CODEWITHSUNDEEP
dockergitlabgitlab-cigitlab-ci-runner
Olaf Mandel
Olaf Mandel

Reputation: 827

Gitlab runner: failure to log in to GitLab Container Registry

After setting up gitlab-runner as a Docker container with an executor of docker, I fail to run any builds. The displayed log reads like the following:

Running with gitlab-runner 11.4.2 (cf91d5e1)
  on <hostname> 9f1c1a0d
Using Docker executor with image docker:stable-git ...
Starting service docker:stable-dind ...
Pulling docker image docker:stable-dind ...
Using docker image sha256:acfec978837639b4230111b35a775a67ccbc2b08b442c1ae2cca4e95c3e6d08a for docker:stable-dind ...
Waiting for services to be up and running...
Pulling docker image docker:stable-git ...
Using docker image sha256:a8a2d0da40bc37344c35ab723d4081a5ef6122d466bf0a0409f742ffc09c43b9 for docker:stable-git ...
Running on runner-9f1c1a0d-project-1-concurrent-0 via a7b6a57c58f8...
Fetching changes...
HEAD is now at 5430a3d <Commit message>
Checking out 5430a3d8 as master...
Skipping Git submodules setup
$ # Auto DevOps variables and functions # collapsed multi-line command
$ setup_docker
$ build
Logging to GitLab Container Registry with CI credentials...
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://registry-1.docker.io/v2/: unauthorized: incorrect username or password
ERROR: Job failed: exit code 1

Note the attempt to ligin to docker-hub (I guess) and the credentials-error. But I do not desire nor configured a username/password to access docker-hub. Any suggestion what is wrong here or how to go on debugging this?

The runner was registered with the following command (which also dictates the contents of the configuration file):

docker run --rm -ti \
  -v <config-volume>:/etc/gitlab-runner \
  -v $(pwd)/self-signed-server.crt:/etc/ssl/certs/server.crt \
  -v /var/run/docker.sock:/var/run/docker.sock \
  gitlab/gitlab-runner register \
    --tls-ca-file /etc/ssl/certs/server.crt \
    --url https://my.server.url/gitlab/ --registration-token <token> \
    --name myserver --tag-list "" \
    --executor docker --docker-privileged --docker-image debian \
    --non-interactive

I used --docker-privileged because I originally had the same problem discussed here (thanks, wendellmva). I just can't configure running the gitlab-runner container itself privileged, but don't see link-failure-problem problem even though I don't.

Upvotes: 3

Views: 3435

Answers (1)

Olaf Mandel
Olaf Mandel

Reputation: 827

To get past this point, one needs to overwrite the CI_REGISTRY_USER variable in the projects Settings -> CI / CD -> Variables block. Assigning an empty value will get past this point.

Background: by exporting the project and then parsing the JSON settings with jq, one can get the preconfigured list of commands that run:

jq -r .pipelines[0].stages[0].statuses[0].commands project.json
# ...
function registry_login() {
  if [[ -n "$CI_REGISTRY_USER" ]]; then
    echo "Logging to GitLab Container Registry with CI credentials..."
    docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
    echo ""
  fi
}
# ...

So there is apparently some non-empty string preloaded to CI_REGISTRY_USER, but with an invalid CI_REGISTRY_PASSWORD.

What I haven't found yet is where to make such settings globally for all projects or how to edit the AutoDevOps pipeline.

Upvotes: 7

Related Questions