Gitlab-CI runner:忽略自签名证书 [英] Gitlab-CI runner: ignore self-signed certificate

问题描述

gitlab-ci-multi-runner register

给我

couldn't execute POST against https://xxxx/ci/api/v1/runners/register.json:
Post https://xxxx/ci/api/v1/runners/register.json: 
x509: cannot validate certificate for xxxx because it doesn't contain any IP SANs

有没有办法禁用认证验证?

Is there a way to disable certification validation?

我正在使用 Gitlab 8.13.1 和 gitlab-ci-multi-runner 1.11.2.

I'm using Gitlab 8.13.1 and gitlab-ci-multi-runner 1.11.2.

推荐答案

基于 Wassim 的回答，以及 gitlab 关于 tls-self-signed 和自定义 CA 签名证书的文档，如果您不是 gitlab 服务器的管理员，而只是带有运行器的服务器的管理员，这里可以节省一些时间(如果 runner 以 root 身份运行):

Based on Wassim's answer, and gitlab documentation about tls-self-signed and custom CA-signed certificates, here's to save some time if you're not the admin of the gitlab server but just of the server with the runners (and if the runner is run as root):

SERVER=gitlab.example.com
PORT=443
CERTIFICATE=/etc/gitlab-runner/certs/${SERVER}.crt

# Create the certificates hierarchy expected by gitlab
sudo mkdir -p $(dirname "$CERTIFICATE")

# Get the certificate in PEM format and store it
openssl s_client -connect ${SERVER}:${PORT} -showcerts </dev/null 2>/dev/null | sed -e '/-----BEGIN/,/-----END/!d' | sudo tee "$CERTIFICATE" >/dev/null

# Register your runner
gitlab-runner register --tls-ca-file="$CERTIFICATE" [your other options]

更新 1: CERTIFICATE 必须是证书文件的绝对路径.

Update 1: CERTIFICATE must be an absolute path to the certificate file.

更新 2:由于 gitlab-runner 错误 #2675

这篇关于Gitlab-CI runner:忽略自签名证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！