Gitlab runner connection refused, unable to access

Hi,
Im currently working on gitlab CI pipelines and when i commit new changes, i’m facing fatal error.

Cloning repository...
Cloning into '/builds/rest-api'...
fatal: unable to access 'http://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@localhost:10080/rest-api.git/': Failed to connect to localhost port 10080: Connection refused
ERROR: Job failed: exit code 1

Im using docker and gitlab for CI/CD automation on CentOS7, can any one help me to solve this ?
Ty :slightly_smiling_face:

Dear all,

I encounter the same issue with my self-hosted Gitlab:

Cloning repository...
Cloning into '/builds/zebulon/spdlog'...
fatal: unable to access 'https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@factory.palabritudes.net/zebulon/spdlog.git/': Failed to connect to factory.palabritudes.net port 443: Connection refused
ERROR: Job failed: exit code 1

If I try to clone the repository in a shell console, using the runner token (Project => Settings => CI / CD => General pipelines => Runner token), the command fails:

git clone https://gitlab-ci-token:1Wri..Thiv@factory.palabritudes.net/zebulon/spdlog.git/
Cloning into 'spdlog'...
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'https://gitlab-ci-token:1Wri..Thiv@factory.palabritudes.net/zebulon/spdlog.git/'

However, if I try to clone the repository using my private token (User => Settings => Access Tokens => Personal Access Tokens => Add a personal access token), it works:

git clone https://gitlab-ci-token:1iDq..78pd@factory.palabritudes.net/zebulon/spdlog.git/
Cloning into 'spdlog'...
remote: Counting objects: 11040, done.
remote: Compressing objects: 100% (2761/2761), done.
remote: Total 11040 (delta 7261), reused 11029 (delta 7255)
Receiving objects: 100% (11040/11040), 3.73 MiB | 297.00 KiB/s, done.
Resolving deltas: 100% (7261/7261), done.

So, the Gitlab configuration seems right (and, actually, I already did a lot of commits on several repositories hosted on this forge).

The project permissions are:

  • Project Visibility: Internal
  • Repository: Everyone With Access
  • Pipelines: Everyone With Access

I use a shared runner and the software versions are:

  • Gitlab: 11.1.0
  • Gitlab runner: 11.1.0

Gitlab was deployed on a Debian Buster, using the Omnibus package and an Apache reverse proxy configured from Gitlab recipe for Apache 2.4. The TLS certificate is valid (provided by Let’s Encrypt and managed by Certbot).

I spent a long time searching a solution on the net, in vain…

Could you help me? What I have forgotten or failed?

Thanks in advance,

Sébastien

i guess its time to get back to lovely jenkins :slight_smile: @sdinot

No! I know Jenkins and I already used it with Gitlab. This duo works fine (in particular with the multibranch pipeline plugin), but I prefer the more integrated way offered by Gitlab-CI. Furthermore, some Gitlab-CI features are really nice. So, I want use Gitlab-CI!

I probably missed a tricky detail, but I will find it.

1 Like

I have exactly the same issue as described by @sdinot, my installation is on Ubuntu 18.04 and Gitlab version is 11.1.0-ee (9a9f41dcb1f). Do anyone have solve this issue?

Hi, try to use the name of the container(gitlab container) instead of localhost

Can you show us the contents of the file “/etc/gitlab-runner/config.toml”
?

Hi @ariel.barria,

The log provided by @m.babazadeh73 is refering to localhost but it is not the case for mine. The url invoked by gitlab-runner is https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@factory.palabritudes.net/zebulon/spdlog.git/ and factory.palabritudes.net is the external url of my forge.

Here is the content of my /etc/gitlab-runner/config.toml file:

concurrent = 1
check_interval = 0

[[runners]]
  name = "Debian Stretch - Docker"
  url = "https://factory.palabritudes.net/"
  token = "e78d4a40..e85b8aef"
  executor = "docker"
  [runners.docker]
    tls_verify = false
    image = "debian:stretch"
    privileged = false
    disable_cache = false
    volumes = ["/cache"]
    shm_size = 0
  [runners.cache]

I already tried to add the below parameter:

  [runners.docker]
    extra_hosts = ["factory.palabritudes.net:91.224.149.157"]

in vain…

Looking back, the above test is not convincing and it lead you on a wrong track. I ran gitlab-runner in a debug mode and I realized that the token used by the runner to clone the repository is different and is provided by the server through an environment variable (CI_BUILD_TOKEN).

When I use the command line, the following lines appear in the Apache log:

xx.xx.xx.xx - - [25/Jul/2018:11:20:21 +0200] "GET /zebulon/spdlog.git/info/refs?service=git-upload-pack HTTP/1.1" 401 3827 "-" "git/2.18.0"
xx.xx.xx.xx - - [25/Jul/2018:11:20:21 +0200] "GET /zebulon/spdlog.git/info/refs?service=git-upload-pack HTTP/1.1" 200 1476 "-" "git/2.18.0"

But no such line appears in the Apache log when the gitlab-runner fails to clone the repository. So, it seems to be a networking issue. Nevertheless, access to the Apache service is filtered neither by the local firewall nor by the Apache configuration.

Solved! The issue was caused by the firewall (managed by Shorewall) which did not take into account the interface created by Docker. When I shutdown the firewall, the gitlab-runner works fine.

So, now, I must uninstall Shorewall (which seems not compatible with Docker) and manually configure the firewall.

@m.babazadeh73, could you verify this point on your system and, if the firewall shutdown solve your issue, mark this topic as solved?

Sébastien

2 Likes

great!, thanks for sharing the solution.

2 Likes

I had the same problem. I installed the gitlab on docker on ubuntu 18.04.2, when I disable the ufw, the problem solved! THX!

Try “systemctl restart docker”. This fixes for me.