将工件上传到协调器时出错
Error uploading artifacts to coordinator
我在设置 GitLab 时玩得很开心,在花了很长时间研究它之后,我已经相对习惯了设置它,现在已经在两台机器上完成了,第二次是用比原来更容易......
但是,我在两台机器上都遇到了一个相当大的问题:我的 CI 管道坏了。不知何故,我的设置在构建完成后向工件提供 403,这意味着技术上成功的每项工作都注定要失败......
我一直在互联网上寻找答案,但没有找到多少有用的答案。
我在几分钟前将 GitLab CE 升级到 10.1.4,同时将 GitLab-运行ner 升级到 10.1.0,我可以通过 apt 在两台机器中更重要的一台上使用最新的软件包,运行宁 Ubuntu 比另一个更新的版本 - “野兽”的 17.04 zesty 与“q2”的 16.10 yakkety 相比。
两个 gitlab-运行ner 注册都使用 shell 来执行。
CI作业的相关输出如下:
Cloning repository...
Cloning into '/[clonepath]'...
Checking out 8319d586 as master...
Skipping Git submodules setup
mesg: ttyname failed: Inappropriate ioctl for device
mesg: ttyname failed: Inappropriate ioctl for device
mesg: ttyname failed: Inappropriate ioctl for device
$ mvn -B install
[INFO] Scanning for projects...
...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 11.204 s
[INFO] Finished at: 2017-11-18T05:45:08+01:00
[INFO] Final Memory: 27M/640M
[INFO] ------------------------------------------------------------------------
mesg: ttyname failed: Inappropriate ioctl for device
mesg: ttyname failed: Inappropriate ioctl for device
mesg: ttyname failed: Inappropriate ioctl for device
Uploading artifacts...
target/*.jar: found 1 matching files
ERROR: Uploading artifacts to coordinator... forbidden id=35 responseStatus=403
Forbidden status=403 Forbidden token=sP9oHykF
FATAL: permission denied
ERROR: Job failed: exit status 1
我 运行 GitLab 在 Apache2 Vhost 子域下,主要是为了美观和省略主机后面的端口,即 8080 代表独角兽,因为 Apache 上还有其他站点 运行ning。
这些是我的配置选项 gitlab.rb:
gitlab_rails['trusted_proxies'] = [ '127.0.0.1' ]
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "127.0.0.1:8181"
nginx['enable'] = false
设置以下任一值 options/values 如此
web_server['username'] = 'www-data'
web_server['group'] = 'www-data'
在重新配置时产生错误:
Starting Chef Client, version 12.12.15
resolving cookbooks for run list: ["gitlab"]
Synchronizing Cookbooks:
- package (0.1.0)
- registry (0.1.0)
- consul (0.0.0)
- gitlab (0.0.1)
- runit (0.14.2)
Installing Cookbook Gems:
Compiling Cookbooks...
Recipe: gitlab::default
* directory[/etc/gitlab] action create (up to date)
Converging 408 resources
* directory[/etc/gitlab] action create (up to date)
* directory[Create /var/opt/gitlab] action create (up to date)
* directory[/opt/gitlab/embedded/etc] action create (up to date)
* template[/opt/gitlab/embedded/etc/gitconfig] action create (up to date)
Recipe: gitlab::web-server
* group[Webserver user and group] action create (up to date)
* user[Webserver user and group] action create
================================================================================
Error executing action `create` on resource 'user[Webserver user and group]'
================================================================================
Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '8'
---- Begin output of ["usermod", "-s", "/bin/false", "-d", "/var/opt/gitlab/nginx", "www-data"] ----
STDOUT:
STDERR: usermod: user www-data is currently used by process 2656
---- End output of ["usermod", "-s", "/bin/false", "-d", "/var/opt/gitlab/nginx", "www-data"] ----
Ran ["usermod", "-s", "/bin/false", "-d", "/var/opt/gitlab/nginx", "www-data"] returned 8
Resource Declaration:
---------------------
# In /opt/gitlab/embedded/cookbooks/cache/cookbooks/package/definitions/account.rb
38: user params[:name] do
39: username username
40: shell params[:shell]
41: home params[:home]
42: uid params[:uid]
43: gid params[:ugid]
44: system params[:system]
45: supports params[:user_supports]
46: action params[:action]
47: end
48: end
Compiled Resource:
------------------
# Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/package/definitions/account.rb:38 :in `block in from_file'
user("Webserver user and group") do
