1

我正在尝试让我的持续交付工作,然后将二进制文件上传到公司服务器,该服务器只能通过 VPN 连接访问。

问题是,每次我尝试它时,我都会收到以下错误:

Connected as 158.196.194.120 + 2001:718:1001:111::7/64, using SSL
DTLS handshake timed out
DTLS handshake failed: Resource temporarily unavailable, try again.
Failed to bind local tun device (TUNSETIFF): Operation not permitted
To configure local networking, openconnect must be running as root
See http://www.infradead.org/openconnect/nonroot.html for more information
Set up tun device failed
Unknown error; exiting.

奇怪的是,我的代码sudo明确使用 in .gitlab-ci.yml,所以我希望它拥有所有权利。

deploy_spline:
    stage: deploy
    image: martinbeseda/lib4neuro-ubuntu-system-deps:latest
    dependencies:
        - test_spline
    before_script:
        - echo "DEPLOY!"
        - apt-get -y install lftp openconnect sudo
    script:
        - mkfifo mypipe
        - export USER=${USER}
        - echo "openconnect -v --authgroup VSB -u ${USER} --passwd-on-stdin vpn.vsb.cz < mypipe &" > vpn.sh
        - chmod +x vpn.sh
        - sudo ./vpn.sh
        - echo "${PASS}">mypipe
        - lftp -u ${USER},${PASS} sftp://moldyn.vsb.cz:/moldyn.vsb.cz/www/releases -e "put build/SSR1D_spline.out; exit"

那么,你知道我的代码有什么问题吗?或者是一些 GitLab CD 特定的问题?

4

1 回答 1

2

Gitlab CI runner 需要在特权模式下运行才能绑定隧道接口。检查您的/etc/gitlab-runner/config.toml文件并确保您的跑步者已privileged设置为true.

[[runners]]
  name = "privileged runner"
  ...
  [runners.docker]
    privileged = true

如果没有该设置,构建容器将无法绑定接口,即使是 root。

于 2019-07-30T13:20:52.463 回答