如何在gitlab ci的构建脚本中使用sudo?
[英]How to use sudo in build script for gitlab ci?
问题描述
When I would like to do something that requiers sudo privelegies, the build process stucks and when ps aux for that command, it hanging in the list but doing nothing.
当我想做一些需要 sudo privelegies 的事情时,构建过程会卡住,当ps aux用于该命令时,它挂在列表中但什么也不做。
Eg:例如:
in the buildscript:在构建脚本中:
# stop nginx
echo "INFO: stopping nginx. pid [$(cat /opt/nginx/logs/nginx.pid)]"
sudo kill $(cat /opt/nginx/logs/nginx.pid)
in the gitlab ci output console:在 gitlab ci 输出控制台中:
INFO: stopping nginx. pid [2741]
kill $(cat /opt/nginx/logs/nginx.pid) # with a spinning wheel
in the bash:在 bash 中:
> ps aux | grep nginx
root 6698 0.0 0.1 37628 1264 ? Ss 19:25 0:00 nginx: master process /opt/nginx/sbin/nginx
nobody 6700 0.3 0.3 41776 3832 ? S 19:25 0:00 nginx: worker process
kai 7015 0.0 0.0 4176 580 pts/0 S+ 19:27 0:00 sh -c sudo kill $(cat /opt/nginx/logs/nginx.pid)
kai 7039 0.0 0.0 7828 844 pts/2 S+ 19:27 0:00 grep nginx
So:所以:
- not the
sudo kill $(cat /opt/nginx/logs/nginx.pid)is going to execute, butsh -c sudo kill $(cat /opt/nginx/logs/nginx.pid)不是sudo kill $(cat /opt/nginx/logs/nginx.pid)将要执行,而是sh -c sudo kill $(cat /opt/nginx/logs/nginx.pid) - it is hanging up, without response (sounds for me like it asks for a password interactively)它挂断了,没有响应(对我来说听起来就像它以交互方式要求输入密码)
2 个解决方案
解决方案1
59 2016-06-14 00:05:39
There are a couple of ways to resolve this.有几种方法可以解决这个问题。
Grant sudo permissions授予sudo权限
You can grant sudo permissions to the gitlab-runner user as this is who is executing the build script.您可以向gitlab-runner用户授予 sudo 权限,因为该用户正在执行构建脚本。
$ sudo usermod -a -G sudo gitlab-runner
You now have to remove the password restriction for sudo for the gitlab-runner user.您现在必须为gitlab-runner用户删除sudo的密码限制。
Start the sudo editor with启动 sudo 编辑器
$ sudo visudo
Now add the following to the bottom of the file现在将以下内容添加到文件底部
gitlab-runner ALL=(ALL) NOPASSWD: ALL
Do not do this for gitlab runners that can be executed by untrusted users.
SSH Runner SSH 运行程序
You can configure the gitlab-ci-runner to connect to a remote host using SSH.您可以将gitlab-ci-runner配置为使用 SSH 连接到远程主机。 You configure this to use a user remotely that has sudo permissions, and perform the build using that user.您将其配置为远程使用具有 sudo 权限的用户,并使用该用户执行构建。 The remote host can be the same machine that the gitlab runner is executing on, or it can be another host.远程主机可以是 gitlab runner 正在执行的同一台机器,也可以是另一台主机。
This build user account will still need to have sudo and passwordless permissions.此构建用户帐户仍需要具有 sudo 和无密码权限。 Follow the instruction below, except replace gitlab-runner with the build user.按照以下说明进行操作,但将gitlab-runner替换为构建用户。
解决方案2
1 2021-07-08 09:37:42
It worked for me as written by Reactgular.正如 Reactgular 所写的那样,它对我有用。
But one little clarification.但有一点澄清。 You must include a % sign before您必须在前面包含一个%符号gitlab-runner ALL = (ALL) NOPASSWD: ALL . gitlab-runner ALL = (ALL) NOPASSWD: ALL 。
I could not understand for a long time why it doesn't help me.很长一段时间我都无法理解为什么它对我没有帮助。 Then I put the percentage icon and it worked.然后我放了百分比图标,它起作用了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.