Change Gitlab CI Runner user

Currently when I start a build in GitlabCI it is running under gitlab-runner user. I want to change it the company's internal user. I didn't find any parameter to the /etc/gitlab-runner/config.toml which is solve that.

My current configuration:

concurrent = 1
[[runners]]
  name = "deploy"
  url = ""
  token = ""
  executor = "shell"

Solution 1:

Running ps aux you can see:

/usr/bin/gitlab-ci-multi-runner run --working-directory /home/gitlab-runner --config /etc/gitlab-runner/config.toml --service gitlab-runner --syslog --user gitlab-runner

Service is running with option --user.

So let's change this, it depends on what distro. you are running it. If systemd, there is a file:

/etc/systemd/system/gitlab-runner.service:

[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/usr/bin/gitlab-ci-multi-runner "run" "--working-directory" "/home/gitlab-runner" "--config" "/etc/gitlab-runner/config.toml" "--se

Bingo, let's change this file now:

gitlab-runner uninstall

gitlab-runner install --working-directory /home/ubuntu --user ubuntu

reboot the machine or reload the service (i.e. systemctl daemon-reload), et voilà!

Solution 2:

Note that when installing with a specific user (--user), whenever you update, it will revert back to the original systemd script and so, back to using gitlab-runner user.

in order to keep the user change across updates, using systemd overrides (centos7) you can use these steps (assuming service is at /etc/systemd/system/gitlab-runner.service):

  1. Create a /etc/systemd/system/gitlab-runner.service.d directory.
  2. Create a /etc/systemd/system/gitlab-runner.service.d/exec_start.conf file, with content:

    [Service]
    ExecStart=
    ExecStart=/usr/lib/gitlab-runner/gitlab-runner "run" "--working-directory" "/home/ubuntu" "--config" "/etc/gitlab-runner/config.toml" "--service" "gitlab-runner" "--syslog" "--user" "ubuntu"
    
  3. Execute systemctl daemon-reload


Now to check this is working, you can do this:

  1. Reinstall GitLab Runner package gitlab-runner uninstall and then gitlab-runner install

  2. Check ps aux | grep gitlab and confirm the right user is being used

source: https://gitlab.com/gitlab-org/gitlab-runner/issues/3675

Solution 3:

Once the gitlab-runner is registered (yes, it will be installed under the user gitlab-runner and working directory /home/gitlab-runner ) you can execute the following to change the runner's user

gitlab-runner uninstall
gitlab-runner install --working-directory <existing-path> --user <any-existing-user>

# eg: gitlab-runner install --working-directory /home/ec2-user --user ec2-user

then restart the service

service gitlab-runner restart

NOTE: you don't need to edit /etc/systemd/system/gitlab-runner.service for this, as it is being updated once the service is restarted as above

to check if the configurations are reflecting, run

ps aux | grep gitlab

Solution 4:

[DEPRECATED ANSWER]

I found a solution, which is not best pactrice but solved it. I need to use the ssh executer and ssh to localhost. It is require to add gitlab-runner id_rsa.pub to the user's authorized_keys what you want to use. There is my extended code:

concurrent = 1

[[runners]]
  name = "deploy"
  url = ""
  token = ""
  executor = "ssh"
  [runners.ssh]
    user = "user"
    host = "localhost"
    port = "22"
    identity_file = "/home/gitlab-runner/.ssh/id_rsa"