Gitlab Runner with Docker and shell error — Permission denied

0
votes

Installed a brand new Gitlab CE 13.9.1 on a Ubuntu Server 20.04.2.0. This is the pipeline

image: node:latest

before_script:
  - apt-get update -qq

stages:
  - install

install:
  stage: install
  script:
    - npm install --verbose

To run it I configure my Gitlab Runner using the same procedure as in my previous Gitlab CE 12:

I pull last Gitlab runner image:

docker pull gitlab/gitlab-runner:latest

First try:

Start GitLab Runner container mounting on local volume

docker run -d \
--name gitlab-runner \
--restart always \
-v /srv/gitlab-runner/config:/etc/gitlab-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
gitlab/gitlab-runner:latest

And register runner

docker run --rm -t -i \
-v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register

When registering runner, for executor I pick shell

Finally, when I push to Gitlab, on the pipeline, I see this error:

$ apt-get update -qq
E: List directory /var/lib/apt/lists/partial is missing. - Acquire (13: Permission denied)
ERROR: Job failed: exit status 1

Second try:

Start GitLab Runner container mounting on Docker volume

  1. Create volume
docker volume create gitlab-runner-config
  1. Start GitLab Runner container
docker run -d \
--name gitlab-runner \
--restart always \
-v gitlab-runner-config:/etc/gitlab-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
gitlab/gitlab-runner:latest
  1. Register runner (picking shell again as executor)
docker run \
--rm -t -i \
-v gitlab-runner-config:/etc/gitlab-runner gitlab/gitlab-runner register

Same results.

$ apt-get update -qq
E: List directory /var/lib/apt/lists/partial is missing. - Acquire (13: Permission denied)
ERROR: Job failed: exit status 1

Third try:

Granting permissions to gitlab-runner

I ended up reading In gitlab CI the gitlab runner choose wrong executor and https://docs.gitlab.com/runner/executors/shell.html#running-as-unprivileged-user, which states these solutions:

  1. move to docker
  2. grant user gitlab-runner the permissions he needs to run specified commands. gitlab-runner may run apt-get without sudo, also he will need perms for npm install and npm run.
  3. grant sudo nopasswd to user gitlab-runner. Add gitlab-runner ALL=(ALL) NOPASSWD: ALL (or similar) to /etc/sudoers on the machine gitlab-runner is installed and change the lines apt-get update to sudo apt-get update, which will execute them as privileged user (root).
  1. I need to use shell
  2. I already did that with sudo usermod -aG docker gitlab-runner
  3. Tried as well with sudo nano /etc/sudoers, adding gitlab-runner ALL=(ALL) NOPASSWD: ALL, and using sudo apt-get update -qq in the pipeline, which results in bash: line 106: sudo: command not found

I'm pretty lost here now. Any idea will be welcome.

1
dockergitlabgitlab-ci-runner

1 Answers

2
votes

IMHO, using shell executor on a Docker runner with already mounted Docker socket on it is not a good idea. You'd better use docker executor, which will take care of everything and probably is how it's supposed to be run.

Edit

Alternatively, you can use a customized Docker image to allow using the shell executor with root permissions. First, you'll need to create a Dockerfile:

FROM gitlab/gitlab-runner:latest
# Change user to root
USER root

Then, you'll have to build the image (here, I tagged it as custom-gitlab-runner):

$ docker build -t custom-gitlab-runner .

Finally, you'll need to use this image:

docker run -d \
  --name gitlab-runner \
  --restart always \
  -v /srv/gitlab-runner/config:/etc/gitlab-runner \
  -v /var/run/docker.sock:/var/run/docker.sock \
  custom-gitlab-runner:latest