mirror of https://code.forgejo.org/forgejo/runner
2.6 KiB
2.6 KiB
Using Rootless Docker withact_runner
Here is a simple example of how to set up act_runner
with rootless Docker. It has been created with Debian, but other Linux should work the same way.
Note: This procedure needs a real login shell -- using sudo su
or other method of accessing the account will fail some of the steps below.
As root
:
- Create a user to run both
docker
andact_runner
. In this example, we use a non-privileged account calledrootless
.
useradd -m rootless
passwd rootless
-
Install
docker-ce
-
(Recommended) Disable the system-wide Docker daemon
systemctl disable --now docker.service docker.socket
As the rootless
user:
- Follow the instructions for enabling rootless mode
- Add the following lines to the
/home/rootless/.bashrc
:
export XDG_RUNTIME_DIR=/home/rootless/.docker/run
export PATH=/home/rootless/bin:$PATH
export DOCKER_HOST=unix:///run/user/1001/docker.sock
- Reboot. Ensure that the Docker process is working.
- Create a directory for saving
act_runner
data between restarts
mkdir /home/rootless/act_runner
- Register the runner from the data directory
cd /home/rootless/act_runner
act_runner register
- Generate a
act_runner
configuration file in the data directory. Edit the file to adjust for the system.
act_runner generate-config >/home/rootless/act_runner/config
- Create a new user-level
systemd
unit file as/home/rootless/.config/systemd/user/act_runner.service
with the following contents:
Description=Gitea Actions runner
Documentation=https://gitea.com/gitea/act_runner
After=docker.service
[Service]
Environment=PATH=/home/rootless/bin:/sbin:/usr/sbin:/home/rootless/bin:/home/rootless/bin:/home/rootless/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
Environment=DOCKER_HOST=unix:///run/user/1001/docker.sock
ExecStart=/usr/bin/act_runner daemon -c /home/rootless/act_runner/config
ExecReload=/bin/kill -s HUP $MAINPID
WorkingDirectory=/home/rootless/act_runner
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
Type=notify
NotifyAccess=all
KillMode=mixed
[Install]
WantedBy=default.target
- Reboot
After the system restarts, check that theact_runner
is working and that the runner is connected to Gitea.
systemctl --user status act_runner
journalctl --user -xeu act_runner