Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running Gitlab-Runner with a different user #277

Closed
coofercat opened this issue Aug 9, 2023 · 4 comments
Closed

Running Gitlab-Runner with a different user #277

coofercat opened this issue Aug 9, 2023 · 4 comments
Labels
Stale

Comments

@coofercat
Copy link
Contributor

[This isn't so much an issue as it's documentation for anyone else stumbling over this problem]

In my use-case, I need to run the Gitlab Runner as a corporate user (instead of the more usual gitlab-runner user that is created by the installation package). I looked into the vars settings in the Ansible role, but this turns not to be the way to solve this (or at least, I don't think it is).

Instead, I created a gitlab-runner-post role, in which I make a Systemd directory if it doesn't exist, and then write in an alternative ExecStart= override 'stub' to run as my chosen user. I broadly speaking followed this advice: https://stackoverflow.com/a/54831977/917444

The Ansible is this:

- name: Make a systemd override directory
  file:
    path: /etc/systemd/system/gitlab-runner.service.d
    owner: root
    group: root
    mode: "0755"
    state: directory

- name: Tell Systemd to start the runner as the robouser
  template:
    src: gitlab-runner-service.j2
    dest: /etc/systemd/system/gitlab-runner.service.d/exec_start.conf
    owner: root
    group: root
    mode: "0644"
  notify:
    - daemon reload
    - restart gitlab-runner

The template I put into Systemd is:

[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=
ExecStart=/usr/bin/gitlab-runner "run" "--working-directory" "/home/{{ gitlab-runner-user }}" "--config" "/etc/gitlab-runner/config.toml" "--service" "gitlab-runner" "--user" "{{ gitlab-runner-user }}"

(I copied this from the actual systemd service unit file, but note that I added ExecStart=)

FWIW, my 'post' role also includes writing out some scripts for additional monitoring and whatnot, but the main thing here is that Gitlab's runner process starts as root, but the executors run as the corporate user instead of the default one.
@riemers
Copy link
Owner

riemers commented Sep 7, 2023

If you want people to stumble upon it, you could just add a section to the readme / with link to stack. That way if this ticket auto closes it still remains 'documentated'

@github-actions
Copy link

github-actions bot commented Oct 8, 2023

Seems this message did not get a lot of love. This does not mean it was not seen but time wise might not have made it to proper attention. This is just the clean up action ;)

@github-actions github-actions bot added the Stale label Oct 8, 2023
@guenhter
Copy link
Collaborator

@coofercat Could you add this to the readme?

@coofercat
Copy link
Contributor Author

Hmm... my method seems very much to be a workaround rather than a solution, but I've added a small section to the Readme as you suggest. #297

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@riemers @coofercat @guenhter