首页 > 其他分享 >GitLab Runner 添加 极狐GitLab 域名 host

GitLab Runner 添加 极狐GitLab 域名 host

时间:2024-03-01 15:33:05浏览次数:29  
标签:gitlab helm Runner GitLab runner host WARNING test my

本文作者 徐晓伟

自定义 GitLab 域名解析

查看极狐 GitLab runner 日志

  • 查看极狐 GitLab Runner Pod 名称
[root@anolis-7-9 ~]# kubectl -n gitlab-test get pod | grep gitlab-runner
my-gitlab-gitlab-runner-6fb4bf7468-nmnkp             0/1     Running   29 (62s ago)     117m
[root@anolis-7-9 ~]# 
  • 查看极狐 GitLab Runner 日志
[root@anolis-7-9 ~]# kubectl -n gitlab-test logs -f my-gitlab-gitlab-runner-6fb4bf7468-nmnkp 
Registration attempt 1 of 30
Runtime platform                                    arch=amd64 os=linux pid=16 revision=f5da3c5a version=16.6.1
WARNING: Running in user-mode.                     
WARNING: The user-mode requires you to manually start builds processing: 
WARNING: $ gitlab-runner run                       
WARNING: Use sudo for system-mode:                 
WARNING: $ sudo gitlab-runner...                   
                                                   
Merging configuration from template file "/configmaps/config.template.toml" 
WARNING: Support for registration tokens and runner parameters in the 'register' command has been deprecated in GitLab Runner 15.6 and will be replaced with support for authentication tokens. For more information, see https://docs.gitlab.com/ee/ci/runners/new_creation_workflow 
ERROR: Registering runner... failed                 runner=BtGwLEwc status=couldn't execute POST against https://gitlab.test.helm.xuxiaowei.cn/api/v4/runners: Post "https://gitlab.test.helm.xuxiaowei.cn/api/v4/runners": dial tcp: lookup gitlab.test.helm.xuxiaowei.cn on 10.96.0.10:53: no such host
PANIC: Failed to register the runner.              
Registration attempt 2 of 30
Runtime platform                                    arch=amd64 os=linux pid=25 revision=f5da3c5a version=16.6.1
WARNING: Running in user-mode.                     
WARNING: The user-mode requires you to manually start builds processing: 
WARNING: $ gitlab-runner run                       
WARNING: Use sudo for system-mode:                 
WARNING: $ sudo gitlab-runner...                   
                                                   
Merging configuration from template file "/configmaps/config.template.toml" 
WARNING: Support for registration tokens and runner parameters in the 'register' command has been deprecated in GitLab Runner 15.6 and will be replaced with support for authentication tokens. For more information, see https://docs.gitlab.com/ee/ci/runners/new_creation_workflow 
ERROR: Registering runner... failed                 runner=BtGwLEwc status=couldn't execute POST against https://gitlab.test.helm.xuxiaowei.cn/api/v4/runners: Post "https://gitlab.test.helm.xuxiaowei.cn/api/v4/runners": dial tcp: lookup gitlab.test.helm.xuxiaowei.cn on 10.96.0.10:53: no such host
PANIC: Failed to register the runner.              
Registration attempt 3 of 30
Runtime platform                                    arch=amd64 os=linux pid=33 revision=f5da3c5a version=16.6.1
WARNING: Running in user-mode.                     
WARNING: The user-mode requires you to manually start builds processing: 
WARNING: $ gitlab-runner run                       
WARNING: Use sudo for system-mode:                 
WARNING: $ sudo gitlab-runner...
  • 由上述日志 dial tcp: lookup gitlab.test.helm.xuxiaowei.cn on 10.96.0.10:53: no such host 可知,注册失败,因为网络问题,无法连接到 gitlab.test.helm.xuxiaowei.cn,演示环境没有 DNS 解析,两种解决方案如下:
  1. 在域名服务商解析 DNS
  2. 直接修改极狐 GitLab Runner 配置

极狐GitLab Runner 添加极狐 GitLab 的 host

导出现在的配置

helm -n gitlab-test get values my-gitlab > my-gitlab.yaml

添加极狐 GitLab 的 host

示例如下

gitlab-runner:
  hostAliases:
    - hostnames:
        - gitlab.test.helm.xuxiaowei.cn
      ip: 172.25.25.32

重新配置 GitLab

helm upgrade -n gitlab-test --install my-gitlab gitlab/gitlab -f my-gitlab.yaml --timeout 600s --version 7.7.0

