Cannot download artifacts from coordinator (Forbidden)
Description
We are experiencing an issue where the self-hosted GitLab runner is unable to download artifacts from the coordinator. The following error appears in the runner logs:
Running with gitlab-runner 17.6.0 (374d34fd)
on kohyli t3_bzPW-h, system ID: s_63739576710c
Preparing the "shell" executor
Using Shell (bash) executor...
Preparing environment
Running on Kohyli...
Getting source from Git repository
Fetching changes with git depth set to 50...
Reinitialized existing Git repository in /home/gitlab-runner/builds/t3_bzPW-h/0/xxxxxx/xxxxxx/.git/
Checking out ed181a8a as detached HEAD (ref is master)...
Skipping Git submodules setup
Downloading artifacts
Downloading artifacts for build frontend (8513793058)...
Runtime platform arch=amd64 os=linux pid=155227 revision=374d34fd version=17.6.0
ERROR: Downloading artifacts from coordinator... forbidden host=cdn.artifacts.gitlab-static.net id=8513793058 responseStatus=403 Forbidden status=403 Forbidden token=glcbt-66
FATAL: permission denied
Cleaning up project directory and file based variables
ERROR: Job failed: exit status 1
Steps to Reproduce
- Attempt to run a job that downloads artifacts.
- The runner fetches the necessary source code and prepares the environment.
- The runner attempts to download the artifacts.
- The download fails with a
403 Forbiddenerror.
Expected Behavior
The GitLab runner should successfully download the artifacts from the coordinator without any issues.
Actual Behavior
The runner fails to download the artifacts and shows the following error message:
ERROR: Downloading artifacts from coordinator... forbidden host=cdn.artifacts.gitlab-static.net id=8513793058 responseStatus=403 Forbidden status=403 Forbidden token=glcbt-66
FATAL: permission denied
Environment
- GitLab Runner Version: 17.6.0 (374d34fd)
- GitLab Version: gitlab.com (SaaS Gitlab)
- Operating System: Linux 5.4.0-200-generic (Ubuntu 20.04.6 LTS)
- Executor: Shell (bash)
Possible Solutions
-
Verify that the token used for downloading artifacts is valid and has the correct permissions.
The same token is used for downloading artifacts from other Gitlab runners as well and works fine. -
Check if there are any network restrictions or configurations blocking access to the artifact coordinator.
There is not any network restrictions or configurations blocking access to the artifact coordinator. -
Ensure the GitLab runner has the necessary permissions to access the required artifacts.
The GitLab runner has the necessary permissions to access the required artifacts.
Additional Information
The job fails with a 403 Forbidden error, which usually indicates a permissions issue with the access token. Further investigation is needed to resolve the issue.