gitlab-runner 的 git 克隆失败,并出现“SSL CA 证书问题(路径?访问权限?)”
[英]gitlab-runner's git clone fails with “Problem with the SSL CA cert (path? access rights?)”
问题描述
For several months now I've had issues with gitlab-runner which is randomly failing with the following log:
几个月来,我遇到了gitlab-runner问题,它随机失败并显示以下日志:
Running with gitlab-runner 13.7.0 (943fc252)
on <gitlab-runner-name> <gitlab-runner-id>
Preparing the "shell" executor
00:00
Using Shell executor...
Preparing environment
00:00
Running on <hostname>...
Getting source from Git repository
00:00
Fetching changes...
Reinitialized existing Git repository in /var/gitlab-runner/builds/<gitlab-runner-id>/0/<gtlab-group>/<gitlab-project>/.git/
fatal: unable to access 'https://gitlab-ci-token:[MASKED]@<hostname>/<gtlab-group>/<gitlab-project>.git/': Problem with the SSL CA cert (path? access rights?)
ERROR: Job failed: exit status 1
This line is the crucial one:这一行是关键:
fatal: unable to access 'https://gitlab-ci-token:[MASKED]@<hostname>/<gtlab-group>/<gitlab-project>.git/': Problem with the SSL CA cert (path? access rights?)
I tried unregistering the runner and registering a new one.我尝试注销跑步者并注册一个新跑步者。 It also failed with the same error after a while (the first run usually worked well).一段时间后它也因同样的错误而失败(第一次运行通常运行良好)。
Furthermore, runners on other machines are working correctly and never fail with the error message above.此外,其他机器上的跑步者工作正常,并且永远不会因上述错误消息而失败。
I believe the issue is caused by the missing CI_SERVER_TLS_CA_FILE file in:我相信这个问题是由缺少CI_SERVER_TLS_CA_FILE文件引起的:
/var/gitlab-runner/builds/<gitlab-runner-id>/0/<gtlab-group>/<gitlab-project>.tmp/CI_SERVER_TLS_CA_FILE
I tried doing a git pull in the faulty directory and I got the same message.我尝试在错误目录中执行git pull ,并收到相同的消息。 After I copied this missing file from another directory which had it, I got the following:在我从另一个拥有它的目录中复制了这个丢失的文件后,我得到了以下内容:
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'https://gitlab-ci-token:<gitlab-runner-token>@gitlab.lab.sk.alcatel-lucent.com/<gtlab-group>/<gitlab-project>.git/'
As far as I know, these tokens are generated for a one-time use and are discarded after the job finishes.据我所知,这些令牌是为一次性使用而生成的,并在工作完成后被丢弃。 This leads me to believe the missing file is the issue.这使我相信丢失的文件是问题所在。
Where is this file copied from?这个文件是从哪里复制的? Why is it missing?为什么它不见了? What can I do to fix this issue?我能做些什么来解决这个问题?
I've been looking through the GitLab issues without luck.我一直在查看 GitLab 问题,但没有运气。
1 个解决方案
解决方案1
0 2021-01-22 19:14:41
It sounds like one or more of your runners doesn't trust the certificate on your gitlab host.听起来您的一位或多位跑步者不信任您的 gitlab 主机上的证书。 You'll have to track down the root and intermediate certs used to sign your TLS cert, and add it to your runners' hosts.您必须追踪用于签署 TLS 证书的根证书和中间证书,并将其添加到运行者的主机中。
For my runners on CentOS, I follow this guide (for CentOS, the commands are the same for higher versions): https://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html .对于我在 CentOS 上的跑步者,我遵循本指南(对于 CentOS,更高版本的命令相同): https://manuals.将可信根证书添加到服务器 1605.html 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.