查看 GitLab Runner Deployment 配置

kubectl -n gitlab-test get deployment my-gitlab-gitlab-runner -o yaml

可以查看到,配置已经增加了域名 gitlab.test.helm.xuxiaowei.cn 解析到 172.25.25.32

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "2"
    meta.helm.sh/release-name: my-gitlab
    meta.helm.sh/release-namespace: gitlab-test
  creationTimestamp: "2023-12-22T05:03:46Z"
  generation: 2
  labels:
    app: my-gitlab-gitlab-runner
    app.kubernetes.io/managed-by: Helm
    chart: gitlab-runner-0.59.2
    heritage: Helm
    release: my-gitlab
  name: my-gitlab-gitlab-runner
  namespace: gitlab-test
  resourceVersion: "24030"
  uid: 8c46c44a-5b67-44ae-90d0-008daa3fa388
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: my-gitlab-gitlab-runner
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      annotations:
        checksum/configmap: f35865354f043583d0903b0a8350830a486eb0e289d18271cf3f533e7d89c5f7
        checksum/secrets: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
        gitlab.com/prometheus_port: "9252"
        gitlab.com/prometheus_scrape: "true"
      creationTimestamp: null
      labels:
        app: my-gitlab-gitlab-runner
        chart: gitlab-runner-0.59.2
        heritage: Helm
        release: my-gitlab
    spec:
      containers:
        - command:
            - /usr/bin/dumb-init
            - --
            - /bin/bash
            - /configmaps/entrypoint
          env:
            - name: CI_SERVER_URL
              value: https://gitlab.test.helm.xuxiaowei.cn
            - name: RUNNER_EXECUTOR
              value: kubernetes
            - name: REGISTER_LOCKED
              value: "false"
            - name: RUNNER_TAG_LIST
            - name: KUBERNETES_NAMESPACE
              value: gitlab-test
          image: registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v16.6.1
          imagePullPolicy: IfNotPresent
          livenessProbe:
            exec:
              command:
                - /bin/bash
                - /configmaps/check-live
            failureThreshold: 3
            initialDelaySeconds: 60
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 3
          name: my-gitlab-gitlab-runner
          ports:
            - containerPort: 9252
              name: metrics
              protocol: TCP
          readinessProbe:
            exec:
              command:
                - /usr/bin/pgrep
                - gitlab.*runner
            failureThreshold: 3
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 3
          resources: { }
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            privileged: false
            readOnlyRootFilesystem: false
            runAsNonRoot: true
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
            - mountPath: /secrets
              name: projected-secrets
            - mountPath: /home/gitlab-runner/.gitlab-runner
              name: etc-gitlab-runner
            - mountPath: /configmaps
              name: configmaps
      dnsPolicy: ClusterFirst
      hostAliases:
        - hostnames:
            - gitlab.test.helm.xuxiaowei.cn
          ip: 172.25.25.32
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext:
        fsGroup: 65533
        runAsUser: 100
      serviceAccount: my-gitlab-gitlab-runner
      serviceAccountName: my-gitlab-gitlab-runner
      terminationGracePeriodSeconds: 3600
      volumes:
        - emptyDir:
            medium: Memory
          name: runner-secrets
        - emptyDir:
            medium: Memory
          name: etc-gitlab-runner
        - name: projected-secrets
          projected:
            defaultMode: 420
            sources:
              - secret:
                  name: my-gitlab-minio-secret
              - secret:
                  items:
                    - key: runner-registration-token
                      path: runner-registration-token
                    - key: runner-token
                      path: runner-token
                  name: my-gitlab-gitlab-runner-secret
        - configMap:
            defaultMode: 420
            name: my-gitlab-gitlab-runner
          name: configmaps
status:
  availableReplicas: 1
  conditions:
    - lastTransitionTime: "2023-12-22T07:04:29Z"
      lastUpdateTime: "2023-12-22T07:04:29Z"
      message: Deployment has minimum availability.
      reason: MinimumReplicasAvailable
      status: "True"
      type: Available
    - lastTransitionTime: "2023-12-22T05:03:46Z"
      lastUpdateTime: "2023-12-22T07:04:29Z"
      message: ReplicaSet "my-gitlab-gitlab-runner-f59d8c4b8" is progressing.
      reason: ReplicaSetUpdated
      status: "True"
      type: Progressing
  observedGeneration: 2
  readyReplicas: 1
  replicas: 2
  unavailableReplicas: 1
  updatedReplicas: 1

