You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am using a Workflow run to build a large project (the Chromium browser). A single GitHub-hosted runner does not have enough CPU power to complete the build within the 6 hour job time limit.
I'd thus like to make use of multiple concurrent jobs, with distcc or similar on each runner. This will distribute the compilation workload so that the build can finish in the allotted time.
However, this requires the jobs/runners to communicate with each other on the network. The runners appear to run sshd, but when one runner attempts to connect to the SSH port of another, the connection times out. Flushing the iptables/nft firewall rules does not help. There appears to be some default network isolation in place, enforced outside of the runner itself.
I can distribute the required host key and private keys securely using the artifacts and secrets mechanisms, but at a minimum I need to get a TCP connection going between the lead runner and its helpers. How can I set this up?
(Note that using an external "bounce host" is not feasible, because (1) such a host could pose a security risk if compromised, given that intermediate build artifacts will pass through it; (2) the communication bandwidth is likely to be significant (multiple gigabytes), and (3) no such host is available to me.)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I am using a Workflow run to build a large project (the Chromium browser). A single GitHub-hosted runner does not have enough CPU power to complete the build within the 6 hour job time limit.
I'd thus like to make use of multiple concurrent jobs, with distcc or similar on each runner. This will distribute the compilation workload so that the build can finish in the allotted time.
However, this requires the jobs/runners to communicate with each other on the network. The runners appear to run
sshd, but when one runner attempts to connect to the SSH port of another, the connection times out. Flushing theiptables/nftfirewall rules does not help. There appears to be some default network isolation in place, enforced outside of the runner itself.I can distribute the required host key and private keys securely using the artifacts and secrets mechanisms, but at a minimum I need to get a TCP connection going between the lead runner and its helpers. How can I set this up?
(Note that using an external "bounce host" is not feasible, because (1) such a host could pose a security risk if compromised, given that intermediate build artifacts will pass through it; (2) the communication bandwidth is likely to be significant (multiple gigabytes), and (3) no such host is available to me.)
Beta Was this translation helpful? Give feedback.
All reactions