Gitlab CI - gitlab-runner run as root
Solution 1
Register the runner without sudo, and that should set the gitlab-runner
to run as your current user.
So steps should be:
sudo curl --output /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-darwin-amd64
sudo chmod +x /usr/local/bin/gitlab-runner
gitlab-runner register ...
gitlab-runner install
Remember to stop your sudo gitlab-runner
service otherwise you could have multiple runners on the same machine fighting for the same jobs.
Solution 2
Here is documentation for how to use sudo
and gitlab-runner
user.
I am not sure, but I think it creates multiple runners.
On CentOS 8 I modified the gitlab-runner.service
and changed the --user
option to root
.
Here is the default configuration:
/usr/bin/gitlab-runner run --working-directory /home/gitlab-runner --config /etc/gitlab-runner/config.toml --service gitlab-runner --user gitlab-runner
or
root@server# cat /etc/systemd/system/gitlab-runner.service
[Unit]
Description=GitLab Runner
After=syslog.target network.target
ConditionFileIsExecutable=/usr/bin/gitlab-runner
[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/usr/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-runner" "--config" "/etc/gitlab-runner/config.toml" "--service" "gitlab-runner" "--user" "gitlab-runner"
Restart=always
RestartSec=120
[Install]
WantedBy=multi-user.target
and I changed to this:
[Unit]
Description=GitLab Runner
After=syslog.target network.target
ConditionFileIsExecutable=/usr/bin/gitlab-runner
[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/usr/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-runner" "--config" "/etc/gitlab-runner/config.toml" "--service" "gitlab-runner" "--user" "root"
User=root
Group=root
Restart=always
RestartSec=120
[Install]
WantedBy=multi-user.target
So this part --user gitlab-runner
to --user root
NOTE
Absolutely I did not have security concerns, and did it for test, plase make sure you are considering security part.
alpiopio
Updated on June 18, 2022Comments
-
alpiopio almost 2 years
I new on continous integration on iOS, I try to run build with gitlab-runner and use shell as executor but I got issue that
pod cannot run as root
I am sure that I am not installing cocoapods with sudo and I try runwhoami
atbefore_script
and that's right my runner run as rootany one got same issue ?and how to fix it ?