Runners fails after 18.1.0 in FIPS mode
Summary
After upgrading to 18.1.0, the runners fail on RHEL 9.5 in FIPS mode (using the gitlab-runner-fips package). GitLab admin panel shows them as offline and gitlab-runner verify returns the following:
INFO[0000] FIPS mode is enabled. Using an external SSL library.
Runtime platform arch=amd64 os=linux pid=339575 revision=0731d300 version=18.1.0
Running in system-mode.
ERROR: Verifying runner... failed correlation_id= runner=vgRnCPvr9 status=couldn't execute POST against https://gitlab.company.local/api/v4/runners/verify: Post "https://gitlab.company.local/api/v4/runners/verify": crypto/ecdh: use of X25519 is not allowed in FIPS 140-only modeSteps to reproduce
- Install the GitLab Runner 18.1.0.
- Run
sudo gitlab-runner verify
Actual behavior
GitLab admin panel shows them as offline and gitlab-runner verify fails.
Expected behavior
Would expect them to work as normal.
Relevant logs and/or screenshots
See summary.
Environment description
- RHEL 9.5 in FIPS mode
- gitlab-ee: 18.1.0-ee.0.el9 @gitlab_gitlab-ee
- gitlab-runner-fips: 18.1.0-1
config.toml contents
[[runners]]
name = "docker-runner"
url = "https://gitlab.company.local"
id = 17
token = "glrt-t1_S5xP9CP8A7tGJ9DyxBkf"
token_obtained_at = 2024-12-16T16:31:42Z
token_expires_at = 0001-01-01T00:00:00Z
tls-ca-file = "/etc/gitlab/ssl/gitlab.crt"
executor = "docker"
[runners.custom_build_dir]
[runners.cache]
MaxUploadedArchiveSize = 0
[runners.cache.s3]
[runners.cache.gcs]
[runners.cache.azure]
[runners.docker]
tls_verify = false
image = "python3.11"
privileged = false
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = true
volumes = ["/var/cache/gitlab:/cache:rw", "/srv/nginx/pages:/srv/nginx/pages"]
pull_policy = ["if-not-present"]
shm_size = 0
network_mtu = 0Used GitLab Runner version
18.1.0
Possible fixes
For now, I just uninstalled gitlab-runner-fips and installed gitlab-runner.