Gitlab CI can't log in

Benas · May 28, 2025, 2:51pm

I can’t log in using my docker account in .gitlab-ci.yml.

You can see my app the .gitlab-ci.yml here: https://gitlab.com/tonkaxxx-group/pipeline-pet

build-job logs:

Running with gitlab-runner 18.0.2 (4d7093e1)
  on exit bGW15wHLL, system ID: s_952a5cc90f3a
Preparing the "docker" executor 00:44
Using Docker executor with image docker:24.0 ...
Starting service docker:dind...
Using effective pull policy of [always] for container docker:dind
Authenticating with credentials from /home/user/.docker/config.json
Pulling docker image docker:dind ...
Using docker image sha256:2da0bd7ecf78eacd7de485edf3565b12c1f71facbeceb4f9b8bfc60805d7b4e9 for docker:dind with digest docker@sha256:eceba5b0fc2fcf83a74c298391c2ed9e1adbdaf04ee173611bd6282ec973e7ba ...
Waiting for services to be up and running (timeout 30 seconds)...
*** WARNING: Service runner-bgw15whll-project-70186504-concurrent-0-79bf6aae97e98a11-docker-0 probably didn't start properly.
Health check error:
service "runner-bgw15whll-project-70186504-concurrent-0-79bf6aae97e98a11-docker-0-wait-for-service" timeout
Health check container logs:
2025-05-25T22:19:20.074836253Z waiting for TCP connection to 172.17.0.2 on [2375 2376]...
2025-05-25T22:19:20.074946844Z dialing 172.17.0.2:2376...
2025-05-25T22:19:20.074964458Z dialing 172.17.0.2:2375...
2025-05-25T22:19:21.075464540Z dialing 172.17.0.2:2376...
2025-05-25T22:19:21.075507878Z dialing 172.17.0.2:2375...
2025-05-25T22:19:22.075922165Z dialing 172.17.0.2:2375...
2025-05-25T22:19:22.075963803Z dialing 172.17.0.2:2376...
2025-05-25T22:19:23.076353473Z dialing 172.17.0.2:2376...
2025-05-25T22:19:23.076407324Z dialing 172.17.0.2:2375...
Service container logs:
2025-05-25T22:19:20.334105990Z Certificate request self-signature ok
2025-05-25T22:19:20.334151327Z subject=CN=docker:dind server
2025-05-25T22:19:20.353880614Z /certs/server/cert.pem: OK
2025-05-25T22:19:22.323694371Z Certificate request self-signature ok
2025-05-25T22:19:22.323734808Z subject=CN=docker:dind client
2025-05-25T22:19:22.346361802Z /certs/client/cert.pem: OK
2025-05-25T22:19:22.352768562Z ip: can't find device 'nf_tables'
2025-05-25T22:19:22.357017348Z modprobe: can't change directory to '/lib/modules': No such file or directory
2025-05-25T22:19:22.359823814Z ip: can't find device 'ip_tables'
2025-05-25T22:19:22.361282949Z modprobe: can't change directory to '/lib/modules': No such file or directory
2025-05-25T22:19:22.362505067Z ip: can't find device 'ip6_tables'
2025-05-25T22:19:22.363728786Z modprobe: can't change directory to '/lib/modules': No such file or directory
2025-05-25T22:19:22.366932516Z iptables v1.8.11 (nf_tables)
2025-05-25T22:19:22.371355261Z mount: permission denied (are you root?)
*********
Using effective pull policy of [always] for container docker:24.0
Authenticating with credentials from /home/user/.docker/config.json
Pulling docker image docker:24.0 ...
Using docker image sha256:e31dbb0fb5be21256b536b8650b8a7dc3dcf2f72167c8d486685e272df439e7a for docker:24.0 with digest docker@sha256:9b17a9f25adf17b88d0a013b4f00160754adf4b07ccbe9986664a49886c2c98e ...
Preparing environment 00:01
Using effective pull policy of [always] for container sha256:77b20d324a548e8ae02cfd1e7413c49e152fc4a3d74f7050744d2e8e5ff56dfc
Running on runner-bgw15whll-project-70186504-concurrent-0 via DESKTOP-DI7LNA5...
Getting source from Git repository 00:03
Fetching changes with git depth set to 20...
Reinitialized existing Git repository in /builds/tonkaxxx-group/pipeline-pet/.git/
Created fresh repository.
Checking out be16af9b as detached HEAD (ref is main)...
Skipping Git submodules setup
Executing "step_script" stage of the job script 00:07
Using effective pull policy of [always] for container docker:24.0
Using docker image sha256:e31dbb0fb5be21256b536b8650b8a7dc3dcf2f72167c8d486685e272df439e7a for docker:24.0 with digest docker@sha256:9b17a9f25adf17b88d0a013b4f00160754adf4b07ccbe9986664a49886c2c98e ...
$ docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
error during connect: Post "http://docker:2375/v1.24/auth": dial tcp: lookup docker on 172.24.176.1:53: no such host
Cleaning up project directory and file based variables 00:01
ERROR: Job failed: exit code 1

unit-test-job is working great. I’m using ubuntu wsl.

If you need some extra data, ask me

Herkus · May 28, 2025, 2:59pm

Problem:

You’re using docker login in your .gitlab-ci.yml, but Docker-in-Docker (dind) is not running properly. The key error is:

error during connect: Post "http://docker:2375/v1.24/auth": dial tcp: lookup docker on 172.24.176.1:53: no such host

This means the docker hostname (your Docker daemon) is not resolving — GitLab Runner can’t connect to Docker.

Why it’s happening:

You’re using the docker image (docker:24.0) with the docker:dind service.
But DNS fails to resolve docker (i.e., the daemon), probably due to:

Missing DOCKER_HOST
Wrong service alias
Improper privileged setting

Quick Fix:

Add the following to your .gitlab-ci.yml job:

build-job:
  image: docker:24.0
  services:
    - name: docker:dind
      alias: docker
  variables:
    DOCKER_HOST: tcp://docker:2375
    DOCKER_TLS_CERTDIR: ""   # disable TLS
  before_script:
    - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
  script:
    - docker info
    - echo "Logged in"

Security Tip:

Avoid docker login -p — use --password-stdin like above.

Bonus Tips:

Ensure your GitLab Runner is set to privileged = true in your runner config (/etc/gitlab-runner/config.toml) or it won’t support Docker-in-Docker.
You can test locally in WSL, but this issue happens inside GitLab’s runner, not your machine.