我有两个Ubuntu 16.04.5 LTS服务器。一个是运行gitlab-ee实例,另一个是运行gitlab-runner。
当我将代码推送到服务器时,我注意到我的共享运行器需要很长时间来获取代码并构建它。
我查看了/var/log/gitlab/gitlab-rails/api_json.log下的gitlab-ee日志,发现它们经常出现403错误。
{"time":"2018-09-03T17:58:29.432Z","severity":"INFO","duration":5.41,"db":1.34,"view":4.07,"status":403,"method":"POST","path":"/api/v4/jobs/request","params":{"info":{"name":"gitlab-runner","version":"11.2.0","revision":"35e8515d","platform":"linux","architecture":"amd64","executor":"docker","shell":"bash","features":{"variables":"[FILTERED]","image":null,"services":null,"artifacts":null,"cache":null,"shared":null,"upload_multiple_artifacts":null}},"token":"[FILTERED]","last_update":"c565c8f1c839e48b27a1758c04af7863"},"host":"gitlab.XXXX.XXX","ip":"XX.XX.XX.XX","ua":"gitlab-runner 11.2.0 (11-2-stable; go1.8.7; linux/amd64)","queue_duration":8.48}
{"time":"2018-09-03T17:58:29.621Z","severity":"INFO","duration":5.51,"db":1.26,"view":4.25,"status":403,"method":"POST","path":"/api/v4/jobs/request","params":{"info":{"name":"gitlab-runner","version":"11.2.0","revision":"35e8515d","platform":"linux","architecture":"amd64","executor":"docker","shell":"bash","features":{"variables":"[FILTERED]","image":null,"services":null,"artifacts":null,"cache":null,"shared":null,"upload_multiple_artifacts":null}},"token":"[FILTERED]","last_update":"6c328f52ff65c51b4b34b9c1ea26249e"},"host":"gitlab.XXXX.XXX","ip":"XX.XX.XX.XX","ua":"gitlab-runner 11.2.0 (11-2-stable; go1.8.7; linux/amd64)","queue_duration":9.43}
{"time":"2018-09-03T17:58:29.807Z","severity":"INFO","duration":5.5,"db":1.61,"view":3.8899999999999997,"status":403,"method":"POST","path":"/api/v4/jobs/request","params":{"info":{"name":"gitlab-runner","version":"11.2.0","revision":"35e8515d","platform":"linux","architecture":"amd64","executor":"docker","shell":"bash","features":{"variables":"[FILTERED]","image":null,"services":null,"artifacts":null,"cache":null,"shared":null,"upload_multiple_artifacts":null}},"token":"[FILTERED]","last_update":"7d3fda493909db2329c6a578ad9960ec"},"host":"gitlab.XXXX.XXX","ip":"XX.XX.XX.XX","ua":"gitlab-runner 11.2.0 (11-2-stable; go1.8.7; linux/amd64)","queue_duration":7.72}
直到,每隔一段时间,一个人设法通过,
{"time":"2018-09-03T19:22:07.249Z","severity":"INFO","duration":24.36,"db":7.55,"view":16.81,"status":204,"method":"POST","path":"/api/v4/jobs/request","params":{"info":{"name":"gitlab-runner","version":"11.2.0","revision":"35e8515d","platform":"linux","architecture":"amd64","executor":"docker","shell":"bash","features":{"variables":"[FILTERED]","image":null,"services":null,"artifacts":null,"cache":null,"shared":null,"upload_multiple_artifacts":null}},"token":"[FILTERED]","last_update":"e0d8576707ef9261fd3e59106f8a2ba8"},"host":"gitlab.XXXX.XXX","ip":"XX.XX.XX.XX","ua":"gitlab-runner 11.2.0 (11-2-stable; go1.8.7; linux/amd64)","queue_duration":18.47}
这导致排队时间超过10分钟。
我试图找到原因,但无法做到。我采取的步骤是:
似乎GitLab issuing temporary IP bans - 403 forbidden非常相似,但我没有额外安装任何东西。这是一个香草gitlab-ee实例。
您的GitLab实例是否在负载平衡器后面?在过去,我遇到了与我自我托管的GitLab EE实例非常相似的情况。由于负载均衡器,GitLab看到所有请求都来自同一个IP地址,并且会一直错误地发出临时禁止。我在GitLab Runner作业请求中遇到了403响应。
为了修复我的安装,我最终完全关闭了机架攻击过滤。但是,有一种方法可以转发实际的客户端IP。