Gitlab CI - gitlab-runner run as root

gitlab gitlab-ci gitlab-ci-runner
19,432

Solution 1

Register the runner without sudo, and that should set the gitlab-runner to run as your current user.

So steps should be:

sudo curl --output /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-darwin-amd64

sudo chmod +x /usr/local/bin/gitlab-runner

gitlab-runner register ...

gitlab-runner install

Remember to stop your sudo gitlab-runner service otherwise you could have multiple runners on the same machine fighting for the same jobs.

Solution 2

Here is documentation for how to use sudo and gitlab-runner user. I am not sure, but I think it creates multiple runners.

On CentOS 8 I modified the gitlab-runner.service and changed the --user option to root.
Here is the default configuration:

/usr/bin/gitlab-runner run --working-directory /home/gitlab-runner --config /etc/gitlab-runner/config.toml --service gitlab-runner --user gitlab-runner

or

root@server# cat /etc/systemd/system/gitlab-runner.service
[Unit]
Description=GitLab Runner
After=syslog.target network.target
ConditionFileIsExecutable=/usr/bin/gitlab-runner

[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/usr/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-runner" "--config" "/etc/gitlab-runner/config.toml" "--service" "gitlab-runner" "--user" "gitlab-runner"

Restart=always
RestartSec=120

[Install]
WantedBy=multi-user.target

and I changed to this:

[Unit]
Description=GitLab Runner
After=syslog.target network.target
ConditionFileIsExecutable=/usr/bin/gitlab-runner

[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/usr/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-runner" "--config" "/etc/gitlab-runner/config.toml" "--service" "gitlab-runner" "--user" "root"

User=root
Group=root

Restart=always
RestartSec=120

[Install]
WantedBy=multi-user.target

So this part --user gitlab-runner to --user root

NOTE

Absolutely I did not have security concerns, and did it for test, plase make sure you are considering security part.

Share:
19,432
alpiopio
Author by

alpiopio

Updated on June 18, 2022

Comments

  • alpiopio
    alpiopio almost 2 years

    I new on continous integration on iOS, I try to run build with gitlab-runner and use shell as executor but I got issue that pod cannot run as root I am sure that I am not installing cocoapods with sudo and I try run whoami at before_script and that's right my runner run as root enter image description here

    any one got same issue ?and how to fix it ?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Gitlab CI/CD runner : mvn command not found
Runner is not healthy and will be disabled
Why am I getting "Pipeline failed due to the user not being verified" & "Detached merge request pipeline" on a Gitlab merge request?
Gitlab Ci unable to push on a branch from runner
Why is postgres container ignoring /docker-entrypoint-initdb.d/* in Gitlab CI
How to make the activated specific runner of gitlab working?
How to remove/uninstall gitlab-runner completely from centos
gitlab-ci-runner choose executer "Please enter the executor:"
Gitlab CI runner configuration with cache on docker
Gitlab-Ci: How could I share data between jobs