1、docker容器的系统信息

$ uname -a
Linux runner-nymzs2tf-project-194-concurrent-0tj8jr 5.4.191-1.el7.elrepo.x86_64 #1 SMP Tue Apr 26 12:14:16 EDT 2022 x86_64 Linux
$ cat /etc/os-release
NAME="**Alpine Linux**"
ID=alpine
VERSION_ID=3.9.4
PRETTY_NAME="Alpine Linux v3.9"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://bugs.alpinelinux.org/"

2、docker容器所在linux服务器信息

Containers: 183Running: 105Paused: 0Stopped: 78
Images: 21187
Server Version: 20.10.15
Storage Driver: overlay2Backing Filesystem: xfsSupports d_type: trueNative Overlay Diff: trueuserxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:Volume: localNetwork: bridge host ipvlan macvlan null overlayLog: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runtime.v1.linux runc io.containerd.runc.v2
Default Runtime: runc
Init Binary: docker-init
containerd version: 212e8b6fa2f44b9c21b2798135fc6fb7c53efc16
runc version: v1.1.1-0-g52de29d
init version: de40ad0
Security Options:seccompProfile: default
Kernel Version: 5.4.191-1.el7.elrepo.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 96
Total Memory: 251.4GiB
Name: pro-worker-2
ID: FTIN:HRYA:B4GQ:KOPL:E7K3:SNOY:CET4:ESZ3:H26S:REJN:EM6W:PPCH
Docker Root Dir: /data/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:0.0.0.0/0127.0.0.0/8
Live Restore Enabled: false

3、gitlab runner docker容器中已有环境 （gitlab runner使用docker容器启动）

jdk8
docker
maven

4、需求是在.gitlab-ci.yml中实现对 jdk17代码打包，然后使用docker发布到本地镜像仓库 。

5、限制：不能登录gitlab runner所在服务器，只能使用.gitlab-ci.yml 去改变运行环境

下面是我的思路：（路程一言难尽）

方案一：

1、直接替换容器中jdk不就可以了吗？easy啊
2、我使用wget命令下载 wget https://download.oracle.com/java/17/latest/jdk-17_linux-x64_bin.tar.gz
3、然后使用export 改变环境变量。

报错：$ java -version
/bin/bash: line 147: /jdk17/jdk-17.0.11/bin/java: No such file or directory
我还以为是java home没有配置正确，反复检查发现没有配置错误。**这里实际上应该可以得出结论：这个jdk无法在当前系统运行。**然后我在本地用同样的方式，发现可以运行，换到服务器也可以运行。我确定jdk文件是没问题的，一定是docker容器环境不支持这个版本jdk，但当时没有深追原因，因为我还有第二种办法。

方案二：既然gitlab runner是通过docker容器启动，那么直接修改.gitlab-ci.yml文件不就可以了吗，我真是个大聪明
1、我在容器第一行添加image

image: isc/jdk17-docker:latest

2、本地将jdk17 maven docker 安装到jdk17-docker:latest镜像中。
3、做好后启动 ci，发现容器启动报错，提示如下。主要是docker在容器内部启动必须配置 privileged=true

time="2024-09-21T15:35:33.853658345Z" level=info msg="parsed scheme: \"unix\"" module=grpc
time="2024-09-21T15:35:33.854087855Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
time="2024-09-21T15:35:33.854184776Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}" module=grpc
time="2024-09-21T15:35:33.854197034Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
time="2024-09-21T15:35:33.857295871Z" level=info msg="parsed scheme: \"unix\"" module=grpc
time="2024-09-21T15:35:33.857311351Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
time="2024-09-21T15:35:33.857324946Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}" module=grpc
time="2024-09-21T15:35:33.857331518Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
time="2024-09-21T15:35:33.863311092Z" level=error msg="failed to mount overlay: operation not permitted" storage-driver=overlay2
time="2024-09-21T15:35:33.864648534Z" level=error msg="exec: \"fuse-overlayfs\": executable file not found in $PATH" storage-driver=fuse-overlayfs
time="2024-09-21T15:35:33.865747803Z" level=error msg="AUFS was not found in /proc/filesystems" storage-driver=aufs
time="2024-09-21T15:35:33.867654453Z" level=error msg="failed to mount overlay: operation not permitted" storage-driver=overlay
time="2024-09-21T15:35:33.903746269Z" level=info msg="Loading containers: start."
time="2024-09-21T15:35:33.913066400Z" level=warning msg="Running iptables --wait -t nat -L -n failed with message: `iptables v1.8.6 (legacy): can't initialize iptables table `nat': Permission denied (you must be root)\nPerhaps iptables or your kernel needs to be upgraded.`, error: exit status 3"
time="2024-09-21T15:35:33.948514176Z" level=info msg="stopping event stream following graceful shutdown" error="context canceled" module=libcontainerd namespace=moby
time="2024-09-21T15:35:33.949115951Z" level=info msg="stopping healthcheck following graceful shutdown" module=libcontainerd
time="2024-09-21T15:35:33.950075353Z" level=info msg="stopping event stream following graceful shutdown" error="context canceled" module=libcontainerd namespace=plugins.moby
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.8.6 (legacy): can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

4、但是privileged=true是docker 容器特有命令，在gitlab-ci.yml文件是无法使用的。所以到最后还得研究为什么docker容器不支持jdk17

方案三：
1、怀疑是docker容器的硬件不支持
输出docker容器内核，指令架构。但是我下载的jdk是x64版本的

Linux runner-nymzs2tf-project-194-concurrent-0tj8jr 5.4.191-1.el7.elrepo.x86_64 #1 SMP Tue Apr 26 12:14:16 EDT 2022 x86_64 Linux

2、怀疑是操作系统的问题

$ cat /etc/os-release
NAME="**Alpine Linux**"
ID=alpine
VERSION_ID=3.9.4
PRETTY_NAME="Alpine Linux v3.9"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://bugs.alpinelinux.org/"

3、由于Alpine完全没有听过，google了一下，alpine和其他linux系统还真不一样，主要区别是

Alpine 使用了 musl libc 作为标准 C 库，而不是更常见的 glibc

由此我怀疑就是这个原因导致普通jdk17无法运行。然后我使用apk（alpine自带软件包）安装jdk，更换镜像源后也还是无法安装，貌似使用apk安装无法找到符合alpine的jdk版本。然后我从Amazon Corretto 找到合适的jdk版本。