terraform-aws-github-runner

terraform-aws-github-runner copied to clipboard

A fresh installation on Ubuntu 22.04 is missing iptables, which is required for rootless docker do work.

• adding iptables apt-get install list
• sorting apt-get install list

This is when doing the docker rootless installation: https://github.com/philips-labs/terraform-aws-github-runner/blob/98eff98158381bd57d59e9a54efc3ee5db294110/examples/ubuntu/templates/user-data.sh#L53-L56

And this is the error that appears during installation attempt:

+ su -l runners -c /opt/rootless.sh
# Installing stable version 20.10.17
# Executing docker rootless install script, commit: b2e29ef
# Missing system requirements. Please run following commands to
# install the requirements and run this installer again.
# Alternatively iptables checks can be disabled with SKIP_IPTABLES=1

cat <<EOF | sudo sh -x

apt-get install -y iptables
EOF

+ echo export DOCKER_HOST=unix:///run/user/1002/docker.sock
+ echo export PATH=/home/runners/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
+ loginctl enable-linger runners
+ su -l runners -c 'systemctl --user enable docker'
Failed to enable unit: Unit file docker.service does not exist.

Checking now to #2103 to upgrade example to ubuntu 22.04

Just tried the example, for some reason the runner cannot find the docker command. On ubuntu-20.04 it all works fine. Tried the PR with and without in combination with #2103

hi @npalm,

I ended up removing docker rootless part and using the "normal" docker as installed from apt after adding the docker repo. I also added some additional steps to add permission to user accounts to use the docker command. For me that was kind of the best way to get going.

What about adding docker.io as a package to the installing point and not using rootless? Any reason for us not do to it like that?

Hi @tobiasehlert

The setup here is only an example. But would love to got a better example. Can you share your setup? Are you running as root? When running as non root. How do you solve the docker volume issues (for non ephemeral runners)? Since files written by docker cannot cleaned by by the runner user if running as non root.

@npalm, ah interesting point actually. I've not thought about the volume thing, but we wipe the instances pretty quick, so it's not often they remain even when not using ephemeral runners.

I do actually use an Ansible playbook to setup a instance in the first place and install a couple of software on it (eg. terraform, pip and Docker), since the team want a runner up and running in under 2 minutes. With too much tools getting installed during user-data.sh, the installation takes too long time to finish. So I have therefore stripped my user-data.sh file quite a lot.

But I can lab today with using rootless and get back to you with my result :)

Ah yeah.. I recall now that docker rootless didn't work for me, since the /home/$user_name/.profile file is not read for some reason. I was not able to pinpoint exactly why, so I went for the normal installation instead.

But when I try now to run the export commands to point to /home/$user_name/.bashrc instead, it works.

@npalm, so.. not the PR should work better. I included the changes that are suggested in PR #2103 in the last commit as well, so this update should be complete :)