Gitlab-CI Runner HTTP Basic Access denied with private repo (self-hosted) - gitlab

This is the output I get by clicking show complete raw because the normal view is just 1 black line (no log inside).
I tried what https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/ci/ssh_keys/README.md says, but with no luck.
I have a server with two docker containers: one with gitlab, the other with gitlab-runner. I have tested with shared runner and with a specific runner (like the code I show below). In both cases is the same: it fails because it cannot fetch my repository.
It only works (both shared and specific runners) if I set my repo public (neither private, nor internal). And I would like to work with a private repo.
[0KRunning with gitlab-runner 10.1.0 (c1ecf97f)
on runner-myrepo-js (900c71a4)
[0;m[0KUsing Docker executor with image node:latest ...
[0;m[0KUsing docker image sha256:46da793b60ee30f8df451729e315f531f0acd24a92c8fba10401513530beff99 for predefined container...
[0;m[0KPulling docker image node:latest ...
[0;m[0KUsing docker image node:latest ID=sha256:cbea0ebe4f3cf07daecf22b196ba6b5d76d1fe1b6548098e5bc9dd9b0736f262 for build container...
[0;msection_start:1509656546:prepare_script
[0KRunning on runner-900c71a4-project-32-concurrent-0 via a16b07f5f84b...
section_end:1509656548:prepare_script
[0Ksection_start:1509656548:get_sources
[0K[32;1mCloning repository...[0;m
Cloning into '/builds/gitlab/myuser/myrepo-js'...
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'https://example.com/gitlab/myuser/myrepo-js.git/'
section_end:1509656549:get_sources
[0K[31;1mERROR: Job failed: exit code 1
[0;m
What should I do?
I have both gitlab and gitlab-runner in version 10.

We were struggling today and definetely it is a problem of SSL:
Our frontend used SSL certificates, but the backend (gitlab) used plain HTTP (behind a proxy). This broke the real-time log of jobs and the access to private repos from runners.
Adding the SSLs and forcing HTTPS in the backend solved the problem.

Related

Pushing custome images to Azure ACR fails " Use of closed network connection "

While learning how to use Azure Container Registry with the official tutorial : https://learn.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal?tabs=azure-cli
I tried to push images to my registry, the Hello World image in the course works fine, but when i try to use my own images it fails. It also fails when i pull images from docker and try to push them to my Azure registry.
Of course, the images are correctly tagged and the CLI connection works fine.
i'm also following another Azure course in which i build the image with Github actions ( https://learn.microsoft.com/en-us/azure/aks/kubernetes-action ), it also works great on the repo of this course, but once i try with my own projects, it fails. This time the error is about the url / the credentials :
After investigations, i'm sure that the credentials are correct, but the URL is maybe false because it never create it. That's why i was trying to push it manually in the first place.
EDIT : I managed to make it work by changing the wifi source i used, but i still don't understand how is this possible, why it doesn't work on github actions and what should i change in my conf to make it work with the original wifi again.
I tried to reproduce the same issue in my environment and got the below output
I have created the docker file and write the some script
vi dockerfile
FROM httpd:2.4
COPY ./public-html/ /usr/local/apache2/htdocs/
I have build the docker file using below command
docker build -t my-apache2 .
I have run the Image id using the below command
docker run -d -p 80:80 image_id
Created the container registry
After creating the registry we should enable the Access key if not we will not able to fetch the image to container instances
I have logged into the registry server
docker login login_server
Username:XXXX
password:XXXXX
After succeeded I have pushed the image into the container registry
I have tagged the image and pushed into the registry
docker tag image_name login_server/image_name
docker push login_server/image_name
Here we can find the image in repositories which we have pushed
I have created the container instance, while creating we have to give the Image resource as container registry then only we will get the pushed image

How can I create a Dockerfile FROM an Image in Azure Container Registry?

I've pushed an Image (which is a version of R + some libraries) on my private Azure Container Registry. How can build an Image starting from this Image?
In other words, I want to do "FROM registry/env:version" but I'm pretty sure that I need to use other settings to access my repository.
Thanks for help!
You should login your Docker daemon to your Azure Container Registry using the following command : docker login myregistry.azurecr.io --username $SP_APP_ID --password $SP_PASSWD
Then, using the fully qualified path for your image in the Dockerfile should work automatically, as long as the identity provided in the first step (login) has the rights to pull this image.
Sorry I'm trying to figure out your answer, I'm trying to pull a docker image from my Azure Container Registry and build it and push it back to a new repository. I'm starting my Dockerfile as
FROM xxxxxx.azurecr.io/php-7.4:latest AS compiled
how to configure the docker daemon in azure pipelines world?

