Login Failure with Self-Hosted GitLab CI
Hi,
on our self-hosted GitLab the Docker in Docker Feature is not working.
We have an enterprise root ca from our Active Directory which issued the certificates for the registry and GitLab server.
Using the same setup on a different server with Let's Encrypt certificates everything is working smoothly.
How can we make this work with the enterprise CA?
Best regards,
Fabian
GitLab Runner: gitlab-runner 10.5.0
GitLab: 10.4.4
config.toml:
concurrent = 1
check_interval = 0
[[runners]]
name = "<RUNNER>"
url = "https://<GITLAB>"
token = "<TOKEN>"
tls-ca-file = "<Path to Enterprise Root CA>"
executor = "docker"
[runners.docker]
tls_verify = false
image = "ruby:2.1"
privileged = true
disable_cache = false
volumes = ["/cache"]
shm_size = 0
[runners.cache]
.gitlab-ci.yml
---
image: docker:git
services:
- docker:dind
build:
script:
- echo "$CI_REGISTRY_PASSWORD" | docker --tlsverify=false login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin
- docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG .
- docker --tlsverify=false push $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
only:
- tags
tags:
- docker
Output:
Running with gitlab-runner 10.5.0 (80b03db9)
on <RUNNER> e090b3d1
Using Docker executor with image docker:git ...
Starting service docker:dind ...
Pulling docker image docker:dind ...
Using docker image sha256:6e143f61a0dd3b518a623e40aae9180f7a0d8721ba05da88097ea4a25e048194 for docker:dind ...
Waiting for services to be up and running...
Pulling docker image docker:git ...
Using docker image sha256:0546d3dc90b67d006f3d85d33e62c02e73a37c61abbec5298776fde37d258fac for docker:git ...
Running on runner-e090b3d1-project-83-concurrent-0 via db554925568b...
Fetching changes...
HEAD is now at 6d034c9 Add docker tlsverify=false
From https://<GITLAB-HOST>/<REPO_PATH>
6d034c9..f9d1967 master -> origin/master
Checking out f9d1967a as master...
Skipping Git submodules setup
$ echo "$CI_REGISTRY_PASSWORD" | docker --tlsverify=false login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin
Warning: failed to get default registry endpoint from daemon (error during connect: Get https://docker:2375/v1.36/info: http: server gave HTTP response to HTTPS client). Using system default: https://index.docker.io/v1/
error during connect: Post https://docker:2375/v1.36/auth: http: server gave HTTP response to HTTPS client
ERROR: Job failed: exit code 1