From d66c563c311ed4be21deed710658abbdac024ab5 Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Fri, 3 Feb 2023 11:14:46 -0500 Subject: [PATCH] Fix registration permission denied For normal operations, the `runner` user's `.gitlab-runner` directory has a symlink for (read-only) `config.toml` -> `/var/run/secrets/config.toml`. However, for during registration attempts to write to this volume-mounted file result in a `PANIC: write: permission denied` error. Fix this by running the registration as (namespaced) `root` user, and using the default config. file location of `/etc/gitlab-runner`. Signed-off-by: Chris Evich --- Containerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Containerfile b/Containerfile index ff9f829..75a76b7 100644 --- a/Containerfile +++ b/Containerfile @@ -43,7 +43,7 @@ ARG NESTED_PRIVILEGED=true # may be changed if you know what you're doing. LABEL register="podman run -it --rm \ --secret=REGISTRATION_TOKEN,type=env \ - -v ./config.toml:/home/runner/.gitlab-runner/config.toml:Z \ + -v ./config.toml:/etc/gitlab-runner/config.toml:Z \ -e REGISTER_NON_INTERACTIVE=true \ -e CI_SERVER_URL=https://gitlab.com/ \ -e RUNNER_NAME=pipglr \ @@ -56,7 +56,6 @@ LABEL register="podman run -it --rm \ -e DOCKER_VOLUMES=/cache \ -e DOCKER_NETWORK_MODE=host \ -e DOCKER_PRIVILEGED=${NESTED_PRIVILEGED} \ - --user runner \ --entrypoint=/usr/bin/gitlab-runner \$IMAGE register" # Additionally, the nested-podman storage volumes must be pre-created with # 'podman' UID/GID values to allow nested containers access.