gitlab-ci-multi-runner register
gave me
couldn't execute POST against https://xxxx/ci/api/v1/runners/register.json:
Post https://xxxx/ci/api/v1/runners/register.json:
x509: cannot validate certificate for xxxx because it doesn't contain any IP SANs
Is there a way to disable certification validation ?
I'm using Gitlab 8.13.1 and gitlab-ci-multi-runner 1.11.2.
答案 0 :(得分:18)
根据Wassim的回答和gitlab documentation about tls-self-signed and custom CA-signed certificates,如果您不是gitlab服务器的管理员,而只是带有跑步者的服务器,可以节省一些时间(如果跑步者以root身份运行):
Sub Comp()
Dim array11, array12, array13 As Variant
Dim array2 As Variant
Dim arrayMatch As Variant
Dim arrayTmp As Variant
Dim last1 As String
Dim last2 As String
Dim C As Integer
Dim A As Integer
Dim matchCount As Long
With Sheets("Comparison")
last1 = .Range("A100000").End(xlUp).Row
last2 = .Range("I100000").End(xlUp).Row
'[1]
array11 = .Range("A2:A" & last1 + 2).Value
array12 = .Range("D2:D" & last1 + 2).Value
array13 = .Range("G2:G" & last1 + 2).Value
array2 = .Range("I2:L" & last2 + 2).Value
End With
'[2]
ReDim arrayMatch(1 To 500, 1 To 4) As Variant
For C = LBound(array11) To UBound(array11)
For A = LBound(array2) To UBound(array2)
If array12(C) = array2(A, 3) And array13(C) = array2(A, 5) And Abs(DateDiff("s", array11(C), array2(A, 1))) <= 2 Then
matchCount = matchCount + 1
'Check the result array is fulled or not
If matchCount > UBound(arrayMatch) Then
'[3]
arrayTmp = arrayMatch
ReDim arrayMatch(1 To UBound(arrayTmp) + 500, 1 To 4)
For i = LBound(arrayTmp) To UBound(arrayTmp)
arrayMatch(i, 1) = arrayTmp(i, 1)
arrayMatch(i, 2) = arrayTmp(i, 2)
arrayMatch(i, 3) = arrayTmp(i, 3)
arrayMatch(i, 4) = arrayTmp(i, 4)
Next i
End If
arrayMatch(matchCount, 1) = array11(C)
arrayMatch(matchCount, 2) = array13(C)
arrayMatch(matchCount, 3) = array2(A, 2)
arrayMatch(matchCount, 4) = array2(A, 4)
Exit For
End If
Next A
Next C
Sheets("Sheet2").Range("A100000").End(x1up).Offset(1, 0).Resize(matchCount, 4).Value = arrayMatch
End Sub
更新1:证书必须是正确位置的绝对路径。
更新2 :由于gitlab bug #2675
,自定义CA签名可能仍会失败答案 1 :(得分:7)
在我的情况下,我通过添加.pem文件的路径来实现它,如下所示:
sudo gitlab-runner register --tls-ca-file /my/path/gitlab/gitlab.myserver.com.pem
答案 2 :(得分:6)
好的,我一步一步地跟着这篇文章http://moonlightbox.logdown.com/posts/2016/09/12/gitlab-ci-runner-register-x509-error,然后它就像一个魅力。 为防止死链接,我复制以下步骤:
首先在GitLab服务器(而不是跑步者)上编辑ssl配置
vim /etc/pki/tls/openssl.cnf
[ v3_ca ]
subjectAltName=IP:192.168.1.1 <---- Add this line. 192.168.1.1 is your GitLab server IP.
重新生成自签名证书
cd /etc/gitlab/ssl
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/gitlab/ssl/192.168.1.1.key -out /etc/gitlab/ssl/192.168.1.1.crt
sudo openssl dhparam -out /etc/gitlab/ssl/dhparam.pem 2048
sudo gitlab-ctl restart
将新CA复制到GitLab CI runner
scp /etc/gitlab/ssl/192.168.1.1.crt root@192.168.1.2:/etc/gitlab-runner/certs
感谢@Moon Light @Wassim Dhif
答案 3 :(得分:4)
目前,不可能使用不安全的ssl选项运行多跑者。
GitLab目前有一个未解决的问题。
仍然可以使用--tls-ca-file
要制作PEM文件,请使用openssl
openssl x509 -in mycert.crt -out mycert.pem -outform PEM
答案 4 :(得分:4)
在我的设置中,以下内容也起作用。用于创建证书的IP /名称与用于注册跑步者的IP /名称相匹配,这一点非常重要。
gitlab-runner register --tls-ca-file /my/path/gitlab/gitlab.myserver.com.pem
此外,可能还需要为runners config.toml文件添加一行主机名查找(section [runners.docker]):
extra_hosts = ["git.domain.com:192.168.99.100"]
另见https://gitlab.com/gitlab-org/gitlab-runner/issues/2209
此外,如果使用gitlab / gitlab-runner网络模式主机,可能会出现一些网络故障,它也必须添加到config.toml,因为它启动了额外的容器,否则可能会有连接到gitlab-host的问题((section [runners.docker]):
network_mode="host"
最后,自签名SSL-Cert(https://gitlab.com/gitlab-org/gitlab-runner/issues/2659)可能存在问题。
一个肮脏的解决方法是添加
environment = ["GIT_SSL_NO_VERIFY=true"]
到[[runners]]部分。
答案 5 :(得分:1)
以下步骤在我的环境中有效。 (Ubuntu)
下载证书
我无权访问gitlab服务器。因此,
在gitlab-runner主机中
使用.crt重命名下载的证书
$ mv some-host-gitlab.com some-host-gitlab.com.crt
使用此文件立即注册跑步者
$ sudo gitlab-runner register --tls-ca-file /path/to/some-host-gitlab.com.crt
我能够将跑步者注册到一个项目。