Unregistering runner from gitlab error status only http or https scheme supported - Исправление ошибок и поиск оптимальных решений проблем

Содержание

Error unregistering runner from GitLab forbidden with docker executor: Fatal failed to unregister runner
Reason for this issue?
Solution
Бегун не здоров и будет отключен
Runner authentication failed
Summary
Steps to reproduce
Actual behavior
Expected behavior
Relevant logs and/or screenshots
Environment description
custom_build_dir is not enabled by default
Summary
Steps to reproduce
Actual behavior
Expected behavior
Relevant logs and/or screenshots
Environment description
Used GitLab Runner version
Possible solutions
x509: certificate relies on legacy Common Name field, use SANs instead
Summary
Steps to reproduce
Actual behavior
Expected behavior
Relevant logs and/or screenshots
Environment description
Possible fixes

Error unregistering runner from GitLab forbidden with docker executor: Fatal failed to unregister runner

GitLab Runner is an application that works with GitLab CI/CD to run jobs in a pipeline. GitLab Runner is open-source and written in Go. It can be run as a single binary; no language-specific requirements are needed. GitLab Runner can also run inside a Docker container or be deployed into a Kubernetes cluster. Below are some GitLab related contents you may be interested in: How to install, register and start GitLab Runner on Windows, how to uninstall GitLab from your Windows device, Deploying and using Windows containers with Gitlab CI, how to manually update Docker desktop, and how to install and uninstall Docker Desktop on Windows 10 and Windows Server.

Enough of the GitLab, let’s discuss the problem and ways to fix this issue confronting us. See the following guides for more information. For how to use AWS CodeCommit, and how to clone a repository and install software from GitHub on Windows.

Reason for this issue?

There are different interpretations on the internet such as that shared in this link. The error was prompted for me because I was not using the token generated by the project runner.

Screenshot 2022 02 08 at 22.28.09

Solution

Turns out I had a wrong token in the config.toml file and this replaced the one generated by the GitLab-register command previously. Entered the right token, boom I was able to unregister the GitLab-runner. At least, this resolved my issue! Below is the syntax of the config.toml file that is currently being edited to resolve this issue.

Screenshot 2022 04 15 at 14.59.35

Generally, when this is done, GitLab-runner should reload automatically. Bt to be safe, just restart manually to ensure it takes effect.

Screenshot 2022 04 15 at 15.08.36

Now you should be able to unregister GitLab successfully without any further issues.

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Источник

Бегун не здоров и будет отключен

Я размещаю свой репозиторий в gitlab.com и устанавливаю runner в DigitalOcean . Он работал нормально до сегодняшнего дня, 16 марта 2019 г., 14:24 по тайскому времени.

Конечная цель

Поднимите моего бегуна и бегите снова

Вопрос:

Что означает not healthy ?

Я не могу отменить регистрацию бегуна. Как это исправить?

Без понятия. Но, похоже, gitlab.com удалите мой токен бегуна. Поэтому я должен удалить свой раннер, зарегистрироваться и запустить его снова.

Я впервые интегрировал свой бегун, и любой, кто знаком с gitlab, знает, что это никогда не будет легкой прогулкой. Я потратил много часов на поиски этого сообщения об ошибке, но обнаружил, что смотрю совершенно не в том направлении.

Теперь я считаю, что мой бегун говорил мне, что «бегун» на gitlab.com нездоров и был отклонен (моим бегуном). Когда я оставил его работающим и запустил конвейерное задание, он обработался нормально, с моей стороны не было никаких проблем, я часами ничего не искал!

У меня была такая же проблема, какой-нибудь ответ найден?

Я столкнулся с той же проблемой. Зарегистрируйте бегун, как описано в инструкции по установке. Перейдите к admin/runners и нажмите кнопку Show runner installation instructions . Наиболее важным является сеанс Register runner , в котором вы должны запустить команду register , которая решает описанную проблему. Например, линукс:

Следуйте инструкциям, и все готово.

После того, как ваш бегун настроен и запущен, вы можете добавить изменения в файл конфигурации, остановить и запустить его снова после изменения конфигурации.

