Registering specific runner causes 403 on `/api/v4/runners`

I’m trying to register a specific runner as follows:

  • Navigate to project → Settings → CI/CD → Runners
  • Run command from ‘Specific runners’ → ‘Show runner installation instructions’

The command is as follows:

gitlab-runner register --url --registration-token <token>

I’m then prompted for:

  • GitLab instance URL
  • Registration token
  • Description
  • Tags
  • Optional maintenance note

After entering these prompts, the following error is logged:

ERROR: Registering runner... forbidden (check registration token)  runner=GR1348941bCxWJjzH
PANIC: Failed to register the runner.

However, registering a shared runner works perfectly.

This is logged in gitlab_access.log:

2a0c:eb00:0:f7:185:233:175:159 - - [19/Nov/2022:21:41:49 +0100] "POST /api/v4/runners HTTP/1.1" 403 27 "" "gitlab-runner 15.5.1 (15-5-stable; go1.18.7; linux/amd64)" -

This is logged in gitlab-workhorse/current:

{"content_type":"application/json","correlation_id":"01GJ8T9QB5WN6NQNX3CVA4TABW","duration_ms":30,"host":"","level":"info","method":"POST","msg":"access","proto":"HTTP/1.1","referrer":"","remote_addr":"[2a0c:eb00:0:f7:185:233:175:159]:0","remote_ip":"2a0c:eb00:0:f7:185:233:175:159","route":"^/api/","status":403,"system":"http","time":"2022-11-19T21:46:51+01:00","ttfb_ms":29,"uri":"/api/v4/runners","user_agent":"gitlab-runner 15.5.1 (15-5-stable; go1.18.7; linux/amd64)","written_bytes":27}

Why does GitLab get a 403 on /api/v4/runners?

1 Like

What’s your version of GitLab and GitLab Runner?

  • GitLab: 15.5.3
  • GitLab Runner: 15.5.1

You application logs might provide more information.
From personal experience, 403 mostly happen on invalid tokens or when a script/folder does not have the right rights.
The last one often happens to me when updating Gitllab through the root user instead of using sudo.

Nothing is logged to /var/log/gitlab/gitlab-rails/application_json.log and /var/log/gitlab/gitlab-rails/application.log.

Still seeing this issue on:

  • GitLab: 15.6.2
  • GitLab Runner: 15.6.1

HTTP request on register:

POST /api/v4/runners HTTP/1.1
User-Agent: gitlab-runner 15.6.1 (15-6-stable; go1.18.8; linux/amd64)
Content-Length: 793
Accept: application/json
Content-Type: application/json
Accept-Encoding: gzip


HTTP response on register:

HTTP/1.1 403 Forbidden
Server: nginx
Date: Fri, 16 Dec 2022 09:50:37 GMT
Content-Type: application/json
Content-Length: 27
Connection: keep-alive
Cache-Control: no-cache
Vary: Origin
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Runtime: 0.019839

{"message":"403 Forbidden"}

You can try to reset the project’s registration token and use new one if the old one is invalid for whatever reason.

No, resetting the token does not help.

Still seeing this issue on:

  • GitLab: 15.7.0
  • GitLab Runner: 15.7.1

Still seeing this issue on:

  • GitLab: 15.7.5
  • GitLab Runner: 15.7.1

I’m facing this problem too.

  • Gitlab 13.9
  • Runner 0.41.0

I’m trying to register via API:

curl --fail --request POST --header "PRIVATE-TOKEN: $TOKEN" "$project_id/runners" --form "runner_id=$runner_id"

Issue does not occur with new runner registration workflow in 15.10.