sharpetronics/sharpetronics.com
1
0
Fork 0
Code Issues 6 Pull Requests Projects Releases Wiki Activity
sharpetronics.com/collections/_posts/2022-06-23-how-to-setup-a-secure-docker-drone-runner-with-drone-ci.md
oDinZu b35155df92
Some checks failed
continuous-integration/drone/pr Build is failing
Details
huge update with ruby api, plus other small fixes
2022-07-26 21:32:07 -04:00

142 lines
5.6 KiB
Markdown
Raw Blame History

---
layout: post
date: 2022-06-23
author: Charles
banner_image: /uploads/c3po_a_friend_in_need_74a237a413.webp
banner_image_alt: Black and white still image of C3PO
title: How to Setup a Secure Docker Drone Runner with Drone CI
sub_heading: BeeYoop BeeDeepBoom Weeop DEEpaEEya
tags: Linux, Drone CI, Docker,
category: How-to
---
> BeeYoop BeeDeepBoom Weeop DEEpaEEya
In general, this article describes how to setup SSL with a Drone Runner. This is part II of a part I series. If you would like to learn how-to setup the Drone Server, please visit: [Setup Drone CI Server](https://www.sharpetronics.com/blog/tutorials/2022/06/23/how-to-setup-a-docker-drone-ci-with-https/).
This part II creates a pipeline runner with a Docker machine; what that means is, like GitHub Actions, but with Drone super powers. The configuration file is stored as `.drone.yml` in the root of your site directory and drone server uses that application yml file to do a series of commands or actions within the virtual docker machine.
This is empowering because you can automate a fresh build every time. Also, you create a **drone trigger** for when you push to a branch master as an example. Here is the configuration of all the possible things you can do. [Docker Pipelines Overview](https://docs.drone.io/pipeline/docker/overview/)
**Note 1:** If you see a [name-goes-here], I am linking to the references I shared below.
**Note 2:** If you want to use Docker Engine without sudo, follow this url: [Linux Docker Post-Install](https://docs.docker.com/engine/install/linux-postinstall/)
### Requirements
- Basic Linux CLI knowledge
- A hardened remote SSH server [see Linux VPS hardening](https://sharpetronics.com/blog/tutorials/2021/07/26/linux-vps-hardening-init/)
- A running Gitea server: Git with a cup of tea
- [Docker Engine](https://docs.docker.com/engine/install/)
- a basic understanding of how to use Docker Engine
- basic Nginx, Gitea and Certbot/Let's Encrypt experience
- openssl
- a running drone ci server [see part I](https://www.sharpetronics.com/blog/tutorials/2022/06/23/how-to-setup-a-docker-drone-ci-with-https/)
### Let's Begin!
#### Pull docker image from dockerhub
`docker pull drone/drone-runner-docker:1`
#### Make public access to repo in drone GUI
For testing, I made sure the repo was publicly available.
![Screenshot Drone UI](/uploads/2022/screenshot-drone-gui.webp)
### Launch a Secure Docker Drone Runner
For the **DRONE_RPC_SECRET** use the same ssl secret we created in Part I. See [Configuration](https://docs.drone.io/runner/docker/configuration/reference/) for a complete list of configuration options.
Please see the reference to understand what this docker config is doing. That is important for you to do yourself.
```
docker run --detach \
--volume=/var/run/docker.sock:/var/run/docker.sock \
--env=DRONE_RPC_PROTO=https \
--env=DRONE_RPC_HOST=drone.example.com \
--env=DRONE_RPC_SECRET=bea26a2221fd8090ea38720fc445eca6 \
--env=DRONE_RUNNER_CAPACITY=2 \
--env=DRONE_RUNNER_NAME=st-runner \
--env=DRONE_UI_USERNAME=youruserhere \
--env=DRONE_UI_PASSWORD=yourpasshere \
--env=DRONE_DEBUG=true \
--env=DRONE_TRACE=true \
--publish=3000:3000 \
--restart=always \
--name=st-drone-runner \
drone/drone-runner-docker:1
```
#### A Pipeline Config Example
An example of a custom pipeline I have created. I ain't going to explain this to you in detail; I expect you to determine your own pipeline and this is only for a reference point. Essentially, what you will be doing is launching your own virtual machine for your specific use case scenario.
In this example, on drone.example.com, I have created a secret pass that needs to be passed to the virtual machine so I can package the build aka **_site** only, then auto push to www_data branch on my git server. Furthermore, I **rsync** this data through an ssh tunnel to a **Gitea Pages** server that serves the **WWW or edge** data.
**Note: 3:** The example configuration is a **.drone.yml** file stored in the root of your site project.
```
---
kind: pipeline
type: docker
name: build
workspace:
path: /drone/src
platform:
os: linux
arch: amd64
trigger:
branch:
- master
steps:
- name: build-website
image: ruby:latest
environment:
SSH_USER:
from_secret: ssh_user
SSH_HOST:
from_secret: ssh_host
NO_HOSTKEY:
from_secret: no_hostkey
privileged: false
volumes:
- name: jekyll
path: /srv/jekyll
commands:
# general vm information for debugging
- whoami
- pwd
- gem environment
```
#### Verify
```
docker logs st-drone-runner
INFO[0000] starting the server
INFO[0000] successfully pinged the remote server
```
#### Stop & Start Container
```
sudo docker container stop st-drone-ssl
sudo docker container start st-drone-ssl
```
### References
- [Drone Runner Configuration](https://docs.drone.io/runner/docker/configuration/reference/)
- [Drone Runner Docker Installation](https://docs.drone.io/runner/docker/installation/linux/)
- [Docker Pipelines Overview](https://docs.drone.io/pipeline/docker/overview/)
- [Unsplash - Nice M Nshuti](https://unsplash.com/@nietzsche99)
### Support
If you have any questions, concerns, want to say hi, please join the following channel: [SharpeTronics Discord Support Channel]({{ site.data.social.discord_invite }}) Eventually, I plan on having a commenting system on here..
### Want to buy me a coffee?
Recently, I have had many folk as about **how to send me a donation**. If you want to give back andor support my efforts, I have shared various ways to donate. Thank You!
- [Cash App]({{ site.data.payment.cashapp_acct }})
- [Venmo]({{ site.data.payment.venmo_acct }})
- [Open Collective]({{ site.data.payment.open_collective }})
Reference in New Issue View Git Blame Copy Permalink