How to change a shared gitlab runner token? - gitlab

I have one shared GitLab runner. To verify this I run the following command:
sudo gitlab-runner list
Which shows something like this:
Runtime platform arch=amd64 os=linux pid=28276 revision=c127439c version=13.0.0
Listing configured runners ConfigFile=/etc/gitlab-runner/config.toml
Shared shell runner - 1 Executor=shell Token=5_JqpessGzXasyqRyBP5 URL=https://gitlab.mysite.com/
I have a new GitLab instance and need to re-assign the runner to the new instance. This means a new token (the URL is the same).
Solution 1
I simply ran sudo gitlab-runner verify --delete and then registed a new runner. Clearly not ideal, though it works.
Solution 2
A second solution I thought about was to go in the /etc/gitlab-runner/config.toml and change the token, but this did not work for some reason. I believe it did not work, because when I ran sudo gitlab-runner verify it failed. I guess it's possible my issue was elsewhere...?
How can I achieve this?

You need to unregister the runner, they are "throw away instances". Then you need to take a look into the Runners section of Gitlab admin panel. There you will find a token to register a new shared runner.
While registering the runner, the runner will get his own token to authenticate against Gitlab. This token has nothing to do with the registration token in the Runners section in the admin panel.

Related

gitlab: Specify the project with PROJECT_ID={number} or PROJECT_PATH

My research group uses gitlab to manage projects for which each researcher is working on. The projects server is accessible on https://gitlab.com/our-lab-name. My specific project as accessible on: https://gitlab.com/our-lab-name/my-project-name
I would like to remove unreferenced LFS files, so I proceeded as far GitLab documentation.
sudo gitlab-rake gitlab:cleanup:orphan_lfs_file_references PROJECT_PATH="https://gitlab.com/our-lab-name/my-project-name"
I, [2022-05-09T12:33:40.101636 #30556] INFO -- : Specify the project with PROJECT_ID={number} or PROJECT_PATH={namespace/project-name}
Then supplied my project ID (Project ID: 14xxxx41):
sudo gitlab-rake gitlab:cleanup:orphan_lfs_file_references PROJECT_ID=14xxxx41
I, [2022-05-09T12:45:23.865401 #32224] INFO -- : Specify the project with PROJECT_ID={number} or PROJECT_PATH={namespace/project-name}
None seems to work.
What is your suggestion?
gitlab-rake commands are intended for use by self-hosted GitLab administrators only. Since you are using gitlab.com, you cannot use gitlab-rake commands to administrate your GitLab projects.
These commands are intended to be run directly on the GitLab server, which you would only have access to as an administrator of the server. In the case of GitLab.com, only certain GitLab.com employees can perform console escalations.
You'll notice the documentation states this feature is for self-managed customers only (that is, you run your own gitlab instance on your own servers) and is not available in GitLab SaaS (gitlab.com).

Just registered GitLab runner and getting Authentication failure when using shell type

Just installed GitLab runner service and tried to run a basic job.
I got the following output:
Password: su: Authentication failure
ERROR: Job failed: prepare environment: exit status 1. Check https://docs.gitlab.com/runner/shells/index.html#shell-profile-loading for more information
Googling, I found that the contents of the .bash_logout may be a problem, but my .bash_logout was blank. I created and added ssh keys for the gitlab-runner user, and was able to manually clone via ssh, but I can't get the job to run. Anyone experienced this that can offer a suggestion?
I found the issue was in the pam file. root couldn't su to gitlab-runner
Background story: GitLab runner is running as root user, in order to retrieve for example the /etc/gitlab-runner/config.toml file. If your gitlab-runner is already running rootless you might want to remove the --user gitlab-runner from the systemd service file. However, most likely your Gitlab Runner is running as root.
If you increase the security on your host machine and disable the root user and the su command. You could enable this again by editing /etc/pam.d/su file and set:
auth sufficient pam_rootok.so
Or only allow the root user to use the su command to only switch to the gitlab-runner user (without password):
auth [success=ignore default=1] pam_succeed_if.so user = gitlab-runner
auth sufficient pam_succeed_if.so use_uid user = root

How to import publicly available jelastic manifests from gitlab repositories in the jelastic dashboard?

