gitlab-runner的一些问题
上周折腾了一下gitlab runner的安装。遇到了一些问题,这里记录一下解决的办法,以备下次要用的时候又要再折腾一遍。
这里这个链接包含了runner的介绍,如果你对相关概念不理解,可以先过一遍: https://docs.gitlab.com/runner/
我的环境是gitlab server企业版11.3, gitlab runner是centos 7.5
runner的安装
我用的是手工安装方式,你也可以考虑使用gitlab提供的repo。
# Linux x86-64 sudo wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64 sudo chmod +x /usr/local/bin/gitlab-runner sudo useradd --comment 'GitLab Runner' --create-home gitlab-runner \ --shell /bin/bash sudo gitlab-runner install --user=gitlab-runner \ --working-directory=/home/gitlab-runner sudo gitlab-runner start
如果你准备使用docker作为executor,还要在运行gitlab-runner的机器上安装配置docker(下面会简单介绍不同的executor类型):
#安装docker curl -sSL https://get.docker.com/ | sh
要使用非root用户运行docker的话,还要创建docker用户组,并将此用户加入到docker组,然后退出并重新登录
把这个runner注册到gitlab服务器
运行
sudo gitlab-runner register
并提供如下信息:
gitlab服务器的url: https://mygitlab.com
token: 可以是shared runner的token,也可以是project specific的token
executor类型: 有以下类型可以选
SSH (最后的选择,官方不推荐)
Shell
Parallels
VirtualBox
Docker
Docker Machine (auto-scaling)
Kubernetes
如果你不确定要选择哪种类型,可以看一下这个链接:https://docs.gitlab.com/runner/executors/#i-am-not-sure
docker的代理服务器配置
我的executor类型是docker,而公司使用代理服务器上网,因此需要为docker配置代理服务器。
#需要先创建docker.service.d文件夹 vim /etc/systemd/system/docker.service.d/https-proxy.conf
[Service]
Environment=”HTTPS_PROXY=http://hbcheng:changsheng%2f%[email protected]:3128″
Environment=”NO_PROXY=localhost,127.0.0.0/8,10.0.0.0/8,\*.examplet.org”
另外,如果密码包含特殊字符,需要转义(escape),而且’\’在systemd里也不好用。而要用HTTP里(或者应该叫URL里)的转义。
如:
https://www.werockyourweb.com/url-escape-characters/
Character | Escape Character | Character | Escape Character
--------------------------------------------------------------
Space | %20 | # | %23
--------------------------------------------------------------
$ | %24 | % | %25
--------------------------------------------------------------
& | %26 | @ | %40
--------------------------------------------------------------
\` | %60 | / | %2F
--------------------------------------------------------------
: | %3A | ; | %3B
--------------------------------------------------------------
< | %3C | = | %3D
--------------------------------------------------------------
\> | %3E | ? | %3F
--------------------------------------------------------------
[ | %5B | \ | %5C
--------------------------------------------------------------
] | %5D | ^ | %5E
--------------------------------------------------------------
{ | %7B | \| | %7C
--------------------------------------------------------------
} | %7D | ~ | %7E
--------------------------------------------------------------
“ | %22 | ‘ | %27
--------------------------------------------------------------
+ | %2B | , | %2C
--------------------------------------------------------------
自签署证书
如果你的gitlab服务器使用的是自签署证书,你需要禁用git的SSL证书验证,或者把你用的root cert放到container上。
a. 禁用git SSL验证(在/etc/gitlab-runner/config.toml)
[[runners]]
name = “hdc-sc-perf02”
url = “https://gitlab-apac.example.org/”
token = “d2a1f80ee3b8aa3d8a75d7c1ace61b”
executor = “docker” environment = [“GIT_SSL_NO_VERIFY=true”]
b. 把root cert放到container上
在/etc/gitlab-runner/config.toml的[[runners]]部分,有如下三个配置项:
tls-ca-file File containing the certificates to verify the peer when using HTTPS
tls-cert-file File containing the certificate to authenticate with the peer when using HTTPS
tls-key-file File containing the private key to authenticate with the peer when using HTTPS
但是这些配置目前并不能像官方宣称的那样解决自签署证书的问题(希望这个问题很快得到解决)。
官方解决方案参考下面两个链接:
https://docs.gitlab.com/runner/configuration/tls-self-signed.html
https://docs.gitlab.com/runner/configuration/advanced-configuration.html
stackoverflow上,有用户提供了一个workaround,参考这个链接:
https://stackoverflow.com/questions/53159258/how-to-make-gitlab-runner-in-docker-see-a-custom-ca-root-certificate/53391440
This job is stuck, because you don’t have any active runners that can run this job.
遇到这个问题的话,检查一下这个runner的设置,如果它自身有tag的话,确保
Can run untagged jobs: 设置为 ‘yes’
https://forum.gitlab.com/t/activated-specific-runner-is-not-working/7002
