1

I am facing the following issue:
I am trying to configure a GitLab CI pipline (shell).
My repository contains two submodules.
Both submodules are on the same GitLab server as the super repository that contains them.
The clone is an SSH clone, I have configured the keys locally, and also added my key to GitLab.
On the machine where the runner is installed, I can clone everything with no issues including the submodules.
However when the runner is trying to clone, it returns with "host key verification failed" but only for the submodules.
I have tried configuring the runner both with its own user and with my user :

sudo gitlab-runner install --user=<user>

to no effect.
What confuses me the most is that the error is only for the submodles even though they are on the same server as the super repo that contains them, and the super repo can be cloned with no issue (when I turn off the submoudle recursive var in the yml file):

GIT_SUBMODULE_STRATEGY: recursive

But then of course I don't have the submodules.
I will be grateful for any suggestions on what to check or try!

dkish
  • 319
  • 3
  • 13

2 Answers2

4

"host key verification failed" is about the machine key (the ones listed in ~/.ssh/known_hosts), not your gitlab key.

For example : if the initial git clone is not run with the same user as the one which updates the submodules, then they do not have the same ~/.ssh/known_hosts file, and the ssh command could work for the first user without error, while failing for the second.

The clean fix would be : copy the host key you know to be correct to the expected known_host file.

see for example ssh use known_hosts other than $HOME/.ssh/known_hosts :

# use a 'known_hosts' file with the host key of your git server
GIT_SSH_COMMAND=`ssh -o UserKnownHostsFile=<some provisioned known_hosts file>`

The workaround almost everybody uses is : turn HostKey verification off.

# for example : set the GIT_SSH_COMMAND environment variable
GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no'
LeGEC
  • 46,477
  • 5
  • 57
  • 104
  • Thaks, the workaround works, but I still would like to understand the issue. As I wrote, I can clone with no issue locall on the machine where the runner is installed which means known_hosts already has the right host key. So why doesn't it work for the runner? I am running the runner with the same user that can clone locally without the runner. – dkish Jan 12 '21 at 17:02
  • What is a runner ? A VM ? a docker image ? – LeGEC Jan 12 '21 at 20:18
  • Both the runner and the GitLab server are on VMs yes. And the runner is a shell runner. – dkish Jan 13 '21 at 08:49
  • 1
    ok. When you run a job, the runner starts by cloning (or fetching) the repo, to be able to access gitlab.yml. That's a first step. Then it reads the instructions in gitlab.yml and executes them. That's a second step. If the second step is not run with the same user as the first step, or not in the same environment (e.g : if the runner starts a container for the second step), then the config around ssh can be different (different `.ssh/config`, `.ssh/known_hosts` ... ). If you want to understand, dig deeper into how your runner executes its actions. – LeGEC Jan 13 '21 at 09:33
  • Thanks. My pipline is run only by one user - that is, all stages everything is run only by one runner, one user and everything runs in the same environment. I will try to install a new runner on a new VM and see if the issue is not something that has to do with the machine it self. – dkish Jan 14 '21 at 16:36
-2

the solution that’s so applied to GitLab?

Use the git clone by ssh, I don’t have a good goal that’s so I can up to push that’s changes over a submodule from runner Shell by GitLab CI. The pipeline ever fails and prints this error. ERROR PIPELINE JOB

In the local repo as a project the file config contains that line with the URL, more don’t have login with this about the pipeline. .git/config

Some help or walkthrough of reference to culminate with that challenge in troubleshooting!

This is my code over the file ".gitlab-ci.yml"

variables: TEST_VAR: "Update Git Submoudel in all Etecnic projects."

job1: variables: {} script: - echo "$TEST_VAR"

job2: variables: {} script: - echo "OK" >> exito.txt - git add --all - git commit -m "Update Submodule" - git push origin HEAD:master Expand snippet Versions:

GitLab:

gitlab-ce is already the newest version (15.7.0-ce.0).

Runner:

Version: 15.6.1

Git revision: 7178588d

Git branch: 15-5-stable

GO version: go1.18.7

Built: 2022-11-11T09:45:25+0000

OS/Arch: linux/amd64

Thanks so much for your attention.

Oscar Andres Macias Narvaez
  • 1
  • 2
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Dec 19 '22 at 08:50