From ace95d72aba5156b6f402f54743466b3dd47d7a7 Mon Sep 17 00:00:00 2001 From: Yusuke Kuoka Date: Sun, 24 Jan 2021 10:58:35 +0900 Subject: [PATCH] Fix self-update failuers due to /runner/externals mount (#253) * Fix self-update failuers due to /runner/externals mount Fixes #252 * Tested Self-update Fixes (#269) Adding fixes to #253 as confirmed and tested in https://github.com/summerwind/actions-runner-controller/issues/264#issuecomment-764549833 by @jolestar, @achedeuzot and @hfuss :bow: :beers: Co-authored-by: Hayden Fuss --- controllers/autoscaling.go | 3 +-- controllers/runner_controller.go | 13 ++++++++----- controllers/runnerreplicaset_controller.go | 2 +- runner/Dockerfile | 19 ++++++++++++------- runner/Makefile | 6 ++---- runner/dindrunner.Dockerfile | 10 +++++++--- runner/entrypoint.sh | 11 ++++++++++- 7 files changed, 41 insertions(+), 23 deletions(-) diff --git a/controllers/autoscaling.go b/controllers/autoscaling.go index f6c4e92d1e..b3713429b6 100644 --- a/controllers/autoscaling.go +++ b/controllers/autoscaling.go @@ -225,13 +225,12 @@ func (r *HorizontalRunnerAutoscalerReconciler) calculateReplicasByPercentageRunn } else { desiredReplicas = *rd.Spec.Replicas } - + if desiredReplicas < minReplicas { desiredReplicas = minReplicas } else if desiredReplicas > maxReplicas { desiredReplicas = maxReplicas } - r.Log.V(1).Info( "Calculated desired replicas", diff --git a/controllers/runner_controller.go b/controllers/runner_controller.go index c8ad3b3847..07b328e512 100644 --- a/controllers/runner_controller.go +++ b/controllers/runner_controller.go @@ -426,6 +426,9 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) { } if !dockerdInRunner && dockerEnabled { + runnerVolumeName := "runner" + runnerVolumeMountPath := "/runner" + pod.Spec.Volumes = []corev1.Volume{ { Name: "work", @@ -434,7 +437,7 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) { }, }, { - Name: "externals", + Name: runnerVolumeName, VolumeSource: corev1.VolumeSource{ EmptyDir: &corev1.EmptyDirVolumeSource{}, }, @@ -452,8 +455,8 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) { MountPath: workDir, }, { - Name: "externals", - MountPath: "/runner/externals", + Name: runnerVolumeName, + MountPath: runnerVolumeMountPath, }, { Name: "certs-client", @@ -484,8 +487,8 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) { MountPath: workDir, }, { - Name: "externals", - MountPath: "/runner/externals", + Name: runnerVolumeName, + MountPath: runnerVolumeMountPath, }, { Name: "certs-client", diff --git a/controllers/runnerreplicaset_controller.go b/controllers/runnerreplicaset_controller.go index e7fc296745..45f4dc615f 100644 --- a/controllers/runnerreplicaset_controller.go +++ b/controllers/runnerreplicaset_controller.go @@ -52,7 +52,7 @@ type RunnerReplicaSetReconciler struct { func (r *RunnerReplicaSetReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { ctx := context.Background() - log := r.Log.WithValues("runner", req.NamespacedName) + log := r.Log.WithValues("runnerreplicaset", req.NamespacedName) var rs v1alpha1.RunnerReplicaSet if err := r.Get(ctx, req.NamespacedName, &rs); err != nil { diff --git a/runner/Dockerfile b/runner/Dockerfile index 70cf60fd09..c24d79d0c5 100644 --- a/runner/Dockerfile +++ b/runner/Dockerfile @@ -4,6 +4,8 @@ ARG TARGETPLATFORM ARG RUNNER_VERSION=2.274.2 ARG DOCKER_VERSION=19.03.12 +RUN test -n "$TARGETPLATFORM" || (echo "TARGETPLATFORM must be set" && false) + ENV DEBIAN_FRONTEND=noninteractive RUN apt update -y \ && apt install -y software-properties-common \ @@ -42,7 +44,8 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \ && chmod +x /usr/local/bin/dumb-init # Docker download supports arm64 as aarch64 & amd64 as x86_64 -RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \ +RUN set -vx; \ + export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \ && if [ "$ARCH" = "arm64" ]; then export ARCH=aarch64 ; fi \ && if [ "$ARCH" = "amd64" ]; then export ARCH=x86_64 ; fi \ && curl -L -o docker.tgz https://download.docker.com/linux/static/stable/${ARCH}/docker-${DOCKER_VERSION}.tgz \ @@ -55,6 +58,8 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \ && usermod -aG docker runner \ && echo "%sudo ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers +ENV RUNNER_ASSETS_DIR=/runnertmp + # Runner download supports amd64 as x64. Externalstmp is needed for making mount points work inside DinD. # # libyaml-dev is required for ruby/setup-ruby action. @@ -62,8 +67,8 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \ # to avoid rerunning apt-update on its own. RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \ && if [ "$ARCH" = "amd64" ]; then export ARCH=x64 ; fi \ - && mkdir -p /runner \ - && cd /runner \ + && mkdir -p "$RUNNER_ASSETS_DIR" \ + && cd "$RUNNER_ASSETS_DIR" \ && curl -L -o runner.tar.gz https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-${ARCH}-${RUNNER_VERSION}.tar.gz \ && tar xzf ./runner.tar.gz \ && rm runner.tar.gz \ @@ -72,14 +77,14 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \ && apt-get install -y libyaml-dev \ && rm -rf /var/lib/apt/lists/* -RUN echo AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache > /runner.env \ +RUN echo AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache > .env \ && mkdir /opt/hostedtoolcache \ && chgrp runner /opt/hostedtoolcache \ && chmod g+rwx /opt/hostedtoolcache -COPY entrypoint.sh /runner -COPY patched /runner/patched +COPY entrypoint.sh / +COPY patched $RUNNER_ASSETS_DIR/patched USER runner ENTRYPOINT ["/usr/local/bin/dumb-init", "--"] -CMD ["/runner/entrypoint.sh"] +CMD ["/entrypoint.sh"] diff --git a/runner/Makefile b/runner/Makefile index f6532105d4..851ca96be3 100644 --- a/runner/Makefile +++ b/runner/Makefile @@ -23,15 +23,13 @@ else endif docker-build: - docker build --build-arg RUNNER_VERSION=${RUNNER_VERSION} --build-arg DOCKER_VERSION=${DOCKER_VERSION} -t ${NAME}:${TAG} -t ${NAME}:v${RUNNER_VERSION} . - docker build --build-arg RUNNER_VERSION=${RUNNER_VERSION} --build-arg DOCKER_VERSION=${DOCKER_VERSION} -t ${DIND_RUNNER_NAME}:${TAG} -t ${DIND_RUNNER_NAME}:v${RUNNER_VERSION} -f dindrunner.Dockerfile . + docker build --build-arg TARGETPLATFORM=amd64 --build-arg RUNNER_VERSION=${RUNNER_VERSION} --build-arg DOCKER_VERSION=${DOCKER_VERSION} -t ${NAME}:${TAG} . + docker build --build-arg TARGETPLATFORM=amd64 --build-arg RUNNER_VERSION=${RUNNER_VERSION} --build-arg DOCKER_VERSION=${DOCKER_VERSION} -t ${DIND_RUNNER_NAME}:${TAG} -f dindrunner.Dockerfile . docker-push: docker push ${NAME}:${TAG} - docker push ${NAME}:v${RUNNER_VERSION} docker push ${DIND_RUNNER_NAME}:${TAG} - docker push ${DIND_RUNNER_NAME}:v${RUNNER_VERSION} docker-buildx: export DOCKER_CLI_EXPERIMENTAL=enabled diff --git a/runner/dindrunner.Dockerfile b/runner/dindrunner.Dockerfile index 2bcec02c7f..1f0680555c 100644 --- a/runner/dindrunner.Dockerfile +++ b/runner/dindrunner.Dockerfile @@ -48,6 +48,8 @@ ARG DOCKER_CHANNEL=stable ARG DOCKER_VERSION=19.03.13 ARG DEBUG=false +RUN test -n "$TARGETPLATFORM" || (echo "TARGETPLATFORM must be set" && false) + # Docker installation RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \ && if [ "$ARCH" = "arm64" ]; then export ARCH=aarch64 ; fi \ @@ -66,6 +68,8 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \ dockerd --version; \ docker --version +ENV RUNNER_ASSETS_DIR=/runnertmp + # Runner download supports amd64 as x64 # # libyaml-dev is required for ruby/setup-ruby action. @@ -73,8 +77,8 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \ # to avoid rerunning apt-update on its own. RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \ && if [ "$ARCH" = "amd64" ]; then export ARCH=x64 ; fi \ - && mkdir -p /runner \ - && cd /runner \ + && mkdir -p "$RUNNER_ASSETS_DIR" \ + && cd "$RUNNER_ASSETS_DIR" \ && curl -L -o runner.tar.gz https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-${ARCH}-${RUNNER_VERSION}.tar.gz \ && tar xzf ./runner.tar.gz \ && rm runner.tar.gz \ @@ -100,7 +104,7 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \ VOLUME /var/lib/docker -COPY patched /runner/patched +COPY patched $RUNNER_ASSETS_DIR/patched # No group definition, as that makes it harder to run docker. USER runner diff --git a/runner/entrypoint.sh b/runner/entrypoint.sh index 5a8774484d..556eee0671 100755 --- a/runner/entrypoint.sh +++ b/runner/entrypoint.sh @@ -44,9 +44,18 @@ if [ -z "${RUNNER_REPO}" ] && [ -n "${RUNNER_ORG}" ] && [ -n "${RUNNER_GROUP}" ] RUNNER_GROUP_ARG="--runnergroup ${RUNNER_GROUP}" fi +# Hack due to https://github.com/summerwind/actions-runner-controller/issues/252#issuecomment-758338483 +if [ ! -d /runner ]; then + echo "/runner should be an emptyDir mount. Please fix the pod spec." 1>&2 + exit 1 +fi + +sudo chown -R runner:docker /runner +mv /runnertmp/* /runner/ + cd /runner ./config.sh --unattended --replace --name "${RUNNER_NAME}" --url "${GITHUB_URL}${ATTACH}" --token "${RUNNER_TOKEN}" ${RUNNER_GROUP_ARG} ${LABEL_ARG} ${WORKDIR_ARG} - +mkdir ./externals # Hack due to the DinD volumes mv ./externalstmp/* ./externals/