Home / server / Questions / 1052496
In Process
Alex B.
Asked: 2021-02-06 03:29:21 +0800 CST

Docker login to AWS ECR from GitLab CI fails with "dial tcp: lookup docker on x.x.x.x:53: no such host" when pulling docker:dind from ECR

  • 772

I'm working on porting a collection of Docker images used for GitLab CI/CD building and deployment from Dockerhub to AWS public ECR. Everything works as it should except for the standard Docker image that we use as a Docker-in-Docker service. The same exact image that works when pulled from Dockerhub fails to login when pulled from public ECR.

.gitlab-ci.yml

    build-push:
      stage: package
      image: public.ecr.aws/x/x
      services:
      - public.ecr.aws/x/docker-dind:20.10

$ aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $AWS_DOCKER_REGISTRY_URL
> Logging in to Docker registry...
> error during connect: Post http://docker:2375/v1.24/auth: dial tcp: lookup docker on 8.8.8.8:53: no such host

$ cat /etc/hosts
127.0.0.1   localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2  public.ecr.aws__*
172.17.0.2  public.ecr.aws-*
172.17.0.3  runner-*

Thank you.

amazon-web-services docker gitlab amazon-ecr

6 Answers

  1. To resolve this problem just add on /etc/gitlab-runner/config.toml a volume map to docker sock.

    volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/cache"]
    • 9

  2. When building docker image in gitlab-ci, you must add this (dind is for "docker in docker"):

    services:
  - docker:dind
    • 2

  3. It could be a misconfiguration of your Docker environment. For some reason it seems to be resolving the name docker (from http://docker:2375/v1.24/auth URL) through 8.8.8.8 Google nameserver. That can’t work obviously.

    Try to add 120.0.0.1 docker record in your /etc/hosts - that may help.

    • 0

  4. You might need to add --docker-network-mode "host" to the Gitlab runner config. Before doing that I got the following error (assuming "dind" is the hostname, not "docker"):

    ERROR: error during connect: Get http://dind:2375/v1.40/info: dial tcp: lookup dind on 8.8.8.8:53: no such host
    • 0

  5. As per gitlab documentation when using a custom dind docker image the docker hostname is still expected. To fix this you need to add an alias in your gitlab CI config like so:

    build-push:
  stage: package
  image: public.ecr.aws/x/x
  services:
    - name: public.ecr.aws/x/docker-dind:20.10
    - alias: docker

    Also not sure about your setup but the convention is to add -dind at the end of an image. Therefore, it should be public.ecr.aws/x/docker:20.10-dind

    • 0

  6. As mentioned by @orban https://serverfault.com/users/190624/orb%c3%a1n-zolt%c3%a1n

    Just add "privileged=true" to the /etc/gitlab-runner/config.toml

    for ex

     [runners.docker]
    tls_verify = false
    image = "ruby:2.7"
    privileged = true <- change this from false to true
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/cache"]
    shm_size = 0
    • 0