Change Gitlab CI Runner user
Currently when I start a build in GitlabCI it is running under gitlab-runner user. I want to change it the company's internal user. I didn't find any parameter to the /etc/gitlab-runner/config.toml which is solve that.
My current configuration:
concurrent = 1
[[runners]]
name = "deploy"
url = ""
token = ""
executor = "shell"
Solution 1:
Running ps aux
you can see:
/usr/bin/gitlab-ci-multi-runner run --working-directory /home/gitlab-runner --config /etc/gitlab-runner/config.toml --service gitlab-runner --syslog --user gitlab-runner
Service is running with option --user
.
So let's change this, it depends on what distro. you are running it. If systemd, there is a file:
/etc/systemd/system/gitlab-runner.service:
[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/usr/bin/gitlab-ci-multi-runner "run" "--working-directory" "/home/gitlab-runner" "--config" "/etc/gitlab-runner/config.toml" "--se
Bingo, let's change this file now:
gitlab-runner uninstall
gitlab-runner install --working-directory /home/ubuntu --user ubuntu
reboot the machine or reload the service (i.e. systemctl daemon-reload
), et voilà!
Solution 2:
Note that when installing with a specific user (--user), whenever you update, it will revert back to the original systemd script and so, back to using gitlab-runner user.
in order to keep the user change across updates, using systemd overrides (centos7) you can use these steps (assuming service is at /etc/systemd/system/gitlab-runner.service
):
- Create a
/etc/systemd/system/gitlab-runner.service.d
directory. -
Create a
/etc/systemd/system/gitlab-runner.service.d/exec_start.conf
file, with content:[Service] ExecStart= ExecStart=/usr/lib/gitlab-runner/gitlab-runner "run" "--working-directory" "/home/ubuntu" "--config" "/etc/gitlab-runner/config.toml" "--service" "gitlab-runner" "--syslog" "--user" "ubuntu"
Execute
systemctl daemon-reload
Now to check this is working, you can do this:
Reinstall GitLab Runner package
gitlab-runner uninstall
and thengitlab-runner install
Check
ps aux | grep gitlab
and confirm the right user is being used
source: https://gitlab.com/gitlab-org/gitlab-runner/issues/3675
Solution 3:
Once the gitlab-runner
is registered (yes, it will be installed under the user gitlab-runner
and working directory /home/gitlab-runner
) you can execute the following to change the runner's user
gitlab-runner uninstall
gitlab-runner install --working-directory <existing-path> --user <any-existing-user>
# eg: gitlab-runner install --working-directory /home/ec2-user --user ec2-user
then restart the service
service gitlab-runner restart
NOTE: you don't need to edit
/etc/systemd/system/gitlab-runner.service
for this, as it is being updated once the service is restarted as above
to check if the configurations are reflecting, run
ps aux | grep gitlab
Solution 4:
[DEPRECATED ANSWER]
I found a solution, which is not best pactrice but solved it. I need to use the ssh executer and ssh to localhost. It is require to add gitlab-runner id_rsa.pub to the user's authorized_keys what you want to use. There is my extended code:
concurrent = 1
[[runners]]
name = "deploy"
url = ""
token = ""
executor = "ssh"
[runners.ssh]
user = "user"
host = "localhost"
port = "22"
identity_file = "/home/gitlab-runner/.ssh/id_rsa"