Hi everybody,
I am running a gitlab-runner (gitlab/gitlab-runner version 12.4.0, ran as docker container). When i run the container with:
docker run -d --name shared-docker-runner --restart unless-stopped -v ~/shared-docker-runner/config:/etc/gitlab-runner -v /var/run/docker.sock:/var/run/docker.sock gitlab/gitlab-runner:latest
The local dir ~/shared-docker-runner/config/certs has a ca-certificate. I can check the ca-file compatibility with the server certificate via:
openssl s_client -CAfile ~/shared-docker-runner/config/my-gitlab-server.crt -connect my-gitlab-server:443
which returns Verify return code: 0 (ok)
The running container will have a ca-certificate available in /etc/gitlab-runner/certs
I can docker exec into the running container and execute:
openssl s_client -CAfile /etc/gitlab-runner/certs/my-gitlab-server.crt -connect my-gitlab-server:443
and it will return Verify return code: 0 (ok)
But if i run:
openssl s_client -CApath /etc/gitlab-runner/certs -connect my-gitlab-server:443
the verification fails:
Verify return code: 21 (unable to verify the first certificate)
And so do all my attempts to register my shared-docker-runner.
PANIC: Failed to register this runner. Perhaps you are having network problems
I have tried the following config.toml, but it looks like editing the toml is without any effect:
concurrent = 1
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "shared-docker-runner"
url = "https://my-gitlab-server:443"
token = "D&C67342878cdgdc"
executor = "docker"
tls-ca-file = "/etc/gitlab-runner/certs/my-gitlab-server.crt"
[runners.custom_build_dir]
[runners.docker]
tls_verify = false
image = "docker:19.03.0"
privileged = true
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/cache", "/certs"]
shm_size = 0
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
What am i missing?