Gitlab CI / CD中的OpenConnect“必须以root身份运行”

时间:2019-03-29 17:04:38

标签: continuous-integration gitlab vpn continuous-deployment openconnect

我正在尝试使我的持续交付工作正常,然后将二进制文件上传到公司服务器,该服务器只能通过VPN连接访问。

问题是,每次尝试时,都会出现以下错误:

Connected as 158.196.194.120 + 2001:718:1001:111::7/64, using SSL
DTLS handshake timed out
DTLS handshake failed: Resource temporarily unavailable, try again.
Failed to bind local tun device (TUNSETIFF): Operation not permitted
To configure local networking, openconnect must be running as root
See http://www.infradead.org/openconnect/nonroot.html for more information
Set up tun device failed
Unknown error; exiting.

奇怪的是,我的代码在sudo中显式使用了.gitlab-ci.yml,所以我希望它具有所有权利。

deploy_spline:
    stage: deploy
    image: martinbeseda/lib4neuro-ubuntu-system-deps:latest
    dependencies:
        - test_spline
    before_script:
        - echo "DEPLOY!"
        - apt-get -y install lftp openconnect sudo
    script:
        - mkfifo mypipe
        - export USER=${USER}
        - echo "openconnect -v --authgroup VSB -u ${USER} --passwd-on-stdin vpn.vsb.cz < mypipe &" > vpn.sh
        - chmod +x vpn.sh
        - sudo ./vpn.sh
        - echo "${PASS}">mypipe
        - lftp -u ${USER},${PASS} sftp://moldyn.vsb.cz:/moldyn.vsb.cz/www/releases -e "put build/SSR1D_spline.out; exit"

那么,您知道我的代码怎么了吗?还是GitLab CD的某些特定问题?

1 个答案:

答案 0 :(得分:2)

Gitlab CI运行程序需要在特权模式下运行以绑定隧道接口。检查您的 /etc/gitlab-runner/config.toml 文件,并确保您的跑步者将privileged设置为true

[[runners]]
  name = "privileged runner"
  ...
  [runners.docker]
    privileged = true

没有该设置,构建容器将无法绑定接口,即使是root用户也是如此。