我有两个Ubuntu 16.04.5 LTS服务器。一个正在运行gitlab-ee实例,另一个正在运行gitlab-runners。
当我将代码推送到服务器时,我注意到共享的运行程序花很长时间才能拾取并构建代码。
我查看了/var/log/gitlab/gitlab-rails/api_json.log下的gitlab-ee日志,发现它们经常出现403错误。
{"time":"2018-09-03T17:58:29.432Z","severity":"INFO","duration":5.41,"db":1.34,"view":4.07,"status":403,"method":"POST","path":"/api/v4/jobs/request","params":{"info":{"name":"gitlab-runner","version":"11.2.0","revision":"35e8515d","platform":"linux","architecture":"amd64","executor":"docker","shell":"bash","features":{"variables":"[FILTERED]","image":null,"services":null,"artifacts":null,"cache":null,"shared":null,"upload_multiple_artifacts":null}},"token":"[FILTERED]","last_update":"c565c8f1c839e48b27a1758c04af7863"},"host":"gitlab.XXXX.XXX","ip":"XX.XX.XX.XX","ua":"gitlab-runner 11.2.0 (11-2-stable; go1.8.7; linux/amd64)","queue_duration":8.48}
{"time":"2018-09-03T17:58:29.621Z","severity":"INFO","duration":5.51,"db":1.26,"view":4.25,"status":403,"method":"POST","path":"/api/v4/jobs/request","params":{"info":{"name":"gitlab-runner","version":"11.2.0","revision":"35e8515d","platform":"linux","architecture":"amd64","executor":"docker","shell":"bash","features":{"variables":"[FILTERED]","image":null,"services":null,"artifacts":null,"cache":null,"shared":null,"upload_multiple_artifacts":null}},"token":"[FILTERED]","last_update":"6c328f52ff65c51b4b34b9c1ea26249e"},"host":"gitlab.XXXX.XXX","ip":"XX.XX.XX.XX","ua":"gitlab-runner 11.2.0 (11-2-stable; go1.8.7; linux/amd64)","queue_duration":9.43}
{"time":"2018-09-03T17:58:29.807Z","severity":"INFO","duration":5.5,"db":1.61,"view":3.8899999999999997,"status":403,"method":"POST","path":"/api/v4/jobs/request","params":{"info":{"name":"gitlab-runner","version":"11.2.0","revision":"35e8515d","platform":"linux","architecture":"amd64","executor":"docker","shell":"bash","features":{"variables":"[FILTERED]","image":null,"services":null,"artifacts":null,"cache":null,"shared":null,"upload_multiple_artifacts":null}},"token":"[FILTERED]","last_update":"7d3fda493909db2329c6a578ad9960ec"},"host":"gitlab.XXXX.XXX","ip":"XX.XX.XX.XX","ua":"gitlab-runner 11.2.0 (11-2-stable; go1.8.7; linux/amd64)","queue_duration":7.72}
直到每隔一段时间,一个人设法通过,
{"time":"2018-09-03T19:22:07.249Z","severity":"INFO","duration":24.36,"db":7.55,"view":16.81,"status":204,"method":"POST","path":"/api/v4/jobs/request","params":{"info":{"name":"gitlab-runner","version":"11.2.0","revision":"35e8515d","platform":"linux","architecture":"amd64","executor":"docker","shell":"bash","features":{"variables":"[FILTERED]","image":null,"services":null,"artifacts":null,"cache":null,"shared":null,"upload_multiple_artifacts":null}},"token":"[FILTERED]","last_update":"e0d8576707ef9261fd3e59106f8a2ba8"},"host":"gitlab.XXXX.XXX","ip":"XX.XX.XX.XX","ua":"gitlab-runner 11.2.0 (11-2-stable; go1.8.7; linux/amd64)","queue_duration":18.47}
这导致队列时间超过10分钟。
我试图找到原因,但未能成功。我已采取的步骤是:
似乎GitLab issuing temporary IP bans - 403 forbidden非常相似,但是我没有额外安装任何东西。这是一个普通的gitlab-ee实例。
答案 0 :(得分:0)
您的GitLab实例是否在负载均衡器后面?过去,我的自托管GitLab EE实例遇到了非常相似的情况。由于负载均衡器,GitLab看到所有请求都来自同一个IP地址,并且会错误地始终发出临时禁止。除其他外,我在GitLab Runner作业请求中遇到了403响应。
要修复我的安装,我最终完全关闭了机架攻击过滤功能。不过,也有一种方法可以转发实际的客户端IP。