- What does
- Where are logs stored when run as a service?
- Run in
- I’m seeing
x509: certificate signed by unknown authority
- I get
Permission Deniedwhen accessing the
- The Docker executor gets timeout when building Java project
- I get 411 when uploading artifacts
warning: You appear to have cloned an empty repository.
zoneinfo.zip: no such file or directoryerror when using
- Why can’t I run more than one instance of Runner?
Job failed (system failure): preparing environment:
- What does
- I get a PathTooLongException during my builds on Windows
- I can’t run Windows BASH scripts; I’m getting
The system cannot find the batch label specified - buildscript
- How can I get colored output on the web terminal?
The service did not start due to a logon failureerror when starting service
- Job marked as success and terminated midway using Kubernetes executor
- macOS troubleshooting
This section can assist when troubleshooting GitLab Runner.
The following relate to general Runner troubleshooting.
coordinator is the GitLab installation from which a job is requested.
In other words, runners are isolated (virtual) machines that pick up jobs
requested by their
- If the GitLab Runner is run as service on Linux/macOS the daemon logs to syslog.
- If the GitLab Runner is run as service on Windows it logs to System’s Event Log.
Is it possible to run GitLab Runner in debug/verbose mode. From a terminal, run:
gitlab-runner --debug run
Please see the self-signed certificates.
If you want to use Docker executor,
and you are connecting to Docker Engine installed on server.
You can see the
Permission Denied error.
The most likely cause is that your system uses SELinux (enabled by default on CentOS, Fedora and RHEL).
Check your SELinux policy on your system for possible denials.
This most likely happens, because of the broken AUFS storage driver: Java process hangs on inside container. The best solution is to change the storage driver to either OverlayFS (faster) or DeviceMapper (slower).
This happens due to fact that runner uses
Transfer-Encoding: chunked which is broken on early version of NGINX (https://serverfault.com/questions/164220/is-there-a-way-to-avoid-nginx-411-content-length-required-errors).
Upgrade your NGINX to newer version. For more information see this issue: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/1031
git clone using HTTP(s) (with GitLab Runner or manually for
tests) and you see the following output:
$ git clone https://git.example.com/user/repo.git Cloning into 'repo'... warning: You appear to have cloned an empty repository.
Make sure, that the configuration of the HTTP Proxy in your GitLab server installation is done properly. Especially if you are using some HTTP Proxy with its own configuration, make sure that GitLab requests are proxied to the GitLab Workhorse socket, not to the GitLab Unicorn socket.
Git protocol via HTTP(S) is resolved by the GitLab Workhorse, so this is the main entrypoint of GitLab.
If you are using Omnibus GitLab, but don’t want to use the bundled NGINX server, please read using a non-bundled web-server.
In the GitLab Recipes repository there are web-server configuration examples for Apache and NGINX.
If you are using GitLab installed from source, please also read the above documentation and examples, and make sure that all HTTP(S) traffic is going through the GitLab Workhorse.
It’s possible to configure the timezone in which
are described. This feature should work on most Unix systems out of the box. However on some
Unix systems, and probably on most non-Unix systems (including Windows, for which we’re providing
Runner’s binaries), when used, the Runner will crash at start with an error similar to:
Failed to load config Invalid OffPeakPeriods value: open /usr/local/go/lib/time/zoneinfo.zip: no such file or directory
The error is caused by the
time package in Go. Go uses the IANA Time Zone database to load
the configuration of the specified timezone. On most Unix systems, this database is already present on
one of well-known paths (
time package looks for the Time Zone database in all those three paths. If it doesn’t find any
of them, but the machine has a configured Go development environment, then it will fallback to
If none of those paths are present (for example on a production Windows host) the above error is thrown.
In case your system has support for the IANA Time Zone database, but it’s not available by default, you can try to install it. For Linux systems it can be done for example by:
# on Debian/Ubuntu based systems sudo apt-get install tzdata # on RPM based systems sudo yum install tzdata # on Linux Alpine sudo apk add -U tzdata
If your system doesn’t provide this database in a native way, then you can make
working by following the steps below:
zoneinfo.zip. Starting with version v9.1.0 you can download the file from a tagged path. In that case you should replace
latestwith the tag name (e.g.,
v9.1.0) in the
Store this file in a well known directory. We’re suggesting to use the same directory where the
config.tomlfile is present. So for example, if you’re hosting Runner on Windows machine and your configuration file is stored at
C:\gitlab-runner\config.toml, then save the
ZONEINFOenvironment variable containing a full path to the
zoneinfo.zipfile. If you are starting the Runner using the
runcommand, then you can do this with:
ZONEINFO=/etc/gitlab-runner/zoneinfo.zip gitlab-runner run <other options ...>
or if using Windows:
C:\gitlab-runner> set ZONEINFO=C:\gitlab-runner\zoneinfo.zip C:\gitlab-runner> gitlab-runner run <other options ...>
If you are starting the Runner as a system service then you will need to update/override the service configuration in a way that is provided by your service manager software (unix systems) or by adding the
ZONEINFOvariable to the list of environment variables available for Runner’s user through System Settings (Windows).
