"Cannot contact IP" errors when Bitbucket Pipelines Runners connects to applications/services on IP range 172.17.0.0/18

Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.

Summary

When attempting to establish a connection to services or applications within the 172.17.0.0/18 IP range using Bitbucket Pipelines Runners, one may encounter an error message similar to the following during the step that involves connecting to the specified application or service.

1 cannot contact IP

This page provides a comprehensive overview of the diagnostic process for identifying this problem, as well as potential solutions for addressing it.

Environment

Bitbucket Pipelines Self-hosted Runners Linux and Mac Docker runners. Additionally, you need to use Pipelines' Docker service to reproduce this issue.

Diagnosis

  1. Check to determine whether you are utilizing the Pipelines Docker service in the affected step. Your bitbucket-pipelines.yml file will contain a "services" section within the step definition, which indicates if the Docker service is employed in the specified step. For example:

    1 2 3 4 5 6 7 8 [...] - step: script: - <commands> [...] services: - docker [...]

  2. Additionally, it is important to verify if the application you are attempting to connect to is operating within the IP range of 172.17.0.0/18.

Cause

Due to the inherent characteristics of Bitbucket Pipelines Runners as a self-hosted service, it is possible that you may have a service or application operating within the IP range 172.17.0.0/18 concurrently with your Runner host.

This specific IP range is utilized by the Docker-in-Docker service of Bitbucket Pipelines Runners. Consequently, any application that is executed within this IP range may create a conflict with the Docker-in-Docker service provided by Pipelines.

Solution

  1. If the Docker service is not necessary for the specific step, it is advisable to remove the service definition for Docker in that context:

    1 2 services: - docker

  2. To avoid IP address conflicts with the host's daemon or the 172.17.0.0/18 range utilized by other servers, it is essential to configure the Docker-in-Docker (dind) network bridge IP to begin in a different IP range. This can be accomplished by utilizing a custom dind image that includes the flag --bip <ip range> when initiating the dind daemon.

    1. Create a custom Docker-in-docker(dind) docker image and use that in the Bitbucket Pipeline as mentioned below:

      1 2 3 # custom-dind-image FROM docker:dind ENTRYPOINT [ "sh", "-c", "dockerd-entrypoint.sh $DOCKER_OPTS" ]

    2. Once the custom "dind" image is pushed into the registry (in this example the image name is mycustomdind), it can be used as a custom image in the Bitbucket Pipeline to setup the network bridge IP, as in the following example:

      1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 image: atlassian/default-image:4 definitions: services: custom-dind-service: image: name: <your docker registry>/mycustomdind username: $DOCKER_USER password: $DOCKER_PASS type: docker variables: DOCKER_OPTS: "--bip 172.28.0.1/16" pipelines: default: - step: runs-on: - 'self.hosted' - 'linux' script: - <commands> services: - custom-dind-service

Updated on March 13, 2025
Platform
Cloud only
Product
Bitbucket Cloud
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community