0

I'm investigating CI technologies so I thought I would set up Drone with Gitlab locally using Docker compose. Here is the docker-compose.yml:

version: "2"    

services:
  example_gitlab:
    image: gitlab/gitlab-ce:latest
    volumes:
      - ./new-gitlab/srv/gitlab/config:/etc/gitlab
      - ./new-gitlab/srv/gitlab/logs:/var/log/gitlab
      - ./new-gitlab/srv/gitlab/data:/var/opt/gitlab
    ports:
      - "4443:443"
      - "8000:80"
      - "2222:22"
  example_drone:
    build: ./drone
    volumes:
      - /var/lib/drone/
      - /var/run/docker.sock:/var/run/docker.sock
      - ./drone/sqlite/drone.sqlite:/var/lib/drone/drone.sqlite
    environment:
      - DRONE_GITLAB=true
      - DRONE_GITLAB_URL=http://0.0.0.0:8000
      - DRONE_GITLAB_CLIENT=4b5292ffbe30e93713b57853c43194aa63d50c176516c8ffaa8b213f1bb1555b
      - DRONE_GITLAB_SECRET=6088c59102511a418154197d415762a8768e0e2d6c9ad4bb9013f48d1df3b226
    ports:
      - "8080:8080"

The apps start fine, and I've set up an Application in gitlab with these settings:

Name: Drone
Redirect URI: http://0.0.0.0:8080/authorize

I then took the id and secret and added them to drones environment. All this works fine. However, when I try to log in to gitlab from drone, I get:

An error has occurred

The redirect URI included is not valid.

No idea why?

Mark Robson
  • 1,298
  • 3
  • 15
  • 40
  • The first thing that jumps out is that drone runs on port 8000 by default. So unless you are running a custom build of Drone I would expect drone to run on 8000 and not 8080 – Brad Rydzewski Jan 19 '17 at 10:37
  • The second thing that jumps out is the redirect URI is `http://0.0.0.0/authorize` but you have drone exposed on port 8080. So the redirect URI would therefore need to be `http://0.0.0.0:8080/authorize` I believe, since GitLab is redirecting the user back to Drone – Brad Rydzewski Jan 19 '17 at 10:37
  • The third thing you might want to consider is that drone and gitlab will need to be able to communicate with eachother via rest APIs. This will not be possible using 0.0.0.0 because 0.0.0.0 always refers to the individual container. So if drone tries to access gitlab using 0.0.0.0:8000 it will point to the drone container, and not the gitlab container. For this reason, using DNS or real IP addresses is also recommended. Treating them as a separate applications (and not combining in a single docker-compose) is also recommended. – Brad Rydzewski Jan 19 '17 at 10:55

3 Answers3

1

I had the same problem and I've resolved it with this configuration:

    version: '2'
    services:

      #PROXY
      nginx:
        image: jwilder/nginx-proxy:latest
        restart: always
        ports:
          - "80:80"
        volumes:
          - /var/run/docker.sock:/tmp/docker.sock:ro
        depends_on:
          - drone-server
          - gitlab
        networks:
          - drone
          - gitlab

      # GITLAB
      gitlab:
         image: gitlab/gitlab-ce:latest
         environment:
          VIRTUAL_HOST: "gitlab.dev"
          VIRTUAL_PORT: "8080"
          GITLAB_HTTPS: "false"
          SSL_SELF_SIGNED: "false"

         volumes:
           - ./gitlab/srv/gitlab/config:/etc/gitlab
           - ./gitlab/srv/gitlab/logs:/var/log/gitlab
           - ./gitlab/srv/gitlab/data:/var/opt/gitlab
         ports:
           - "4443:443"
           - "8080:80"
           - "2222:22"
         networks:
           - gitlab

      # DRONE
      drone-server:
        image: drone/drone:0.5
        ports:
          - "8000:8000"
        networks:
          - drone
          - gitlab
        links:
         - gitlab
        volumes:
          - ./drone-data:/var/lib/drone/
        environment:
          VIRTUAL_HOST: "drone.dev"
          VIRTUAL_PORT: "8000"
          # DRONE ENV
          DRONE_SERVER_ADDR: ":8000"
          DRONE_DEBUG: "true"
          # CHANGEME: Randomly generate something at least 24 characters long with
          # a password generator.
          DRONE_SECRET: "replace-this-with-your-own-random-secret"
          DRONE_DATABASE_DRIVER: sqlite3
          DRONE_DATABASE_DATASOURCE: /var/lib/drone/drone.sqlite
          DRONE_OPEN: "true"
          # DRONE_ORGS: ""
          # CHANGEME: Replace with Github username(s) to grant admin privs to.
          # DRONE_ADMIN: admin,users,here
          DRONE_ADMIN_ALL: "true"
          # DRONE GITLAB params
          DRONE_GITLAB: "true"
          DRONE_GITLAB_URL: http://gitlab.dev:8080
          DRONE_GITLAB_CLIENT: a7ee6c568eb1824b9c43bb514fe2eded8142284bf484d587a66ed1713d82cfb7
          DRONE_GITLAB_SECRET: 786c7f7b84497b00215c3ff2cea6a4d693b378071a162f751e8e5910be46fb08
          DRONE_GITLAB_SKIP_VERIFY: true
          # disable SSL
          DRONE_GITLAB_SKIP_VERIFY: "true"
      drone-agent:
        image: drone/drone:0.5
        command: agent
        depends_on:
          - drone-server
        networks:
          - drone
        volumes:
          - /var/run/docker.sock:/var/run/docker.sock
        environment:
          DRONE_SERVER: ws://drone-server:8000/ws/broker
          DRONE_DEBUG: "true"
          # CHANGEME: Change this to match the DRONE_SECRET value specified in your
          # drone-server container above.
          DRONE_SECRET: "replace-this-with-your-own-random-secret"

    networks:
      drone:
        driver: bridge
      gitlab:
        driver: bridge

The issue now is that is not registering the client. I can't see any errors in the logs:

    gitlab_1     |
    gitlab_1     | ==> /var/log/gitlab/gitlab-rails/production.log <==
    gitlab_1     | Started POST "/oauth/authorize" for 172.27.0.1 at 2017-01-22 02:48:40 +0000
    gitlab_1     | Processing by Oauth::AuthorizationsController#create as HTML
    gitlab_1     |   Parameters: {"utf8"=>"✓", "authenticity_token"=>"hWP+9zf36+E8pSPZPJX/MJQ2oddjVniNZFWdrmguP3x28nCmliNRsZzmUNwAtktsltDCNwMJVlrn4YV3DxepzA==", "client_id"=>"a7ee6c568eb1824b9c43bb514fe2eded8142284bf484d587a66ed1713d82cfb7", "redirect_uri"=>"http://drone.dev/authorize", "state"=>"drone", "response_type"=>"code", "scope"=>"api"}
    gitlab_1     | Redirected to http://drone.dev/authorize?code=f38ce22be01132f1bc9486c5305262400ce36241c9a1de38867030bd0be6bc51&state=drone
    gitlab_1     | Completed 302 Found in 39ms (ActiveRecord: 15.9ms)
    gitlab_1     | Started GET "/oauth/authorize?client_id=a7ee6c568eb1824b9c43bb514fe2eded8142284bf484d587a66ed1713d82cfb7&redirect_uri=http%3A%2F%2Fdrone.dev%2Fauthorize&response_type=code&scope=api&state=drone" for 172.27.0.1 at 2017-01-22 02:48:40 +0000
    gitlab_1     | Processing by Oauth::AuthorizationsController#new as HTML
    gitlab_1     |   Parameters: {"client_id"=>"a7ee6c568eb1824b9c43bb514fe2eded8142284bf484d587a66ed1713d82cfb7", "redirect_uri"=>"http://drone.dev/authorize", "response_type"=>"code", "scope"=>"api", "state"=>"drone"}
    gitlab_1     | Completed 200 OK in 40ms (Views: 21.2ms | ActiveRecord: 15.1ms)
    gitlab_1     |
    gitlab_1     | ==> /var/log/gitlab/gitlab-workhorse/current <==
    gitlab_1     | 2017-01-22_02:48:40.91198 gitlab.dev:8080 @ - - [2017-01-22 02:48:40.853291066 +0000 UTC] "POST /oauth/authorize HTTP/1.1" 302 178 "http://gitlab.dev:8080/oauth/authorize?client_id=a7ee6c568eb1824b9c43bb514fe2eded8142284bf484d587a66ed1713d82cfb7&redirect_uri=http%3A%2F%2Fdrone.dev%2Fauthorize&response_type=code&scope=api&state=drone" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36" 0.058615
    gitlab_1     | 2017-01-22_02:48:41.01414 gitlab.dev:8080 @ - - [2017-01-22 02:48:40.968217945 +0000 UTC] "GET /oauth/authorize?client_id=a7ee6c568eb1824b9c43bb514fe2eded8142284bf484d587a66ed1713d82cfb7&redirect_uri=http%3A%2F%2Fdrone.dev%2Fauthorize&response_type=code&scope=api&state=drone HTTP/1.1" 200 13012 "http://gitlab.dev:8080/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36" 0.045840
    gitlab_1     |
    gitlab_1     | ==> /var/log/gitlab/nginx/gitlab_access.log <==
    gitlab_1     | 172.27.0.1 - - [22/Jan/2017:02:48:40 +0000] "POST /oauth/authorize HTTP/1.1" 302 178 "http://gitlab.dev:8080/oauth/authorize?client_id=a7ee6c568eb1824b9c43bb514fe2eded8142284bf484d587a66ed1713d82cfb7&redirect_uri=http%3A%2F%2Fdrone.dev%2Fauthorize&response_type=code&scope=api&state=drone" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
    gitlab_1     | 172.27.0.1 - - [22/Jan/2017:02:48:41 +0000] "GET /oauth/authorize?client_id=a7ee6c568eb1824b9c43bb514fe2eded8142284bf484d587a66ed1713d82cfb7&redirect_uri=http%3A%2F%2Fdrone.dev%2Fauthorize&response_type=code&scope=api&state=drone HTTP/1.1" 200 4526 "http://gitlab.dev:8080/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"