You can, but not sharing the same
Running multiple instances of Runner using the same configuration file can cause
unexpected and hard-to-debug behavior. In
GitLab Runner 12.2,
only a single instance of Runner can use a specific
config.toml file at
This error is often due to your shell loading your profile, and one of the scripts is causing the failure.
Example of dotfiles that are known to cause failure:
The following relate to Runner troubleshooting on Windows.
This is caused by tools like
npm which will sometimes generate directory structures
with paths more than 260 characters in length. There are two possible fixes you can
adopt to solve the problem.
You can avoid the problem by using Git to clean your directory structure, first run
git config --system core.longpaths true from the command line and then set your
project to use
git fetch from the GitLab CI project settings page.
The NTFSSecurity PowerShell module provides a Remove-Item2 method which supports long paths. The GitLab CI Multi Runner will detect it if it is available and automatically make use of it.
I can’t run Windows BASH scripts; I’m getting
The system cannot find the batch label specified - buildscript
You need to prepend
call to your Batch file line in
.gitlab-ci.yml so that it looks like
call C:\path\to\test.bat. Here
is a more complete example:
before_script: - call C:\path\to\test.bat
Additional info can be found under issue #1025.
Make sure that you have the ANSI color codes in your program’s output. For the purposes of text formatting, assume that you’re running in a UNIX ANSI terminal emulator (because that’s what the webUI’s output is).
The web interface for GitLab CI emulates a UNIX ANSI terminal (at least partially). The
gitlab-runner pipes any output from the build
directly to the web interface. That means that any ANSI color codes that are present will be honored.
Older versions of Windows’ CMD terminal (before Win10 version 1511) do not support
ANSI color codes - they use win32 (
ANSI.SYS) calls instead which are not present in
the string to be displayed. When writing cross-platform programs, a developer will typically use ANSI color codes by default and convert
them to win32 calls when running on a Windows system (example: Colorama).
If your program is doing the above, then you need to disable that conversion for the CI builds so that the ANSI codes remain in the string.
When installing and starting the GitLab Runner service on Windows you can meet with such error:
gitlab-runner install --password WINDOWS_MACHINE_PASSWORD gitlab-runner start FATA Failed to start GitLab Runner: The service did not start due to a logon failure.
This error can occur when the user used to execute the service doesn’t have
SeServiceLogonRight permission. In such case you need to add this
permission for the chosen user and then try to start the service again.
You can add
SeServiceLogonRight in two ways:
- Manually using Administrative Tools:
- Go to Control Panel > System and Security > Administrative Tools,
- open the Local Security Policy tool,
- chose the Security Settings > Local Policies > User Rights Assignment on the list on the left,
- open the Log on as a service on the list on the right,
- click on the Add User or Group… button,
add the user (“by hand” or using Advanced… button) and apply the settings.
Notice: According to Microsoft’s documentation this should work for: Windows Vista, Windows Server 2008, Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8
Notice: The Local Security Policy tool may be not available in some Windows versions - for example in “Home Edition” variant of each version.
- From command line, using the
- Download tools from Microsoft’s download site,
ntrights.exe ntrights +r SeServiceLogonRight -u USER_NAME_HERE(remember, that you should provide a full path for
ntrights.exeexecutable or add that path to system’s
Notice: The tool was created in 2003 and was initially designed to use with Windows XP and Windows Server 2003. On Microsoft sites you can find an example of usage
Ntrights.exethat applies to Windows 7 and Windows Server 2008 R2. This solution is not tested and because of the age of the software it may not work on newest Windows versions.
After adding the
SeServiceLogonRight for the user used in service configuration,
gitlab-runner start should finish without failures
and the service should be started properly.
Please see Job execution.
The following relate to Runner troubleshooting on macOS.
This message may occur when you try to install GitLab Runner on macOS. Make sure that you manage GitLab Runner service from the GUI Terminal application, not the SSH connection.
If your Runner is stuck on the above message when using macOS, there are two causes to why this happens:
Make sure that your user can perform UI interactions:
DevToolsSecurity -enable sudo security authorizationdb remove system.privilege.taskport is-developer
The first command enables access to developer tools for your user. The second command allows the user who is member of the developer group to do UI interactions, e.g., run the iOS simulator.
Make sure that your Runner service doesn’t use
SessionCreate = true. Previously, when running GitLab Runner as a service, we were creating
SessionCreate. At that point (Mavericks), this was the only solution to make Code Signing work. That changed recently with OS X El Capitan which introduced a lot of new security features that altered this behavior. Since GitLab Runner 1.1, when creating a
LaunchAgent, we don’t set
SessionCreate. However, in order to upgrade, you need to manually reinstall the
gitlab-runner uninstall gitlab-runner install gitlab-runner start
Then you can verify that
fatal: unable to access 'https://path:3000/user/repo.git/': Failed to connect to path port 3000: Operation timed out error in the job
If one of the jobs fails with this error, make sure the Runner can connect to your GitLab instance. The connection could be blocked by things like:
- routing configurations