Cron jobs seems not working with DRONE_GITEA_SKIP_VERIFY variable and SelfSigned Certificates

Drone Bugs
1

Hi everybody I’ve seen in my lab platform working with self signed certificates that cron jobs are not working as expected because I’ve configured the DRONE_GITEA_SKIP_VERIFY and working ok with direct login on the UI, but I’ve seen errors with cron jobs as you can see in the following log lines.

{"branch":"master","cron":3,"error":"Post https://git.myplatform.org/login/oauth/access_token: x509: certificate is valid for 413075044928d7b2d8864b1ada61ba7c.e5c739ab2bc51b1f4a195056046c6168.traefik.default, not git.myplatform.org","level":"warning","msg":"cron: cannot find commit","repo":"myclient_probes/probe_firefox-google","time":"2019-11-08T08:06:15Z"}
{"branch":"master","cron":3,"error":"Post https://git.myplatform.org/login/oauth/access_token: x509: certificate is valid for 413075044928d7b2d8864b1ada61ba7c.e5c739ab2bc51b1f4a195056046c6168.traefik.default, not git.myplatform.org","level":"warning","msg":"cron: cannot find commit","repo":"myclient_probes/probe_firefox-google","time":"2019-11-08T08:09:15Z"}

Not sure if this can be a configuration error , or perhaps a bug ?

I’ve configured my drone-server and drone-runner as follows

drone-server:
    image: "${DRONE_SERVER_IMAGE:-drone/drone:latest}"
    networks:
      - net-public
    environment:
      DRONE_SERVER_HOST: drone.${WEB_DOMAIN}
      DRONE_SERVER_PROTO: "https"
      DRONE_LOGS_DEBUG: "true"
      DRONE_LOGS_TRACE: "true"
      DRONE_LOGS_PRETTY: "true"
      DRONE_RPC_SECRET: ${WEB_ADMIN_PASSWORD}
      DRONE_DATABASE_DRIVER: sqlite3
      DRONE_DATABASE_DATASOURCE: /var/lib/drone/drone.sqlite
      DRONE_TLS_AUTOCERT: "false"
      DRONE_USER_CREATE: username:${WEB_ADMIN_USERNAME},admin:true
      DRONE_GITEA_SERVER: "https://git.${WEB_DOMAIN}"
      DRONE_GITEA_CLIENT_ID:  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
      DRONE_GITEA_CLIENT_SECRET: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
      DRONE_GITEA_SKIP_VERIFY: "true"
      DRONE_CRON_INTERVAL: 1m
      DRONE_CRON_DISABLED: "false"
     
    volumes:
      - drone-server-data:/var/lib/drone/
    deploy:
      placement:
        constraints:
          - node.labels.net-role.drone-server == true
      replicas: 1
      labels:
        - traefik.enable=true
        - traefik.frontend.rule=Host:drone.${WEB_DOMAIN}
        - traefik.docker.network=net-public
        - traefik.port=80
        - traefik.tags=net-public
        - traefik.redirectorservice.frontend.entryPoints=http
        - traefik.redirectorservice.frontend.redirect.entryPoint=https
        - traefik.webservice.frontend.entryPoints=https


  drone-runner:
    image: drone/drone-runner-docker:latest
    networks:
      - net-public
    environment:
      DRONE_RPC_HOST: drone-server
      DRONE_RPC_PROTO: http
      DRONE_RPC_SECRET: ${WEB_ADMIN_PASSWORD}
      DRONE_RUNNER_CAPACTIY: 8
      DRONE_DEBUG: "true"
      DRONE_TRACE: "true"
      DRONE_LOGS_TRACE: "true"
      DRONE_RUNNER_ENVIRON:  GIT_SSL_NO_VERIFY:"true"
      DRONE_RUNNER_NETWORKS: net-public
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    deploy:
      mode: global
      placement:
        constraints:
            - node.labels.net-role.drone-runner == true

How can I fix this error? There is any workaround we can follow?

And here the complete log

2

Hi again. I’m trying to fix this problem, but I’m new to drone and there is lots of things I unknown

I’ve reviewed code ( as good as I can ) and it seems that while the LoginProvider sets the value of DRONE_GITEA_SKIP_VERIFY at line 99 …

…there is a LoginRefresher that doesn’t set this value.(could be?)

The error log cron: cannot find commit show that it happens when trying to refresh token , inside the FindRef (Lines 133) …

… inside FindRef it first executes a Renew method (line 71)…

…and after at line 57 execute the Refresh() method…

… perhaps from the previously configured (without SKIP_VERIFY?) oauth.Refresher object .

Could be a code Bug? or perhaps something wrong in my configuration ?

Thank you everybody and sorry if I did some mistake in the analysis.

3

Hi @bradrydzewski , I 'm ready to send you a PR with the fix for this problem , I’ve tested on my lab and it is working ok. Could you review it please? Should I open an Issue to your the github repo?

https://github.com/toni-moreno/drone/commit/9ae3930df9f498f51c0287969097c0dec86ade60

I’ve also pushed a fixed image here (https://hub.docker.com/repository/docker/tonimoreno/drone-server_fix_cron) if you would like to test.

Do you need something more that I can do to close this issue?

Thank you very much!

4

Hi @bradrydzewski I’ve updated with my fixed image another test environment (shared with other users) and now also working fine .

I like to know if perhaps is time to open an Issue to the github project and make a PR ? ( I didn’t do before because of the message "please do not open a GitHub issue until you have discussed and verified with community support ").

thank you for your patience, and for this great project