更改 Gitlab CI Runner 用户

Question

Currently when I start a build in GitlabCI it is running under gitlab-runner user. I want to change it the company's internal user. I didn't find any parameter to the /etc/gitlab-runner/config.toml which is solve that.

My current configuration:

concurrent = 1
[[runners]]
  name = "deploy"
  url = ""
  token = ""
  executor = "shell"

Answer 1

Running ps aux you can see:

/usr/bin/gitlab-ci-multi-runner run --working-directory /home/gitlab-runner --config /etc/gitlab-runner/config.toml --service gitlab-runner --syslog --user gitlab-runner

Service is running with option --user .

So let's change this, it depends on what distro. you are running it. If systemd, there is a file:

/etc/systemd/system/gitlab-runner.service:

[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/usr/bin/gitlab-ci-multi-runner "run" "--working-directory" "/home/gitlab-runner" "--config" "/etc/gitlab-runner/config.toml" "--se

Bingo, let's change this file now:

gitlab-runner uninstall

gitlab-runner install --working-directory /home/ubuntu --user ubuntu

reboot the machine or reload the service (ie systemctl daemon-reload ), et voilà!

Answer 2

Note that when installing with a specific user (--user), whenever you update, it will revert back to the original systemd script and so, back to using gitlab-runner user.

in order to keep the user change across updates, using systemd overrides (centos7) you can use these steps (assuming service is at /etc/systemd/system/gitlab-runner.service ):

1. Create a /etc/systemd/system/gitlab-runner.service.d directory.

2. Create a /etc/systemd/system/gitlab-runner.service.d/exec_start.conf file, with content:

    [Service] ExecStart= ExecStart=/usr/lib/gitlab-runner/gitlab-runner "run" "--working-directory" "/home/ubuntu" "--config" "/etc/gitlab-runner/config.toml" "--service" "gitlab-runner" "--syslog" "--user" "ubuntu"

3. Execute systemctl daemon-reload

Now to check this is working, you can do this:

1. Reinstall GitLab Runner package gitlab-runner uninstall and then gitlab-runner install

2. Check ps aux | grep gitlab ps aux | grep gitlab and confirm the right user is being used

source: https://gitlab.com/gitlab-org/gitlab-runner/issues/3675

Answer 3

[DEPRECATED ANSWER]

I found a solution, which is not best pactrice but solved it. I need to use the ssh executer and ssh to localhost. It is require to add gitlab-runner id_rsa.pub to the user's authorized_keys what you want to use. There is my extended code:

concurrent = 1

[[runners]]
  name = "deploy"
  url = ""
  token = ""
  executor = "ssh"
  [runners.ssh]
    user = "user"
    host = "localhost"
    port = "22"
    identity_file = "/home/gitlab-runner/.ssh/id_rsa"

Answer 4

Once the gitlab-runner is registered (yes, it will be installed under the user gitlab-runner and working directory /home/gitlab-runner ) you can execute the following to change the runner's user

gitlab-runner uninstall

gitlab-runner install --working-directory <existing-path> --user <any-existing-user>

# eg: gitlab-runner install --working-directory /home/ec2-user --user ec2-user

then restart the service

service gitlab-runner restart

NOTE: you don't need to edit /etc/systemd/system/gitlab-runner.service for this, as it is being updated once the service is restarted as above

to check if the configurations are reflecting, run

ps aux | grep gitlab

Answer 5

Just for future reference, I was doing a test with a cloned version of my setup, if the domainname is not pointing to the server you are working with, gitlab might consider your runners offline. If you have another (copied) instance running at the ip the domain is pointing at and there is no firewall blocking, the gitlab-runner verify command will say your runners are alive.

a solution could be adding your domain pointing to 127.0.0.1 to your hosts file. you'll have to restart your gitlab instance and runners.

Answer 6

对于最新版本的 gitlab-runner，您应该修改/etc/default/gitlab-runner文件中的系统参数。

Answer 7

Here example for docker gitlab-runner:

Build your own runner image based on Dockerfile with following content

FROM gitlab/gitlab-runner
# add new user (if needed)
RUN useradd -u 998 gitlab-www && mkdir /home/gitlab-www && \
    chown gitlab-www /home/gitlab-www && chmod u+rwx /home/gitlab-www
# need to replace entrypoint to force new created user over gitlab-runner
ENTRYPOINT /usr/bin/dumb-init /entrypoint run --user=gitlab-www --working-directory=/home/gitlab-www

(update -u 998 and gitlab-www as you need)

.gitlab-ci.yml scripts are running as user gitlab-www now. If this one has same uid as host mounts, you are also able to deploy directly to host folders.