[Dune-devel] Epic/Sky CI Runner setup changes

Fri May 3 16:17:20 CEST 2019

Hi!

I've changed the way CI jobs running on the Münster runners
(dune-ci@{epic,sky}.uni-muenster.de) have their network access restricted.  So
if you notice anything strange with those runners, let me know.

Details:

Jobs using the shared "duneci" runners on gitlab.dune-project.org are only
allowed to access gitlab.dune-project.org.  For the Münster runners this was
previously achieved by putting them into an internal docker network and
proxying access to the internet through a web proxy.  The CI jobs were told
about the proxy though the standard environment variables (as documented for
instance in the curl manpage).

This had the drawback that sometimes the container running the proxy server
would need updating, which could not really be corrdinated with running CI
jobs.  This meant that CI jobs could fail because of missing access to
gitlab.dune-project.org.  Worse, when updating docker on the host, the proxy
container would not automatically restart (for some not-yet-identified
reason), so all CI jobs running after the update would fail immediately.

The new setup uses iptables rules to restrict access for the CI jobs.  This
cuts out the complicated self-updating setup with the proxy container.  It
means I have to hardcode the IP address of gitlab.dune-project.org, but that
should not change too frequently.

Regards,
Jö.

-- 
Jorrit (Jö) Fahlke, Institute for Computational und Applied Mathematics,
University of Münster, Orleans-Ring 10, D-48149 Münster
Tel: +49 251 83 35146 Fax: +49 251 83 32729

Spaß mit I18N.  Hier StumpWM/clisp:
WARNUNG: DEFUN/DEFMACRO(GET-WM-CLASS): #<PACKAGE XLIB> ist abgeschlossen.
         Das Schloss umgehen und weitermachen.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.dune-project.org/pipermail/dune-devel/attachments/20190503/c17aaeda/attachment.sig>