Drone is unable to clone project from GitHub

rdmchr · August 1, 2021, 6:46pm

My builds are failing at the clone step with the following output:

1	Initialized empty Git repository in /drone/src/.git/
2	+ git fetch origin +refs/heads/master:
3	fatal: unable to access 'https://github.com/gettooru/Receipt-OCR-Function.git/': Could not resolve host: github.com

The repository is private but I have granted oAuth access to it.
I also made sure that I can ping github.com from my traefik network.

#drone
  drone:
    image: drone/drone:2.0.4
    container_name: drone
    hostname: drone
    restart: unless-stopped
    depends_on:
      - postgres
    environment:
      DRONE_GITHUB_CLIENT_ID: ""
      DRONE_GITHUB_CLIENT_SECRET: ""
      DRONE_RPC_SECRET: ""
      DRONE_SERVER_HOST: "
      DRONE_SERVER_PROTO: "https"
      DRONE_DATABASE_DRIVER: "postgres"
      DRONE_DATABASE_DATASOURCE: "postgres://@postgres:5432/drone?sslmode=disable"
      DRONE_GIT_ALWAYS_AUTH: "true"
    networks:
      - traefik-network
    volumes:
      - drone-data:/data

#drone runner
  drone-runner-1:
    image: drone/drone-runner-docker:1.6.3
    container_name: drone-runner-1
    hostname: drone-runner-1
    restart: unless-stopped
    environment:
      DRONE_RPC_HOST: "drone"
      DRONE_RPC_PROTO: "http"
      DRONE_RPC_SECRET: ""
      DRONE_RUNNER_CAPACITY: "2"
      DRONE_RUNNER_NAME: "main-runner"
      DRONE_RUNNER_NETWORKS: "traefik"
    networks:
      - traefik-network
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

# networks
networks:
  traefik-network:
    external: true
    name: traefik

I tried setting the DRONE_RUNNER_NETWORKS variable to traefik-network but that didn’t work either, but they should both be the same network, right?

csgitharness · August 3, 2021, 12:00pm

@rdmchr,

Could you please try to do nslookup/dig to github.com from runner to confirm if there is connectivity.

rdmchr · August 3, 2021, 4:14pm

It seems that github.com is not reachable from within the runner container:

root@Ubuntu-2004-focal-64-minimal ~ # docker exec -it drone-runner-1 nslookup github.com
Server:         127.0.0.11
Address:        127.0.0.11:53

Non-authoritative answer:
Name:   github.com
Address: 140.82.121.4

Non-authoritative answer:
*** Can't find github.com: No answer

How would I go about fixing that issue?
I also tried the same with gitlab.com which does seem to be reachable, right?

root@Ubuntu-2004-focal-64-minimal ~ # docker exec -it drone-runner-1 nslookup gitlab.com
Server:         127.0.0.11
Address:        127.0.0.11:53

Non-authoritative answer:
Name:   gitlab.com
Address: 2606:4700:90:0:f22e:fbec:5bed:a9b9

Non-authoritative answer:
Name:   gitlab.com
Address: 172.65.251.78

So how come one is reachable and one isn’t?

rdmchr · August 5, 2021, 11:05pm

I haven’t figured out how to edit my post, so I’ll just reply.
So far I have concluded, that I can remove/change the docker-compose.yml to this and still get the same result:

#drone
  drone:
    image: drone/drone:2.0.4
    container_name: drone
    hostname: drone
    restart: unless-stopped
    depends_on:
      - postgres
    environment:
      - DRONE_GITHUB_CLIENT_ID=
      - DRONE_GITHUB_CLIENT_SECRET=
      - DRONE_RPC_SECRET=
      - DRONE_SERVER_HOST=
      - DRONE_SERVER_PROTO=https
      - DRONE_DATABASE_DRIVER=postgres
      - DRONE_DATABASE_DATASOURCE=postgres://@postgres:5432/drone?sslmode=disable
    networks:
      - traefik-network
    volumes:
      - drone-data:/data

#drone runner
  drone-runner-1:
    image: drone/drone-runner-docker:1.6.3
    container_name: drone-runner-1
    hostname: drone-runner-1
    restart: unless-stopped
    environment:
      - DRONE_RPC_HOST=[public facing drone domain, instead of container name]
      - DRONE_RPC_PROTO=https
      - DRONE_RPC_SECRET=
      - DRONE_RUNNER_CAPACITY=2
      - DRONE_RUNNER_NAME=main-runner
    networks:
      - traefik-network
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

I also tried removing the networks part from the runner to see if that changes anything, but that just lead to no jub execution while nslookup was still failing.

Furthermore have I tried to use nslookup from the main drone server itself, which was successfull:

root@Ubuntu-2004-focal-64-minimal ~/stack # docker exec -it drone nslookup github.com
Server:         127.0.0.11
Address:        127.0.0.11:53

Non-authoritative answer:
Name:   github.com
Address: 140.82.121.4

Non-authoritative answer:

bradrydzewski · August 6, 2021, 1:44pm

Please keep in mind that your Drone server is probably running in a container attached to the default bridge network. However, when Drone spawns pipeline containers it creates a user-defined network, and the clone happens inside that user-defined network, not the default bridge network.

The dns used by user-defined networks in Docker is different than the dns used by bridge networks. This means the nslookup test you ran is not really an accurate test, since it is testing the bridge network, as opposed to a user-defined network.

There are some existing threads you can read that include suggestions for testing user-defined networks on your machine. Here are a few threads that I recommend:

rdmchr · August 6, 2021, 3:48pm

As you can see from my original post, I did have a network (called traefik) configured.
I also already confirmed that github is reachable:

root@Ubuntu-2004-focal-64-minimal ~/stack # docker run --network=traefik -t -i alpine ping -c 1 github.com
PING github.com (140.82.121.4): 56 data bytes
64 bytes from 140.82.121.4: seq=0 ttl=56 time=5.433 ms

--- github.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 5.433/5.433/5.433 ms

As you can also see, I also tried running the runner without the traefik network, which did not change the result.
And yes I also tried removing the traefik-network network from the runner, which also did not change the result either.

bradrydzewski · August 6, 2021, 4:35pm

As you can also see, I also tried running the runner without the traefik network, which did not change the result.

And yes I also tried removing the traefik-network network from the runner, which also did not change the result either.

The code is not cloned inside the runner. the runner spawns a new container that performs the clone, and that new container is not going to be connected to your traefik network.

I recommend searching this forum for threads pertaining to traefik. There are plenty of threads where people discuss problems and solutions for running Drone on traefik, and perhaps one of those individuals lend their expertise.

Please keep in mind that all networking in Drone is handled by Docker using standard, user-defined networks. Drone has zero control over networking or dns. So if you are experiencing networking or dns issues there is not really anything we can do at the Drone layer; these sort of things need to be resolved at the Docker layer or the host machine networking layer.