I have installed successfully a gitlab-runner on a VM, and it is used by some of my projects. I would like to use the Interactive Web Terminal to have a chance to debug when some pipeline fails.
I'm trying to configure my config.toml file, following this docu of GitLab but I'm not understanding which ip address I should use in the setting listen_address. Should it be the ip of the running machine? The docker container instance? Or what?
Here is my current configuration:
concurrent = 2
check_interval = 0
log_level = "panic"
[session_server]
listen_address = "0.0.0.0:8093" # listen on all available interfaces on port 8093
session_timeout = 1800
[[runners]]
name = "A test private repo"
url = "https://gitlab.com/"
token = "myToken"
executor = "docker"
[runners.custom_build_dir]
[runners.docker]
tls_verify = false
image = "alpine:latest"
privileged = false
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/cache"]
shm_size = 0
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
[runners.custom]
run_exec = ""
Screen of error I get
I noticed that when I hit the 0.0.0.0:8093 address on the machine where the gitlab-runner is running I get this response:
Your configuration should use:
[session_server]
session_timeout = 1800
listen_address = "0.0.0.0:8093"
advertise_address = "<your runner IP/hostname>:8093"
Should it be the ip of the running machine?
Yes
Related
Trying to connect to a windows host from a Linux Zorin control Host by using Ansible.
Installed winrm in the windows machine and set all the required authentication methods to True.
Configuration of winrm in the Window Host
PS C:\WINDOWS\system32> winrm get winrm/config
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = true
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GXGR;;;S-1-5-21-2039588290-1060779563-2652726705-1011)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = false
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 2147483647
MaxShellsPerUser = 2147483647
Even after setting the Basic = true, getting the specified creds were rejected error. Tried making AllowUnencrypted = true, but it is showing following error message:
WSManFault
Message
ProviderFault
WSManFault
Message = WinRM firewall exception will not work since one of the network connection types on this machine is set to Public. Change the network connection type to either Domain or Private and try again.
Tried changing the network connection type to private. And tried making AllowUnencrypted = true, getting the same error again as above(WinRM firewall exception will not work since one of the network connection types on this machine is set to Public. Change the network connection type to either Domain or Private and try again.)
Tried adding a firewall exception rule to the port 5985 too on the windows host.
Tried giving the permissions of Read and Execute to the user by winrm configsddl default also. Even though not working.
Giving the right credentials. The hosts file of ansible is as follows:
[win]
<IP>
[win:vars]
ansible_user=<username>
ansible_password=<password>
ansible_connection=winrm
ansible_winrm_scheme=http
ansible_winrm_transport=basic
ansible_winrm_port=5985
ansible_winrm_server_cert_validation=ignore
Trying the following ansible command:
ansible win -i hosts -m win_ping
I tried everything i found in the internet, but not able to establish the connection through winrm.
I will be thankful to anyone who provides the solution. My eyes are bleeding red from watching the error on the screen from 4 days.
I changed the ansible_winrm_transport from basic to ntlm. It resolved my issue.
I am using a complex Traefik - Dropcart setup with automatic SSL certification via Let's Encrypt. Because of the TLS-SNI termintation I switched to the rc5 Docker version of Let's Encrypt which support HTTP-SNI, DNS isn't an option for me.
Unfortunately it gives an 400 timeout error (see logs).
Config
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
compress = true
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[...]
[acme]
email = "email#address.com"
caServer = "https://acme-staging.api.letsencrypt.org/directory"
storage = "/etc/traefik/acme/acme.json"
entryPoint = "https"
onHostRule = true
acmeLogging = true
#dnsProvider = "manual"
[acme.httpChallenge]
entryPoint = "http"
Logs
domain.example.com:acme: Error 400 - urn:acme:error:connection -
Fetching http://domain.example.com/.well-known/acme-challenge/5uyEKpgr[...]c4CfMOZjc: Timeout
Error Detail:
Validation for domain.example.com:80
Resolved to:
*IPv4*
*IPv6*
Used: *IPv6*
]"
Does anyone know how I can get HTTP validation fixed?