params {:action=>nil, :username=>"www-data", :uid=>nil, :ugid=>"www-data", :groupname=>"www-data", :gid=>nil, :shell=>"/bin/false", :home=>"/var/opt/gitlab/nginx", :system=>true, :append_to_group=>true, :group_members=>["www-data"], :user_supports=>{:manage_home=>false}, :manage=>true, :name=>"Webserver user and group"}
action [:create]
supports {:manage_home=>false}
retries 0
retry_delay 2
default_guard_interpreter :default
username "www-data"
gid 33
home "/var/opt/gitlab/nginx"
shell "/bin/false"
system true
iterations 27855
declared_type :user
cookbook_name "gitlab"
recipe_name "web-server"
end
Platform:
---------
x86_64-linux
Running handlers:
Running handlers complete
Chef Client failed. 0 resources updated in 04 seconds
至于 Apache,这里是支持 SSL 的虚拟主机:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName [host]
ServerAdmin [email]
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Location />
Order deny,allow
Allow from all
Require all granted
ProxyPassReverse http://127.0.0.1:8181/
ProxyPassReverse http://[host]/
RequestHeader set X-Forwarded-Ssl 'on'
</Location>
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.*
RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
SSLCertificateFile /etc/letsencrypt/live/[host]/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/[host]/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
知道发生了什么事吗?我还没有挖掘 Apache 日志信息,因为它可能不会是 Apache,因为请求直接进入 gitlab-worker (8181)。如有必要,我应该检查哪些日志?
感谢您的宝贵时间。
这不是一个特别有用的答案,因为该解决方案对其工作原理几乎没有解释。
我的配置与上面保持一致,但是我安装的运行器,我删除了 rm /etc/gitlab-runner/config.toml 的配置,然后继续从机器中删除包,apt purge gitlab-runner. (gitlab-ci-multi-runner 是另一个可用的软件包,但似乎不是最新的 GitLab 10 - returns 404 而不是连接到节点)。
我重新安装了运行器 apt install gitlab-runner,然后注册了它 - gitlab-runner register。这里要注意的关键是,在注册过程中,我使用了我的 FQDN,如 https://git.example.com rather than any local address such as http://localhost:8080 or http://localhost:8181(分别为 unicorn、gitlab-workhorse)。是的,我是 运行 我在本地机器上的跑步者。危险,但我太信任我的团队了。这可能是我们的失败,无知的系统管理是成功的关键。
我在设置 GitLab 时玩得很开心,在花了很长时间研究它之后,我已经相对习惯了设置它,现在已经在两台机器上完成了,第二次是用比原来更容易......
但是,我在两台机器上都遇到了一个相当大的问题:我的 CI 管道坏了。不知何故,我的设置在构建完成后向工件提供 403,这意味着技术上成功的每项工作都注定要失败......
我一直在互联网上寻找答案,但没有找到多少有用的答案。
我在几分钟前将 GitLab CE 升级到 10.1.4,同时将 GitLab-运行ner 升级到 10.1.0,我可以通过 apt 在两台机器中更重要的一台上使用最新的软件包,运行宁 Ubuntu 比另一个更新的版本 - “野兽”的 17.04 zesty 与“q2”的 16.10 yakkety 相比。 两个 gitlab-运行ner 注册都使用 shell 来执行。
CI作业的相关输出如下:
Cloning repository...
Cloning into '/[clonepath]'...
Checking out 8319d586 as master...
Skipping Git submodules setup
mesg: ttyname failed: Inappropriate ioctl for device
mesg: ttyname failed: Inappropriate ioctl for device
mesg: ttyname failed: Inappropriate ioctl for device
$ mvn -B install
[INFO] Scanning for projects...
...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 11.204 s
[INFO] Finished at: 2017-11-18T05:45:08+01:00
[INFO] Final Memory: 27M/640M
[INFO] ------------------------------------------------------------------------
mesg: ttyname failed: Inappropriate ioctl for device
mesg: ttyname failed: Inappropriate ioctl for device
mesg: ttyname failed: Inappropriate ioctl for device
Uploading artifacts...
target/*.jar: found 1 matching files
ERROR: Uploading artifacts to coordinator... forbidden id=35 responseStatus=403
Forbidden status=403 Forbidden token=sP9oHykF
FATAL: permission denied
ERROR: Job failed: exit status 1
我 运行 GitLab 在 Apache2 Vhost 子域下,主要是为了美观和省略主机后面的端口,即 8080 代表独角兽,因为 Apache 上还有其他站点 运行ning。
这些是我的配置选项 gitlab.rb:
gitlab_rails['trusted_proxies'] = [ '127.0.0.1' ]
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "127.0.0.1:8181"
nginx['enable'] = false
设置以下任一值 options/values 如此
web_server['username'] = 'www-data'
web_server['group'] = 'www-data'
在重新配置时产生错误:
Starting Chef Client, version 12.12.15
resolving cookbooks for run list: ["gitlab"]
Synchronizing Cookbooks:
- package (0.1.0)
- registry (0.1.0)
- consul (0.0.0)
- gitlab (0.0.1)
- runit (0.14.2)
Installing Cookbook Gems:
Compiling Cookbooks...
