Login/Register
GitLab runner unable to clone repository via http
Asked Answered
Solved gitgitlabgitlab-cigitlab-ci-runner
S

5

12

I have the latest docker image of GitLab running in a test environment and I'm running into an issue with the GitLab runner. It's unable to clone via the HTTP link, yielding the following message:

Running on runner-bd27e50b-project-1-concurrent-0 via machine...
Cloning repository...
Cloning into '/builds/my/awesome-project'...
fatal: unable to access 'http://gitlab-ci-token:[email protected]/my/awesome-project.git/': 
    Failed to connect to 127.0.0.1 port 80: Connection refused

ERROR: Build failed with: exit code 1

I ran gitlab-runner with the --debug flag and used the exact address it was trying (with the token in-tact) and I could clone the repository just fine. I'm at a loss as to why the service is unable to clone the repository. The runner executor is configured as 'docker' as well. Maybe there is some port mapping issue into that container?

Scriber answered 30/11, 2015 at 16:18 Comment(1)
I had the same problem on an old CentOS 6.6 box. Upgrade nss curl libcurl, solves the problem. Seems the same problem mentioned hereBynum
S
10

I hypothesized the issue might have something to do with registering the runner as a docker container causing the localhost address not to resolve to the right machine (where I'm starting the runner); in this case it probably resolves to the container instead. Using the host's IP on the docker proxy interface (172.17.0.1 for me) or using the host's real address instead of "localhost" when registering the runner fixes the problem.

Edit: Here is a bit more detail on the problem as I understand it and a solution. The docker instance that's loaded up is like a (very) lightweight virtual machine. Docker configures a virtual network interface which you'll see if you run ifconfig from your host machine:

user@pc:~> ifconfig
docker0   Link encap:Ethernet  HWaddr XXXX
          inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          ...

This is the IP address of the host machine on that interface. So, if you want the runner to be able to connect to the service that's running on that host machine, you can't point it to localhost/127.0.0.1 because, coming from inside the runner's instance, that will route to the runner's "VM", but GitLab is not running inside that runner "VM", it's on the host, so the runner is unable to communicate with GitLab.

The solution is to register the runner to point to the host's virtual address on the docker interface (http://172.17.0.1/ci for me), or to use the host's public IP or a domain name if you have one and it's accessible publicly. Just don't send it to localhost or 127.0.0.1 because, to the runner, that points to its "VM", not your GitLab instance.

Scriber answered 30/11, 2015 at 20:57 Comment(5)
I am having the same issue. Can you expand on your answer? How exactly did you correct it?Arronarrondissement
@Arronarrondissement I added a bit more explanation, hopefully that helps. TL;DR: register your runner to point to your host IP on the docker virtual network adapter.Scriber
Perfect explanation! Thank you very much!Crissum
I had the same issue. I just set the external_url variable in gitlab.rb config to point to 172.17.0.1 (the default Docker gateway) and got rid of the connection refused on port 80 errorRote
It works perfectly. Yeah your hypothesis was correct. Thanks a lot...Rabat
K
10

I know this question is pretty old, but you can use slightly different approach (in case you are using docker runner with the same problem).

Run Gitlab under a domain name - it may be totally virtual, just make sure that all your VMs can resolve the domain name.

Then modify /etc/gitlab-runner/config.toml and add extra_hosts variable to the [runners.docker] section with value ["your_domain_name:ip_address"]. You can also add any other hosts you may need.

You can find more info on runner config at https://gitlab.com/gitlab-org/gitlab-ci-multi-runner/blob/master/docs/configuration/advanced-configuration.md

Keek answered 2/3, 2016 at 22:59 Comment(3)
usually privileged = true and volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/cache"] in the same section are useful too to build imageDepew
Would it be possible for you to specify what you mean with "run GitLab under a virtual domain name" or elaborate on it a bit?Saltwort
@Saltwort by virtual I mean any name, not conflicting with real domain names.Keek
S
3

The hypothesis of Anthony seemed to be correct for me. It looked like the GitLab docker runner was not able to reach the GitLab server from inside the docker. For me, the solution to this error was given by this answer:

# Works something but not all the way.
    sudo gitlab-runner register \
    --non-interactive \
    --url "http://127.0.0.1" \
    --description "somedescription" \
    --registration-token "$runner_token" \
    --docker-image "docker:20.10.16" \
    --executor "docker" \
    --docker-privileged \
    --docker-volumes "/certs/client" \
    --docker-network-mode host

That last line: --docker-network-mode host did the trick for me, I got it from the output of command: docker network ls. I think it tells the docker to look at the network of the host when it searches for the GitLab server at 127.0.0.1. (However that is just me guessing).

Saltwort answered 13/10, 2022 at 23:3 Comment(0)
F
1

Probably off-topic but: In my case, I could not resolve the host gitlab.com.

So, I configured the /etc/gitlab-runner/config.toml:

sudo nano /etc/gitlab-runner/config.toml

And I added this line to [[runners.docker]]

network_mode = "host"

Full file:

[[runners]]
# ...
  executor = "docker"
  [runners.docker]
# ...
    network_mode = "host"

Then, I needed to restart the runner:

sudo gitlab-runner restart

Now, I can clone repositories!

Thanks:

Fried answered 14/3, 2023 at 17:4 Comment(1)
network_mode = "host" solved the problem, but it's most likely completely breaks docker security model.Aforesaid
K
0

As for now (latest versions of gitlab - 9 and upwards) you need to use https with proper ssl certificate.
As soon you add new runner with https://... all should work just fine.

Keek answered 3/8, 2017 at 0:9 Comment(3)
This seems incorrect, it is not required to use https to run a docker runner in GitLab. I can imagine it is a way to resolve the error though, and I can also imagine it may be the best solution in in this list of answers, I was not yet successful at applying self-signed SSL encryption to localhost though.Saltwort
@Saltwort I'm not tracking all changes in gitlab - maybe now it is possible again. However as soon as I started using SSL, all my problems went away.Keek
@Saltwort A small tip here, docker containers do not need certificate of course, but your local instance of gitlab does need one.Keek

© 2022 - 2024 — McMap. All rights reserved.