On Mon, 2020-04-06 at 12:52 +0200, Erik Skultety wrote: > On Mon, Apr 06, 2020 at 12:09:50PM +0200, Erik Skultety wrote: > > Anyhow, now I remember why I didn't go with User=gitlab systemd service > > directive and opted for dropping the privileges by gitlab-runner itself, the > > build fails on debian-9: > > https://gitlab.com/eskultety/libvirt/-/jobs/498107944 > > > > ..so far, I haven't been able to identify the problem on debian. In fact, if I > > create the directory forcefully, I get: > > https://gitlab.com/eskultety/libvirt/-/jobs/499941944 > > Found it [1],[2] > [1] https://gitlab.com/gitlab-org/gitlab-runner/issues/4449 > [2] https://gitlab.com/gitlab-org/gitlab-runner/issues/1379 > > If I haven't missed anything in the discussion, gitlab is going with the > following "fix": > https://gitlab.com/ubarbaxor/gitlab-runner/-/merge_requests/1/diffs?commit_id=a9e021885ddddfb18aea7d1dd32ec8840c480157 > > Unfortunately for us, that "fix" is irrelevant to our use case as it's only > available for packaged versions of gitlab-runner and by the time the package > would be installed and created the user without the skeleton files we'd had > already created the user profile including them, because we need .bashrc anyway. > > However, after wiping the contents of .bash_logout, the build passes: > https://gitlab.com/eskultety/libvirt/-/jobs/499969944 Oh yeah, I had encountered the same issue during my tests, and after searching around I had also landed on the same workaround. > So, I suggest I add an additional ansible task that removes .bash_logout (it's > empty on RH-like distros and isn't even created on FreeBSD) and adjust the > service file as you suggested in your original patch review, that way, we run > the gitlab-runner with the right privileges since the very begining. Sounds good to me. We can remove it unconditionally no matter the flavor, it's not like it does much anyway since even developers who create VMs locally will access them via ssh. -- Andrea Bolognani / Red Hat / Virtualization