Created by Juergen Hannappel, last modified on Jan 15, 2024 16:31
Test (without puppetisation yet):
- created a functional account (maxdep01)
- created home dir for that account (via 'su - maxdep01')
- Installed latest (15.5.1) runner on max-infra003
- Disabled the service that came with the RPM
registered the runner via
gitlab-runner register -r <Token> -u https://gitlab.desy.de/ --executor shell --name maxdep01-runner -c /etc/gitlab-runner/config-maxdep01.toml
changed permissions on the resulting config file and config dir to be:
root@max-infra003 ~]# ls -ltra /etc/gitlab-runner/
total 24
drwxr-xr-x. 134 root root 12288 Nov 16 15:25 ..
-rw------- 1 root root 77 Nov 16 15:25 config.toml
-rw------- 1 maxdep01 root 431 Nov 16 15:42 config-maxdep01.toml
drwxr-x--- 2 root it 4096 Nov 16 15:42 .
We can either have the gitlab-runner run as root and change to the defined user by itself (as it does in the default config), making the configs readable for root only or have the runner run in user mode, controlled by systemd then we nedd the permissions as set here.
Created a new service file for a per-user service Note that the user is given via the systemd unit, not as a parameter to the runner!
[Unit]
Description=GitLab Runner
ConditionFileIsExecutable=/usr/bin/gitlab-runner
ConditionPathExists=/etc/gitlab-runner/config-%i.toml
After=syslog.target network.target
[Service]
User=%i
Environment="PATH=/software/git/bin:/software/tools/bin:/usr/local/bin:/usr/bin"
ExecStartPre=/usr/bin/test -e /home/.icinga_test
ExecStartPre=/usr/bin/test -e /software/.icinga_test
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/usr/bin/gitlab-runner run --working-directory /home/%i --config /etc/gitlab-runner/config-%i.toml --service gitlab-runner
The path-setting in the environment is needed to have a sufficiently new git, otherwise the runner doesn't work reliebly.
started service using 'systemctl restart gitlab-runner@maxdep01' and voila:
[root@max-infra003 ~]# systemctl status gitlab-runner@maxdep01
● gitlab-runner@maxdep01.service - GitLab Runner
Loaded: loaded (/etc/systemd/system/gitlab-runner@.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2022-11-16 16:30:27 CET; 7min ago
Process: 40319 ExecStartPre=/usr/bin/test -e /software/.icinga_test (code=exited, status=0/SUCCESS)
Process: 40316 ExecStartPre=/usr/bin/test -e /home/.icinga_test (code=exited, status=0/SUCCESS)
Main PID: 40323 (gitlab-runner)
CGroup: /system.slice/system-gitlab\x2drunner.slice/gitlab-runner@maxdep01.service
└─40323 /usr/bin/gitlab-runner run --working-directory /home/maxdep01 --config /etc/gitlab-runner/config-maxdep01.toml --service gitlab-ru...
Nov 16 16:30:27 max-infra003.desy.de systemd[1]: Started GitLab Runner.
Nov 16 16:30:27 max-infra003.desy.de gitlab-runner[40323]: Runtime platform arch=amd64 os=linux pid=40323 r...=15.5.1
Nov 16 16:30:27 max-infra003.desy.de gitlab-runner[40323]: Starting multi-runner from /etc/gitlab-runner/config-maxdep01.toml... builds=0
Nov 16 16:30:27 max-infra003.desy.de gitlab-runner[40323]: WARNING: Running in user-mode.
Nov 16 16:30:27 max-infra003.desy.de gitlab-runner[40323]: WARNING: Use sudo for system-mode:
Nov 16 16:30:27 max-infra003.desy.de gitlab-runner[40323]: WARNING: $ sudo gitlab-runner...
Nov 16 16:30:27 max-infra003.desy.de gitlab-runner[40323]:
Nov 16 16:30:27 max-infra003.desy.de gitlab-runner[40323]: Configuration loaded builds=0
Nov 16 16:30:27 max-infra003.desy.de gitlab-runner[40323]: listen_address not defined, metrics & debug endpoints disabled builds=0
Nov 16 16:30:27 max-infra003.desy.de gitlab-runner[40323]: [session_server].listen_address not defined, session endpoints disabled builds=0
Hint: Some lines were ellipsized, use -l to show in full.
And it works, ewmscp is now deployed by the CI/CD as can be seen by the ownership of the deployed files:
root@max-infra003 ~]# ls -ltra /software/tools/bin/ | grep max
-rwxr-xr-x 1 maxdep01 it 10362 Nov 17 19:14 gpfs-mv
-rwxr-xr-x 1 maxdep01 it 11982 Nov 17 19:14 ewmsls
-rwxr-xr-x 1 maxdep01 it 1257 Nov 17 19:14 dCacheFileCheck.bash
-rwxr-xr-x 1 maxdep01 it 10494 Nov 17 19:14 adler32
-rwxr-xr-x 1 maxdep01 it 2824504 Nov 17 19:15 fixGpfsAcls
-rwxr-xr-x 1 maxdep01 it 3415744 Nov 17 19:15 dirCount
-rwxr-xr-x 1 maxdep01 it 3285648 Nov 17 19:15 escaper
-rwxr-xr-x 1 maxdep01 it 2955312 Nov 17 19:15 recursiveGpfsImmutable
-rwxr-xr-x 1 maxdep01 it 4810648 Nov 17 19:15 fileOpsTests
-rwxr-xr-x 1 maxdep01 it 3174448 Nov 17 19:15 checkGpfsAcls
-rwxr-xr-x 1 maxdep01 it 4676448 Nov 17 19:15 regex_test
-rwxr-xr-x 1 maxdep01 it 3550168 Nov 17 19:15 truncate_file
-rwxr-xr-x 1 maxdep01 it 2472392 Nov 17 19:15 sparseMap
-rwxr-xr-x 1 maxdep01 it 2778376 Nov 17 19:15 statvfs
-rwxr-xr-x 1 maxdep01 it 5723288 Nov 17 19:15 inotify_watch
-rwxr-xr-x 1 maxdep01 it 25014592 Nov 17 19:15 ewmscp
The deploy pipeline yml file is not in the public ewmscp repo but in a private ewmscp-deployer repo, which includes the original CI yml for the tests
Also installed on max-infra005 for RHEL9 stuff, uses