Re: [libvirt-jenkins-ci PATCH 2/5] guests: templates: Introduce a gitlab-runner RC init service template

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Apr 06, 2020 at 12:09:50PM +0200, Erik Skultety wrote:
> On Fri, Apr 03, 2020 at 06:26:23PM +0200, Andrea Bolognani wrote:
> > Looks like I somehow sent an empty reply by mistake the first time
> > around. Let's try again...
> >
> > On Fri, 2020-04-03 at 16:04 +0200, Erik Skultety wrote:
> > > On Fri, Apr 03, 2020 at 03:50:21PM +0200, Andrea Bolognani wrote:
> > > > I have tested this, though not extensively, on Linux and adding
> > > > User=gitlab to the service file seems to be basically all that's
> > >
> > > Did ^this actually work? I recall having some issues on Linux when I used the
> > > User= directive and I could not get the agent pull a job from the server,
> >
> > It would seem that way:
> >
> >   https://gitlab.com/abologna/libvirt/pipelines/132661098
>
> Sorry, what exactly am I looking at ^here? Those are all containers, whereas
> these patches are targeting VMs mainly.
>
> Anyhow, now I remember why I didn't go with User=gitlab systemd service
> directive and opted for dropping the privileges by gitlab-runner itself, the
> build fails on debian-9:
> https://gitlab.com/eskultety/libvirt/-/jobs/498107944
>
> ..so far, I haven't been able to identify the problem on debian. In fact, if I
> create the directory forcefully, I get:
> https://gitlab.com/eskultety/libvirt/-/jobs/499941944

Found it [1],[2]
[1] https://gitlab.com/gitlab-org/gitlab-runner/issues/4449
[2] https://gitlab.com/gitlab-org/gitlab-runner/issues/1379

If I haven't missed anything in the discussion, gitlab is going with the
following "fix":
https://gitlab.com/ubarbaxor/gitlab-runner/-/merge_requests/1/diffs?commit_id=a9e021885ddddfb18aea7d1dd32ec8840c480157

Unfortunately for us, that "fix" is irrelevant to our use case as it's only
available for packaged versions of gitlab-runner and by the time the package
would be installed and created the user without the skeleton files we'd had
already created the user profile including them, because we need .bashrc anyway.

However, after wiping the contents of .bash_logout, the build passes:
https://gitlab.com/eskultety/libvirt/-/jobs/499969944

So, I suggest I add an additional ansible task that removes .bash_logout (it's
empty on RH-like distros and isn't even created on FreeBSD) and adjust the
service file as you suggested in your original patch review, that way, we run
the gitlab-runner with the right privileges since the very begining.

--
Erik Skultety





[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux