Windows Docker Gitlab CI Runner
2018-07-30 03:09:46    2067    0    0
andrew@alelec.net

Windows CI Build Node

Install Hyper V Server 2016 (free perpetual eval licence)

https://www.microsoft.com/en-us/evalcenter/evaluate-hyper-v-server-2016

https://technet.microsoft.com/hyper-v-server-docs/Hyper-V-Server-2016

https://blog.docker.com/2016/09/build-your-first-docker-windows-server-container/


Install on your hardware/vm of choice.

oVirt / KVM

If you're using oVirt or other KVM based hypervisor for you host, you'll likely want the console viewer application installed on your local machine: https://virt-manager.org/download/sources/virt-viewer/virt-viewer-x64-6.0.msi

Set up the vm with the disk connected to IDE initially, we can switch it over to faster VirtIO once drivers are installed.

The network adapter will need to be set to "Dual mode rtl8139, VirtIO"

Once installed and initial setup completed, ensure the guest tools are installed:

wget -UseBasicParsing https://www.spice-space.org/download/windows/spice-guest-tools/spice-guest-tools-latest.exe -Outfile spice-guest-tools-latest.exe
.\spice-guest-tools-latest.exe

 The hardware drivers in the VM can now be changed to VirtIO interfaces for best performance.

System Setup

Once it's installed you'll see a console on the vm screen. Firstly you'll be asked to set a password, do so with something memorable.

There should be a blue menu visible on the console.

Remote Desktop can be enabled with menu '7'

Press '8' to show Network Settings to see the current IP address. We'll need that and the "Computer Name" displayed on the home screen below.


Remote desktop on your local machine can now be used to connected to the IP address shown with the username "Administrator" and the password set earlier. This allows copy/paste to work.

Remote Powershell

I generally find it easiest to use remote desktop into the machine, however remote powershell can also be used. Skip this if remote desktop works for you.

On your windows desktop, open an admin powershell prompt to remote connect to the new vm.

Then follow these steps

$IP="172.29.50.XXX" # as seen previously
$COMP_NAME="WIN-UOM8ITSP5NN" # again, use the real name as seen above

net start WinRM
Set-Item WSMan:\localhost\Client\TrustedHosts -Value $IP
Enter-PSSession -ComputerName $IP -Credential $COMP_NAME\Administrator

It will prompt for the password (set earlier) then you should be sitting at a remote powershell prompt


Installing Docker

https://docs.docker.com/docker-for-windows

https://docs.microsoft.com/en-us/virtualization/windowscontainers/quick-start/quick-start-windows-server

From the powershell prompt:

Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
# Press Y to continue
Install-Package -Name docker -ProviderName DockerMsftProvider
# Press A to accept installation from DockerDefault source
# This can display an error which can be ignored: "The role, role service, or feature name is not valid: 'containers'. The name was not found."
Restart-Computer -Force

 

 

Verify docker

docker run -it --rm microsoft/windowsservercore
# Should eventually dump you in a new shell
dir
# Should look like a different system
exit

Install git

Start with choco, then use it to install git for windows

iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
refreshenv
choco install git -y -params '"/GitAndUnixToolsOnPath"'

refreshenv​

Powershell download errors

Powershell has be giving errors below on some sites, ensure it accepts tls

[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"


Desktop

The Hyper-V server desktop is quite sparse, it is easier to use with Cairo Desktop installed: https://cairoshell.com/

wget -UseBasicParsing "https://github.com/cairoshell/cairoshell/releases/download/v0.3.6693/CairoSetup_64bit.exe" -Outfile CairoSetup_64bit.exe
.\CairoSetup_64bit.exe ​


During install, when selecting components, you will want to enable "Advanced users only: Replace Explorer"

Once Cairo Desktop is installed, the service console wont be automatically openned at login. It can be accessed by openning a cmd prompt and running

sconfig

Gitlab CI runner

Install gitlab runner and configure one of the following two setup types:

Docker runner

# Beta runner with native docker support: https://gitlab.com/andrewleech/gitlab-runner
wget -UseBasicParsing https://gitlab.com/andrewleech/gitlab-runner/-/jobs/85269208/artifacts/raw/out/binaries/gitlab-runner-windows-amd64.exe -Outfile c:\windows\system32\gitlab-runner.exe
$env:REGISTRATION_TOKEN="<token from https://gitlab.com/<project settings>/runners>"
$env:RUNNER_NAME="WindowsDockerRunner"

$env:CONFIG_FILE="C:\\config.toml"
$env:REGISTER_LOCKED="false"
$env:RUNNER_EXECUTOR="docker"
$env:RUNNER_TAG_LIST="docker,windows"
$env:RUNNER_SHELL="powershell"
$env:RUNNER_BUILDS_DIR="c:\gitlab\builds"
$env:RUNNER_CACHE_DIR="c:\gitlab\cache"

$env:DOCKER_TLS_VERIFY="false"
$env:DOCKER_IMAGE="microsoft/windowsservercore:latest"
$env:DOCKER_VOLUMES="C:\gitlab\cache"
$env:DOCKER_CACHE_DIR="c:\gitlab\cache"
$env:DOCKER_PULL_POLICY="if-not-present"
$env:DOCKER_HELPER_IMAGE="registry.gitlab.com/andrewleech/gitlab-runner/gitlab-runner-helper:win-x86_64-latest"

cd \
mkdir \gitlab

gitlab-runner register --non-interactive --url="https://gitlab.com"
 
# Install the service
gitlab-runner install -user .\LocalSystem
 
## Docker runners on windows not released yet:
## https://gitlab.com/gitlab-org/gitlab-ci-multi-runner/issues/1303
## https://gitlab.com/gitlab-org/gitlab-ci-multi-runner/issues/1729​

 

Local powershell runner

This is useful for building docker images, etc. I haven't got docker-in-docker working on windows yet (haven't really tried recently)

# Skip the wget if you've already installed the docker beta one above
wget -UseBasicParsing https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-windows-amd64.exe -Outfile c:\windows\system32\gitlab-runner.exe
  
# To register a shared host shell runner for building docker images etc
$REGISTRATION_TOKEN="<token from https://gitlab.com/admin/runners>"
 
gitlab-runner register --non-interactive --url="https://gitlab.com" --registration-token=$REGISTRATION_TOKEN --description="WindowsHostRunner" --executor="shell" --shell="powershell" --tag-list="windows_docker_host,powershell"
  
# Install the service, if not already done above
gitlab-runner install -user .\LocalSystem​

 

Windows Admin Center


$cert = (New-SelfSignedCertificate -DnsName "SleakWin" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(10)).Thumbprint | Out-String
# TODO these params settings don't appear to work
# choco install -y windows-admin-center --params "/Thumbprint:$cert /Port:443"
echo $cert
choco install -y windows-admin-center --params "'/Thumbprint:<copy the thumbnail printed above> /Port:443'"
Restart-Computer -Force 

 

Random Shutdowns

Sometimes the free licence can get out of whack and expires, resulting in the vm starts shutting down every hour.
This should be resolved by running

Slmgr.vbs -rearm



Remote Admin

The Hyper-V Server can be remotely administered with MS Remote Server Administration Tools (RSAT): https://www.microsoft.com/en-au/download/details.aspx?id=45520

To enable this, the following firewall ports need to be opened on the hyperv server:

Set-NetFirewallRule -DisplayGroup 'Windows Management Instrumentation (WMI)' -Enabled true -PassThru

Netsh advfirewall firewall set rule group="Remote Volume Management" new enable=yes
Netsh advfirewall firewall set rule group="Windows Firewall Remote Management" new enable=yes
Netsh advfirewall firewall set rule group="Remote Services Management" new enable=yes
Netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes
Netsh advfirewall firewall set rule group="Remote Scheduled Tasks Management" new enable=yes
Netsh advfirewall firewall set rule group="Performance Logs and Alerts" new enable=yes
Netsh advfirewall firewall set rule group="Remote Event Log Management" new enable=yes​Netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes
Netsh advfirewall firewall set rule group="Remote Scheduled Tasks Management" new enable=yes
Netsh advfirewall firewall set rule group="Performance Logs and Alerts" new enable=yes
Netsh advfirewall firewall set rule group="Remote Event Log Management" new enable=yes

Then install RSAT and start server manager.

Add the server by dns / ip address and provide the Administrator user/password in "Manage as..." context menu item.

You will likely get a "Kerberos authentication error" listed against the server, but most functions should work fine.

"Computer Management" in particular works and gives access to Services, which don't exist on the hyper-v server installation natively.

iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
refreshenv
choco install git -y -params '"/GitAndUnixToolsOnPath"'

refreshenv


iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
refreshenv
choco install git -y -params '"/GitAndUnixToolsOnPath"'

refreshenv
iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
refreshenv
choco install git -y -params '"/GitAndUnixToolsOnPath"'

refreshenv


iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
refreshenv
choco install git -y -params '"/GitAndUnixToolsOnPath"'

refreshenv


iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
refreshenv
choco install git -y -params '"/GitAndUnixToolsOnPath"'

refreshenv


docker run -it --rm microsoft/windowsservercore
docker run -it --rm microsoft/windowsservercore # Should eventually dump you in a new shell dir # Should look like a different system exit​
docker run -it --rm microsoft/windowsservercore # Should eventually dump you in a new shell dir # Should look like a different system exit​

Pre: Windows Docker Gitlab CI Runner (2019)

Next: No Post

2067
Table of content