Registering specific runner causes 403 on `/api/v4/runners`

I’m trying to register a specific runner as follows:

  • Navigate to project → Settings → CI/CD → Runners
  • Run command from ‘Specific runners’ → ‘Show runner installation instructions’

The command is as follows:

gitlab-runner register --url --registration-token <token>

I’m then prompted for:

  • GitLab instance URL
  • Registration token
  • Description
  • Tags
  • Optional maintenance note

After entering these prompts, the following error is logged:

ERROR: Registering runner... forbidden (check registration token)  runner=GR1348941bCxWJjzH
PANIC: Failed to register the runner.

However, registering a shared runner works perfectly.

This is logged in gitlab_access.log:

2a0c:eb00:0:f7:185:233:175:159 - - [19/Nov/2022:21:41:49 +0100] "POST /api/v4/runners HTTP/1.1" 403 27 "" "gitlab-runner 15.5.1 (15-5-stable; go1.18.7; linux/amd64)" -

This is logged in gitlab-workhorse/current:

{"content_type":"application/json","correlation_id":"01GJ8T9QB5WN6NQNX3CVA4TABW","duration_ms":30,"host":"","level":"info","method":"POST","msg":"access","proto":"HTTP/1.1","referrer":"","remote_addr":"[2a0c:eb00:0:f7:185:233:175:159]:0","remote_ip":"2a0c:eb00:0:f7:185:233:175:159","route":"^/api/","status":403,"system":"http","time":"2022-11-19T21:46:51+01:00","ttfb_ms":29,"uri":"/api/v4/runners","user_agent":"gitlab-runner 15.5.1 (15-5-stable; go1.18.7; linux/amd64)","written_bytes":27}

Why does GitLab get a 403 on /api/v4/runners?

1 Like

What’s your version of GitLab and GitLab Runner?

  • GitLab: 15.5.3
  • GitLab Runner: 15.5.1

You application logs might provide more information.
From personal experience, 403 mostly happen on invalid tokens or when a script/folder does not have the right rights.
The last one often happens to me when updating Gitllab through the root user instead of using sudo.

Nothing is logged to /var/log/gitlab/gitlab-rails/application_json.log and /var/log/gitlab/gitlab-rails/application.log.