VPN Connection Failing during Deployment
I have a server that sits behind an AWS VPC. I have a VPC Client Endpoint set up and use it regularly for server access. I am now attempting to use this same VPN connection to tunnel into the network and deploy code to that server. I found this thread and have it working until the very end but cannot get past a permissions issue.
Thu Oct 22 16:26:37 2020 ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
GitLab Shared Runner on:
- Ubuntu 20.04, up to date
- GitLab Runner
- Version: 13.5.0
- Git revision: ece86343
- Git branch: 13-5-stable
- GO version: go1.13.8
- Built: 2020-10-20T12:05:22+0000
- OS/Arch: linux/amd64
- Docker 19.03.13, build 4484c46d9d
My config.toml
concurrent = 1
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "runner"
url = "https://gitlab.xxxxxxxxx.net/"
token = "xxxxxxxxxxxxxxxxxxx"
executor = "docker"
[runners.custom_build_dir]
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
[runners.cache.azure]
[runners.docker]
tls_verify = false
image = "ubuntu:20.04"
privileged = true
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/cache"]
shm_size = 0
devices = ["/dev/net/tun"]
My repo .gitlab-ci.yml
file
stages:
- deploy
deploy_sandbox:
stage: deploy
image: ubuntu:18.04
before_script:
- cat $CLIENT_OVPN >> client.ovpn
- cat $CLIENT_VPN_CRT >> client.crt
- chmod 600 client.crt
- cat $CLIENT_VPN_KEY >> client.key
- chmod 600 client.key
- mkdir -p /dev/net
- mknod /dev/net/tun c 10 200
- chmod 600 /dev/net/tun
- which openvpn || (apt-get update -y -qq && apt-get install -y -qq openvpn) # Install openvpn if not available.
- openvpn --config client.ovpn --log client.log --daemon # Start openvpn with config as a deamon.
- sleep 30s # Wait for some time so the vpn can connect before doing anything else.
- cat client.log # Print the vpn log.
- ping -c 1 10.0.1.168 # Ping the server I want to deploy to. If not available this stops the deployment process.
script:
- pwd
only:
- develop
- merge_request
when: manual
environment:
name: sandbox
url: https://xxxxxx.com
variables:
GIT_DEPTH: 0
I added the commands to create /dev/net/tun
to address Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
errors
I have tried adding different combinations of privileged
,devices = ["/dev/net/tun"]
, and cap_add = ["NET_ADMIN"]
in my config.toml
file.
Now I am receiving the following error:
Thu Oct 22 16:26:37 2020 ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
From my research many people say to just run the openvpn command as sudo but docker does not liek that, even in privileged mode.