Recipe: gitlab::default
* directory[/etc/gitlab] action create (up to date)
Converging 408 resources
* directory[/etc/gitlab] action create (up to date)
* directory[Create /var/opt/gitlab] action create (up to date)
* directory[/opt/gitlab/embedded/etc] action create (up to date)
* template[/opt/gitlab/embedded/etc/gitconfig] action create (up to date)
Recipe: gitlab::web-server
* group[Webserver user and group] action create (up to date)
* user[Webserver user and group] action create
================================================================================
Error executing action `create` on resource 'user[Webserver user and group]'
================================================================================
Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '8'
---- Begin output of ["usermod", "-s", "/bin/false", "-d", "/var/opt/gitlab/nginx", "www-data"] ----
STDOUT:
STDERR: usermod: user www-data is currently used by process 2656
---- End output of ["usermod", "-s", "/bin/false", "-d", "/var/opt/gitlab/nginx", "www-data"] ----
Ran ["usermod", "-s", "/bin/false", "-d", "/var/opt/gitlab/nginx", "www-data"] returned 8
Resource Declaration:
---------------------
# In /opt/gitlab/embedded/cookbooks/cache/cookbooks/package/definitions/account.rb
38: user params[:name] do
39: username username
40: shell params[:shell]
41: home params[:home]
42: uid params[:uid]
43: gid params[:ugid]
44: system params[:system]
45: supports params[:user_supports]
46: action params[:action]
47: end
48: end
Compiled Resource:
------------------
# Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/package/definitions/account.rb:38 :in `block in from_file'
user("Webserver user and group") do
params {:action=>nil, :username=>"www-data", :uid=>nil, :ugid=>"www-data", :groupname=>"www-data", :gid=>nil, :shell=>"/bin/false", :home=>"/var/opt/gitlab/nginx", :system=>true, :append_to_group=>true, :group_members=>["www-data"], :user_supports=>{:manage_home=>false}, :manage=>true, :name=>"Webserver user and group"}
action [:create]
supports {:manage_home=>false}
retries 0
retry_delay 2
default_guard_interpreter :default
username "www-data"
gid 33
home "/var/opt/gitlab/nginx"
shell "/bin/false"
system true
iterations 27855
declared_type :user
cookbook_name "gitlab"
recipe_name "web-server"
end
Platform:
---------
x86_64-linux
Running handlers:
Running handlers complete
Chef Client failed. 0 resources updated in 04 seconds
至于 Apache,这里是支持 SSL 的虚拟主机:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName [host]
ServerAdmin [email]
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Location />
Order deny,allow
Allow from all
Require all granted
ProxyPassReverse http://127.0.0.1:8181/
ProxyPassReverse http://[host]/
RequestHeader set X-Forwarded-Ssl 'on'
</Location>
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.*
RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
SSLCertificateFile /etc/letsencrypt/live/[host]/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/[host]/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
知道发生了什么事吗?我还没有挖掘 Apache 日志信息,因为它可能不会是 Apache,因为请求直接进入 gitlab-worker (8181)。如有必要,我应该检查哪些日志?
感谢您的宝贵时间。
这不是一个特别有用的答案,因为该解决方案对其工作原理几乎没有解释。
我的配置与上面保持一致,但是我安装的运行器,我删除了 rm /etc/gitlab-runner/config.toml 的配置,然后继续从机器中删除包,apt purge gitlab-runner. (gitlab-ci-multi-runner 是另一个可用的软件包,但似乎不是最新的 GitLab 10 - returns 404 而不是连接到节点)。
我重新安装了运行器 apt install gitlab-runner,然后注册了它 - gitlab-runner register。这里要注意的关键是,在注册过程中,我使用了我的 FQDN,如 https://git.example.com rather than any local address such as http://localhost:8080 or http://localhost:8181(分别为 unicorn、gitlab-workhorse)。是的,我是 运行 我在本地机器上的跑步者。危险,但我太信任我的团队了。这可能是我们的失败,无知的系统管理是成功的关键。