Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

builds on self-hosted runner (docker) cannot reach servers in the same private network

Shelmy August 30, 2024

Hello,

we have deployed a bitbucket self-hosted runner of type linux docker on a VM in a private network.

The runner works fine, but not for builds, that expect to reach out to other servers in the same private network, because inside a build container, the interface for the private network is not available.

We are aware of the option of linux shell runner, and just really would prefer containerized environment for builds.

According to this post pipe:ssh-run may help, but I am not sure, what value to set for "SERVER", when the target IP or FQDN cannot be pinged. Or would ssh start from the host instead of from a container?

Please let me know if my description of the use case makes sense. Much appreciated for new ideas :)

1 answer

0 votes
Shelmy September 2, 2024

Hi again,

so what I could achieve now is to start the runner container in the host network, so that the network interface, which is shared with the destination servers, is available in the runner container. (The reason why it did not work is starting the runner container using rootless docker.)

However in the build containers, that network interface cannot be found. Is there a parameter to change the network option for the build containers?

Many thanks in advance :)

Syahrul
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 2, 2024

G'day, @Shelmy 

Welcome to the community!

We need more context on your goal and YAML configuration, so I suggest you create a support ticket with us since you have a paid workspace at our Support portal

Regards,
Syahrul

Shelmy September 5, 2024

Hi Syahrul,

thank you for the advice.

To summarize the lesson learned until now for the community and to complete this post:

Thanks to docker IP forwarding and NAT routing, which could be checked using the following commands, the private network interface didn't have to appear inside any container. The private server was pingable from runner and build containers if started with "rootful" Docker.

sysctl net.ipv4.ip_forward

iptables -t nat -L -n -v


The "problem" with rootless Docker was just that ping was limited, which could be fixed by the following section in the official Docker docs.
https://docs.docker.com/engine/security/rootless/#routing-ping-packets

 

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
TAGS
AUG Leaders

Atlassian Community Events