sameersbn
Feature request: Allow changing the runner user
I tried to make the runner customizable by an ENV var, but somehow I was not able to set the user like so in assets/setup/install or assets/init:
GITLAB_CI_RUNNER_USER=${GITLAB_CI_RUNNER_USER:root}
Any idea how this could be made possible.
My use case would be to assign root or docker as a user to allow the runner to spawn containers on an isolated host.
@schmunk42 you can create a new image based on this image and update the user in /etc/supervisor/conf.d/runner.conf to root. However I cannot guarantee that it will work.
How will the container get access to the docker daemon? Are you volume mounting the docker binary and socket? If that is the case, you can true adding the user with id 1000 to the docker group. If it works as I expect it to, then the gitlab_ci_runner user should be able to create containers without su permissions.
Please be advised that this is a very risky thing to do. Volume mounting the docker binary and socket inside a docker container renders the host vulnerable.
I think you should look at drone.io. Its a CI platform that creates a new container to run the tests. I think drone.io integrates with gitlab.
Please be advised that this is a very risky thing to do. Volume mounting the docker binary and socket inside a docker container renders the host vulnerable.
I know. My setup is experimental and I use a separate VM for isolation just for runners and containers spawned by them.
How will the container get access to the docker daemon? Are you volume mounting the docker binary and socket?
The command basically looks like this:
docker run --name $RUNNER_NAME -it --rm --privileged \
-e CI_SERVER_URL=http://192.168.1.40:8080 \
-e REGISTRATION_TOKEN=<CAN_BE_FOUND_HERE:https://ci.example.com/admin/runners> \
-e CI_RUNNERS_COUNT=1 \
-v /Volumes/runners/$RUNNER_NAME/:/home/gitlab_ci_runner/data \
-v `which docker`:/usr/bin/docker \
-v `which docker-compose`:/usr/local/bin/docker-compose \
-v /var/run/docker.sock:/var/run/docker.sock \
schmunk42/gitlab-ci-runner
I think you should look at drone.io. Its a CI platform that creates a new container to run the tests. I think drone.io integrates with gitlab.
I did look at that, but using your docker containers are way cooler ;) because I want to test whole application container stacks, defined in a yml file. Which is easily possible with the runner concept as docker container. Drone works on this, I remember a StackOverflow question about it, but is currently limited to predefined containers.
@schmunk42 With your changes, the runner is not able to spawn containers?
It is, everything works fine, besides the one thing that I can not define the user name with a docker ENV variable, I tried to use it like the other replacements, but it was empty all the time.
@schmunk42 understood. You need to configure the user for the runner supervisord process in the init script, not in the install script. In the install script restore the user to root and in the init script add something along these lines
GITLAB_CI_RUNNER_USER=${GITLAB_CI_RUNNER_USER:-gitlab_ci_runner}
sed 's/user=.*/user='"${GITLAB_CI_RUNNER_USER}"'/' -i /etc/supervisor/conf.d/runner.conf
With the above changes you should be able to specify the user via GITLAB_CI_RUNNER_USER
Thank you, I will try that…
Am 28.04.2015 um 11:49 schrieb Sameer Naik [email protected]:
@schmunk42 understood. You need to configure the user for the runner supervisord process in the init script, not in the install script. In the install script restore the user to root and in the init script add something along these lines
GITLAB_CI_RUNNER_USER=${GITLAB_CI_RUNNER_USER:-gitlab_ci_runner}
sed 's/user=.*/user='"${GITLAB_CI_RUNNER_USER}"'/' -i /etc/supervisor/conf.d/runner.conf — Reply to this email directly or view it on GitHub.
#Contact [email protected] skype://schmunk23 http://usrbin.de
#Social http://www.facebook.com/schmunk42 http://twitter.com/schmunk42 https://www.xing.com/profile/Tobias_Munk http://www.linkedin.com/pub/tobias-munk/20/a67/380
#OpenSource http://phundament.com/ http://lithron.de/ https://github.com/schmunk42