Has anyone managed to get an OpenVPN client working within pipeline docker containers?
We have built our own image and tested locally and it works fine with docker command line option --cap-add=NET_ADMIN however it doesn't work within the BitBucket Cloud service as their docker containers don't seem to enable this option.
Any advice or alternate solutions much appreciated.
Stuart,
Any success with this method? We're in the same boat.
Hi Stuart,
Instead of using Service containers for OpenVPN clients, you can run your own docker containers manually in your build with the necessary CLI options.
pipelines:
default:
- step:
services:
- docker
script:
- docker run --cap-add=NET_ADMIN your-image:tag
Docker run docs: https://confluence.atlassian.com/bitbucket/run-docker-commands-in-bitbucket-pipelines-879254331.html
Please keep in mind that we have some security restrictions that will be applied, so you may be unable to attain all the necessary capabilities to still successfully run OpenVPN. If it's problematic, I'm unsure if there's any workarounds in Pipelines I can suggest. But see how you go. :)
Thanks,
Phil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Phillip,
thanks a lot for the answer.
However it does not work like that, I just get an error "docker: Error response from daemon: authorization denied by plugin pipelines: --cap-add is not allowed."
Is there any other ways to connect to secured network from BB Pipeline?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Oleg Sigida
Indeed. We don't allow any cap-add flags anymore for security reasons.
The only feedback I can offer is to follow this ticket: https://bitbucket.org/site/master/issues/12753/allow-customers-to-connect-the-pipelines
We'd like to explore this feature, but have received limited feedback at the moment. If you have time, can you fill out this survey? https://docs.google.com/forms/d/e/1FAIpQLSdzEBor1vVSxopOnLnTheJ_QoozXqn5i1JIL9KQW-h6g1wkaQ/viewform
Thanks,
Phil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
thanks! will have a look what options are possible
And the form is done
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Having the same issue here. Did you ever figure out a way to get pipelines to connect to a server behind a VPN?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Michael,
We have an open feature request for VPN support here. I suggest you follow the ticket here for updates: https://bitbucket.org/site/master/issues/12753/allow-customers-to-connect-the-pipelines
Thanks,
Phil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks @Philip Hodder
I'm now watching it.
I managed to find another solution for our needs using AWS CodeDeploy. Unfortunately they do not have an easy integration with bitbucket (only GitHub).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I tried to configure wireguard and hit this problem. It seems like you have to use your own runners to be able to do this.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Brrrr, need gloves and a scarf, so cold in here. Looking for this too. We have local embedded devices that we want to run integration tests with from the bitbucket pipelines, which are available through our own openvpn server.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
eh...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
it's cold here...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Another bump here, i'm looking to run lighthouse within a container where this flag is used. Is there any progress or has anyone found workarounds?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
any success ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
 
 
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.