search

sameersbn / docker-gitlab-ci

Dockerfile to build a GitLab CI container image.
http://www.damagehead.com/docker-gitlab-ci/
MIT License
199 stars 51 forks source link

Can't Authorize Gitlab CI #18

Closed mirzap closed 9 years ago

mirzap commented 9 years ago

Hi, I have problem when I try to authorize an app:

selection_046

here is log from /var/log/gitlab-ci/gitlab-ci/production.log

Completed 302 Found in 4ms (ActiveRecord: 0.5ms)
Started GET "/user_sessions/callback?code=f28bd4306840601bc25e8a16b2ac474bab70a151f47d5b4333cfdba698768b1a" for 146.255.155.77 at 2015-03-16 22:32:13 +0000
Processing by UserSessionsController#callback as HTML
  Parameters: {"code"=>"f28bd4306840601bc25e8a16b2ac474bab70a151f47d5b4333cfdba698768b1a"}
Completed 500 Internal Server Error in 14ms

Faraday::ConnectionFailed (Connection refused - connect(2) for "mygitlabhost.be" port 10081):
  app/controllers/user_sessions_controller.rb:18:in `callback'
sameersbn commented 9 years ago

@mirzap I see that the redirection is trying to connect to http://mygitlabhost.be:10081. Is that correct.

Please share your run commands for starting gitlab and ci.

mirzap commented 9 years ago

Yes @sameersbn Here is my fig file:

postgresql:
  image: sameersbn/postgresql:latest
  environment:
    - DB_USER=redmine
    - DB_PASS=redpass
    - DB_NAME=redmine,gitlab,gitlabci
    - PSQL_TRUST_LOCALNET=true
  volumes:
    - ./data/postgresql:/var/lib/postgresql
  ports:
    - "5432:5432"
gitlab:
  image: sameersbn/gitlab:7.8.4
  links:
   - redis:redisio
   - postgresql:postgresql
  environment:
    - DB_USER=redmine
    - DB_PASS=redpass
    - DB_NAME=gitlab
    - SMTP_DOMAIN=smtp.domain
    - SMTP_HOST=smtp.host
    - SMTP_PORT=587
    - SMTP_USER=smtp.user
    - SMTP_PASS=smtp.pass
    - SMTP_STARTTLS=true
    - GITLAB_HOST=mygitlabhost.be
    - GITLAB_PORT=10081
    - GITLAB_EMAIL=my.email
    - REDMINE_URL=http://myredmineurl.be:10080
  volumes:
    - ./data/gitlab:/home/git/data
  ports:
   - "10081:80"
   - "10022:22"
redmine:
  image: sameersbn/redmine:2.6.2
  links:
    - postgresql:postgresql
  environment:
    - DB_USER=redmine
    - DB_PASS=redpass
    - DB_NAME=redmine
    - NGINX_MAX_UPLOAD_SIZE=120m
    - SMTP_DOMAIN=smtp.domain
    - SMTP_HOST=smtp.host
    - SMTP_PORT=587
    - SMTP_USER=smtp.user
    - SMTP_PASS=smtp.pass
    - SMTP_STARTTLS=true
  volumes:
    - ./data/redmine:/home/redmine/data
  volumes_from:
    - project_gitlab_1
  ports:
    - "10080:80"
redis:
  image: sameersbn/redis:latest
ci:
  image: sameersbn/gitlab-ci:7.8.4
  links:
   - redis:redisio
   - postgresql:postgresql
  environment:
    - DB_USER=redmine
    - DB_PASS=redpass
    - DB_NAME=gitlabci
    - GITLAB_APP_ID=gitlab.app.id
    - GITLAB_APP_SECRET=gitlab.app.secret
    - GITLAB_URL=http://mygitlaburl.be:10081/
    - SMTP_DOMAIN=smtp.domain
    - SMTP_HOST=smtp.host
    - SMTP_PORT=587
    - SMTP_USER=smtp.user
    - SMTP_PASS=smtp.pass
    - SMTP_STARTTLS=true
  volumes:
    - ./data/gitlab_ci:/home/gitlab_ci/data
  ports:
    - "10082:80"
epiphyllum commented 9 years ago