Вы можете найти дублирующиеся разделы [[runners]] , это происходит, если вы пытались настроить его самостоятельно, а затем с помощью команды register . Ничего страшного, оставь только один последний.

Источник

Runner authentication failed

Summary

Installed a GitLab Runner today on a new Debian Jessie machine, from the provided apt repository. Registering the runner works, and it seems happy ( status , list and verify are OK). No pipelines ever work, though, as the runner fails to authenticate to GitLab during the attempted git clone (using simplest case of the shell executor with a trivial test script ). Note that the custom GitLab instance (on another machine, using the provided GitLab CE packages, omnibus) is protected with OmniAuth Shibboleth and runs within Apache httpd using mod_passenger (to avoid HTTP proxying to Nginx), which may well account for this error and makes this hard to reproduce elsewhere, I guess.

Steps to reproduce

Set up a runner for a project, use the most trivial CI yaml ever, make a commit to the repo, see it fail. I guess one would need a similar environment, as there’s nothing special about the runner, the repo, the CI or the network connection to GitLab? 😞

Actual behavior

Build fails due to failed authntication to custom GitLab instace. HTTP and HTTPS connections from the runner to the GitLab instance are fine.

Expected behavior

Git clone works and build starts.

Personally I’d much rather give runners deploy keys and have them use SSH for cloning (i.e., all repo access), as that would certainly avoid this error — git clone via SSH works fine from the machine with the runner.

Relevant logs and/or screenshots

From the «pipeline failed» notification email (which was surprisingly detailed, so quite helpful, IMO):

That seems to correspond to these log entries in GitLab’s web server access log (httpd here):

And the last line repeats ad infinitum as long as the runner is running (and registered), even though GitLab already shows the pipeline as failed. The matching entry from GitLab’s /var/log/gitlab/gitlab-rails/production.log seems to be:

which is repeated twice in the log. Then the same (and only this) log line is repeated in production.log until I stop (or unregister) the runner:

A manual clone attempt from the machine with the runner yields these results on the command line:

which corresponds to these events in GitLab’s /var/log/gitlab/gitlab-rails/production.log :

Apache httpd only sees these two requests from that manual clone attempt:

Syslog on the runner machine only has these to offer:

I’ve also attached a copy of the output from gitlab-ci-multi-runner —debug run (the command I found in the FAQ): runner-debug.log

N.B. I’ve nuked (unregistered and registered a new one) the runner once during this testing, so the runner identifiers are not consistent everywhere throughout the above. Don’t let that lead you down the wrong path!

Environment description

GitLab: This is a local and up-to-date (8.14.4-ce.0) GitLab CE Omnibus install from the provided Debian packages using (as indicated above) OmniAuth Shibboleth and running within Apache httpd using mod_passenger (to avoid HTTP proxying to Nginx). I have not noted any other issues with that setup, i.e., everything else works fine AFAICT.

The executor is shell with a trivial script that merely echoes the environment (or runs python —version ) as a first test.

Источник

custom_build_dir is not enabled by default

Summary

Please notice, that the feature — if not configured explicitly — will be enabled by default for kubernetes, docker, docker-ssh, docker+machine and docker-ssh+machine executors. It will be disabled by default for all other executors.

However, when I try using GIT_CLONE_PATH on my Kubernetes runner I get an error message.

What’s worse, there doesn’t seem to be a way to set custom_build_dir via the Helm chart.

Steps to reproduce

Actual behavior

Expected behavior

Job runs normally.

Relevant logs and/or screenshots

Environment description

GitLab runner is deployed on Kubernetes using the Helm chart.

Resultant config.toml from within the pod:

Used GitLab Runner version

Possible solutions

The reason for this is because in here we are checking if it’s nil or not, if it’s nil we fallback to the default configuration. But the issue here is that it’s never nil for new runners since we automatically create [runners.custom_build_dir] as part of the configuration, so it ends up being false by default.

So we need to figure out the following:

Do we want to stick true to the documentation, and have it enabled by default? (I think this is the best option) To do so we need to have to nullify the value explicitly on register to make sure it’s set correctly by the default value.
We update the documentation specifying that it’s disabled by default.

Источник

x509: certificate relies on legacy Common Name field, use SANs instead

Summary

I’am experiencing troubles with Gitlab-Runner registration.

