Gitlab-ci-token 用户无法克隆仓库
Gitlab-ci-token user unable to clone repositories
我正在尝试设置一个 docker 运行器并成功地向 gitlab-ce 注册了运行器。但是,当作业运行时,它总是失败并显示以下内容:
Running with gitlab-ci-multi-runner 1.10.2 (d171b73)
Using Docker executor with image python:3.4 ...
Starting service postgres:latest ...
Pulling docker image postgres:latest ...
Waiting for services to be up and running...
Pulling docker image python:3.4 ...
Running on runner-b35ff618-project-96-concurrent-0 via toucan...
Cloning repository...
Cloning into '/builds/amrstratus/webportal'...
fatal: unable to access 'https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@gitlab.xxxxxxxxx/amrstratus/webportal.git/': Failed to connect to gitlab.xxxxxx port 443: Connection refused
ERROR: Build failed: exit code 1
我尝试简单地克隆存储库并得到了类似的错误:
root@toucan:/tmp# git clone https://gitlab-ci-token:b35ff618453c702944c736668e1c2c@gitlab.xxxxxxxx/amrstratus/webportal.git/
Cloning into 'webportal'...
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'https://gitlab-ci-token:xxxxxxxxxxx@gitlab.xxxxxxxx/amrstratus/webportal.git/'
通过 https 访问似乎工作正常,其他一切似乎都正常。
有什么想法吗?我完全卡住了。
系统详情:
Debian 8 (Jessie)
GitLab 8.16.2
GitLab Shell 4.1.1
GitLab Workhorse v1.3.0
GitLab API v3
Git 2.10.2
Ruby 2.3.3p222
Rails 4.2.7.1
PostgreSQL 9.6.1
请注意,可能存在两个问题。
关于令牌本身(和 fatal: Authentication failed
),参见 this thread
The CI token is now securely generated for each build. It's available in $CI_BUILD_TOKEN
.
If you're cloning a different repository from .gitlab-ci.yml
(like we were) your best bet is to use SSH.
Another solution is to use your personal private token:
git clone https://<username>:<private-token>@gitlab.anydomainhere.com/developers/<projectname>.git
(please realize this token gives access to all your projects)
另一个问题与 Docker 有关:fatal: unable to access
您需要确保可以与您的 Gitlab 实例通信 (as in here or in issue 305)。
还有 check the ownership as in this thread.
我知道这已经过时了,但是,对我来说解决这个问题的是根据 this comment.
对 workhorse 的调整
修改/etc/gitlab/gitlab.rb
如下:
取消注释这一行
gitlab_workhorse['enable'] = true
添加这两行
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "127.0.0.1:8181"
然后修改网络服务器配置以将反向代理指向此而不是独角兽。
虽然已经给出了问题的解决方案,但是使用的是个人令牌。
正如所指出的,它可能会失败,因为如果您使用 CI_BUILD_TOKEN/CI_JOB_TOKEN 进行克隆,那只对那个作业 运行 有效。
所以,如果你想让拉动每次都通过 运行ner 工作,你可以在拉动时指定 url :
git pull https://gitlab-ci-token:$CI_JOB_TOKEN@gitlab.anydomainhere.com/developers/<projectname>.git
这样,在每个拉取请求中,都会使用新令牌。
我正在尝试设置一个 docker 运行器并成功地向 gitlab-ce 注册了运行器。但是,当作业运行时,它总是失败并显示以下内容:
Running with gitlab-ci-multi-runner 1.10.2 (d171b73)
Using Docker executor with image python:3.4 ...
Starting service postgres:latest ...
Pulling docker image postgres:latest ...
Waiting for services to be up and running...
Pulling docker image python:3.4 ...
Running on runner-b35ff618-project-96-concurrent-0 via toucan...
Cloning repository...
Cloning into '/builds/amrstratus/webportal'...
fatal: unable to access 'https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@gitlab.xxxxxxxxx/amrstratus/webportal.git/': Failed to connect to gitlab.xxxxxx port 443: Connection refused
ERROR: Build failed: exit code 1
我尝试简单地克隆存储库并得到了类似的错误:
root@toucan:/tmp# git clone https://gitlab-ci-token:b35ff618453c702944c736668e1c2c@gitlab.xxxxxxxx/amrstratus/webportal.git/
Cloning into 'webportal'...
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'https://gitlab-ci-token:xxxxxxxxxxx@gitlab.xxxxxxxx/amrstratus/webportal.git/'
通过 https 访问似乎工作正常,其他一切似乎都正常。
有什么想法吗?我完全卡住了。
系统详情:
Debian 8 (Jessie)
GitLab 8.16.2
GitLab Shell 4.1.1
GitLab Workhorse v1.3.0
GitLab API v3
Git 2.10.2
Ruby 2.3.3p222
Rails 4.2.7.1
PostgreSQL 9.6.1
请注意,可能存在两个问题。
关于令牌本身(和 fatal: Authentication failed
),参见 this thread
The CI token is now securely generated for each build. It's available in
$CI_BUILD_TOKEN
.
If you're cloning a different repository from.gitlab-ci.yml
(like we were) your best bet is to use SSH.Another solution is to use your personal private token:
git clone https://<username>:<private-token>@gitlab.anydomainhere.com/developers/<projectname>.git
(please realize this token gives access to all your projects)
另一个问题与 Docker 有关:fatal: unable to access
您需要确保可以与您的 Gitlab 实例通信 (as in here or in issue 305)。
还有 check the ownership as in this thread.
我知道这已经过时了,但是,对我来说解决这个问题的是根据 this comment.
对 workhorse 的调整修改/etc/gitlab/gitlab.rb
如下:
取消注释这一行
gitlab_workhorse['enable'] = true
添加这两行
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "127.0.0.1:8181"
然后修改网络服务器配置以将反向代理指向此而不是独角兽。
虽然已经给出了问题的解决方案,但是使用的是个人令牌。 正如所指出的,它可能会失败,因为如果您使用 CI_BUILD_TOKEN/CI_JOB_TOKEN 进行克隆,那只对那个作业 运行 有效。 所以,如果你想让拉动每次都通过 运行ner 工作,你可以在拉动时指定 url :
git pull https://gitlab-ci-token:$CI_JOB_TOKEN@gitlab.anydomainhere.com/developers/<projectname>.git
这样,在每个拉取请求中,都会使用新令牌。