Gitlab-CI运行程序:忽略自签名证书 [英] Gitlab-CI runner: ignore self-signed certificate

问题描述

gitlab-ci-multi-runner register

给我

couldn't execute POST against https://xxxx/ci/api/v1/runners/register.json:
Post https://xxxx/ci/api/v1/runners/register.json: 
x509: cannot validate certificate for xxxx because it doesn't contain any IP SANs

是否可以禁用认证验证?

Is there a way to disable certification validation?

我正在使用Gitlab 8.13.1和gitlab-ci-multi-runner 1.11.2.

I'm using Gitlab 8.13.1 and gitlab-ci-multi-runner 1.11.2.

推荐答案

基于Wassim的答案和有关tls自签名和自定义CA签名证书的gitlab文档，如果您不是gitlab服务器的管理员，而只是运行者的服务器的管理员，这里可以节省一些时间(并且如果运行程序以root身份运行):

Based on Wassim's answer, and gitlab documentation about tls-self-signed and custom CA-signed certificates, here's to save some time if you're not the admin of the gitlab server but just of the server with the runners (and if the runner is run as root):

SERVER=gitlab.example.com
PORT=443
CERTIFICATE=/etc/gitlab-runner/certs/${SERVER}.crt

# Create the certificates hierarchy expected by gitlab
sudo mkdir -p $(dirname "$CERTIFICATE")

# Get the certificate in PEM format and store it
openssl s_client -connect ${SERVER}:${PORT} -showcerts </dev/null 2>/dev/null | sed -e '/-----BEGIN/,/-----END/!d' | sudo tee "$CERTIFICATE" >/dev/null

# Register your runner
gitlab-runner register --tls-ca-file="$CERTIFICATE" [your other options]

更新1::证书必须是正确位置的绝对路径.

Update 1: the certificate needs to be an absolute path at the right location.

更新2 :由于 gitlab运行程序错误#2675

这篇关于Gitlab-CI运行程序:忽略自签名证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！