gitlab-runner, docker and self signed certs, git is unable to clone
First of all: It is no problem to get the runner signed to our gitlab instance!
Our CA chain is provided on our build server as well as in our docker image.
Our build server, running the gitlab-runner
, can connect via HTTPS without problems, with git as well as with curl.
Problems starts when gitlab-runner
fires up its gitlab/gitlab-runner:build
image.
It's nowhere documented, that besides our own docker-image another service (gitlab/gitlab-runner:build
) is linked at build time, but I guess, the gitlab/gitlab-runner:build
is doing the git clone
.
And thats why it all fails with
Cloning into '/builds/saltstack/saltcode'...
fatal: unable to access 'https://gitlab-ci-token:xxxxxx@gitlab.example.com/saltstack/saltcode.git/': SSL certificate problem: unable to get local issuer certificate
ERROR: Build failed with: exit code 1
Because the gitlab/gitlab-runner:build
is unaware of our CA chain.
I provided the PEM file under /etc/gitlab-runner/certs/<servername>
, of course with no success.
I have run gitlab-runner --debug run
without getting any useful hint out of it.
We are on gitlab-runner 0.7.2
, the build server is an Ubuntu 14.04, our docker-image is a custom ubuntu.14.04
docker image.
Any suggestions are welcome!