I am currently transitioning from github to gitlab. Today, my code is present at both those locations. I have a jps manifest on github:
https://github.com/shopozor/services/blob/master/manifest.jps
and the very same manifest on gitlab:
https://gitlab.hidora.com/softozor/services/blob/master/manifest.jps
In the Jelastic dashboard, I am able to load my github manifest. However, I am not able to load my manifest versioned on gitlab:
What is the problem? Do I have to configure something special somewhere? Both manifests are publicly available. Why can't I import the gitlab manifest?
I also tried to use the raw manifest:
https://gitlab.hidora.com/softozor/services/raw/master/manifest.jps
and I've also tried to get the manifest file by means of the gitlab API, without success.
EDIT
I've tried to load this manifest. There we see that I am running a command
wget "${baseUrl}/jelastic/postgres/execCmdScript.sh" -O /var/lib/pgsql/script.sh 2>&1
In the jelastic console, that command raises the error
[07:56:54 Shopozor.cluster:2]: ERROR: cmd [sqldb: 62900].response: {" result": 4109," source": “JEL”," error": “The operation could not be performed. ”," errOut": ""," nodeid": 62900," exitStatus": 4," out": “--2020-03-27 07:56:53-- https://gitlab.hidora.com/softozor/services/raw/install-postgres-in-dedicated-env/jelastic/postgres/execCmdScript.sh\nResolving gitlab.hidora.com (gitlab.hidora.com)... 10.102.1.82\nConnecting to gitlab.hidora.com (gitlab.hidora.com)|10.102.1.82|:443... failed: Connection refused.”}
If I now take a computer which I never authenticated with on gitlab through ssh, and run that very same command, then it works. This is a bit strange, isn't it? What authentication does Jelastic need??? it's all public and available to anyone, except Jelastic?
After some more research, I was finally able to load my manifests from gitlab into jelastic. The problem is probably due to the gitlab configuration. Loading the jps from the gitlab repo doesn't work over https in the settings I have (which I haven't made myself, it's a CI / CD as a service). It works, however, over http.

gitlab CI/CD run commands on external server

I want to use gitlabs CI/CD to deploy my app on a external server. i have the IP, username and password, and i understand i need to connect through SSH. How can i runn all the nessesary commands on the server side. Server runs on linux.
Currently i just get the code from reposiroty and to the npm build:prod and npm serve:prod for the API and npm start for the UI. How can i do the same chain of cammands with gitlab CI/CD? Or is this even possible? I basically want it to run similarily like jenkins works. But since the code is already on gitlab, it might be simplerer to let gitlab to handle this process instead of installing and setting up jenkins.
To be able to SSH to your machine from within GitLab CI, you probably should setup ssh key authentication, since you can't just type in the password inside the CI.
When you've got that set up, you have to store the private key in an environment variable so you can use it in the CI job. How to do that can be found here.
The last part is actually executing commands over ssh. That can be done in the following way:
ssh <host> '
command1;
command2;
'

Can not find new project button on Gitlab

I have two accounts,
One can not see the create new project button, but the other can.
I know it may be due to the setting of configuration file.
But the account only has 20 projects and the projects' size is under the limit.
max_size: 5242880000 # 5.megabytes*1000
here's my gitlab.yml
In my instance I hit the 10 project limit (using version GitLab 7.12.2 30bffd5 (omnibus))
go to http://gitlab/admin/application_settings
and increase the limit.
(need to be logged in as admin=true (see How to setup admin user with gitlab with LDAP authentication? ))
Once you have done that you also need to edit the "Personal project limit for each user (which in my instance was also set to 10") at this page:
http://gitlab/admin/users/destroy-everything
I don't think the problem resides in the gitlab.yml, I don't see anything wrong. You may have not given him the right permissions. I can't check it right now, but try creating an admin user and/or give to the user more level on an specific group and see if he can create project now (even though he must be able to create projects without been on a group, but it's worth a shoot).
The output of the following commands may be helpful, run them in the gitlab folder and edit your post whit the results:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production

Resources