增加 host 后,查看极狐 GitLab Runner Pod 名称

  • 查看 gitlab runner pod 名称

    1. 如果出现多个,根据时间选择,查看最新的 pod
[root@anolis-7-9 ~]# kubectl -n gitlab-test get pod | grep gitlab-runner
my-gitlab-gitlab-runner-f59d8c4b8-jcr6k              0/1     Running       0                2m27s
[root@anolis-7-9 ~]# 
  • 查看 GitLab Runner 日志
[root@anolis-7-9 ~]# kubectl -n gitlab-test logs -f my-gitlab-gitlab-runner-f59d8c4b8-jcr6k 
Registration attempt 1 of 30
Runtime platform                                    arch=amd64 os=linux pid=16 revision=f5da3c5a version=16.6.1
WARNING: Running in user-mode.                     
WARNING: The user-mode requires you to manually start builds processing: 
WARNING: $ gitlab-runner run                       
WARNING: Use sudo for system-mode:                 
WARNING: $ sudo gitlab-runner...                   
                                                   
Merging configuration from template file "/configmaps/config.template.toml" 
WARNING: Support for registration tokens and runner parameters in the 'register' command has been deprecated in GitLab Runner 15.6 and will be replaced with support for authentication tokens. For more information, see https://docs.gitlab.com/ee/ci/runners/new_creation_workflow 
ERROR: Registering runner... failed                 runner=BtGwLEwc status=couldn't execute POST against https://gitlab.test.helm.xuxiaowei.cn/api/v4/runners: Post "https://gitlab.test.helm.xuxiaowei.cn/api/v4/runners": tls: failed to verify certificate: x509: certificate signed by unknown authority
PANIC: Failed to register the runner.              
Registration attempt 2 of 30
Runtime platform                                    arch=amd64 os=linux pid=24 revision=f5da3c5a version=16.6.1
WARNING: Running in user-mode.                     
WARNING: The user-mode requires you to manually start builds processing: 
WARNING: $ gitlab-runner run                       
WARNING: Use sudo for system-mode:                 
WARNING: $ sudo gitlab-runner...                   
                                                   
Merging configuration from template file "/configmaps/config.template.toml" 
WARNING: Support for registration tokens and runner parameters in the 'register' command has been deprecated in GitLab Runner 15.6 and will be replaced with support for authentication tokens. For more information, see https://docs.gitlab.com/ee/ci/runners/new_creation_workflow 
ERROR: Registering runner... failed                 runner=BtGwLEwc status=couldn't execute POST against https://gitlab.test.helm.xuxiaowei.cn/api/v4/runners: Post "https://gitlab.test.helm.xuxiaowei.cn/api/v4/runners": tls: failed to verify certificate: x509: certificate signed by unknown authority
PANIC: Failed to register the runner.              
Registration attempt 3 of 30
Runtime platform                                    arch=amd64 os=linux pid=33 revision=f5da3c5a version=16.6.1
WARNING: Running in user-mode.                     
WARNING: The user-mode requires you to manually start builds processing: 
WARNING: $ gitlab-runner run                       
WARNING: Use sudo for system-mode:                 
WARNING: $ sudo gitlab-runner...
[root@anolis-7-9 ~]# kubectl -n gitlab-test logs -f my-gitlab-gitlab-runner-f59d8c4b8-jcr6k 
Registration attempt 1 of 30
Runtime platform                                    arch=amd64 os=linux pid=16 revision=782e15da version=16.2.0
WARNING: Running in user-mode.                     
WARNING: The user-mode requires you to manually start builds processing: 
WARNING: $ gitlab-runner run                       
WARNING: Use sudo for system-mode:                 
WARNING: $ sudo gitlab-runner...                   
                                                   
Merging configuration from template file "/configmaps/config.template.toml" 
WARNING: Support for registration tokens and runner parameters in the 'register' command has been deprecated in GitLab Runner 15.6 and will be replaced with support for authentication tokens. For more information, see https://gitlab.com/gitlab-org/gitlab/-/issues/380872 
ERROR: Registering runner... failed                 runner=wgpCYf05 status=couldn't execute POST against https://gitlab.test.helm.xuxiaowei.cn/api/v4/runners: Post "https://gitlab.test.helm.xuxiaowei.cn/api/v4/runners": tls: failed to verify certificate: x509: certificate is valid for ingress.local, not gitlab.test.helm.xuxiaowei.cn
PANIC: Failed to register the runner.              
Registration attempt 2 of 30
  • 由上述日志 tls: failed to verify certificate: x509: certificate signed by unknown authority 或 tls: failed to verify certificate: x509: certificate is valid for ingress.local, not gitlab.test.helm.xuxiaowei.cn 可知,注册失败

  • 失败原因

    1. 未配置证书,使用软件自己生成的证书,属于不合法的证书,默认无法信任
    2. 由于安装 helm gitlab 过程中,修改过域名,而域名证书没有重新生成(即使重新生成也无法信任),默认无法信任
    3. 如果自己正确配置了合法证书,但是还是无法验证,原因是证书链太新,gitlab runner 镜像中没有包含此证书链,所以导致无法信任
  • 极狐GitLab Runner 证书验证失败解决方案:gitlab runner 信任域名证书

本文由博客一文多发平台 OpenWrite 发布!

