Access forbidden error when using gitlab-runner exec docker

udaraf · April 6, 2018, 10:09pm

Hello all,
I get an “access forbidden error” when using gitlab-runner exec with docker on OSX:

~/work/brainbox.master $ gitlab-runner exec docker build       
Running with gitlab-runner 10.6.0 (a3543a27)
Using Docker executor with image registry.gitlab.com/brainboxcapital/brainbox:latest ...
Pulling docker image registry.gitlab.com/brainboxcapital/brainbox:latest ...
ERROR: Preparation failed: Error response from daemon: Get https://registry.gitlab.com/v2/brainboxcapital/brainbox/manifests/latest: denied: access forbidden
FATAL: Error response from daemon: Get https://registry.gitlab.com/v2/brainboxcapital/brainbox/manifests/latest: denied: access forbidden

My config.toml is the following:

~/work/brainbox.master $ cat ~/.gitlab-runner/config.toml 
concurrent = 1
check_interval = 0

[[runners]]
  name = "udara.kalis.local"
  url = "https://gitlab.com/"
  token = "{elided}"
  executor = "docker"
  [runners.docker]
    tls_verify = false
    image = "ubuntu"
    privileged = false
    disable_cache = false
    volumes = ["/cache"]
    shm_size = 0
  [runners.cache]

The head of my .gitlab-ci.yml is.

~/work/brainbox.master $ head -10 .gitlab-ci.yml 
image: registry.gitlab.com/brainboxcapital/brainbox:latest
stages:
 - build
 - cleanup
 - test
 - deploy

During gitlab-runner registration, I set the token to the CI runner token from the Gitlab project’s CI/CD page. 2FA is enabled on this project.

At a loss on how to proceed, so any suggestions are welcome… thank you!

sas · June 20, 2018, 7:01am

I may be wrong but I think that when you run the job like this you would need to run

docker login registry.gitlab.com

first. I suspect the runner token only comes into play when a job is triggered via the CI system.

ravecat · December 10, 2020, 3:20pm

This problem exists because your gitlab-runner container hasn’t access to private registry and doesn’t know about login inside your host ( so previous advice about docker login registry.gitlab.com doesn’t work because we work inside container).

Solution - login from host and mount credential file to gitlab container

docker run --rm \
  -v ${HOME}/.docker/config.json:/root/.docker/config.json \
  -v /var/run/docker.sock:/var/run/docker.sock \
  gitlab/gitlab-runner exec docker myjob

Topic		Replies	Views
Access Denied to Docker Registry using local runner GitLab CI/CD	2	4005	August 9, 2018
GitLab DinD Runner - Docker Login leads to "denied: access forbidden" How to Use GitLab	2	1921	August 1, 2021
.gitlab-ci.yml trying to build a docker image and push it to GitLab CI's registry GitLab CI/CD	6	28199	March 26, 2017
Gitlab-ci.yml failing with Access denied GitLab CI/CD runner , docker , pipelines	3	1408	March 5, 2024
Trouble with install & configuring CI/CD How to Use GitLab	2	3061	July 30, 2020

Access forbidden error when using gitlab-runner exec docker

Related topics