clusterfuzzlite icon indicating copy to clipboard operation
clusterfuzzlite copied to clipboard

Published 20 hours ago verified publisher icon google

Gitlab instructions do not just work.

Open jonathanmetzman opened this issue 2 years ago • 13 comments

I had to make this config file which borrowed from https://gitlab.com/securitykernel/cflite-example/-/blob/main/.gitlab-ci.yml#L7 because the docs were incomplete. CC @catenacyber

jonathanmetzman avatar Jul 07 '22 17:07 jonathanmetzman

Do you mean you had to use Docker in Docker instead of sibling docker ? cf https://google.github.io/clusterfuzzlite/running-clusterfuzzlite/gitlab/#gitlab-runner cf https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-socket-binding

catenacyber avatar Jul 07 '22 18:07 catenacyber

Do you mean you had to use Docker in Docker instead of sibling docker ? cf https://google.github.io/clusterfuzzlite/running-clusterfuzzlite/gitlab/#gitlab-runner cf https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-socket-binding

I think so yeah. And there was an issue about clusterfuzzlite [address] not being a stage

jonathanmetzman avatar Jul 07 '22 19:07 jonathanmetzman

So, what do you expect ? To document the docker-in-docker setup ? If I remember correctly, at one point, you said you did not want it documented, because it was poor performance compared to sibling docker...

And there was an issue about clusterfuzzlite [address] not being a stage

Right, my workaround was to use stage: build as it is ont of de the default stages Do you want a PR about this ?

catenacyber avatar Jul 07 '22 19:07 catenacyber

This issue blocks me also. But @jonathanmetzman your CI/CD is also not working after using the new gitlab-ci.yaml?

tesslinger avatar Aug 10 '22 12:08 tesslinger

This issue blocks me also.

@tesslinger did you change the stage to be test ? What version of Gitlab are you using ?

catenacyber avatar Aug 21 '22 19:08 catenacyber

@catenacyber thanks, the problem was my gitlab shared runner which was configured wrong

tesslinger avatar Sep 07 '22 19:09 tesslinger

More people complaining to me about this on discord.

So, what do you expect ?

I expect that the example file can be copied and pasted into a repo and works. The instructions need to be self contained and explain exactly how to get CFL working...even if it uses the less performant technique (docker in docker), it's much more important that it works than it telling people how to optimize the set up.

jonathanmetzman avatar Sep 16 '22 16:09 jonathanmetzman

I expect that the example file can be copied and pasted into a repo and works.

So, I gather that you want it to work on gitlab.com shared runners.

I do not think that there exists a gitlab shared runner with Docker socket binding as required in https://google.github.io/clusterfuzzlite/running-clusterfuzzlite/gitlab/#gitlab-runner

Do you want me to highlight more this requirement in the doc ?

Furthermore, we can document the Docker-in-docker process. (cf https://github.com/google/clusterfuzzlite/pull/70#discussion_r779767343 )

I can try it next week.

That is likely adding to the right place in .gitlab-ci.yml

  variables:
    DOCKER_HOST: "tcp://docker:2375"
    DOCKER_IN_DOCKER: "true"
  services:
    - docker:dind

But this does not work on hosted gitlab in my experience.

catenacyber avatar Sep 16 '22 19:09 catenacyber

I can also do some example project on gitlab.com if you wish ;-)

catenacyber avatar Sep 16 '22 19:09 catenacyber

I expect that the example file can be copied and pasted into a repo and works.

So, I gather that you want it to work on gitlab.com shared runners.

Shared runners are the default for free users right? Then yes definitely!

I do not think that there exists a gitlab shared runner with Docker socket binding as required in https://google.github.io/clusterfuzzlite/running-clusterfuzzlite/gitlab/#gitlab-runner

Do you want me to highlight more this requirement in the doc ?

I think we need to make this doc as simple as possible for the main users, so if all free users use shared runners I think the example should just be copy-pastable based off that. If the solution for shared runners (docker-in-docker) is suboptimal and fancier users don't have to pay this cost that we can document that.

Furthermore, we can document the Docker-in-docker process. (cf #70 (comment) )

I can try it next week.

That is likely adding to the right place in .gitlab-ci.yml

  variables:
    DOCKER_HOST: "tcp://docker:2375"
    DOCKER_IN_DOCKER: "true"
  services:
    - docker:dind

I have a PR doing thsi I think https://github.com/google/clusterfuzzlite/pull/112

But this does not work on hosted gitlab in my experience.

again, i think it's more important that we support users using the default settings. We can have a section with copy-pastable exampels for enterprise users but I think it's critical that we support non-enterprise users (especially since people will probably try out CFL using a non-enterprise account and quit if it doesn't work for them)

jonathanmetzman avatar Sep 16 '22 19:09 jonathanmetzman

I think the example should just be copy-pastable based off that

Some things need to be configured in the Gitlab UI (such as the schedules) and cannot be copy pasted

I did #113 to document the Gitlab.com as TL;DR and pushed further the fancy self-managed Gitlab stuff

catenacyber avatar Sep 19 '22 20:09 catenacyber

so - for me basically the problem was the configuration of the Gitlab runner. If you want, I can provide a PR with the example Gitlab runner config to use docker in docker.

In my opinion not everyone uses the Gitlab shared runners, but a self hosted solution. I think I will get to it next week.

tesslinger avatar Sep 20 '22 09:09 tesslinger

@tesslinger Am I understanding correctly that you use a self-hosted solution ? And you did not manage to configure a Gitlab runner with sibling dockers ?

catenacyber avatar Sep 20 '22 12:09 catenacyber

Can we close this issue? Seems to be resolved.

securitykernel avatar Apr 27 '23 16:04 securitykernel