Hello,
we have deployed a bitbucket self-hosted runner of type linux docker on a VM in a private network.
The runner works fine, but not for builds, that expect to reach out to other servers in the same private network, because inside a build container, the interface for the private network is not available.
We are aware of the option of linux shell runner, and just really would prefer containerized environment for builds.
According to this post pipe:ssh-run may help, but I am not sure, what value to set for "SERVER", when the target IP or FQDN cannot be pinged. Or would ssh start from the host instead of from a container?
Please let me know if my description of the use case makes sense. Much appreciated for new ideas :)
Hi again,
so what I could achieve now is to start the runner container in the host network, so that the network interface, which is shared with the destination servers, is available in the runner container. (The reason why it did not work is starting the runner container using rootless docker.)
However in the build containers, that network interface cannot be found. Is there a parameter to change the network option for the build containers?
Many thanks in advance :)
G'day, @Shelmy
Welcome to the community!
We need more context on your goal and YAML configuration, so I suggest you create a support ticket with us since you have a paid workspace at our Support portal.
Regards,
Syahrul
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Syahrul,
thank you for the advice.
To summarize the lesson learned until now for the community and to complete this post:
Thanks to docker IP forwarding and NAT routing, which could be checked using the following commands, the private network interface didn't have to appear inside any container. The private server was pingable from runner and build containers if started with "rootful" Docker.
sysctl net.ipv4.ip_forward
iptables -t nat -L -n -v
The "problem" with rootless Docker was just that ping was limited, which could be fixed by the following section in the official Docker docs.
https://docs.docker.com/engine/security/rootless/#routing-ping-packets
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.