Moon Light Box

Time is Money

GitLab - CI Runner Register x509 Error

| Comments

When you follow GitLab Document to install and set by

# gitlab-ci-multi-runner register

And you will occur x509 self-signed certificate error.

ERROR: Registering runner... failed runner=SScdJmzB status=couldn't execute POST against https://192.168.1.1/ci/api/v1/runners/register.json: Post https://192.168.1.1/te certificate for 192.168.1.1 because it doesn't contain any IP SANs
PANIC: Failed to register this runner. Perhaps you are having network problems

"It doesn't contain any IP SANs" error is caursed by invalid CN (default used domain name instead of IP).
So we need to modify openssl configuration in GitLab server (not GitLab CI Runner server).

# vim /etc/pki/tls/openssl.cnf

[ v3_ca ]
subjectAltName=IP:192.168.1.1 <---- Add this line. 192.168.1.1 is your GitLab server IP.

Then re-generate self-signed CA.

# cd /etc/gitlab/ssl
# openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/gitlab/ssl/192.168.1.1.key -out /etc/gitlab/ssl/192.168.1.1.crt
# openssl dhparam -out /etc/gitlab/ssl/dhparam.pem 4096
# gitlab-ctl restart

Copy the new CA to GitLab CI Runner server.

# scp /etc/gitlab/ssl/192.168.1.1.crt root@192.168.1.2:/etc/gitlab-runner/certs

http://yukinami.github.io/2015/11/26/Docker-CI/

Comments

comments powered by Disqus