Gitlab运行程序:无法登录到GitLab容器注册表

时间:2018-11-02 14:32:25

标签: docker gitlab gitlab-ci gitlab-ci-runner

在将gitlab-runner设置为具有docker执行程序的Docker容器之后,我无法运行任何构建。显示的日志如下所示:

Running with gitlab-runner 11.4.2 (cf91d5e1)
  on <hostname> 9f1c1a0d
Using Docker executor with image docker:stable-git ...
Starting service docker:stable-dind ...
Pulling docker image docker:stable-dind ...
Using docker image sha256:acfec978837639b4230111b35a775a67ccbc2b08b442c1ae2cca4e95c3e6d08a for docker:stable-dind ...
Waiting for services to be up and running...
Pulling docker image docker:stable-git ...
Using docker image sha256:a8a2d0da40bc37344c35ab723d4081a5ef6122d466bf0a0409f742ffc09c43b9 for docker:stable-git ...
Running on runner-9f1c1a0d-project-1-concurrent-0 via a7b6a57c58f8...
Fetching changes...
HEAD is now at 5430a3d <Commit message>
Checking out 5430a3d8 as master...
Skipping Git submodules setup
$ # Auto DevOps variables and functions # collapsed multi-line command
$ setup_docker
$ build
Logging to GitLab Container Registry with CI credentials...
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://registry-1.docker.io/v2/: unauthorized: incorrect username or password
ERROR: Job failed: exit code 1

请注意尝试连接到docker-hub(我想)和凭据错误。但是我既不希望也不配置用户名/密码来访问docker-hub。有什么建议在这里出什么问题或如何进行调试吗?

运行程序已使用以下命令注册(该命令还指示配置文件的内容):

docker run --rm -ti \
  -v <config-volume>:/etc/gitlab-runner \
  -v $(pwd)/self-signed-server.crt:/etc/ssl/certs/server.crt \
  -v /var/run/docker.sock:/var/run/docker.sock \
  gitlab/gitlab-runner register \
    --tls-ca-file /etc/ssl/certs/server.crt \
    --url https://my.server.url/gitlab/ --registration-token <token> \
    --name myserver --tag-list "" \
    --executor docker --docker-privileged --docker-image debian \
    --non-interactive

我之所以使用--docker-privileged是因为我最初遇到的问题与here相同(感谢wendellmva)。我只是无法配置以特权本身运行gitlab-runner容器,但即使没有,也看不到链接失败问题的问题。

1 个答案:

答案 0 :(得分:6)

要克服这一点,需要覆盖项目Settings-> CI / CD-> Variables块中的CI_REGISTRY_USER变量。分配一个空值将超过这一点。

背景:通过导出项目,然后使用jq解析JSON设置,可以获得运行的命令的预配置列表:

jq -r .pipelines[0].stages[0].statuses[0].commands project.json
# ...
function registry_login() {
  if [[ -n "$CI_REGISTRY_USER" ]]; then
    echo "Logging to GitLab Container Registry with CI credentials..."
    docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
    echo ""
  fi
}
# ...

因此,显然有一些非空字符串已预加载到CI_REGISTRY_USER,但其中包含无效的CI_REGISTRY_PASSWORD

我还没有发现在哪里可以对所有项目进行全局设置,或者如何编辑AutoDevOps管道。

相关问题
最新问题