Podman runner cannot resolve the repository hostname

opoplawski · May 10, 2024, 5:53pm

Please help fill in this template with all the details to help others help you more efficiently. Use formatting blocks for code, config, logs and ensure to remove sensitive data.

Problem to solve

I’m spinning up a new local runner VM and instances. I’m running AlmaLinux 9.4 and using podman-4.9.4-3.el9_4.x86_64

When my CI job runs I get:

Initialized empty Git repository in /builds/websites/nwra-django/.git/
Created fresh repository.
fatal: unable to access 'https://REPOHOST/websites/nwra-django.git/': Could not resolve host: REPOHOST

Where REPOHOST is the FQDN of our internally hosted GitLab repository.

It doesn’t seem like I should have to do anything special to get the container to be able to checkout the repository.

Steps to reproduce

/etc/resolv.conf in the container contains:

search dns.podman
nameserver 10.89.0.1

Configuration

[[runners]]
  name = "python3.6"
  url = "https://REPOHOST"
  id = 10
  token = "[REDACTED]"
  token_obtained_at = 2024-05-10T15:41:43Z
  token_expires_at = 0001-01-01T00:00:00Z
  executor = "docker"
  environment = ["FF_NETWORK_PER_BUILD=1", "http_proxy=http://PROXY:8080", "https_proxy=http://PROXY:8080", "HTTP_PROXY=http://PROXY:8080", "HTTPS_PROXY=http://PROXY:8080", "no_proxy=127.0.0.0/8,::1,localhost,10.0.0.0/8,192.168.0.0/16,.nwra.com", "GIT_SSL_NO_VERIFY=true", "PIP_DEFAULT_TIMEOUT=300"]
  # NOTE: This file cannot be larger than about 32k
  tls-ca-file = "/etc/pki/ca-trust/source/anchors/nwra-proxy.crt"
  pre_get_sources_script = "cat /etc/resolv.conf; host git.nwra.com; git config --global http.proxy $HTTP_PROXY; git config --global https.proxy $HTTPS_PROXY"
  pre_build_script = "export REQUESTS_CA_BUNDLE=$CI_SERVER_TLS_CA_FILE"
  [runners.custom_build_dir]
  [runners.cache]
    MaxUploadedArchiveSize = 0
    [runners.cache.s3]
    [runners.cache.gcs]
    [runners.cache.azure]
  [runners.docker]
    host = "unix:///run/user/994/podman/podman.sock"
    tls_verify = false
    image = "registry.access.redhat.com/ubi8/python-36"
    privileged = false
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/cache"]
    shm_size = 0
    network_mtu = 0

Versions

Please select whether options apply, and add the version information.

Self-managed
GitLab.com SaaS
Self-hosted Runners

Versions

GitLab (Web: /help or self-managed system information): 16.9
GitLab Runner, if self-hosted (Web /admin/runners or CLI gitlab-runner --version): 16.11.1

opoplawski · May 10, 2024, 5:58pm

If I drop FF_NETWORK_PER_BUILD the /etc/resolv.conf matches the host and it works. But it seems like FF_NETWORK_PER_BUILD should work “out of the box”.