I'm using molecule to test my Ansible roles. I'm using a .gitlab-ci.yml
file to execute a pipeline in which Molecule is invoked to test the role. The pipeline is configured as Docker in Docker.
---
image: docker:latest
services:
- name: docker:dind
entrypoint: ["env", "-u", "DOCKER_HOST"]
command: ["dockerd-entrypoint.sh"]
variables:
DOCKER_HOST: tcp://docker:2375/
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
stages:
- test
<snip>
The pipeline actually runs without any errors and my roles are perfectly tested, which is good.
The problem: there are deprecation warnings shown in the output of the pipeline:
2021-12-27T20:54:55.033126585Z time="2021-12-27T20:54:55.032781033Z" level=warning msg="could not change group /var/run/docker.sock to docker: group docker not found"
2021-12-27T20:54:55.035055413Z time="2021-12-27T20:54:55.032907524Z" level=warning msg="Binding to IP address without --tlsverify is insecure and gives root access on this machine to everyone who has access to your network." host="tcp://0.0.0.0:2375"
2021-12-27T20:54:55.035076321Z time="2021-12-27T20:54:55.034207001Z" level=warning msg="Binding to an IP address, even on localhost, can also give access to scripts run in a browser. Be safe out there!" host="tcp://0.0.0.0:2375"
2021-12-27T20:54:56.034494370Z time="2021-12-27T20:54:56.034363786Z" level=warning msg="Binding to an IP address without --tlsverify is deprecated. Startup is intentionally being slowed down to show this message" host="tcp://0.0.0.0:2375"
2021-12-27T20:54:56.034595755Z time="2021-12-27T20:54:56.034566557Z" level=warning msg="Please consider generating tls certificates with client validation to prevent exposing unauthenticated root access to your network" host="tcp://0.0.0.0:2375"
2021-12-27T20:54:56.034665726Z time="2021-12-27T20:54:56.034638945Z" level=warning msg="You can override this by explicitly specifying '--tls=false' or '--tlsverify=false'" host="tcp://0.0.0.0:2375"
2021-12-27T20:54:56.034732887Z time="2021-12-27T20:54:56.034688345Z" level=warning msg="Support for listening on TCP without authentication or explicit intent to run without authentication will be removed in the next release" host="tcp://0.0.0.0:2375"
2021-12-27T20:55:11.036193082Z tim
When I read this, it looks quite serious.
The containers are executed at gitlab.com themselves, I use shared runners. All my roles have been for development purposes, so I don't really care if someone could read them. They are open-source either way. No production data or sensitive information is stored.
Question: How do I configure my pipeline so the depreciation warning is either solved or ignored.
I've tried configuring something along the lines of:
variables:
DOCKER_TLSVERIFY: false
But the warning persists.
Bonus: how should I fix: could not change group /var/run/docker.sock to docker: group docker not found
Figured it out, I had to set the following variables:
variables:
# DOCKER_HOST: tcp://docker:2375/ # not used anymore
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: "/certs"