I’m trying to use Drone server (version 2.17) and its docker runner (version 1.8) together with GitLab (version 16.0).
I'm using with the following configuration:
services:
drone:
image: drone/drone:2.17
container_name: drone-srv
restart: always
ports:
- "5100:80"
volumes:
- /var/lib/drone:/data
environment:
DRONE_GITLAB_SERVER: <server>
DRONE_GITLAB_CLIENT_ID: <client_id>
DRONE_GITLAB_CLIENT_SECRET: <secret>
DRONE_GITLAB_SKIP_VERIFY: "true"
DRONE_RPC_SECRET: <secret>
DRONE_SERVER_HOST: <host>
DRONE_SERVER_PROTO: https
DRONE_USER_CREATE: username:admin,admin:true
DOCKER_API_VERSION: 1.39
runner:
image: drone/drone-runner-docker:1.8
container_name: drone-runner
restart: always
ports:
- "5110:3000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
DRONE_RPC_PROTO: https
DRONE_RPC_HOST: <host>
DRONE_RPC_SECRET: <secret>
DRONE_RUNNER_CAPACITY: 5
DRONE_RUNNER_NAME: drone-docker-runner-1
DRONE_RUNNER_ENVIRON: GIT_SSL_NO_VERIFY:false
The problem is that having DRONE_RUNNER_CAPACITY > 1 (i.e. DRONE_RUNNER_CAPACITY = 5, like in the example above) makes the runner to fail GitLab OAuth flow. As a result pipelines are stuck and I get plenty of messages in the runner log, like the following:
time="2023-06-20T07:27:05Z" level=error msg="cannot get stage details" error="The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client." stage.id=7170 stage.name="..." stage.number=1 thread=5
As far as I understand the issue is that multiple drone runner threads are using the same authorization grant and somehow interfering with each other. As a result, only one thread is actually working and others are failed with the mentioned authorization error and therefore get stuck.
So how can I make it work?
Exactly the same config with DRONE_RUNNER_CAPACITY=1 works perfectly. However, I’d like to increase the capacity to run more than one pipelines at a time.
Temporary solution for drone_server, add these env variables:
DRONE_GIT_USERNAME=robot_username/oauth2
DRONE_GIT_PASSWORD=robot_password/personal_token