With the following Dockerfile: FROM nexylan/php-dev:7.1-alpine COPY entrypoint.sh / RUN chmod u+x /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] WORKDIR /code CMD ["tail", "-f", "/dev/null"] (The entrypoint does nothing related to the issue). The definition on docker-compose: version: '2' services: data: image: alpine volumes: - .:/code console: build: docker/php-console volumes_from: - data env_file: - .env And the following commands on Gitlab CI commands: image: docker services: - docker:dind before_script: - docker info - apk add --update bash python py-pip python-dev - pip install docker-compose - docker-compose up -d - docker-compose ps - docker-compose exec -T console make install stages: - test test: stage: test tags: [docker-privileged] script: - echo ${SSH_PRIVATE_KEY} > tests/fixtures/ssh/key - echo ${SSH_PUBLIC_KEY} > tests/fixtures/ssh/key.pub - chmod 600 tests/fixtures/ssh/* - docker-compose exec -T console ls -l tests/fixtures/ssh/ - docker-compose exec -T console chmod 777 /dev/tty - docker exec -t flintci_console_1 ssh -o StrictHostKeyChecking=no -i tests/fixtures/ssh/key -T -vvv git@github.com The SSH command is always prompting for a passphrase with the following log: OpenSSH_7.2p2-hpn14v4, OpenSSL 1.0.2k 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug2: resolving "github.com" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to github.com [192.30.253.112] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file tests/fixtures/ssh/key type 1 debug1: key_load_public: No such file or directory debug1: identity file tests/fixtures/ssh/key-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2-hpn14v4 debug1: Remote protocol version 2.0, remote software version libssh_0.7.0 debug1: no match: libssh_0.7.0 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to github.com:22 as 'git' debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: host key algorithms: ssh-dss,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib,zlib@openssh.com debug2: compression stoc: none,zlib,zlib@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256@libssh.org debug1: kex: host key algorithm: ssh-rsa debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8 Warning: Permanently added 'github.com,192.30.253.112' (RSA) to the list of known hosts. debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug2: key: tests/fixtures/ssh/key (0x55b4bd4e81a0), explicit debug3: send packet: type 5 debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey debug3: start over, passed a different list publickey debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: tests/fixtures/ssh/key debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 60 debug1: Server accepts key: pkalg ssh-rsa blen 279 debug2: input_userauth_pk_ok: fp SHA256:3aoR/R1oBDYb0QucuGCJfBgIWW4DE2P4DjuWwgtQg/k debug3: sign_and_send_pubkey: RSA SHA256:3aoR/R1oBDYb0QucuGCJfBgIWW4DE2P4DjuWwgtQg/k Enter passphrase for key 'tests/fixtures/ssh/key': The key has no passphrase, and the same docker command works well on my local laptop, not on GitLab CI. What I'm missing?

I'm trying to add the ability for my ArchLinux installer script to check if it's update-to-date based on rather it matches (or doesn't match) the version number that's on gitlab. The primary script that runs the installer (and all of the numbered script files) is the aalis.sh script, it basically goes and runs the other files together. The version numbering would be something like 1.2.3 (major.minor.patch). Basically, whenever I make any changes to the script, I will change the script's version number of gitlab; and I want the script itself to be able to detect that its version number doesn't the match the one on github (for cases where someone has an outdated version of the script and try to run it); and automatically update itself using git fetch origin master then rerun itself using the updated contents.

We want to run CI/CD for our saltstack formulars. With debian buster it worked fine; now I try it with bookworm and I get some errors. My CI-yaml file in gitlab looks like this:

