search

vegardit / docker-gitea-act-runner

Docker image based on debian:stable-slim to run Gitea's act_runner as a Docker container
https://buymeacoffee.com/vegardit
Apache License 2.0
164 stars 16 forks source link

Assigning different UID and GID not working #30

Closed karigeo closed 1 year ago

karigeo commented 1 year ago

Hi there,

I'd like to run the DinD version, but assign different UID and GID for the act user. If I assign the environment variables like GITEA_RUNNER_UID=99 and GITEA_RUNNER_GID=100 the image won't start and throws the following error:

usermod: user act is currently used by process 1
23:52:39 Error - exited with status 8 in [/opt/fix_permissions.sh] at line 19:

To me it looks like /usr/bin/tini is already started under user act and therefore subsequently changing this user's ID is not possible... Do you have any idea to get around that?

This is my full docker run command:

docker run
  -d
  --name=Gitea-Runner-DinD
  --net=git
  --privileged=true
  -e TZ="Europe/Berlin"
  -e GITEA_INSTANCE_URL=https://xxxx
  -e GITEA_RUNNER_NAME=act-runner-dind
  -e GITEA_RUNNER_REGISTRATION_TOKEN=…
  -e GITEA_RUNNER_UID=99
  -e GITEA_RUNNER_GID=100
  -e GITEA_RUNNER_LOG_LEVEL=debug
  -e GITEA_RUNNER_JOB_CONTAINER_PRIVILEGED=true
  -e TZ=Europe/Berlin
  -e GITEA_RUNNER_MAX_PARALLEL_JOBS=1
  -e GITEA_RUNNER_JOB_CONTAINER_NETWORK=git
  -v /opt/gitea-runner-dind/:/data:rw
  --restart=no vegardit/gitea-act-runner:dind-latest

And this is the full log output: 

usermod: user act is currently used by process 1
23:52:39 Error - exited with status 8 in [/opt/fix_permissions.sh] at line 19:
2023-09-21 23:52:35 INFO [/opt/run.sh:26] act_runner version v0.2.5
2023-09-21 23:52:35 INFO [/opt/run.sh:27] Timezone: CEST +0200
2023-09-21 23:52:35 INFO [/opt/run.sh:28] Hostname: 72e97cf8bdbd
2023-09-21 23:52:35 INFO [/opt/run.sh:29] IP Addresses: 
 - 172.19.0.4
2023-09-21 23:52:35 INFO [/opt/run.sh:31] Config environment variables: 
 - GITEA_INSTANCE_URL=https://xxxx
 - GITEA_RUNNER_ACTION_CACHE_DIR=/data/cache/actions
 - GITEA_RUNNER_CONFIG_TEMPLATE_FILE=/opt/config.template.yaml
 - GITEA_RUNNER_GID=100
 - GITEA_RUNNER_JOB_CONTAINER_NETWORK=git
 - GITEA_RUNNER_JOB_CONTAINER_PRIVILEGED=true
 - GITEA_RUNNER_LABELS=
 - GITEA_RUNNER_LABELS_DEFAULT=ubuntu-latest:docker://catthehacker/ubuntu:runner-22.04,ubuntu-22.04:docker://catthehacker/ubuntu:runner-22.04,ubuntu-20.04:docker://catthehacker/ubuntu:runner-20.04
 - GITEA_RUNNER_LOG_EFFECTIVE_CONFIG=false
 - GITEA_RUNNER_LOG_LEVEL=debug
 - GITEA_RUNNER_MAX_PARALLEL_JOBS=1
 - GITEA_RUNNER_NAME=act-runner-dind
 - GITEA_RUNNER_REGISTRATION_RETRY_INTERVAL=5s
 - GITEA_RUNNER_REGISTRATION_TIMEOUT=30
 - GITEA_RUNNER_REGISTRATION_TOKEN=******
 - GITEA_RUNNER_UID=99
2023-09-21 23:52:35 INFO [/opt/run.sh:65] Starting Docker engine...
Starting Docker: docker.
2023-09-21 23:52:36 INFO [/opt/run.sh:70] Waiting for Docker engine to start...
time="2023-09-21T21:52:37.259599755Z" level=info msg="API listen on /var/run/docker.sock"
===========================================================
Client: Docker Engine - Community
 Version:    24.0.6
 Context:    default
 Debug Mode: false

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 24.0.6
 Storage Driver: overlay2
  Backing Filesystem: btrfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 8165feabfdfe38c65b599c4993d227328c231fca
 runc version: v1.1.8-0-g82f18fe
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.1.49
 Operating System: Debian GNU/Linux 12 (bookworm) (containerized)
 OSType: linux
 Architecture: x86_64
 CPUs: 12
 Total Memory: 31.16GiB
 Name: 72e97cf8bdbd
 ID: b086856a-5da7-43d7-84df-981754c26737
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

===========================================================
2023-09-21 23:52:39 INFO [/opt/run.sh:129] Fixing permissions...
2023-09-21 23:52:39 INFO [/opt/fix_permissions.sh:18] Changing UID of user [act] from 1000 to 99...
    16    effective_uid=$(id -u $act_user)
    17    if [ "$GITEA_RUNNER_UID" != "$effective_uid" ]; then
    18      log INFO "Changing UID of user [$act_user] from $effective_uid to $GITEA_RUNNER_UID..."
    19      usermod -o -u "$GITEA_RUNNER_UID" $act_user
    20    fi
    21  fi
    22
sebthom commented 1 year ago

Thanks for reporting. Please try the latest docker image and check if it works now.

karigeo commented 1 year ago

Cool, thanks for the quick fix! It's working now as intended... I was looking into the fix and just didn't quite get my head around it. Just out of curiosity, could you explain why it is working now with the fix? Thanks and BR

sebthom commented 1 year ago

the fix does the changes of the user directly in the config file instead of using the usermod command. this means the tini init process will continue running with the initial uid/gid but that doesn't matter as this process is not accessing the mounted file system, thus doesn't need to run with the adjusted ids. the act runner is launched with the user after the uid/gid where adjusted in the config files and is executed with the desired uid/gid.