Is anyone experiencing this issue???

Daniele Sangalli
  • 26
  • 4
  • 1
    I think I've found the issue but I'm not sure how to resolve it yet: `level=error msg="cannot authenticate user. Error exchanging token. Post http://gitlab.dev:8080/oauth/token: dial tcp 127.0.53.53:8080: getsockopt: connection refused"` – Daniele Sangalli Jan 22 '17 at 19:43
  • this error indicates the drone-server container cannot resolve `gitlab.dev`. Is `gitlab.dev` how you access gitlab from your browser? The gitlab url that you provide to drone should be the same url that you would use from the browser. It should be the public url. – Brad Rydzewski Jan 24 '17 at 09:28
  • Aside from this specific error message, it is not recommended to compose drone + gitlab in the same file. Even if you get this working you are going to have problems running builds. This is because drone is going to spawn build containers, and inside those containers drone is going to try to git clone from `gitlab.dev`, which is going to fail because that is an internal-only docker hostname. This is why one should configure drone with real DNS or IP addresses (whatever end users put in the browser address bar) instead of internal docker hostnames. – Brad Rydzewski Jan 24 '17 at 09:31
0

I believe the problem is that your redirect url does not include the port:

Name: Drone
Redirect URI: http://0.0.0.0/authorize

The redirect url is the url to which Gitlab redirects the user after authentications. This should be the Drone server address which should include the port:

Name: Drone
Redirect URI: http://0.0.0.0:8080/authorize
Brad Rydzewski
  • 2,523
  • 14
  • 18
  • Apologies, that was a typo. I've edited to include the port. Issue is the same though :-( – Mark Robson Jan 19 '17 at 11:21
  • 1
    I think this is because when you are not using a public IP address or domain name, drone uses `localhost` as its fallback url. So perhaps try using `http://localhost:8080/authorize` as the redirect url. This should get your further in the process, but you will likely have issues with drone<>gitlab communication using localhost, as mentioned in the other comments. – Brad Rydzewski Jan 19 '17 at 11:24
0

Open the drone homepage, rightclick the login with gitlab button, select copy link address, the url you copied from the button is the redirect url you need set in gitlab site.

Erguotou
  • 205
  • 2
  • 8