GitLab Runner certificate signed by unknown authority

2019-05-14 142 words One minute

Contents

Recently I’ve been working w/ GitLab Runners, starting with Shell Executor before moving on to Docker.

Self-signed

Anyway, my GitLab instance uses a self-signed certificate. This is not great as our tooling essentially needs to work around errors like this:

ERROR: Registering runner... failed                 runner=EfnphyLc status=couldn't execute POST against https://example.com/api/v4/runners: Post https://example.com/api/v4/runners: x509: certificate signed by unknown authority
PANIC: Failed to register this runner. Perhaps you are having network problems

Config

In your config.toml, introduce GIT_SSL_NO_VERIFY=true in your list of environment variables; e.g.,

concurrent = 1
check_interval = 0

[[runners]]
  name = "f6705c062106"
  url = "FIXME"
  token = "FIXME"
  executor = "docker"
  environment = ["GIT_SSL_NO_VERIFY=true"]
  [runners.docker]
    tls_verify = false
    image = "FIXME"
    privileged = false
    disable_cache = false
    volumes = ["/cache"]
    pull_policy = "if-not-present"
    shm_size = 0
  [runners.cache]

NB: Not saying that this is a good practice, merely a workaround.

References

https://gitlab.com/gitlab-org/gitlab-runner/issues/2795