oauthgitlabdrone.io

How to use Drone runner with Gitlab and DRONE_RUNNER_CAPACITY > 1?

I’m trying to use Drone server (version 2.17) and its docker runner (version 1.8) together with GitLab (version 16.0).

I'm using with the following configuration:

services:
  drone:
    image: drone/drone:2.17
    container_name: drone-srv
    restart: always
    ports:
      - "5100:80"
    volumes:
      - /var/lib/drone:/data
    environment:
      DRONE_GITLAB_SERVER: <server>
      DRONE_GITLAB_CLIENT_ID: <client_id>
      DRONE_GITLAB_CLIENT_SECRET: <secret>
      DRONE_GITLAB_SKIP_VERIFY: "true"
      DRONE_RPC_SECRET: <secret>
      DRONE_SERVER_HOST: <host>
      DRONE_SERVER_PROTO: https
      DRONE_USER_CREATE: username:admin,admin:true
      DOCKER_API_VERSION: 1.39
  runner:
    image: drone/drone-runner-docker:1.8
    container_name: drone-runner
    restart: always
    ports:
      - "5110:3000"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      DRONE_RPC_PROTO: https
      DRONE_RPC_HOST: <host>
      DRONE_RPC_SECRET: <secret>
      DRONE_RUNNER_CAPACITY: 5
      DRONE_RUNNER_NAME: drone-docker-runner-1
      DRONE_RUNNER_ENVIRON: GIT_SSL_NO_VERIFY:false

The problem is that having DRONE_RUNNER_CAPACITY > 1 (i.e. DRONE_RUNNER_CAPACITY = 5, like in the example above) makes the runner to fail GitLab OAuth flow. As a result pipelines are stuck and I get plenty of messages in the runner log, like the following:

time="2023-06-20T07:27:05Z" level=error msg="cannot get stage details" error="The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client." stage.id=7170 stage.name="..." stage.number=1 thread=5

As far as I understand the issue is that multiple drone runner threads are using the same authorization grant and somehow interfering with each other. As a result, only one thread is actually working and others are failed with the mentioned authorization error and therefore get stuck.

So how can I make it work?

Exactly the same config with DRONE_RUNNER_CAPACITY=1 works perfectly. However, I’d like to increase the capacity to run more than one pipelines at a time.

Solution

  • Temporary solution for drone_server, add these env variables:

    DRONE_GIT_USERNAME=robot_username/oauth2
DRONE_GIT_PASSWORD=robot_password/personal_token

    Reference: https://github.com/harness/gitness/issues/3260