search

sameersbn / docker-gitlab-ci-runner

Dockerfile to build a base GitLab CI Runner container image.
MIT License
97 stars 37 forks source link

Public ssh key in shared volume #2

Closed jirikolarik closed 10 years ago

jirikolarik commented 10 years ago

Do you think it's good idea to move public ssh key in shared volume? I think it will be easier to use it as deploy key in private repos.

sameersbn commented 10 years ago

@jirikolarik i don't understand. can you elaborate. I have very minimal experience with gitlab-ci. I myself am not using it. I just created the image to complete the gitlab stack.

jirikolarik commented 10 years ago

I don’t have much experience with gitlab-ci either, but it looks like is the same as Jenkins. When you have dependency on private repository, runner will try to download it, but it’ll not be allowed by server. You need to give access to dependent repository by creating new user (and authorize this user-runner via ssh key) or add deploy key, which needs to be runner ssh key.

On Apr 22, 2014, at 12:59 PM, Sameer Naik notifications@github.com wrote:

@jirikolarik i don't understand. can you elaborate. I have very minimal experience with gitlab-ci. I myself am not using it. I just created the image to complete the gitlab stack.

— Reply to this email directly or view it on GitHub.

sameersbn commented 10 years ago

@jirikolarik actually you need to login to the ci-runner container, switch to gitlab_ci_runner user and ssh to the gitlab server so that the host key is added to the known_hosts. I thinks thats all to it.

sameersbn commented 10 years ago

@jirikolarik see the setup runners section of this document

jirikolarik commented 10 years ago

@sameersbn unfortunately that will not solve the problem, runner will have access to remote server, when you do that, but still will not be able to clone private repository from github/gitlab, because runner has no access rights to other repositories except currently tested repo.

sameersbn commented 10 years ago

@jirikolarik I think it is supposed to work because the worker is authorized using a token. However I am not sure. We might only be able to tell by trying to run something in the CI runner. Dont know about github, but the ci and ci-runner are supposed to work with gitlab.

From what i understand, you login to the ci server and get the token and assign it to a ci-runner. Then you have to assign a runner to build a particular project and everything else is suppose to just work.

Maybe, I will try to setup a working ci-runner and test this out.

sameersbn commented 10 years ago

@truongsinh can you share your experience here?

jirikolarik commented 10 years ago

There already is public key generated on installation, which is used with gitlab_ci_runner user. But runner is executed as root. I'll make a fork, you can merge if you will be ok with that.

sameersbn commented 10 years ago

sure thing