image: 
  name: debian:bookworm
default:
 before_script:
    - DEBIAN_FRONTEND=noninteractive apt update -qq
    - DEBIAN_FRONTEND=noninteractive apt install -yqq python3-pip pipx curl apt-utils gnupg2 ssh
    - pipx install yamllint
    - pipx install salt-lint
    - pipx ensurepath
    - mkdir -p /etc/apt/keyrings/
    - curl -fsSL https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public  | tee /etc/apt/keyrings/salt-archive-keyring.pgp
    - "echo 'deb [signed-by=/etc/apt/keyrings/salt-archive-keyring.pgp arch=amd64] https://packages.broadcom.com/artifactory/saltproject-deb  stable main' > /etc/apt/sources.list.d/saltstack.list"
    - DEBIAN_FRONTEND=noninteractive apt update -qq && DEBIAN_FRONTEND=noninteractive apt install salt-minion -yqq
    - "echo 'file_client: local' >> /etc/salt/minion"
    - "echo -e 'grains:\n  fqdn: test-minion.example.de' >> /etc/salt/minion"
    - "echo -e '  host: test-minion' >> /etc/salt/minion"
    - mkdir -p /srv/salt
    - cp -r $CI_PROJECT_DIR/* /srv/salt
[...]
highstate:
  stage: Test
  needs: ["linux:lint"]
  tags:
    - docker
  script:
    - salt-call state.highstate --id=test-minion.example.de --file-root=/srv/salt/states --pillar-root=/srv/salt/pillars --retcode-passthrough mocked=True --state-output=mixed --state_verbose=True
  only:
    - master

and I get the following error: salt-call state.highstate --id=test-minion.example.de --file-root=/srv/salt/states --pillar-root=/srv/salt/pillars --retcode-passthrough mocked=True --state-output=mixed --state_verbose=True [ERROR ] Command '/usr/bin/systemctl' failed with return code: 1 [ERROR ] stdout: System has not been booted with systemd as init system (PID 1). Can't operate. Failed to connect to bus: Host is down [ERROR ] retcode: 1 [ERROR ] Module function service.systemctl_reload threw an exception. Exception: Problem performing systemctl daemon-reload: System has not been booted with systemd as init system (PID 1). Can't operate. Failed to connect to bus: Host is down [ERROR ] Command 'runlevel' failed with return code: 1 [ERROR ] stdout: unknown [ERROR ] retcode: 1 [ERROR ] Command 'runlevel' failed with return code: 1 [ERROR ] output: unknown [ERROR ] Command 'runlevel' failed with return code: 1 [ERROR ] stdout: unknown [ERROR ] retcode: 1 [ERROR ] Command 'runlevel' failed with return code: 1 [ERROR ] output: unknown [ERROR ] Command 'insserv' failed with return code: 127 [ERROR ] stdout: /bin/sh: 1: insserv: not found [ERROR ] retcode: 127 [ERROR ] Failed when setting service zabbix-agent2 to start at boot, but the service was already running [ERROR ] Command 'service' failed with return code: 1 [ERROR ] stdout: systemd-timesyncd: unrecognized service [ERROR ] retcode: 1 [ERROR ] Command 'service' failed with return code: 1 [ERROR ] stdout: systemd-timesyncd: unrecognized service [ERROR ] retcode: 1 [ERROR ] {'systemd-timesyncd': False} [ERROR ] Command '/usr/sbin/sysctl' failed with return code: 1 [ERROR ] stderr: sysctl: permission denied on key "vm.swappiness" [ERROR ] retcode: 1 [ERROR ] Failed to set vm.swappiness to 5: sysctl -w failed: sysctl: permission denied on key "vm.swappiness" [...] ---------- ID: systemd-salt-minion Function: module.run Name: service.systemctl_reload Result: False Comment: Module function service.systemctl_reload threw an exception. Exception: Problem performing systemctl daemon-reload: System has not been booted with systemd as init system (PID 1). Can't operate. Failed to connect to bus: Host is down Started: 14:35:18.642296 Duration: 11.847 ms Changes: ----------

I'm using a git bare repository for managing dotfiles, and some other repositories for custom DWM build and all. I use SSH for pushing and pulling from git, but it keeps asking me my SSH passphrase every time try to push or pull. i have already tried

eval $(ssh-agent)

then

ssh-add ~/.ssh/id_rsa

and its added successfully, but no luck I am missing something?

I have Ubuntu 24.04 on a Raspberry Pi 4 and after months of working fine, today it has jumped to a load 41 for no apparent reason. Can't connect to remote MySQL instance from the server. And gitlab keeps telling me my login is invalid. Not sure where to start researching what's causing the problem The only thing running all this time was gitlab 16.9.2 community edition, and I was doing some react Front and and node.js API development. I'd appreciate some tips on deciphering this crazy load?