Thanks!
EDIT:
Same config seemed to work on a consul backend. So maybe something to do with Docker or acme.json?
I am new to Hadoop and I made a Hadoop cluster with 3 centos machine in my VMware, and I also kerberosing the cluster, it works fine in the VMware, I can reach the URL by FireFox in CenotOS machine
However, when I try to reach the page outside the VMware(in my windows machine) it always shows like this
I can ping each other by IP or hostname(I have set the hosts file)
I have got the ticket from KDC in my windows machine by MIT Kerberos, like this and when I type klist in my windows cmd, it showed the ticket.
I have set the firefox as suggested(as in centos I can reach the
page.)
what else should i set?
help please!
the ticket i got
this is my krb5.ini and krb5.conf in my windows and centos machine
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
renewable = true
rdns = false
default_realm = HADOOP.COM
[realms]
HADOOP.COM = {
kdc = master:88
admin_server = master:749
}
[domain_realm]
master = HADOOP.COM
slave1 = HADOOP.COM
slave2 = HADOOP.COM
When I try to make parallel distribution in ubuntu14.04
I got this error: Cannot append hostname to file name results/General-0.elog:no HOST , HOSTNAME or COMPUTERNAME (Windows) environment variable.
[General]
network = Network
parallel-simulation = true
parsim-communications-class = "cMPICommunications"
parsim-synchronization-class = "cNullMessageProtocol"
**.scalar-recording = false
**.vector-recording = false
*.GCN.**.partition-id =0
*.lcn[*].partition-id =1
*.sn[*].partition-id =2
You have to set the HOST environment variable.
Type in console where you start OMNeT++:
export HOST=host01
or in IDE go to Run | Run Configurations | your configuration | Environment and add a new HOST variable with host01 value.
I'm using ChefDK 0.3.5 on Windows 7 64bit. I'm having a bit of a problem trying to use Chef and WinRM to execute the
chef-client command on a remote server. The command I'm issuing is below:
C:\U\user1> knife winrm "fqdn:testserver.*" "netstat" -x 'domain\user1' -P 'password'
WARNING: Switching to Negotiate authentication, Basic does not support Domain Authentication
ERROR: RuntimeError: Error: Unencrypted communication not supported. Please check winrm configuration winrm/config/service AllowUnencrypted flag.
The result I got doesn't let me do what I want. So I googled it, and saw
something about not verifying SSL, or using :verify_peer, which did nothing
as well. So I executed the WinRM configuration commands again, in Command
Prompt, because PowerShell tells me their wrong.
C:\Users\user1>C:\WIndows\System32\cmd.exe /c winrm set winrm/config/winrs #{MaxMemoryPerShellMB="300"}
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 10
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 25
MaxMemoryPerShellMB = 300
MaxShellsPerUser = 30
C:\Users\user1>C:\WIndows\System32\cmd.exe /c winrm set winrm/config #{MaxTimeoutms="1800000"}
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 1800000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;G
XGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = false
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 10
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 25
MaxMemoryPerShellMB = 300
MaxShellsPerUser = 30
C:\Users\user1>C:\WIndows\System32\cmd.exe /c winrm set winrm/config/service#{AllowUnencrypted="true"}
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;
;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = false
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
After executing these commands, I try again, and ChefDK looks at me like I'm
stupid. I'm not sure why Chef is trying to use basic auth then I give it
domain credentials. This also worked previously, but I had to get a new
computer and my notes, and installations were lost. Are there any ideas on
what I could be missing? If I'm missing any information let me know and I'll update my question.
The client command tells you:
Unencrypted communication not supported. Please check winrm configuration winrm/config/service AllowUnencrypted flag.
Your configuration, as printed out from the result of the timeout command, tells you:
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 1800000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false
You need to set the AllowUnencrypted flag to true, by running the command:
winrm set winrm/config/service #{AllowUnencrypted="true"}
The latest github versions of knife-windows add commands for creating ssl certs and tightening up your connection, which you will hopefully want to do when you're ready.