Steps to reproduce

I am using official documentation in order to run both applications into single docker-compose.yml file.
Here is my config:

Since our network is local and doesn’t have direct internet access for this network i’am using self-signed certificates for host server.
I’ve been trying different certificates:

x509 method which is described in official documentation for offline installations
Locally generated SAN certificates
Those which are generated from fresh gitlab installation

All three methods leads to described problem.
This certificate is added to gitlab-runner certificated directory and copies to /usr/local/share/ca-certificates.
I can even curl destination gitlab server host:

I’ve been trying different approaches in order to resolve this issue by myself, including changing gitlab.rb file:
omnibus-gitlab#4900 (closed)
gitlab#38255 (moved)
Commenting staging section in file /opt/gitlab/embedded/cookbooks/letsencrypt/resources/certificate.rb
Installing two lower gitlab server versions
Changing docker-compose.yml config
Separated installation of both components
Making varions changes in gitlab.rb file from advices in comments of different issues, like nginx https redirection, etc.

Actual behavior

Since gitlab native method always returns ACME related errors, i’am using self-signed certificates. I can reproduce this error if needed and provide it in comments. But either with self-signed certificate or gitlab native — i always get the same «SAN’s» error.

Expected behavior

I want to runner to connect gitlab server.

Relevant logs and/or screenshots

Gitlab has so many logs, i don’t even know which one i should inspect or provide, i would be grateful if you give me directions.

Environment description

Gitlab version:
GitLab Community Edition 14.7.0
Runner version:
Version: 14.7.0
Git revision: 98daeee0
Git branch: 14-7-stable
GO version: go1.17.5
Built: 2022-01-19T17:11:48+0000
OS/Arch: linux/amd64
Docker version:
Docker version 19.03.6, build 369ce74a3c
Docker-compose version:
docker-compose version 1.25.0, build 0a186604

Possible fixes

I’ve tried to google this problem and i think i’ve tried around 30 or 40 combined solutions from stackoverflow and google search related pages, but i wasn’t able to fix this issue myself.
Since i came to conclusion that i’am not able to fix this issue by myself, i’am asking for help here.
It would be awesome if you give me directions to which way i should move and what logs i should inspect.
Thank you in advance.

Источник

Why you should use GitLab: GitLab enables team members to collaborate in every phase of the project. GitLab offers tracking from planning to creation to help developers automate the entire DevOps lifecycle and achieve the best possible results. This technoogy has been embraced by a wide range of developers and system administrators because of its wide assortment of features and brick blocks of code availability.

Reason for this issue?

There are different interpretations on the internet such as that shared in this link. The error was prompted for me because I was not using the token generated by the project runner.

Solution

Turns out I had a wrong token in the config.toml file and this replaced the one generated by the GitLab-register command previously. Entered the right token, boom I was able to unregister the GitLab-runner. At least, this resolved my issue! Below is the syntax of the config.toml file that is currently being edited to resolve this issue.

Generally, when this is done, GitLab-runner should reload automatically. Bt to be safe, just restart manually to ensure it takes effect.

gitlab-runner.exe restart

Now you should be able to unregister GitLab successfully without any further issues.

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Источник

I’m trying to unregister gitlab-runner on EC2 instance (Ubuntu machine) with the following command:

sudo gitlab-runner --debug unregister --token [RUNNER-TOKEN] --url [RUNNER-URL]

and I’m getting following error:

Runtime platform                                    arch=amd64 os=linux pid=2374 revision=6fbc7474 version=13.1.1
Checking runtime mode                               GOOS=linux uid=0
Running in system-mode.

Dialing: tcp gitlab.com:443 ...
ERROR: Unregistering runner from GitLab forbidden   runner=xv2Ng6Tc
FATAL: Failed to unregister runner

asked Jul 19, 2020 at 7:12

Make sure that you’re using the entire SHA, not the partial one listed on the Gitlab CI runners list.

This can be found by running sudo gitlab-runner list on the machine with the runner installed.

If you’ve already removed the runner in the gitlab runners page, it will still be present on the gitlab-runner machine (check with the command sudo gitlab-runner list).

