0

I am using gitlab UI to deploy rancher via TF, job runs on GitLab Runner as a container on linux VM.

below is the config of.gitlab-ci.yml

  - echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@git.myservice.demo.com" >> ~/.git-credentials
  - git config --global credential.helper 'store --file ~/.git-credentials'

when i run the pipeline it fail to clone the repo , i have active deployment token not sure why its failing.

Any guidance will be appreciated as very new to gitlab.

Pipeline error

 Running with gitlab-runner 13.2.1 (efa30e33)
   on b069898257b6 HpcxYCyA
Preparing the "docker" executor
00:05
 Using Docker executor with image hashicorp/terraform:0.12.29 ...
 Pulling docker image hashicorp/terraform:0.12.29 ...
 Using docker image sha256:323b4bbc567117d19a68bcfe71e87ce9be855674005f645e41c8faedf4c263cb for hashicorp/terraform:0.12.29 ...
Preparing environment
00:02
 Running on runner-hpcxycya-project-257-concurrent-0 via 7d0ddeb92b75...
Getting source from Git repository
00:02
 $ git config --global http.proxy $HTTP_PROXY; git config --global https.proxy $HTTPS_PROXY
 Fetching changes with git depth set to 50...
 Reinitialized existing Git repository in /builds/demo/rancher-prod/.git/
 fatal: unable to access 'https://git.myservice.demo.com/demo/rancher-prod.git/': SSL certificate problem: unable to get local issuer certificate
 ERROR: Job failed: exit code 1
# openssl s_client -connect git.myserives.demo.com:443
140605252743616:error:0200206E:system library:connect:Connection timed out:../crypto/bio/b_sock2.c:110:
140605252743616:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:111:
connect:errno=110
Satyam Pandey
  • 593
  • 2
  • 10
  • 32
  • The error happens on `git config`. This has nothing to do with cloning the repo. Why are you setting the config and cloning anyway? Gitlab already does this for you. – Code-Apprentice Sep 17 '21 at 15:49
  • @Code-Apprentice thanks for your response how to fix the same. – Satyam Pandey Sep 17 '21 at 15:55
  • Don't do it. This `git config` call shouldn't be necessary. Or if you think it is, add more details to your question. – Code-Apprentice Sep 17 '21 at 16:12
  • Actually i need to set the proxy so using it "git config --global http.proxy $HTTP_PROXY; git config --global https.proxy $HTTPS_PROXY" – Satyam Pandey Sep 17 '21 at 16:25
  • ok, looking closer at the error, it seems to be a certificate issue. I would google the last part of the error message to see what you can find. – Code-Apprentice Sep 17 '21 at 16:36
  • 1
    Please copy the text directly and paste it into your posts instead of a picture of text. It's easer to understand that way, and therefore will be easier to answer your question. – Adam Marshall Sep 17 '21 at 18:22
  • 1
    Do you run your own Gitlab Runner's? If so, can you update your post with the output of `openssl s_client -connect your.gitlab.server:443` when run from the runner host (but please redact the certificate, hostname, and anything other sensitive information)? – Adam Marshall Sep 17 '21 at 18:24
  • Although this *looks* like a Git or GitLab problem at first, it's *actually* an http(s) issue with SSL certificates. The right tag is therefore [tag:ssl]. You'll probably find the answer [here](https://stackoverflow.com/q/61549035/1256452) though. I took off the Git tag, so when I vote to close this as a duplicate, it shouldn't auto-close, I think. :-) – torek Sep 17 '21 at 19:59
  • Does this answer your question? [Does TLS client ever require a certificate installation?](https://stackoverflow.com/questions/61549035/does-tls-client-ever-require-a-certificate-installation) – torek Sep 17 '21 at 20:01

0 Answers0