I've configured GitLab to work with my Authentik SSO: gitlab_rails['omniauth_providers'] = [ { name: 'saml', label: 'Company SSO', groups_attribute: 'Groups', required_groups: ['gitlab_users'], admin_groups: ['gitlab_admins'], external_groups: ['gitlab_externals'], auditor_groups: ['gitlab_auditors'], }, } ] I have defined some groups inside Authentik and mapped them to GitLab inside the config. If I try to login with a user to GitLab which has no group, it's denied as expected. If I set the users group, I can login. When I now delete the user again and assign the admins group, I can also login but I can not see any admin controls. Am I missing something? I have followed this tutorial: https://docs.gitlab.com/ee/integration/saml.html

I'm trying to create an archive e.g. archive.tar.gz inside the current working directory e.g. /builds/project/ without saving the archive.tar.gz inside archive.tar.gz. To prevent this I'm trying to use --exclude=PATTERN option. This should be an easy task. But it's not. Finally, I would like to name the archive after a set variable and exclude it. Versions:

$ bash --version
GNU bash, version 5.2.15(1)-release (x86_64-pc-linux-gnu)
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
$ tar --version
tar (GNU tar) 1.34
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later .
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Written by John Gilmore and Jay Fenlason.

I've tried multiple versions, with quotes, without, exclude at different positions, PATTERN with ./ and without and nothing works:

$ tar -czf --exclude=archive1.tar.gz archive1.tar.gz . || true
tar: archive1.tar.gz: Cannot stat: No such file or directory
tar: .: file changed as we read it
tar: Exiting with failure status due to previous errors
$ tar -czf --exclude="archive2.tar.gz" archive2.tar.gz . || true
tar: archive2.tar.gz: Cannot stat: No such file or directory
tar: .: file changed as we read it
tar: Exiting with failure status due to previous errors
$ tar -czf --exclude=./archive3.tar.gz archive3.tar.gz . || true
tar: archive3.tar.gz: Cannot stat: No such file or directory
tar (child): --exclude=./archive3.tar.gz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: --exclude=./archive3.tar.gz: Cannot write: Broken pipe
tar: Child returned status 2
tar: Error is not recoverable: exiting now
$ tar -czf --exclude="./archive4.tar.gz" archive4.tar.gz . || true
tar: archive4.tar.gz: Cannot stat: No such file or directory
tar (child): --exclude=./archive4.tar.gz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: --exclude=./archive4.tar.gz: Cannot write: Broken pipe
tar: Child returned status 2
tar: Error is not recoverable: exiting now
$ tar -czf archive5.tar.gz --exclude=archive5.tar.gz . || true
tar: .: file changed as we read it
$ tar -czf archive6.tar.gz --exclude="archive6.tar.gz" . || true
tar: .: file changed as we read it
$ tar -czf archive7.tar.gz --exclude=./archive7.tar.gz . || true
tar: .: file changed as we read it
$ tar -czf archive8.tar.gz --exclude="./archive8.tar.gz" . || true
tar: .: file changed as we read it
$ TAR_FILE=archive9.tar.gz ; tar -czf --exclude=$TAR_FILE $TAR_FILE . || true
tar: archive9.tar.gz: Cannot stat: No such file or directory
tar: .: file changed as we read it
tar: Exiting with failure status due to previous errors
$ TAR_FILE=archive10.tar.gz ; tar -czf --exclude="$TAR_FILE" $TAR_FILE . || true
tar: archive10.tar.gz: Cannot stat: No such file or directory
tar: .: file changed as we read it
tar: Exiting with failure status due to previous errors
$ TAR_FILE=archive11.tar.gz ; tar -czf --exclude=./$TAR_FILE $TAR_FILE . || true
tar: archive11.tar.gz: Cannot stat: No such file or directory
tar (child): --exclude=./archive11.tar.gz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: --exclude=./archive11.tar.gz: Cannot write: Broken pipe
tar: Child returned status 2
tar: Error is not recoverable: exiting now
$ TAR_FILE=archive12.tar.gz ; tar -czf --exclude="./$TAR_FILE" $TAR_FILE . || true
tar: archive12.tar.gz: Cannot stat: No such file or directory
tar (child): --exclude=./archive12.tar.gz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: --exclude=./archive12.tar.gz: Cannot write: Broken pipe
tar: Child returned status 2
tar: Error is not recoverable: exiting now
$ TAR_FILE=archive13.tar.gz ; tar -czf $TAR_FILE --exclude=$TAR_FILE . || true
tar: .: file changed as we read it
$ TAR_FILE=archive14.tar.gz ; tar -czf $TAR_FILE --exclude="$TAR_FILE" . || true
tar: .: file changed as we read it
$ TAR_FILE=archive15.tar.gz ; tar -czf $TAR_FILE --exclude=./$TAR_FILE . || true
tar: .: file changed as we read it
$ TAR_FILE=archive16.tar.gz ; tar -czf $TAR_FILE --exclude="./$TAR_FILE" . || true
tar: .: file changed as we read it