How to authenticate Docker with VSTS?

With a self-hosted agent, I m getting following error at the end of VSTS build pipeline.
2018-10-04T12:11:10.3334402Z ##[error]unauthorized: authentication required
2018-10-04T12:11:10.3447576Z ##[error]/snap/bin/docker failed with return code: 1
The point is I want to push Docker image to Azure Container Registry, using Docker extension.
When I perform exactly same pipeline on my Ubuntu machine, where agent builds, just with Docker commands, push succeeds. Build succeeds and repository is pushed to cloud.
How can I authenticate Docker for my build agent, to be able to push?

Unable to recover remote 'origin' on Gitlab Runner

I have a Gitlab Runner with the docker executor and set up one of my script commands as:
script:
- git remote remove origin
(I was experimenting with changing the remote to a URL with a token so that I can push a tag through a pipeline build)
And now my Gitlab Runner is broken in running my builds
Running with gitlab-runner 11.0.0 (5396d320)
on docker-runner01 ed123asf
Using Docker executor with image private-repo.org/node-app:node8 ...
Pulling docker image private-repo.org/node-app:node8 ...
Using docker image sha256:1e20n89128907j9d817h123091728 for private-repo.org/node-app:node8 ...
Running on runner-ed123asf-project-620-concurrent-0 via docker-runner01...
Fetching changes...
HEAD is now at ash1234 My last commit
fatal: No such remote 'origin'
ERROR: Job failed: exit code 1
Does anyone know how to go from here? I tried restarting my Gitlab runner and removing the Image, but it seems like the problem is with the Git settings that I can't find anywhere.

How to pull from GitLab's Docker Registry in .gitlab-ci.yml?

I recently switched on GitLab's Docker Registry feature and it works quite well on my desktop. The next step for us is to use the registry when building our software via GitLab CI. Instead of build a docker image, which is described in various ways in the documentation and on several medium.com posts which the official twitter account mentions, I can not find a way to pull our own images from GitLab's registry.
If we specify an image from the registry via the image directive in .gitlab-ci.yml we get an authorization error (I expected that the worker perhaps authorize themselves transparently, but this is not the case):
Running with gitlab-ci-multi-runner 1.4.1 (fae8f18)
Using Docker executor with image registry.host.tld/NAMESPACE/PROJECT:latest ...
Pulling docker image registry.host.tld/NAMESPACE/PROJECT:latest ...
ERROR: Build failed (system failure): API error (500): Get https://registry.host.tld/v2/NAMESPACE/PROJECT/manifests/latest: error parsing HTTP 403 response body: no error details found in HTTP response body: "{\"message\":\"forbidden\",\"status\":\"error\",\"http_status\":403}"
So someone on the worker should call docker login. Two problems with that:
We authenticate our users via LDAP. Should we really create a static user just for the CI server?
We have quite a few worker running here. That's a lot of work to SSH'd into every single one.
Do I have overlooked something very obvious or should I go the route of docker login on every worker node?
We run GitLab 8.10.6.
I had this problem, too.
There is also an issue about that on the gitlab-ci-multi-runner project:
https://gitlab.com/gitlab-org/gitlab-ci-multi-runner/issues/1663
Refering to the docs you should just Login in to the private registry on the machine qhere the gitlab-runner runs:
enter link description here
If you are using the gitlab-runner inside a docker container you have to mount the file with the login credentials into the gitlab runner container.
So the command to run the gitlab container looks like this:
docker run -d --name gitlab-runner --restart always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /srv/gitlab-runner/config:/etc/gitlab-runner \
-v /root/.docker/config.json:/root/.docker/config.json \
gitlab/gitlab-runner
Refering to this example root musst login to the registry:
docker login https://registry.host.tld:5000
The important part here is the URI for the registration. I got an error similar to your's and overcame it by running:
docker login https://registry.host.tld:5000/v2/
This may be different on other registries, you have to look at the eoor message and use the part before 'namespace/project/ as login path.
E.g. if the Error message looks like this:
ERROR: Build failed (system failure): API error (500):
Get https://registry.host.tld/v1/NAMESPACE/PROJECT/manifests/latest:
error parsing HTTP 403 response body: no error details found in HTTP response body: "
{\"message\":\"forbidden\",\"status\":\"error\",\"http_status\":403}"
The login musst be:
docker login https://registry.host.tld/v1/
Hope this helps.

Resources