documentation, which with a little context and experience seems remarkably clear. I think it assumes a lot of knowledge that someone who already knows about CI/CD would know so it was slightly challenging at first to understand. Once you understand the basic concepts and how everything works, it becomes fairly predictable.
My use case will be relevant for a small single server deployment and uses a setup that may not be recommeded for heavy production /security levels.
The deployment requires that a drone-exec-runner is running on the host where the docker-compose deployment will occur.
Here are some challenges and things to keep in mind when setting this up:
- Install the exec runner on the host machine. If you create a pipeline using the exec runner, but there is no exec runner installed, the pipeline will stay in pending state.
- You have to create separate pipelines for different types of runners. In our case, we're using the docker and exec runners. However, the drone's default behaviour is to run those pipelines in parallel which doesn't serve our purpose. Hence you have to create dependency on the build pipeline for the deploy pipeline. Make sure the
depends_on
section is under pipeline and not the steps section. - By default, the docker-cli running in the exec runner does not the have the
~/.docker/config.json
file configured and hence it is not able to authenticate into the private registry. They way I overcame this was by adding a commanddocker login -u user -p passsword registry.location.url
before any other docker commands. - Make sure you are
cd
ed into the directory where you want to run docker compose. - If you run
docker-compose up -d
in the directory after a new image has been pushed into the private registry, docker compose may not recreate the container with the image as it may think it's already up-to-date. In order avoid this, you have to explicitly do adocker-compose pull
. Hence you have to run a command likedocker-compose pull && docker-compose up -d
.
Resources Drone Git Repo Webhook:
Resources for Deamon log debugging
- https://success.docker.com/article/how-do-i-enable-debug-logging-of-the-docker-daemon
- https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file#daemon
- https://www.linode.com/docs/quick-answers/linux/how-to-use-journalctl/
- https://docs.docker.com/config/daemon/#read-the-logs
Resources Drone Private Repository:
Resources Drone Clone image:
Resources Drone Git Repo authentication:
- https://medium.com/easyread/today-i-learned-fix-go-get-private-repository-return-error-terminal-prompts-disabled-8c5549d89045
- https://discourse.drone.io/t/fatal-could-not-read-username-for/6198
- https://confluence.atlassian.com/bitbucketserverkb/ssl-certificate-problem-unable-to-get-local-issuer-certificate-816521128.html
Resources for learning about Drone for CD