https://xkcd.com/1168/ https://xkcd.com/1168/ " class="img-fluid rounded" style="max-width: 100%; height: auto; margin: 10px 0;" loading="lazy">

I set up SSH Keys on my Windows Machine and then I added the key in my gitlab account according to the setup guide: Gitlab SSH KEY But I ran into an issue: When I try to test the connection with *ssh -T* I am promt to provide the password for the user git, which I do not know. I haven't set a password for the key. $ ssh -T git@mygitlab.com -p 8922 git@mygitlab.com's password: I also tried to execute the command as sudo/admin ## Update I also wrote a config file (.ssh/config) to specify which key should be used but it did not work. Now this rises a question on the GitLab side since I host an instance of my own. Is there some special setting I haven't set up correctly? Or do I have to reconfigure the user *git* ? I think I forgot to mention that I host my own instance of gitlab and I'm missing a configuration Admin Setup but I can't figure out where I'm going wrong. Can somebody please share their knowledge of their gitlab.rb file?

I'm playing with etckeeper and it seems to be a good product. I use it only to track /etc filesystem locally, but these days the idea came to my mind - to create central Gitlab repository and to store all the node /etc repositories there. The question is how can I do that? I noticed in the config of etckeeper, there is a variable called: PUSH_REMOTE="", but do I have to create separate repository for every server or I can use one and combine all the servers in it? Maybe I can use branches? Or different folders? Any advice's are welcomed. I will try to do it in manual way, and if it works I will think how to do it in automated way, via Puppet or Ansible.. Thanks in advance.

I'm trying to maintain an install script for Tryton ERP at Tryton community . I'd find it useful to have a version number in the file name; to manage this, when committing I'd like to have a prompt to enter the new version number. Is such possible with heptapod (git), and can it be achieved without extensive programming knowledge (which I don't have)? Greetings, Wolf

Am I right that gitlab service is like a controller (so it's reflected by gitlab-ctl) for gitlab-runner? Gitlab service at Linux server in particular stores the configurations needed for gitlab-runner. And if there's only gitlab-runner then it - in the absence of Gitlab - interacts with gitlab.com where IS configurations needed for work?

I just wanted to raise an issue (ie. report a bug) in some software package hosted on gitlab. I have a github account, but not a gitlab one. Whenever I log in from a new device (github), I need to "authorize" the new device. Now, I tried "logging in" on gitlab using the offered github account/password authentication. I got the usual "confirm this email address" thing. I did that. Then it wanted my phone number! At this point I gave up. Do they also need my social security number, date of birth and passport number? Maybe my mother's maiden name? What's the need for all this two-factor-authentication level security?

I'm hosting a gitlab-ce instance with runners on a Ubuntu 22.04.2 LTS server with docker compose :

version: '3.7'
services:
  web:
    image: 'gitlab/gitlab-ce:latest'
    restart: always
    hostname: 'localhost'
    container_name: gitlab-ce
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'http://192.168.123.178 '
    ports:
      - '80:80'
      - '8443:443'
    volumes:
      - '$GITLAB_HOME/config:/etc/gitlab'
      - '$GITLAB_HOME/logs:/var/log/gitlab'
      - '$GITLAB_HOME/data:/var/opt/gitlab'
    networks:
      - gitlab
  gitlab-runner:
    image: gitlab/gitlab-runner:alpine
    container_name: gitlab-runner
    restart: always
    depends_on:
      - web
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - '$GITLAB_HOME/gitlab-runner:/etc/gitlab-runner'
    networks:
      - gitlab

networks:
  gitlab:
    name: gitlab-network

I enabled container registry on port 5050 from within the gitlab.rb config file mounted to the container:

...
registry_external_url 'http://192.168.123.178:5050 '
...