标签:gitlab,helm,Runner,GitLab,runner,host,WARNING,test,my
From: https://www.cnblogs.com/jihugitlab/p/18047186

相关文章

  • dolphinscheduler管理页面主机host显示IP异常问题
    问题背景:登录dolphinscheduler管理页面,打开监控中心大盘发现IP显示异常,不是自己主机的业务IP问题分析:显示的IP是主机的bond0的IP,不是业务ip所在bond,则需要修改bond配置解决方案:需要将network.interface修改成业务ip所在的bond1网卡登录主机进行ipaddr查看业务IP所在bond......
  • springboot应用中根据特定条件使用CommandLineRunner
    PS使用SpringBoot3.1.2进行测试1.使用@ConditionalOnProperty仅当特定属性存在或具有特定值时,注释@ConditionalOnProperty才会创建bean。在此示例中,仅当或文件中的CommandLineRunner属性db.init.enabled设置为true时才会执行application.propertiesapplication.ymlpac......
  • 技术文档 | 使用 OpenSCA 批量扫描 Gitlab 仓库,盘点资产安心过节
    按照下述教程快速批量扫描您的仓库,一旦新的攻击或0Day出现,通过资产清单即可快速定位漏洞及影响范围、有效缩短响应时间。安装opensca-cli方法一:一键安装-Windows(需要PowerShell)iex"&{$(irmhttps://raw.githubusercontent.com/XmirrorSecurity/OpenSCA-cli/master/script......
  • linux 使用docker 管理应用(gitlab,)
    配置gitlab  10080端口貌似被禁用的具体细节不清楚但是配置访问不了端口从2万开始磁盘空间不足无法正常启动 需要配置足够的磁盘空间配置环境变量 GITLAB_HOME下载并启动容器sudodockerrun--detach--hostnamegitlab.example.com--publish10443:443--publ......
  • 配置Gitlab支持SMTP发送邮件
    不配置SMTP都无法工作了目前的版本Gitlab16.9.0,管理员在创建用户的时候,管理员无法给用户指定初始密码。初始密码只能以邮件的形式,发送到用户的邮箱。因此有了此篇博文,为我们的Gitlab服务器做好正确的SMTP配置。找到Gitlab的config文件夹如果您的Gitlab,是根据我们的文章安装......
  • docker-compose安装Gitlab Runner
    系列文章GitlabRunner的docker-compose.ymlversion:'3'services:home:image:'gitlab/gitlab-runner:v16.9.0'scale:2restart:alwaysprivileged:truevolumes:-./config:/etc/gitlab-runner准备好文件之后,放在某个文件夹下root......
  • 在极狐GitLab 配置 SSL/https
    本文作者徐晓伟说明极狐GitLabhttps使用的是nginx实现的本文使用的域名是IP192.168.80.14(原因:如果使用域名,必须拥有这个域名的所有权,并增加解析才可以,要不然在Docker容器中,无法使用域名检出代码,因为根据域名找不到DNS记录)如果使用自己生成的证书,git检出代码、推送......
  • 国产数据库兼容性认证再下两城,极狐GitLab 国产适配更进一步
    近日,极狐GitLab与两大国产数据库TDSQL和人大金仓完成兼容性认证。极狐GitLab在国产化适配、国产化生态建设上有了进一步的发展。极狐GitLab团队分别和TDSQL和人大金仓数据库团队做了严格的测试验证,完成了这两大国产数据库和极狐GitLab企业级一体化DevOps平台的兼容性认......
  • 软件性能测试工具RunnerGo安装步骤
    现在安装RunnerGo仅需要一条命令!目前支持系统:Centos、Debian、Ubuntu三种。下面给大家介绍一下RunnerGo安装使用流程:Step1:复制以下命令wget https://img.cdn.apipost.cn/running_go/img/wiki/runnergo.tar&&tarxf runnergo.tar  &&bashinstall.shStep2:选择安装系统......
  • 制作docker方式执行Gitlab Runner所需要的镜像
    背景知识启动GitlabRunner时,使用Gitlab提供的官方镜像gitlab/gitlab-runner:latest即可。Runner以容器的方式启动以后,根据前文我们注册到Gitlab服务器,然后就可以等着执行“流水线”里面的“作业”了。执行“作业”是要启动另外的容器的,在这个容器里面才能运行dotnetbuild、do......