作者:8090互助联盟 | 来源:互联网 | 2023-02-01 17:17
基于Wassim的回答,以及关于tls-self-signed和自定义CA签名证书的gitlab文档,如果您不是gitlab服务器的管理员而只是带有跑步者的服务器(如果是跑步者),这里可以节省一些时间以root身份运行):
SERVER=gitlab.example.com
PORT=443
CERTIFICATE=/etc/gitlab-runner/certs/${SERVER}.crt
# Create the certificates hierarchy expected by gitlab
sudo mkdir -p $(dirname "$CERTIFICATE")
# Get the certificate in PEM format and store it
openssl s_client -connect ${SERVER}:${PORT} -showcerts /dev/null | sed -e '/-----BEGIN/,/-----END/!d' | sudo tee "$CERTIFICATE" >/dev/null
# Register your runner
gitlab-runner register --tls-ca-file="$CERTIFICATE" [your other options]
更新1:证书需要是正确位置的绝对路径.
更新2:由于gitlab错误#2675,它可能仍然因自定义CA签名而失败
1> liberforce..:
基于Wassim的回答,以及关于tls-self-signed和自定义CA签名证书的gitlab文档,如果您不是gitlab服务器的管理员而只是带有跑步者的服务器(如果是跑步者),这里可以节省一些时间以root身份运行):
SERVER=gitlab.example.com
PORT=443
CERTIFICATE=/etc/gitlab-runner/certs/${SERVER}.crt
# Create the certificates hierarchy expected by gitlab
sudo mkdir -p $(dirname "$CERTIFICATE")
# Get the certificate in PEM format and store it
openssl s_client -connect ${SERVER}:${PORT} -showcerts /dev/null | sed -e '/-----BEGIN/,/-----END/!d' | sudo tee "$CERTIFICATE" >/dev/null
# Register your runner
gitlab-runner register --tls-ca-file="$CERTIFICATE" [your other options]
更新1:证书需要是正确位置的绝对路径.
更新2:由于gitlab错误#2675,它可能仍然因自定义CA签名而失败
2> Luiz Dias..:
在我的情况下,我通过添加.pem文件的路径来实现它,如下所示:
sudo gitlab-runner register --tls-ca-file /my/path/gitlab/gitlab.myserver.com.pem
3> Etienne Gaut..:
好的,我一步一步地关注这篇文章http://moonlightbox.logdown.com/posts/2016/09/12/gitlab-ci-runner-register-x509-error然后它就像一个魅力.为防止死链接,我复制以下步骤:
首先在GitLab服务器上编辑ssl配置(而不是跑步者)
vim /etc/pki/tls/openssl.cnf
[ v3_ca ]
subjectAltName=IP:192.168.1.1 <---- Add this line. 192.168.1.1 is your GitLab server IP.
重新生成自签名证书
cd /etc/gitlab/ssl
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/gitlab/ssl/192.168.1.1.key -out /etc/gitlab/ssl/192.168.1.1.crt
sudo openssl dhparam -out /etc/gitlab/ssl/dhparam.pem 2048
sudo gitlab-ctl restart
将新CA复制到GitLab CI运行程序
scp /etc/gitlab/ssl/192.168.1.1.crt root@192.168.1.2:/etc/gitlab-runner/certs
谢谢@Moon Light @Wassim Dhif