incubator-devlake: [Bug][GitLab] Connection to self-hosted GitLab failed (CA certificate has already installed)

Search before asking

I had searched in the issues and found no similar issues.

What happened

When I try to configure connection with self-hosted GitLab an error occurred Test Failed. Please check your configuration.

Logs in the Devlake container are following

[GIN] 2023/03/23 - 11:47:58 | 500 | 878.823223ms | ... | POST “/plugins/gitlab/test” [GIN] 2023/03/23 - 11:48:06 | 200 | 10.393876ms | ... | GET “/blueprints” time=“2023-03-23 11:48:08” level=error msg=“HTTP 500 error caused by: error requesting https://gitlab.example.com/api/v4/user Wraps: (2) Get “https://gitlab.example.com/api/v4/user”: x509: certificate signed by unknown authority Wraps: (3) Get “https://gitlab.example.com/api/v4/user” Wraps: (4) x509: certificate signed by unknown authority Error types: (1) *hintdetail.withDetail (2) *hintdetail.withDetail (3) *url.Error (4) x509.UnknownAuthorityError”

Environment variable is set IN_SECURE_SKIP_VERIFY=true

I’ve already added CA certificate in docker image and run command /usr/sbin/update-ca-certificates

Finally I see our CA certificate on the right path /etc/ssl/certs/ca-certificate.crt

CA certificate was installed correctly and this check completed successfully curl "https://gitlab.example.com/api/v4/user?access_token=gitlab-personal-access-token"

I also try to solve this issue with different Devlake versions v0.16.0-beta9 v0.15.1-beta5 v0.15.0

What do you expect to happen

Connection to self-hosted GitLab will be configured correctly

How to reproduce

Reproduce the steps from the official documentation https://devlake.apache.org/docs/Configuration/GitLab

Follow the Troubleshooting guide https://devlake.apache.org/docs/Troubleshooting/Configuration#failed-to-collect-data-from-the-server-with-a-self-signed-certificate

Anything else

No response

Version

v0.15.0

Are you willing to submit PR?

Yes I am willing to submit a PR!

Code of Conduct

I agree to follow this project’s Code of Conduct

About this issue

Original URL
State: closed
Created a year ago
Comments: 22 (9 by maintainers)

Most upvoted comments

I try to run GitExtractor localy with csv store but this option doesn’t work properly go run main.go -url https://git:glpat-xxxxx@gitlab.example.com/project-1/extra/project.git -id gitlab:GitlabProject:2:2701 -output "/tmp/store"

Despite the fact that the parameter output is set, it tries to connect to the database

[error] failed to initialize database, got error dial tcp: lookup mysql: no such host" panic: dial tcp: lookup mysql: no such host Wraps: (2) dial tcp Wraps: (3) lookup mysql: no such host Error types: (1) *hintdetail.withDetail (2) *net.OpError (3) *net.DNSError

Problem fixed. Dot env file with configuration was needed.

adterskov on Apr 4, 2023

I try to run GitExtractor localy with csv store but this option doesn’t work properly go run main.go -url https://git:glpat-xxxxx@gitlab.example.com/project-1/extra/project.git -id gitlab:GitlabProject:2:2701 -output "/tmp/store"

Despite the fact that the parameter output is set, it tries to connect to the database

[error] failed to initialize database, got error dial tcp: lookup mysql: no such host" panic: dial tcp: lookup mysql: no such host Wraps: (2) dial tcp Wraps: (3) lookup mysql: no such host Error types: (1) *hintdetail.withDetail (2) *net.OpError (3) *net.DNSError

adterskov on Apr 3, 2023

Can you verify if the CA is correct? For example:

access your gitlab from a computer without the root CA certificate installed, the browser would warn about the certificate

install the ca , make sure the warning is gone.

It’s possible to connect to our corporate GitLab only with an installed CA. I checked directly from the devlake container. After installing the CA certificate, the curl command is started to execute successfully curl "https://gitlab.example.com/api/v4/user?access_token=gitlab-personal-access-token"

adterskov on Mar 27, 2023