This a rough thought dump of notes I took and resources I referenced while configuring drone in a self-hosted air-gapped environment. It is by no menas publish-ready but want to release it anyway. I believe this will give the reader some insights into the inner workings of drone which they may not come across if they worked in a cloud environment with internet connectivity. This will also give you some tips on how to go about debugging some problems you may face with drone. I intend to write a more clear description of the workings of drone I learned how to go about deploying it in your own environment.
Filtering docker daemon output for troubleshooting
journalctl -u docker.service --since "2020-03-05 19:48:19" --until "2020-03-05 19:48:30"
Follow it with grep to filter specific keywords.
Don't understand how it was resolved by
Debugging Drone plugin/docker for building docker image
settings.insecure=true in the publish step allowed resolution of the
Error authenticating: exit status 1 error. This is because the
plugins/docker image does not have the root CA installed within that image to authenticate with my private repository behind TLS.
Building docker images
Setting up pull based automated deployment
version: '3.3' services: watchtower: container_name: watchtower volumes: - '/var/run/docker.sock:/var/run/docker.sock' - /root/.docker/config.json:/config.json image: containrrr/watchtower
Setting up push based automated deployment
Setting up push based CD requires just a little more effort. More details about this setup including the exact script I have used is provided here.
I had peruse through a lot of the documentation, which with a little context and experience seems remarkably clear. I think it assumes a lot of knowledge that someone who already knows about CI/CD would know so it was slightly challenging at first to understand. Once you understand the basic concepts and how everything works, it becomes fairly predictable.
My use case will be relevant for a small single server deployment and uses a setup that may not be recommeded for heavy production /security levels.
The deployment requires that a drone-exec-runner is running on the host where the docker-compose deployment will occur.
Here are some challenges and things to keep in mind when setting this up:
- Install the exec runner on the host machine. If you create a pipeline using the exec runner, but there is no exec runner installed, the pipeline will stay in pending state.
- You have to create separate pipelines for different types of runners. In our case, we're using the docker and exec runners. However, the drone's default behaviour is to run those pipelines in parallel which doesn't serve our purpose. Hence you have to create dependency on the build pipeline for the deploy pipeline. Make sure the
depends_onsection is under pipeline and not the steps section.
- By default, the docker-cli running in the exec runner does not the have the
~/.docker/config.jsonfile configured and hence it is not able to authenticate into the private registry. They way I overcame this was by adding a command
docker login -u user -p passsword registry.location.urlbefore any other docker commands.
- Make sure you are
cded into the directory where you want to run docker compose.
- If you run
docker-compose up -din the directory after a new image has been pushed into the private registry, docker compose may not recreate the container with the image as it may think it's already up-to-date. In order avoid this, you have to explicitly do a
docker-compose pull. Hence you have to run a command like
docker-compose pull && docker-compose up -d.
Resources Drone Git Repo Webhook:
Resources for Deamon log debugging
Resources Drone Private Repository:
Resources Drone Clone image:
Resources Drone Git Repo authentication:
Resources for learning about Drone for CD