Re: [libvirt-jenkins-ci PATCH 2/5] guests: templates: Introduce a gitlab-runner RC init service template

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2020-04-06 at 12:52 +0200, Erik Skultety wrote:
> On Mon, Apr 06, 2020 at 12:09:50PM +0200, Erik Skultety wrote:
> > Anyhow, now I remember why I didn't go with User=gitlab systemd service
> > directive and opted for dropping the privileges by gitlab-runner itself, the
> > build fails on debian-9:
> > https://gitlab.com/eskultety/libvirt/-/jobs/498107944
> > 
> > ..so far, I haven't been able to identify the problem on debian. In fact, if I
> > create the directory forcefully, I get:
> > https://gitlab.com/eskultety/libvirt/-/jobs/499941944
> 
> Found it [1],[2]
> [1] https://gitlab.com/gitlab-org/gitlab-runner/issues/4449
> [2] https://gitlab.com/gitlab-org/gitlab-runner/issues/1379
> 
> If I haven't missed anything in the discussion, gitlab is going with the
> following "fix":
> https://gitlab.com/ubarbaxor/gitlab-runner/-/merge_requests/1/diffs?commit_id=a9e021885ddddfb18aea7d1dd32ec8840c480157
> 
> Unfortunately for us, that "fix" is irrelevant to our use case as it's only
> available for packaged versions of gitlab-runner and by the time the package
> would be installed and created the user without the skeleton files we'd had
> already created the user profile including them, because we need .bashrc anyway.
> 
> However, after wiping the contents of .bash_logout, the build passes:
> https://gitlab.com/eskultety/libvirt/-/jobs/499969944

Oh yeah, I had encountered the same issue during my tests, and after
searching around I had also landed on the same workaround.

> So, I suggest I add an additional ansible task that removes .bash_logout (it's
> empty on RH-like distros and isn't even created on FreeBSD) and adjust the
> service file as you suggested in your original patch review, that way, we run
> the gitlab-runner with the right privileges since the very begining.

Sounds good to me. We can remove it unconditionally no matter the
flavor, it's not like it does much anyway since even developers who
create VMs locally will access them via ssh.

-- 
Andrea Bolognani / Red Hat / Virtualization




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux