Docker GitLab CI runner-can'；无法访问其他存储库_Docker_Gitlab_Gitlab Ci_Gitlab Ci Runner_Gitlab 8

Docker GitLab CI runner-can'；无法访问其他存储库

docker gitlab

Docker GitLab CI runner-can'；无法访问其他存储库,docker,gitlab,gitlab-ci,gitlab-ci-runner,gitlab-8,Docker,Gitlab,Gitlab Ci,Gitlab Ci Runner,Gitlab 8,在最近的一次小型8.x升级之后，我无法执行同时获取另一个存储库的GitLab CI测试。虽然以前一切正常，但现在我收到了著名的主机密钥验证失败。ssh发出的错误消息。这可能是什么原因 /etc/gitlab runner/config.toml： concurrent = 1 [[runners]] name = "python-runner@localhost" # ... executor = "docker" [runners.docker] image = "e

在最近的一次小型8.x升级之后，我无法执行同时获取另一个存储库的GitLab CI测试。虽然以前一切正常，但现在我收到了著名的主机密钥验证失败。ssh发出的错误消息。这可能是什么原因

/etc/gitlab runner/config.toml

：

concurrent = 1

[[runners]]
  name = "python-runner@localhost"
  # ...
  executor = "docker"
  [runners.docker]
    image = "edoburu/python-runner"
    privileged = false
    cap_drop = ["DAC_OVERRIDE"]
    volumes = [
        "/cache",
        "/home/deploy/.ssh:/root/.ssh:ro"
    ]
    # ...

如您所见，

.ssh

文件夹被公开，以向容器提供所有已知主机的列表（

/home/deploy/.ssh/known_hosts

）。这还为容器提供了一个已知的SSH密钥，我在存储库中将其作为部署密钥启用

但是，现在构建失败了，这是以前没有做到的：

Obtaining python-extra from git+git@git.example.org:myproject/python-repo.git@889f8fa0fe485d246d106ccee47aa60b2dd2523e#egg=python-extra (from -r src/requirements.txt (line 63))
  Cloning git@git.example.org:myproject/python-extra.git (to 889f8fa0fe485d246d106ccee47aa60b2dd2523e) to /builds/myproject/env/src/python-extra
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
Command "git clone -q git@git.example.org:myproject/python-extra.git /builds/project/env/src/python-extra" failed with error code 128 in None

.gitlab ci.yml

文件包含：

test:
  image: edoburu/python-runner:base
  stage: test
  script:
  - virtualenv --no-site-packages ../env
  - source ../env/bin/activate
  - pip install --exists-action=w -r src/requirements.txt
  - pip install coverage
  - coverage run --source=src --omit='*/migrations/*' ./src/runtests.py -v2
  - coverage report -m

但是，当我手动进入容器时，一切正常：

root@git.example.org ~ $ docker run -it --volume="/home/deploy/.ssh:/root/.ssh:ro" edoburu/python-runner:base /bin/bash
root@feed357355ad:/# ssh git@git.example.org
PTY allocation request failed on channel 0
Welcome to GitLab, Anonymous!
Connection to git.example.org closed.
root@feed357355ad:/# git clone git@git.example.org:myproject/python-extra.git  
Cloning into 'python-extra'...
remote: Counting objects: 387, done.
remote: Compressing objects: 100% (176/176), done.
remote: Total 387 (delta 215), reused 374 (delta 208)
Receiving objects: 100% (387/387), 5.97 MiB | 0 bytes/s, done.
Resolving deltas: 100% (215/215), done.
Checking connectivity... done.
root@feed357355ad:/# exit
root@git.example.org ~ $

GitLab有什么不同之处吗？可能是分配IP地址或其他导致生成失败的原因？

解决了，结果是

--cap drop=DAC\u OVERRIDE

阻止访问卷。将其所有者更改为root解决了此问题

通过向

.gitlab ci.yml

文件添加一些调试代码找到：

 script:
  - ping -c 1 git.edoburu.nl
  - ssh-keyscan git.edoburu.nl
  - ls -la ~/.ssh/
  - cat ~/.ssh/known_hosts