I have the same problem.

my gitlab-ci's log:

Started GET "/user_sessions/callback?code=2e0732e88dd59da14b8ca98d399e8697db06ed2db6cbf78de82332264daa27a2" for 127.0.0.1 at 2015-04-01 09:28:14 +0800
Processing by UserSessionsController#callback as HTML
  Parameters: {"code"=>"2e0732e88dd59da14b8ca98d399e8697db06ed2db6cbf78de82332264daa27a2"}
Completed 500 Internal Server Error in 1684ms

OAuth2::Error (<html>
<head><title>405 Not Allowed</title></head>
<body bgcolor="white">
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx/1.7.9</center>
</body>
</html>
):
  app/controllers/user_sessions_controller.rb:18:in `callback'

my gitlab's log

Started POST "/oauth/authorize" for 127.0.0.1 at 2015-04-01 09:28:14 +0800
Processing by Oauth::AuthorizationsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"VAEcz0lYiCkRvjzMSOW5Ln8deKAdEYsowTAi5/+6FWM=", "client_id"=>"a7d1009834f636acf8ee6c1dd1aa2ebe26b5678a430c3d81f3ff8fb823858fc3", "redirect_uri"=>"http://gitlab-ci.tfs.com/user_sessions/callback", "state"=>"", "response_type"=>"code", "scope"=>"api"}
Redirected to http://gitlab-ci.tfs.com/user_sessions/callback?code=2e0732e88dd59da14b8ca98d399e8697db06ed2db6cbf78de82332264daa27a2
Completed 302 Found in 34ms (ActiveRecord: 23.9ms)
sameersbn commented 9 years ago

@mirzap how have you setup the domain name mygitlaburl.be? Have you added a entry in the /etc/hosts file for it? If that is the case, then it basically means that the gitlab-ci container is not able to connect to http://mygitlaburl.be:10081, probably because it cannot resolve the hostname.

You can manually check this using.

docker exec -it <gitlab_ci_container_id> bash
wget --method=HEAD http://mygitlaburl.be:10081

wget output will show if the hostname resolution is happening and at the same time if we are able to connect to the gitlab server

p.s. I am sorry about not responding earlier. I completely missed your reply.

sameersbn commented 9 years ago

@epiphyllum I am a bit busy at the moment. I would suggest you look at your haproxy configuration. I remember a long time ago I had such problems with the redirection. You can try looking up the past issues for hints.

If you manage to fix the issue please list the corrective measures taken. I will look into it as soon as I can find some time.

epiphyllum commented 9 years ago

It should not the problem of haproxy. because, Even if I don't use haproxy, in my local box test, the problem still exists. the following is my /etc/hosts

172.17.88.1 mirror.tfs.com 172.17.88.3 archiva.tfs.com 172.17.88.6 gitlab.tfs.com 172.17.88.9 gitlab-ci.tfs.com 172.17.88.5 redmine.tfs.com

test log of gitlab-ci


Started GET "/" for 127.0.0.1 at 2015-04-01 13:07:33 +0800
Processing by ProjectsController#index as HTML
  Rendered projects/_public.html.haml (2.4ms)
  Rendered projects/index.html.haml within layouts/application (3.2ms)
  Rendered layouts/_head.html.haml (0.7ms)
  Rendered layouts/_nav.html.haml (0.8ms)
  Rendered layouts/_info.html.haml (0.2ms)
Completed 200 OK in 11ms (Views: 6.9ms | ActiveRecord: 0.8ms)
Started GET "/user_sessions/auth" for 127.0.0.1 at 2015-04-01 13:07:40 +0800
Processing by UserSessionsController#auth as HTML
Redirected to http://gitlab.tfs.com/oauth/authorize?client_id=a7d1009834f636acf8ee6c1dd1aa2ebe26b5678a430c3d81f3ff8fb823858fc3&redirect_uri=http%3A%2F%2Fgitlab-ci.tfs.com%2Fuser_sessions%2Fcallback&response_type=code
Completed 403 Forbidden in 6ms (ActiveRecord: 0.3ms)
Started GET "/user_sessions/auth" for 127.0.0.1 at 2015-04-01 13:07:40 +0800
Processing by UserSessionsController#auth as HTML
Redirected to http://gitlab.tfs.com/oauth/authorize?client_id=a7d1009834f636acf8ee6c1dd1aa2ebe26b5678a430c3d81f3ff8fb823858fc3&redirect_uri=http%3A%2F%2Fgitlab-ci.tfs.com%2Fuser_sessions%2Fcallback&response_type=code
Completed 302 Found in 5ms (ActiveRecord: 0.6ms)
Started GET "/user_sessions/callback?code=8d249fea657f00a763a69845b69986eee059a4fc1dca4f92f51737bb48efaf5a" for 127.0.0.1 at 2015-04-01 13:07:45 +0800
Processing by UserSessionsController#callback as HTML
  Parameters: {"code"=>"8d249fea657f00a763a69845b69986eee059a4fc1dca4f92f51737bb48efaf5a"}
Completed 500 Internal Server Error in 1664ms

