Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

"Connection reset by peer in connection to bitbucket.org:443" in Pipelines

Edited
Rudolf Byker
Rudolf Byker Oct 25, 2022

I'm using a self-hosted runner, version 1.369 (the latest at the time of writing). It was working well for a long time, but recently, without any infrastructure changes, I started getting this error on all steps:

We couldn't clone the repository. Try rerunning the pipeline.

In the "build setup", I see this output:

+ umask 000
+ GIT_LFS_SKIP_SMUDGE=1 retry 6 git clone --branch="..." https://x-token-auth:$REPOSITORY_OAUTH_ACCESS_TOKEN@bitbucket.org/$BITBUCKET_REPO_FULL_NAME.git $BUILD_DIR
Cloning into '/opt/atlassian/pipelines/agent/build'...
fatal: unable to access 'https://bitbucket.org/.../....git/': OpenSSL SSL_connect: Connection reset by peer in connection to bitbucket.org:443 
Attempt 1 of 6 failed.
Retrying in 1 seconds
Cloning into '/opt/atlassian/pipelines/agent/build'...
fatal: unable to access 'https://bitbucket.org/.../....git/': OpenSSL SSL_connect: Connection reset by peer in connection to bitbucket.org:443 
Attempt 2 of 6 failed.
Retrying in 2 seconds

etc...

The setup

This runner is in kubernetes on a K3s cluster. It's running on a development node which is a physical machine in my house. I manage this cluster, and nothing changed in the network.

The deployment for my runner instance is as follows:

apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: bbp-runner
  name: runner
  labels:
    app: bbp-runner
spec:
  replicas: 1
  selector:
    matchLabels:
      app: bbp-runner
  template:
    metadata:
      labels:
        app: bbp-runner
        accountUuid: foo
        runnerUuid: bar
    spec:
      nodeSelector:
        env: prod
      containers:
        - name: bitbucket-k8s-runner
          image: docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner
          imagePullPolicy: Always
          env:
            - name: ACCOUNT_UUID
              value: "{foo}"
            - name: RUNNER_UUID
              value: "{bar}"
            - name: OAUTH_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: runner-oauth-credentials
                  key: oauthClientId
            - name: OAUTH_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: runner-oauth-credentials
                  key: oauthClientSecret
            - name: WORKING_DIRECTORY
              value: "/tmp"
          volumeMounts:
            - name: tmp
              mountPath: /tmp
            - name: docker-containers
              mountPath: /var/lib/docker/containers
              readOnly: true
            - name: var-run
              mountPath: /var/run
        - name: docker-in-docker
          image: docker:20.10.7-dind
          securityContext:
            privileged: true
          volumeMounts:
            - name: tmp
              mountPath: /tmp
            - name: docker-containers
              mountPath: /var/lib/docker/containers
            - name: var-run
              mountPath: /var/run
      volumes:
        - name: tmp
          emptyDir: {}
        - name: docker-containers
          emptyDir: {}
        - name: var-run
          emptyDir: {}

The relevant containers are

docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner

and

docker:20.10.7-dind

I followed this guide https://janosmiko.com/blog/2021-09-08-bitbucket-pipelines-runners-in-k8s/ when I set it up a few months ago.

Answer
Watch
Like Be the first to like this
2206 views

1 answer

0 votes
Syahrul
Syahrul
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Oct 27, 2022

Hey @Rudolf Byker 

G'day.

The error below means the TLS handshake failed to establish the connection.

OpenSSL SSL_connect: Connection reset by peer in connection to bitbucket.org:443 "

This can happen for multiple reasons, but generally, it's caused by the local network.

I suggest checking with your network team to see if there's any recent change in your Firewall/proxy.

That said, you can also investigate this by running a few tests, such as:

  1. Try cloning a repository from your Runner server with verbose logs enable to get more information 
    GIT_TRACE_PACKET=1 GIT_TRACE=1 GIT_CURL_VERBOSE=1 <git command_here>
  2. Run Curl to see if there's any issue with TLS connection from your server  
    curl -v https://bitbucket.org

If both tests failed with the same runner error, then most likely, the connection is being blocked on your Firewall/Proxy level.

I hope this helps.

Cheers,
Syahrul

View More Comments
Rudolf Byker
Rudolf Byker Oct 28, 2022

Thanks for your time.

I added some info about the infrastructure setup to the original post above.

I get a shell in the pod by doing this:

kubectl -n bbp-runner exec -it deploy/runner -- /bin/sh

The `docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner` image does not contain `git` or `curl`, but I could add it with `apk`, and then test what you suggested:

apk add curl git openssh

curl

curl -v https://bitbucket.org

This works fine. I get a 200 response with lots of HTML.

git

git clone git@bitbucket.org:rscdevelopers/living_word_vue.git

This works fine as well. I get the RSA key fingerprint, and then permission denied as expected, since I don't have the keys set up. This is enough to verify that TLS is working.

Like
Syahrul
Syahrul
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Oct 30, 2022

Hey @Rudolf Byker 

Thanks for the update.

We may need to investigate this further, so I went ahead and created a support ticket on your behalf. Please review it here.

One of our Support should get back to you within your timezone shortly.

Cheers,
Syahrul

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

See all events