GitLab shared runner docker image cannot access Internet

I’m trying to move CI build pipeline from a self-hosted GitLab instance to using the shared SaaS runners. All CI pipeline jobs run in a docker image and most run successfully, but not those that need to access the Internet.

The GitLab help pages advise setting FF_NETWORK_PER_BUILD in the runner’s config.toml configuration file;

  executor = "docker"

but the Saas runner reports:

Running with gitlab-runner 16.6.0~beta.105.gd2263193 (d2263193)
  on j1aLDqxS, system ID: s_ccdc2f364be8
  feature flags: FF_USE_IMPROVED_URL_MASKING:true

so I can see that my attempt to set the FF_NETWORK_PER_BUILD feature flag hasn’t worked. I guess the runner is using a different config.toml.

Is it possible to give a SaaS shared runner Internet access? If so, how?

Hi @jonestn :wave:

GitLab SaaS ruunners have internet access by default.

Setting FF_NETWORK_PER_BUILD in the runner’s config.toml will only work if you’re using a self-hosted runner, the config.toml for SaaS shared runners cannot be modified by end users.

Note that the FF_NETWORK_PER_BUILD feature flag does not control whether a runner has access to the internet, but rather whether a Docker network is created for each job. Docker executor | GitLab.

In other words, if you use SaaS shared runners, you don’t need to configure anything to access resources over the internet. If you’re unable to connect to something over the internet from a GitLab CI job running on .com shared runners, something is awry.

Thanks @gitlab-greg, I eventually reached that conclusion yesterday, but it is good to have it confirmed.

I now think that the problem is actually in the PlatformIO toolset that I am running. It is detecting and reporting that there is no Internet connection in some circumstances and giving up, even though there is. When I find the answer, I’ll post it here.

Thank you for your help.

Regards, Tim.

1 Like