[英]How to use sudo in build script for gitlab ci?
When I would like to do something that requiers sudo privelegies, the build process stucks and when ps aux
for that command, it hanging in the list but doing nothing.当我想做一些需要 sudo privelegies 的事情时,构建过程会卡住,当ps aux
用于该命令时,它挂在列表中但什么也不做。
Eg:例如:
in the buildscript:在构建脚本中:
# stop nginx
echo "INFO: stopping nginx. pid [$(cat /opt/nginx/logs/nginx.pid)]"
sudo kill $(cat /opt/nginx/logs/nginx.pid)
in the gitlab ci output console:在 gitlab ci 输出控制台中:
INFO: stopping nginx. pid [2741]
kill $(cat /opt/nginx/logs/nginx.pid) # with a spinning wheel
in the bash:在 bash 中:
> ps aux | grep nginx
root 6698 0.0 0.1 37628 1264 ? Ss 19:25 0:00 nginx: master process /opt/nginx/sbin/nginx
nobody 6700 0.3 0.3 41776 3832 ? S 19:25 0:00 nginx: worker process
kai 7015 0.0 0.0 4176 580 pts/0 S+ 19:27 0:00 sh -c sudo kill $(cat /opt/nginx/logs/nginx.pid)
kai 7039 0.0 0.0 7828 844 pts/2 S+ 19:27 0:00 grep nginx
So:所以:
sudo kill $(cat /opt/nginx/logs/nginx.pid)
is going to execute, but sh -c sudo kill $(cat /opt/nginx/logs/nginx.pid)
不是sudo kill $(cat /opt/nginx/logs/nginx.pid)
将要执行,而是sh -c sudo kill $(cat /opt/nginx/logs/nginx.pid)
There are a couple of ways to resolve this.有几种方法可以解决这个问题。
You can grant sudo permissions to the gitlab-runner
user as this is who is executing the build script.您可以向gitlab-runner
用户授予 sudo 权限,因为该用户正在执行构建脚本。
$ sudo usermod -a -G sudo gitlab-runner
You now have to remove the password restriction for sudo
for the gitlab-runner
user.您现在必须为gitlab-runner
用户删除sudo
的密码限制。
Start the sudo editor with启动 sudo 编辑器
$ sudo visudo
Now add the following to the bottom of the file现在将以下内容添加到文件底部
gitlab-runner ALL=(ALL) NOPASSWD: ALL
Do not do this for gitlab runners that can be executed by untrusted users.不要对可以由不受信任的用户执行的 gitlab 运行程序执行此操作。
You can configure the gitlab-ci-runner
to connect to a remote host using SSH.您可以将gitlab-ci-runner
配置为使用 SSH 连接到远程主机。 You configure this to use a user remotely that has sudo permissions, and perform the build using that user.您将其配置为远程使用具有 sudo 权限的用户,并使用该用户执行构建。 The remote host can be the same machine that the gitlab runner is executing on, or it can be another host.远程主机可以是 gitlab runner 正在执行的同一台机器,也可以是另一台主机。
This build user account will still need to have sudo and passwordless permissions.此构建用户帐户仍需要具有 sudo 和无密码权限。 Follow the instruction below, except replace gitlab-runner
with the build user.按照以下说明进行操作,但将gitlab-runner
替换为构建用户。
It worked for me as written by Reactgular.正如 Reactgular 所写的那样,它对我有用。
But one little clarification.但有一点澄清。 You must include a %
sign before您必须在前面包含一个%
符号gitlab-runner ALL = (ALL) NOPASSWD: ALL
. gitlab-runner ALL = (ALL) NOPASSWD: ALL
。
I could not understand for a long time why it doesn't help me.很长一段时间我都无法理解为什么它对我没有帮助。 Then I put the percentage icon and it worked.然后我放了百分比图标,它起作用了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.