You can then unregister it from the config.toml using the command:

gitlab-runner verify --delete

Or manually, by running:

sudo gitlab-runner stop
sudo vi /etc/gitlab-runner/config.toml # update the runners section
sudo gitlab-runner start

answered Dec 21, 2020 at 10:57

PrestonPreston

6,8526 gold badges51 silver badges78 bronze badges

For MacOS and Ubuntu

If you have already removed it from the Runners section in your project settings then you are no longer be able to unregister with command. Then what you can do is to delete them from your host as below:

gitlab-runner verify --delete

This will remove all the unregistered/removed runners from your host machine and will update config.toml file.

If you haven’t removed it from Runners section in your project settings(Settings -> CI/CD -> Runners), then you can unregister it from your host like below:

gitlab-runner unregister runner_id/name

or unregister all runners,

gitlab-runner unregister --all-runners

Hope this will help to somebody. cheers !!!

answered Oct 7, 2021 at 14:25

caldera.saccaldera.sac

4,8287 gold badges37 silver badges68 bronze badges

I experienced the same issue when I tried to remove a runner that was removed directly from Gitlab settings of the project.
It seems that «Remove runner»‘s button removes the runner from Gitlab but not from your gitlab-runner, which is absolutely fine since I don’t want Gitlab to mess up to my on-premise gitlab-runner.

In order to fix that, I stopped the gitlab-runner service, removed the runner directly from the config file (it is usually located in /etc/gitlab-runner/config.toml) and started the service again.

I hope I could help you

answered Oct 22, 2020 at 10:09

I ran into the same issue. I had to enter the right token in the config.toml file and boom, it worked: See this guide for more information: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/4919. This solution is specifically for Windows, but can be applicable to Ubuntu as well.

answered Apr 15, 2022 at 13:52

Источник

В статье расскажу про установку и регистрацию GitLab Runner, рассмотрев некоторые проблемы, с которыми возможно придется столкнуться. Для новичков могут быть интересны также некоторые теоретические концепы, на рассмотрение которых я обязательно буду давать ссылки.

Содержание

1 Установка и регистрация GitLab Runner
- 1.1 Предварительные требования
- 1.2 Установка
- 1.3 Регистрация
  - 1.3.1 Certificate signed by unknown authority

Инструкция ниже актуальна для Centos 7.

Предварительные требования

Было бы странно не воспользоваться функционалом Docker в задачах CI/CD, а потому первым делом займемся его установкой. Поставить наиболее свежую версию можно с помощью официальной инструкции — Install Docker Engine on CentOS (доступна и для других дистрибутивов). Если версия вам не важна, просто выполните команду:

Но надо включить автозагрузку и запустить демон, потому что по умолчанию он остановлен:

systemctl enable docker

systemctl start docker

Теперь переходим непосредственно к установке приложения GitLab Runner.

Установка

Установка доступна с помощью пакетов или путем простого скачивания исполняемого файла. Я остановлюсь на последнем варианте. Помимо официального ресурса — Install GitLab Runner manually on GNU/Linux — инструкция доступна также на вашем экземпляре GitLab. Для этого нужно зайти в проект (или группу, если ваши проекты объединены логически), далее Settings / CI/CD / Runners. Слева увидите следующее:

Нажимайте на Show Runner installation instructions и увидите пошаговую инструкцию. Очень удобно. А теперь выполним её по порядку.

Выкачиваем бинари:

curl —L —output /usr/bin/gitlab—runner https://gitlab—runner—downloads.s3.amazonaws.com/latest/binaries/gitlab—runner—linux—amd64

Выставляем права на исполнение:

chmod +x /usr/bin/gitlab—runner

Добавляем пользователя:

useradd —comment ‘GitLab Runner’ —create—home gitlab—runner —shell /bin/bash

Устанавливаем раннер и сразу его запускаем:

gitlab—runner install —user=gitlab—runner —working—directory=/home/gitlab—runner

gitlab—runner start

Сохраняем токен (см. на скриншоте выше) на будущее:

REGISTRATION_TOKEN=«wbsAQsH5TviZSXocoBLs»

Он понадобится на следующем этапе.

