Gitlab-ci dind build can´t login to (insecure) Registry after upgrade from 11.x to 12.1

GitLab CI/CD
1

Hello all,

We upgraded our gitlab from v11 to v12.1 (gitlab and gitlab runner in docker).
Now the ci-pipeline with gitlab-ci failed with error while docker login to the GitLab Docker Registry.

The GitLab CI-Registry is a local IP-Address 192.168… without certificates (insecure)
We changed nothing else than the GitLab version

$ docker login -u gitlab-ci-token -p ${CI_BUILD_TOKEN} ${CI_REGISTRY}
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
time="2019-07-24T15:01:40Z" level=info msg="Error logging in to v2 endpoint, trying next endpoint: Get https://192.168.xx.xxx:xxxx/v2/: http: server gave HTTP response to HTTPS client"
Get https://192.168.xx.xxx:xxxx/v2/: http: server gave HTTP response to HTTPS client

Versions:

  • gitlab/gitlab-runner:alpine-v12.1.0
  • gitlab/gitlab-ce:12.1.0-ce.0
  • Docker version 18.09.0, build 4d60db4

runner config:

concurrent = 1
check_interval = 0

[session_server]
  session_timeout = 1800

[[runners]]
  name = "docker in docker build"
  url = "http://192.168.xx.xxx:xxxx/"
  token = "xxxxxxxxxxxxxxxxxxxxx"
  executor = "docker"
  [runners.custom_build_dir]
  [runners.docker]
    tls_verify = false
    image = "docker:dind"
    privileged = false
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/cache"]
    shm_size = 0
  [runners.cache]
    [runners.cache.s3]
    [runners.cache.gcs]
  [runners.custom]
    run_exec = ""

and in the .gitlab-ci.yml:

services:
  - name: docker:dind
    command:
      [
        '--insecure-registry=192.168.xx.xxx:xxxx',
      ]

EDIT:
–> solved

I setup a complete new configuration (runners and gitlab-ci.yml) like described under https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker-executor

2

Hello, How did you solved it? Suddenly all my CI stopped working by failing with this same error

3

My solution was to setup the configuration completly new, how discribed under the link above

AND
added the following variable to my gitlab-ci.yml:

variables: 
  DOCKER_TLS_CERTDIR: ''

It is imortend to use docker login <insecure registry> inside the script-section and NOT in before_script-section!

–> I think the AND-solution only can solve your problem

2 Likes