Issue with cloning dependencies

Hi everyone,

I’ve got an instance of gitlab running in AWS, and it works just fine for normal non-CI stuff.

The instance itself does not have a public IP address; it is reachable over http and https through a public elastic load balancer. Since the load balancer does not forward port 22, Internally we use a .ssh/config file to override the host that SSH connects to, which allows internal machines to clone repositories:

Host gitlab.domain.com
  HostName 10.0.3.36
  User ubuntu
  ProxyCommand ssh bastion -W %h:%p

Gitlab is configured with external_url 'https://gitlab.domain.com', and since the load balancer forwards 80 and 443, the letsencrypt integration works just fine as well.

So far, so good. I could use split view / horizion DNS, but I do not want to maintain a separate DNS zone at this time (though I’m afraid that doing so may be the answer to my problems).

I am now working on rolling out CI for one of our projects, and am running in to issues.

Our project requires cloning dependencies which are also hosted in our gitlab instance, and that is creating a problem that I am having trouble solving.

Case 1
If the dependency is set to git@gitlab.domain.com:group/coherence.git, the clone times out, as gitlab.domain.com resolves to the external IP, which SSH can not traverse.

Possible fix: Distribute a .ssh/config file in the gitlab CI builder machine.

Case 2
I created a private DNS zone of infrastructure.domain.com, with an A record pointing to the private IP address of the gitlab instance.

If the dependency is set to git@gitlab.infrastructure.domain.com:group/coherence.git, the clone fails due to a permission issue.

As a workaround, I’ve added

git config --global url."https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.infrastructure.domain.com/".insteadOf "ssh://git@gitlab.infrastructure.domain.com/"

to the gitlab-ci.yml file, though I get the same error when cloning:

$ git clone git@gitlab.infrastructure.domain.com:group/coherence.git
Cloning into 'coherence'...
Warning: Permanently added the ECDSA host key for IP address '10.0.3.36' to the list of known hosts.
GitLab: The project you were looking for could not be found.
fatal: Could not read from remote repository.