Регистрация

Теперь пришло время зарегистрировать раннеры. Для одного хоста может быть зарегистрировано множество раннеров, но например с разными исполнителями (executors ¹). Перерегистрировать можно многократно, при этом не забывая удалять их в интерфейсе GitLab, если они вдруг стали не нужны или вы хотите изменить их область действия (например сделать доступными для конкретного проекта, а не для группы).

Примечание: например может потребоваться сделать отдельные раннеры для конкретного проекта, а не для группы проектов. Или появится потребность в расшаренных раннерах. Подробнее читайте в статье The scope of runners.

Итак, приступим:

gitlab—runner register

—url https://gitlab.domain.com/

—registration—token $REGISTRATION_TOKEN

—executor shell

—tag—list «shared,shell»

—description shell—executor—01

gitlab—runner register

—url https://gitlab.domain.com/

—registration—token $REGISTRATION_TOKEN

—executor docker

—tag—list «shared,docker»

—docker—image «ansible/ansible»

—description docker—executor—01

Команды две, поскольку мы регистрируем два исполнителя на одном раннере. Некоторые задачи лучше выполнять напрямую в оболочке хоста (например сборку докер-образов), а для других постоянно будет требоваться дополнительное ПО и тогда логично запускать задачи внутри докер-контейнеров

На самом хосте информация о конфигурации раннеров доступна в файле /etc/gitlab-runner/config.toml. Вот его пример:

concurrent = 1

check_interval = 0

[session_server]

session_timeout = 1800

[[runners]]

name = «shell-runner-01»

url = «https://gitlab.domain.com/»

token = «wbsAQsH5TviZSXocoBLs»

executor = «shell»

[runners.custom_build_dir]

[runners.cache]

[runners.cache.s3]

[runners.cache.gcs]

[runners.cache.azure]

[[runners]]

name = «docker-runner-01»

url = «https://gitlab.bissquit.com/»

token = «wbsAQsH5TviZSXocoBLs»

executor = «docker»

[runners.custom_build_dir]

[runners.cache]

[runners.cache.s3]

[runners.cache.gcs]

[runners.cache.azure]

[runners.docker]

tls_verify = false

image = «ansible/ansible»

privileged = false

disable_entrypoint_overwrite = false

oom_kill_disable = false

disable_cache = false

volumes = [«/cache»]

shm_size = 0

Регистрация исполнителей проста, но не всегда может пойти по плану.

Certificate signed by unknown authority

Текст из названия главы вы можете встретить в ошибке, которая вылезет в ответ на выполнение запроса о регистрации раннера на вашем экземпляре GitLab, если он использует сертификат от недоверенного источника (самозаверенный сертификат или подписанный локальным центром сертификации). Полный текст ошибки:

ERROR: Registering runner… failed runner=jPf_3Qj1 status=couldn’t execute POST against https://gitlab.domain.com/api/v4/runners: Post https://gitlab.domain.com/api/v4/runners: x509: certificate signed by unknown authority

PANIC: Failed to register the runner. You may be having network problems.

Если сертификат самозаверенный, то его легко прочитать и сразу скопировать в локальное хранилище доверенных сертификатов:

openssl s_client —connect gitlab.domain.com:443 —showcerts </dev/null 2>/dev/null | sed ‘/——BEGIN/,/——END/!d’ > /etc/pki/ca—trust/source/anchors/gitlab—domain—com.crt

Сложнее будет, если сертификат GitLab содержит в себе промежуточные. В таком случае придется их склеивать вместе, совсем как описано в официальной статье ²:

——BEGIN CERTIFICATE——

(Your primary SSL certificate)

——END CERTIFICATE——

——BEGIN CERTIFICATE——

(Your intermediate certificate)

——END CERTIFICATE——

——BEGIN CERTIFICATE——

(Your root certificate)

——END CERTIFICATE——

Ну а после этих манипуляций перечитайте сертификаты из хранилища:

Выполнять описанные действия придется для каждого хоста, который планируется использовать для запуска раннеров, а потому лучше их автоматизировать в виде роли Ansible. Благо уже есть готовый модуль ³. Об этом возможно расскажу в следующих статьях. Успехов!

comments powered by HyperComments

Источник