I can confirm the container registry is enabled since I'm able to use the AutoDevOps feature per project on gitlab. I registered a runner to a project with the following command :

$ sudo docker exec -it gitlab-runner gitlab-runner register --url "http://gitlab-ce " --clone-url "http://gitlab-ce " --registration-token  --executor docker --description "Deployment Runner" --docker-image "docker:stable" --docker-privileged

It generates the following config.toml file :

[[runners]]
  name = "Deployment Runner"
  url = "http://gitlab-ce "
  id = 6
  token = ""
  token_obtained_at = 2023-04-28T13:39:30Z
  token_expires_at = 0001-01-01T00:00:00Z
  executor = "docker"
  clone_url = "http://gitlab-ce "
  [runners.cache]
    MaxUploadedArchiveSize = 0
  [runners.docker]
    tls_verify = false
    image = "docker:stable"
    privileged = true
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/cache"]
    shm_size = 0
    # manually added this
    network_mode = "gitlab-network"

Now I setup a simple html website hosted with an nginx container. This is the .gitlab-ci.yml file I use to test the continuous deployment workflow :

stages:
  - publish
  - deploy

variables:
  TAG_LATEST: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:latest
  TAG_COMMIT: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA
  DOCKER_HOST: tcp://docker:2375/
  DOCKER_TLS_CERTDIR: ""

publish:
  image: docker:latest
  stage: publish
  services:
    - name: docker:dind
      command: ["--insecure-registry=localhost:5050"]
      
  script:
    - docker build -t $TAG_COMMIT -t $TAG_LATEST .
    - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
    - docker push $TAG_COMMIT
    - docker push $TAG_LATEST

deploy:
  image: alpine:latest
  stage: deploy
  tags:
    - deployment
  script:
    - chmod og= $ID_RSA
    - apk update && apk add openssh-client
    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY"
    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker pull $TAG_COMMIT"
    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker container rm -f my-app || true"
    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker run -d -p 80:80 --name my-app $TAG_COMMIT"
  environment:
    name: production
    url: http://192.168.123.178 

Although everything seems fine, it returns the following error in the build stage :

...
$ docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get "https://[MASKED]:5050/v2/ ": dial tcp [MASKED]:5050: connect: connection refused
Cleaning up project directory and file based variables
ERROR: Job failed: exit code 1

## Edit: Forgot to mention that I also declared the unsecured container registry in /etc/docker/deamon.json in the server hosting the docker deamon as follows :

{ "insecure-registries": ["localhost:5050"] }

I don't know if I should do the same on the gitlab-runner containers. I don't know how either.

