Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Bitbucket pipeline - Build Artifact RSYNC step failing due to Connection Timeout

SRIVENKATESH VASIRAJU
SRIVENKATESH VASIRAJU
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 25, 2024

Bitbucket Account type: Academic (Free-tier Account)

We are trying to deploy a node-js web-service to our EC2 instance and have had success in doing so for a while using bitbucket pipelines. But recently, the pipeline fails at the RSYNC step (step 1), where we try to deploy the build artifact to our instance from the bitbucket pipeline container using pipe:atlassian/rsync-deploy:0.13.0. After updating our security group in-bound rules with the IPs listed in the section "Valid IP addresses for Bitbucket Pipelines build environments" at the link, the pipeline still failed.

Then we tried to get the public IP of the container using curl ifconfig.me from with in the pipeline step. This revealed the IP Address 18.206.244.222.

After updating our security group rules with the above IP, the pipeline succeeded.

We are trying to figure out what the correct set of IPs are for us to include in our corporate firewall, since 18.206.244.222 is clearly not listed at the link.

Any help on this would be greatly appreciated. Thanks!

Answer
Watch
Like Be the first to like this
286 views

1 answer

1 accepted

1 vote
Answer accepted
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 28, 2024

Hi and welcome to the community!

Can you please confirm if the Pipelines step that does the deployment runs on Atlassian's infrastructure? If so, we migrated 1x- and 2x-size build steps to a new runtime and they now operate from new, broader IP ranges.

The IP ranges listed in the section "Atlassian IP ranges" of the documentation you shared are used only by steps of size 4x or larger that have the atlassian-ip-range flag:

This option will work only if your workspace is on the Standard or Premium plan.

 

In all other cases, the following applies (I am quoting from the same documentation page you linked in your post):

The machines that execute all steps on Atlassian Cloud Infrastructure, not just steps opted into atlassian-ip-ranges ranges, are hosted on Amazon Web Services. SSH keyscans are also performed from within this environment.

An exhaustive list of IP addresses that the traffic may come from on AWS can be found by using the following endpoint, filtering to records where the service equals EC2 or S3, and using the us-east-1 and us-west-2 regions.

So, you will need to check this list:

and filter to records where the service equals EC2 or S3, and using the us-east-1 and us-west-2 regions, and allowlist these IP ranges.

Important Note: The IP addresses provided via this endpoint are managed by Amazon and are subject to change. We recommend regularly checking this endpoint and updating your firewall's IP list accordingly. Additionally, consider exploring automation options to streamline updating IPs in response to changes.

Please feel free to reach out if you have any questions.

Kind regards,
Theodora

View More Comments
DoliS
DoliS December 4, 2024

so, that's about 272 IP addresses I added to my firewall - excessive.  AND I've up'd my size to 4x, added atlassian-ip-ranges (per article), and started using image:4, but ssh and rsync still throw "ssh connection timed out" as of yesterday - It worked fine 2 days ago and for the past few years. just stopped on all servers yesterday - (test, stage, and prod) - so not a single server issue.  keys are correct, can ssh with those keys from other machines. the fingerprints and allowed-hosts are correct and up-to-date... 

What else may have changed in bitbucket pipelines to prevent me from deploying??
- per usual, really bad timing for deploy to fail - can't deploy patches and needed fixes.  HELP!!!

Like
DoliS
DoliS December 4, 2024

UPDATE: the image:4 does not have rsync installed (I guess I saw the error and jumped to conclusion it was same connection issue). ultimately I added apt-get installed rsync as step - now it's working.

So, i don't know if it was the exhaustive AWS IP list added to my firewall, the atlassian-ip-range cloud flag, or upgrading to image:4 - but it's deploying now. - phew!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events