我一直有一些乐趣设置GitLab,并花了一段时间的黑客攻击后,我已经变得相对习惯于设置它,现在已经完成了两台机器上,第二个时间比原来更容易...错误上传到协调器的工件
但是,我面临一个相当大的问题,在两台机器上:我的CI管道被打破。不知何故,在某个地方,一旦构建完成,我的设置就会提供403个文物,这意味着每一个技术上成功的工作将注定失败......
我一直在清理interwebs的答案,但我避难没有发现很多有用的东西。
我将GitLab CE升级到了10.1.4分钟前,以及将GitLab-runner升级到了10.1.0,这两个机器中最重要的两个机器上的apt都可以使用最新的软件包,运行比Ubuntu更新的版本另一个 - 17.04对“野兽”的狂热,而对“q2”的16.10阵痛。 这两个gitlab运行程序注册使用shell执行。
的CI作业的相关输出如下:
Cloning repository...
Cloning into '/[clonepath]'...
Checking out 8319d586 as master...
Skipping Git submodules setup
mesg: ttyname failed: Inappropriate ioctl for device
mesg: ttyname failed: Inappropriate ioctl for device
mesg: ttyname failed: Inappropriate ioctl for device
$ mvn -B install
[INFO] Scanning for projects...
...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 11.204 s
[INFO] Finished at: 2017-11-18T05:45:08+01:00
[INFO] Final Memory: 27M/640M
[INFO] ------------------------------------------------------------------------
mesg: ttyname failed: Inappropriate ioctl for device
mesg: ttyname failed: Inappropriate ioctl for device
mesg: ttyname failed: Inappropriate ioctl for device
Uploading artifacts...
target/*.jar: found 1 matching files
ERROR: Uploading artifacts to coordinator... forbidden id=35 responseStatus=403
Forbidden status=403 Forbidden token=sP9oHykF
FATAL: permission denied
ERROR: Job failed: exit status 1
我的Apache2的虚拟主机子域名下运行GitLab,主要是为了美观和端口的省略了主机之后,即8080麒麟,因为是在Apache上运行的其他网站。
这些是我gitlab.rb内所配置的选项:
gitlab_rails['trusted_proxies'] = [ '127.0.0.1' ]
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "127.0.0.1:8181"
nginx['enable'] = false
在下列任一选项/值的设定值作为这样
web_server['username'] = 'www-data'
web_server['group'] = 'www-data'
上产生重新配置一个错误:
Starting Chef Client, version 12.12.15
resolving cookbooks for run list: ["gitlab"]
Synchronizing Cookbooks:
- package (0.1.0)
- registry (0.1.0)
- consul (0.0.0)
- gitlab (0.0.1)
- runit (0.14.2)
Installing Cookbook Gems:
Compiling Cookbooks...
Recipe: gitlab::default
* directory[/etc/gitlab] action create (up to date)
Converging 408 resources
* directory[/etc/gitlab] action create (up to date)
* directory[Create /var/opt/gitlab] action create (up to date)
* directory[/opt/gitlab/embedded/etc] action create (up to date)
* template[/opt/gitlab/embedded/etc/gitconfig] action create (up to date)
Recipe: gitlab::web-server
* group[Webserver user and group] action create (up to date)
* user[Webserver user and group] action create
================================================================================
Error executing action `create` on resource 'user[Webserver user and group]'
================================================================================
Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '8'
---- Begin output of ["usermod", "-s", "/bin/false", "-d", "/var/opt/gitlab/nginx", "www-data"] ----
STDOUT:
STDERR: usermod: user www-data is currently used by process 2656
---- End output of ["usermod", "-s", "/bin/false", "-d", "/var/opt/gitlab/nginx", "www-data"] ----
Ran ["usermod", "-s", "/bin/false", "-d", "/var/opt/gitlab/nginx", "www-data"] returned 8
Resource Declaration:
---------------------
# In /opt/gitlab/embedded/cookbooks/cache/cookbooks/package/definitions/account.rb
38: user params[:name] do
39: username username
40: shell params[:shell]
41: home params[:home]
42: uid params[:uid]
43: gid params[:ugid]
44: system params[:system]
45: supports params[:user_supports]
46: action params[:action]
47: end
48: end
Compiled Resource:
------------------
# Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/package/definitions/account.rb:38 :in `block in from_file'
user("Webserver user and group") do
params {:action=>nil, :username=>"www-data", :uid=>nil, :ugid=>"www-data", :groupname=>"www-data", :gid=>nil, :shell=>"/bin/false", :home=>"/var/opt/gitlab/nginx", :system=>true, :append_to_group=>true, :group_members=>["www-data"], :user_supports=>{:manage_home=>false}, :manage=>true, :name=>"Webserver user and group"}
action [:create]
supports {:manage_home=>false}
retries 0
retry_delay 2
default_guard_interpreter :default
username "www-data"
gid 33
home "/var/opt/gitlab/nginx"
shell "/bin/false"
system true
iterations 27855
declared_type :user
cookbook_name "gitlab"
recipe_name "web-server"
end
Platform:
---------
x86_64-linux
Running handlers:
Running handlers complete
Chef Client failed. 0 resources updated in 04 seconds
至于Apache,这里是支持SSL的Vhost:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName [host]
ServerAdmin [email]
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Location />
Order deny,allow
Allow from all
Require all granted
ProxyPassReverse http://127.0.0.1:8181/
ProxyPassReverse http://[host]/
RequestHeader set X-Forwarded-Ssl 'on'
</Location>
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.*
RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
SSLCertificateFile /etc/letsencrypt/live/[host]/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/[host]/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
任何想法是怎么回事?我还没有挖掘Apache日志信息,因为它可能不会是Apache,因为请求直接传递给gitlab-worker(8181)。如果有必要,我应该检查哪些日志?
谢谢你的时间。