我正在尝试让我的持续交付正常工作,然后将二进制文件上传到公司服务器,该服务器只能通过 VPN 连接访问。
问题是,每次尝试时,都会收到以下错误:
Connected as 158.196.194.120 + 2001:718:1001:111::7/64, using SSL
DTLS handshake timed out
DTLS handshake failed: Resource temporarily unavailable, try again.
Failed to bind local tun device (TUNSETIFF): Operation not permitted
To configure local networking, openconnect must be running as root
See http://www.infradead.org/openconnect/nonroot.html for more information
Set up tun device failed
Unknown error; exiting.
奇怪的是,我的代码在.gitlab-ci.yml中显式使用sudo,所以我希望它拥有所有权限。
deploy_spline:
stage: deploy
image: martinbeseda/lib4neuro-ubuntu-system-deps:latest
dependencies:
- test_spline
before_script:
- echo "DEPLOY!"
- apt-get -y install lftp openconnect sudo
script:
- mkfifo mypipe
- export USER=${USER}
- echo "openconnect -v --authgroup VSB -u ${USER} --passwd-on-stdin vpn.vsb.cz < mypipe &" > vpn.sh
- chmod +x vpn.sh
- sudo ./vpn.sh
- echo "${PASS}">mypipe
- lftp -u ${USER},${PASS} sftp://moldyn.vsb.cz:/moldyn.vsb.cz/www/releases -e "put build/SSR1D_spline.out; exit"
那么,你知道,我的代码有什么问题吗?还是一些 GitLab CD 特定的问题?
Gitlab CI 运行器需要在特权模式下运行才能绑定隧道接口。检查您的/etc/gitlab-runner/config.toml 文件,并确保你的运行器已将privileged设置为 true 。
[[runners]]
name = "privileged runner"
...
[runners.docker]
privileged = true
如果没有该设置,构建容器将无法绑定接口,即使作为 root 也是如此。