Since use of the http(s) proxies are currently the only method of network egress for gitlab runners, we'll need to pass these environment variables through to image build processes. It seems that the way to do this is to add support to the blubber buildkit frontend for proxy options to be passed via the buildctl invocation. The dockerfile implementation in buildkit does it this way, e.g. --opt build-arg:http_proxy=http://foo and so forth.
Description
Details
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | • dduvall | T308271 Deploy buildkitd to trusted GitLab runners | |||
Resolved | • dduvall | T317997 Support http_proxy, https_proxy and other proxy `build-arg:` options in blubber buildkit frontend |
Event Timeline
Change 832699 had a related patch set uploaded (by Dduvall; author: Dduvall):
[blubber@master] buildkit: Support Docker's build-arg options
Change 832699 merged by jenkins-bot:
[blubber@master] buildkit: Support Docker's build-arg options
Change 833125 had a related patch set uploaded (by Dduvall; author: Dduvall):
[operations/puppet@production] P:gitlab::runner: Provide proxy variables to runner jobs
Change 833125 merged by Dzahn:
[operations/puppet@production] P:gitlab::runner: Provide proxy variables to runner jobs
Change 840234 had a related patch set uploaded (by Dzahn; author: Dzahn):
[operations/puppet@production] buildkitd: re-add <%= @image %> to the docker ExecStart command line
Change 840234 merged by Dzahn:
[operations/puppet@production] buildkitd: re-add <%= @image %> to the docker ExecStart command line
Looks like https://gerrit.wikimedia.org/r/c/operations/puppet/+/833125/ broke Puppet on the gitlab-runners project. Example for runner-1026.gitlab-runners.eqiad1.wikimedia.cloud:
ERR: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Class[Profile::Gitlab::Runner]: parameter 'http_proxy' expects a String value, got Undef parameter 'https_proxy' expects a String value, got Undef parameter 'no_proxy' expects a String value, got Undef on node runner-1026.gitlab-runners.eqiad1.wikimedia.cloud WARNING: Not using cache on failed catalog ERR: Could not retrieve catalog; skipping run
Change 840835 had a related patch set uploaded (by Hashar; author: Hashar):
[operations/puppet@production] gitlab: proxy settings on runners must be optional
Change 840835 merged by Jelto:
[operations/puppet@production] gitlab: proxy settings on runners must be optional
Change 841171 had a related patch set uploaded (by Dduvall; author: Dduvall):
[operations/puppet@production] P:gitlab::runner: Quote uppercase environment variable hash keys
Change 841171 merged by Jelto:
[operations/puppet@production] P:gitlab::runner: Quote environment variable hash keys
Change 841554 had a related patch set uploaded (by Ahmon Dancy; author: Ahmon Dancy):
[operations/puppet@production] P:gitlab::runner: Do not quote the value of environment variables
Change 841554 merged by RLazarus:
[operations/puppet@production] P:gitlab::runner: Do not quote the value of environment variables
Mentioned in SAL (#wikimedia-operations) [2022-10-11T16:40:57Z] <rzl> gitlab-runner[1002-1004,2002-2004] - systemctl restart buildkitd - T317997