Fix registration permission denied
For normal operations, the `runner` user's `.gitlab-runner` directory has a symlink for (read-only) `config.toml` -> `/var/run/secrets/config.toml`. However, for during registration attempts to write to this volume-mounted file result in a `PANIC: write: permission denied` error. Fix this by running the registration as (namespaced) `root` user, and using the default config. file location of `/etc/gitlab-runner`. Signed-off-by: Chris Evich <cevich@redhat.com>
This commit is contained in:
Chris Evich
@@ -43,7 +43,7 @@ ARG NESTED_PRIVILEGED=true
|
|||||||
# may be changed if you know what you're doing.
|
# may be changed if you know what you're doing.
|
||||||
LABEL register="podman run -it --rm \
|
LABEL register="podman run -it --rm \
|
||||||
--secret=REGISTRATION_TOKEN,type=env \
|
--secret=REGISTRATION_TOKEN,type=env \
|
||||||
-v ./config.toml:/home/runner/.gitlab-runner/config.toml:Z \
|
-v ./config.toml:/etc/gitlab-runner/config.toml:Z \
|
||||||
-e REGISTER_NON_INTERACTIVE=true \
|
-e REGISTER_NON_INTERACTIVE=true \
|
||||||
-e CI_SERVER_URL=https://gitlab.com/ \
|
-e CI_SERVER_URL=https://gitlab.com/ \
|
||||||
-e RUNNER_NAME=pipglr \
|
-e RUNNER_NAME=pipglr \
|
||||||
@@ -56,7 +56,6 @@ LABEL register="podman run -it --rm \
|
|||||||
-e DOCKER_VOLUMES=/cache \
|
-e DOCKER_VOLUMES=/cache \
|
||||||
-e DOCKER_NETWORK_MODE=host \
|
-e DOCKER_NETWORK_MODE=host \
|
||||||
-e DOCKER_PRIVILEGED=${NESTED_PRIVILEGED} \
|
-e DOCKER_PRIVILEGED=${NESTED_PRIVILEGED} \
|
||||||
--user runner \
|
|
||||||
--entrypoint=/usr/bin/gitlab-runner \$IMAGE register"
|
--entrypoint=/usr/bin/gitlab-runner \$IMAGE register"
|
||||||
# Additionally, the nested-podman storage volumes must be pre-created with
|
# Additionally, the nested-podman storage volumes must be pre-created with
|
||||||
# 'podman' UID/GID values to allow nested containers access.
|
# 'podman' UID/GID values to allow nested containers access.
|
||||||
|
|||||||
Reference in New Issue
Block a user