Welcome, while trying to install Gitlab GDK on a MacBook Pro Catalina 16G RAM it goes ok except three dependencies which already exist but the GDK says they are not installed or outdated! bin/gdk install The following Brewfile's dependencies are missing or outdated: - dpkg - git-lfs - graphicsmagick To install these dependencies, run the following command: (cd /Users/wpplumber/Workspace/Gitlab/dev/gitlab-development-kit && brew bundle) make: *** [support/makefiles/Makefile.config.mk:208: preflight-checks-run] Error 1 make: *** [support/makefiles/Makefile.timing.mk:4: preflight-checks-timed] Error 2 ❌️ ERROR: Failed to install. ------------------------------------------------------- You can try the following that may be of assistance: - Run 'gdk doctor'. - Visit the troubleshooting documentation: https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/doc/troubleshooting/index.md . - Visit https://gitlab.com/gitlab-org/gitlab-development-kit/-/issues to see if there are known issues. - Run 'gdk reset-data' if appropriate. - Run 'gdk pristine' which will restore your GDK to a pristine state. After running the cmd: brew bundle it shows the following error which seems a bug with tar ! ==> Fetching dpkg ==> Downloading https://raw.githubusercontent.com/Homebrew/homebrew-core/e579248a9a82f75681ed695591446505bb91b864/Formula/d/dpkg.rb ==> Downloading https://deb.debian.org/debian/pool/main/d/dpkg/dpkg_1.22.0.tar.xz ==> Installing dependencies for dpkg: gnu-tar ==> Installing dpkg dependency: gnu-tar ==> ./configure --mandir=/usr/local/Cellar/gnu-tar/1.35/share/man --program-pref ==> make install Last 15 lines from /Users/wpplumber/Library/Logs/Homebrew/gnu-tar/02.make: _verify_volume in compare.o _process_rawdata in compare.o _dump_regular_file in create.o _sparse_dump_region in sparse.o _main in tar.o _read_error_details in libtar.a(paxerror.o) ... "_libintl_setlocale", referenced from: _main in tar.o "_libintl_textdomain", referenced from: _main in tar.o ld: symbol(s) not found for architecture x86_64 clang: error: linker command failed with exit code 1 (use -v to see invocation) make: *** [tar] Error 1 make: *** [install-recursive] Error 1 Do not report this issue to Homebrew/brew or Homebrew/homebrew-core! Error: You are using macOS 10.15. We (and Apple) do not provide support for this old version. It is expected behaviour that some formulae will fail to build in this old version. It is expected behaviour that Homebrew will be buggy and slow. Do not create any issues about this on Homebrew's GitHub repositories. Do not create any issues even if you think this message is unrelated. Any opened issues will be immediately closed without response. Do not ask for help from Homebrew or its maintainers on social media. You may ask for help in Homebrew's discussions but are unlikely to receive a response. Try to figure out the problem yourself and submit a fix as a pull request. We will review it but may or may not accept it. Installing dpkg has failed! Using exiftool Using git Installing git-lfs

I run the Worker container (Fargate Worker: https://docs.gitlab.com/runner/configuration/runner_autoscale_aws_fargate/) . **My problem** is that the container (Gitlab-runner) is running on Fargate ('awsvpc' network mode), but 'nslookup' cannot find the private DNS server in the other part of the VPN site-to-site point. I did it same thing on EC2. On EC2, when I updated resolved.conf like below: sudo sed -i 's/#DNS=/DNS=192.168.x.x/g' /etc/systemd/resolved.conf sudo sed -i 's/#Domains=/Domains=privateurl.net/g' /etc/systemd/resolved.conf sudo systemctl restart systemd-resolved From EC2, '**nslookup subdomain.privateurl.net**' returned positively, it found the name, address, and IP. But, when I did the same thing on the container that runs on Fargate, '**nslookup subdomain.privateurl.net**' couldn't find the name, address, and IP. From the container, 'ping ' is accomplished. It shows that there is a connection between the container on Fargate and the server (subdomain.privateurl.net) on the other side of the VPN. But '**ping **' and '**nslookup **' are not working properly. By the way, I made port mapping container port 53 to host 53 for DNS requests (nslookup). I am suspecting that the container on Fargate ('awsvpc' network mode) is behaving differently than EC2. CloudWatch Log: nslookup subdomain.privateurl.net # on ECS container ** server can't find subdomain.privateurl.net: NXDOMAIN PING 192.168.1.10 (192.168.1.10) 56(84) bytes of data. 64 bytes from 192.168.1.10: icmp_seq=1 ttl=63 time=15.8 ms

I have been reading documentation from gitlab at: * https://docs.gitlab.com/ee/ci/yaml/script.html#split-long-commands In my case I have a special character (colon ':'), so I also did read: * https://docs.gitlab.com/ee/ci/yaml/script.html#use-special-characters-with-script Now my question is: how do I combine both ? On one hand I have (ref ):

job name:
  script:
    - |
      for file in *; do
        echo "$file";
        echo "${REPO}/${file}";
      done

And on the other hand I have (ref ):

script:
    - 'for file in *; do curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file "${file}" "${REPO}/${file}"; done'

How do I combine both ? Long term solution is to handle error in my for loop as (ref ):

- 'http_code=$(curl -o /dev/null -s -w "%{http_code}" --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file "$file" "${REPO}/${file}")'
    - if [ $http_code -ne 201 ]; then echo "Upload failed: terminating" && false; fi;