OAuth2::Error (<html>
<head><title>405 Not Allowed</title></head>
<body bgcolor="white">
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx/1.7.9</center>
</body>
</html>
):
  app/controllers/user_sessions_controller.rb:18:in `callback'

test log of gitlab


Started GET "/oauth/authorize?client_id=a7d1009834f636acf8ee6c1dd1aa2ebe26b5678a430c3d81f3ff8fb823858fc3&redirect_uri=http%3A%2F%2Fgitlab-ci.tfs.com%2Fuser_sessions%2Fcallback&response_type=code" for 127.0.0.1 at 2015-04-01 13:07:40 +0800
Processing by Oauth::AuthorizationsController#new as HTML
  Parameters: {"client_id"=>"a7d1009834f636acf8ee6c1dd1aa2ebe26b5678a430c3d81f3ff8fb823858fc3", "redirect_uri"=>"http://gitlab-ci.tfs.com/user_sessions/callback", "response_type"=>"code"}
Completed 200 OK in 56ms (Views: 38.4ms | ActiveRecord: 9.1ms)
Started POST "/oauth/authorize" for 127.0.0.1 at 2015-04-01 13:07:45 +0800
Processing by Oauth::AuthorizationsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"VAEcz0lYiCkRvjzMSOW5Ln8deKAdEYsowTAi5/+6FWM=", "client_id"=>"a7d1009834f636acf8ee6c1dd1aa2ebe26b5678a430c3d81f3ff8fb823858fc3", "redirect_uri"=>"http://gitlab-ci.tfs.com/user_sessions/callback", "state"=>"", "response_type"=>"code", "scope"=>"api"}
Redirected to http://gitlab-ci.tfs.com/user_sessions/callback?code=8d249fea657f00a763a69845b69986eee059a4fc1dca4f92f51737bb48efaf5a
Completed 302 Found in 30ms (ActiveRecord: 19.6ms)
epiphyllum commented 9 years ago

I found the problem:

we should add entry in /etc/hosts for gitlab-ci ang gitlab container

because this two container call each other with URL

sameersbn commented 9 years ago

@epiphyllum that was my point

sameersbn commented 9 years ago

@epiphyllum I think you can also volume mount the host '/etc/hosts' using -v /etc/hosts:/etc/hosts:ro. This however is untested and I do not recommended it. You are better of making DNS entries at the DNS server.

sameersbn commented 9 years ago

@epiphyllum was you issue fixed after making the /etc/hosts entries? @mirzap can you please try this resolution?

epiphyllum commented 9 years ago

yes. using -v to mount /etc/hosts is more robustable and be consistent!

sameersbn commented 9 years ago

@mirzap ping!

d0ubl3d commented 9 years ago

I think that the issue is with linking containers. Even from the main host it shows forbidden using curl or wget to given ports. When called from outside it works properly.

sameersbn commented 9 years ago

@d0ubl3d using the link feature to set the GITLAB_URL is not advisable anymore. Ideally you want to set the GITLAB_URL to the to git.example.com or something.

d0ubl3d commented 9 years ago

But for some reason gitlab port is not accessible from gitlab_ci container.

mirzap commented 9 years ago

Still have problem with this. Can't access to the gitlab URL with this port from CI container...