如何在自定义Runner中传递Gitlab凭据

huangapple go评论85阅读模式
英文:

How to pass Gitlab Credentials in Custom Runner

问题

我已创建了一个自定义的Gitlab CI/CD运行程序。我使用了基于项目的令牌。

New-Item -Path 'C:\GitLab-Runner' -ItemType Directory

cd 'C:\GitLab-Runner'

Invoke-WebRequest -Uri "https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-windows-amd64.exe" -OutFile "gitlab-runner.exe"

.\gitlab-runner.exe install
.\gitlab-runner.exe start

./gitlab-runner.exe register --url http://gitlab.my-company.net/ --registration-token $REGISTRATION_TOKEN

我从用户界面获取的令牌,但我遇到了以下错误:

远程: HTTP基本身份验证: 访问被拒绝。提供的密码或令牌不正确,或者您的帐户启用了双因素身份验证(2FA),必须使用个人访问令牌而不是密码。

英文:

I have created a custom Gitlab CI/CD runner. I used project based token.

New-Item -Path 'C:\GitLab-Runner' -ItemType Directory

cd 'C:\GitLab-Runner'

Invoke-WebRequest -Uri "https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-windows-amd64.exe" -OutFile "gitlab-runner.exe"

.\gitlab-runner.exe install
.\gitlab-runner.exe start

./gitlab-runner.exe register --url http://gitlab.my-company.net/ --registration-token $REGISTRATION_TOKEN

The token I get from the UI,

如何在自定义Runner中传递Gitlab凭据

But I am getting this error,

> remote: HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password.

答案1

得分: 1

你需要首先检查使用的GitLab版本。

如在“注册 Runner(已弃用)”中所述:

在GitLab 15.6中已弃用了传递 Runner 注册令牌的功能,计划在17.0中删除,同时不再支持某些配置参数
GitLab计划引入新的GitLab Runner 令牌架构,引入了一种新的注册 Runner 方法并消除了传统的Runner 注册令牌

Thread 82118也关注了这个问题:

你是否在Gitlab上使用了LDAP或SSO认证?
我遇到了一个问题,我们的 Runner 正在尝试在后台进行LDAP/Kerberos身份验证,但失败了。
我们以为这是与CI_JOB_TOKEN有关的问题,但事实并非如此。

OP Imran Qadir Baksh - Baloch评论中补充道:

正如“Gitlab流水线失败“remote: HTTP基本:访问被拒绝””所示,添加clone_url修复了问题。

现在,我遇到了

引发异常时调用“WriteAllText”与“2”个参数(s):
“拒绝访问路径'c:\builds\xxx\xxx.tmp\CI_SERVER_TLS_CA_FILE'。”

使用mcr.microsoft.com/dotnet/sdk:6.0.202-windowsservercore-ltsc2019可以解决这个问题,正如gitlab-org/gitlab-runner问题27891中所提到的。

英文:

You need first to check the version of GitLab used.

As noted in "Registering runners (deprecated)"

> The ability to pass a runner registration token was deprecated in GitLab 15.6 and is planned for removal in 17.0, along with support for certain configuration arguments
>
> GitLab plans to introduce a new GitLab Runner token architecture, which introduces a new method for registering runners and eliminates the legacy runner registration token.

Thread 82118 also follows that issue:

> Did you perhaps have some form of LDAP or SSO authentication in place on Gitlab?
I ran into an issue where our runner was trying to authenticate with LDAP/Kerberos under the hood, which was failing.
We thought it was an issue with the CI_JOB_TOKEN, but that was not the issue.

The OP Imran Qadir Baksh - Baloch adds in the comments:

> As shown in "Gitlab Pipeline failing "remote: HTTP Basic: Access denied"", adding clone_url fixed it.
>
> Now, I am getting
>
> Exception calling "WriteAllText" with "2" argument(s):
> "Access to the path 'c:\builds\xxx\xxx.tmp\CI_SERVER_TLS_CA_FILE' is denied."
>
> And that is fixed by using mcr.microsoft.com/dotnet/sdk:6.0.202-windowsservercore-ltsc2019, as mentioned in gitlab-org/gitlab-runner issue 27891.

huangapple
  • 本文由 发表于 2023年4月6日 19:05:44
  • 转载请务必保留本文链接:https://go.coder-hub.com/75948803.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定