I have the following .gitlab-ci.yml file :

stages:
  - publish
  - deploy

variables:
  TAG_LATEST: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:latest
  TAG_COMMIT: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA
  DOCKER_HOST: tcp://docker:2375/
  DOCKER_TLS_CERTDIR: ""

publish:
  image: docker:latest
  stage: publish
  services:
    - name: docker:dind
      command: ["--insecure-registry=192.168.123.178:5050"]
      
  script:
    - docker build -t $TAG_COMMIT -t $TAG_LATEST .
    - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
    - docker push $TAG_COMMIT
    - docker push $TAG_LATEST

deploy:
  image: alpine:latest
  stage: deploy
  tags:
    - deployment
  script:
    - chmod og= $ID_RSA
    - apk update && apk add openssh-client
    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY "
    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker pull $TAG_COMMIT"
    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker container rm -f my-app || true"
    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker run -d -p 80:80 --name my-app $TAG_COMMIT"
  environment:
    name: production
    url: http://192.168.123.178 

How can I declare the insecure registry in the deploy stage like I did in the publish stage? I'm always getting syntax errors. ## Edit It erros out at the deploy stage when executing

$ ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY "

Error response from daemon: Get "https://[MASKED]:5050/v2/ ": http: server gave HTTP response to HTTPS client

I know this is due to the unsecure registry I want it to use. I then tried to add the unsecure registry declaration in the deploy stage as shown below:

...
deploy:
  image: alpine:latest
  stage: deploy
  tags:
    - deployment
  script:
    - chmod og= $ID_RSA
    - apk update && apk add openssh-client
    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY "
    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker pull $TAG_COMMIT"
    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker container rm -f my-app || true"
    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker run -d -p 80:80 --name my-app $TAG_COMMIT"
  environment:
    name: production
    url: http://192.168.123.178 
  command: ["--insecure-registry=192.168.123.178:5050"]

but this is a YAML syntax error.

I am running buildah(quay.io/containers/buildah) in a gitlab CI/CD pipeline(kubernetes pod), but it fails building images. buildah bud . returns:

mount /var/lib/containers/storage/overlay:/var/lib/containers/storage/overlay, flags: 0x1000: permission denied
time="2023-05-03T13:02:06Z" level=warning msg="failed to shutdown storage: \"mount /var/lib/containers/storage/overlay:/var/lib/containers/storage/overlay, flags: 0x1000: permission denied\""
failed with exit code 125

Buildah inside of the container is running as root, and I made sure that the overlay module is loaded lsmod | grep overlay. I also read the [troubleshooting guide](https://github.com/containers/buildah/blob/main/troubleshooting.md) , but it only mentions issues in rootless mode. What could cause issues while mounting overlay filesystems? And which component could be causing the problem(kubernetes, buildah,gitlab-ci-cd,...)? Thanks in advance :)

I need your help with the following problem. I'm trying to compile a .tex document in GitLab and put my compiled .pdf file in the root repo. I have created a .gitlab-ci.yml file which has the following configuration:

# Use the latest version of the TeX Live Docker image
image: texlive/texlive:latest

# Define a single stage named "build"
stages:
  - build

# Configuration for the "build" stage
build:
  stage: build
  # Specify the events that trigger the pipeline
  only:
    - push
  # Specify the commands to be executed in the pipeline
  script:
    - filename="main"
    - echo "Running latexmk with lualatex"
    - latexmk -pdf -pdflatex="lualatex %O %S" "$filename.tex"
    - echo "Moving .pdf file to root directory"
    - mv "$filename.pdf" ../
    - echo "Listing contents of root directory"
    - ls ../

The log file tells me the following

Latexmk: All targets () are up-to-date
$ echo "Moving .pdf file to root directory"
Moving .pdf file to root directory
$ mv "$filename.pdf" ../
$ echo "Listing contents of root directory"
Listing contents of root directory
$ ls ../
PhD
PhD.tmp
main.pdf
Cleaning up project directory and file based variables
Job succeeded

However, when I access my repo, I do not find any main.pdf file loaded. How can I solve this problem? Is there something I don't understand?

I am investigating the retention of logs in var/log/ for a server that hosts Gitlab. There are multiple logs here as listed below: Boot.log Cron maillog Messages Secure spooler yum.log Is there a way that I can control the retention of these logs? Is there anything that's controlled via the gitlab.rb file? Is there a general way of identifying where logs are controlled?