Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

github_agent.linux.pkr.hcl gets cannot create directory ‘actions-runner’: Permission denied on packer build #1610

Closed
toast-gear opened this issue Jan 11, 2022 · 2 comments
Closed

github_agent.linux.pkr.hcl gets cannot create directory ‘actions-runner’: Permission denied on packer build #1610

toast-gear opened this issue Jan 11, 2022 · 2 comments

Comments

@toast-gear
Copy link
Contributor

toast-gear commented Jan 11, 2022
edited
Loading

Just trying to build the default hcl image images/linux-amzn2/github_agent.linux.pkr.hcl (with some small edits to the file) and I seem to get permission denied errors?:

# packer build log
==> githubactions-runner.amazon-ebs.githubrunner: Provisioning with shell script: /var/folders/kv/vw_r4gv96tg3n92znzrw_x8hbggjb0/T/packer-shell3159066398
    githubactions-runner.amazon-ebs.githubrunner: Creating actions-runner directory for the GH Action installtion
    githubactions-runner.amazon-ebs.githubrunner: Downloading the GH Action runner from https://github.com/actions/runner/releases/download/v2.286.0/actions-runner-linux-x64-2.286.0.tar.gz to actions-runner.tar.gz
==> githubactions-runner.amazon-ebs.githubrunner: mkdir: cannot create directory ‘actions-runner’: Permission denied
==> githubactions-runner.amazon-ebs.githubrunner:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
==> githubactions-runner.amazon-ebs.githubrunner:                                  Dload  Upload   Total   Spent    Left  Speed
==> githubactions-runner.amazon-ebs.githubrunner: 100   678  100   678    0     0   5603      0 --:--:-- --:--:-- --:--:--  5603
==> githubactions-runner.amazon-ebs.githubrunner: Warning: Failed to create the file actions-runner.tar.gz: Permission denied
==> githubactions-runner.amazon-ebs.githubrunner:   0  132M    0  1362    0     0   4515      0  8:33:27 --:--:--  8:33:27  4515
==> githubactions-runner.amazon-ebs.githubrunner: curl: (23) Failure writing output to destination

The mkdir seems to fail mkdir: cannot create directory ‘actions-runner’: Permission denied. I'm just running this from my laptop with a role assumed with admin rights.

Packer HCL

issued command : packer build .

packer {
  required_plugins {
    amazon = {
      version = ">= 0.0.2"
      source  = "github.com/hashicorp/amazon"
    }
  }
}

variable "runner_version" {
  description = "The version (no v prefix) of the runner software to install https://github.com/actions/runner/releases"
  type        = string
  default     = "2.286.0"
}

variable "region" {
  description = "The region to build the image in"
  type        = string
  default     = "eu-west-1"
}

variable "security_group_id" {
  description = "The id of the security group to allow access to the packer builder"
  type        = string
  default     = null
}

source "amazon-ebs" "githubrunner" {
  ami_name          = "github-runner-amzn2-x86_64-${formatdate("YYYYMMDDhhmm", timestamp())}"
  instance_type     = "m3.medium"
  region            = var.region
  security_group_id = var.security_group_id
  source_ami_filter {
    filters = {
      name                = "amzn2-ami-hvm-2.*-x86_64-ebs"
      root-device-type    = "ebs"
      virtualization-type = "hvm"
    }
    most_recent = true
    owners      = ["137112412989"]
  }
  ssh_username = "ec2-user"
  tags = {
    OS_Version    = "amzn2"
    Release       = "Latest"
    Base_AMI_Name = "{{ .SourceAMIName }}"
  }
}

build {
  name = "githubactions-runner"
  sources = [
    "source.amazon-ebs.githubrunner"
  ]
  provisioner "shell" {
    environment_vars = []
    inline = [
      "sudo yum update -y",
      "sudo yum install -y amazon-cloudwatch-agent curl jq git",
      "sudo amazon-linux-extras install docker",
      "sudo systemctl enable docker.service",
      "sudo systemctl enable containerd.service",
      "sudo service docker start",
      "sudo usermod -a -G docker ec2-user",
    ]
  }

  provisioner "shell" {
    environment_vars = [
      "RUNNER_TARBALL_URL=https://github.com/actions/runner/releases/download/v${var.runner_version}/actions-runner-linux-x64-${var.runner_version}.tar.gz"
    ]
    inline = [templatefile("../install-runner.sh", {
      install_runner = templatefile("../../modules/runners/templates/install-runner.sh", {
        ARM_PATCH                       = ""
        S3_LOCATION_RUNNER_DISTRIBUTION = ""
      })
    })]
  }

  provisioner "file" {
    content = templatefile("../start-runner.sh", {
      start_runner = templatefile("../../modules/runners/templates/start-runner.sh", {})
    })
    destination = "/tmp/start-runner.sh"
  }

  provisioner "shell" {
    inline = [
      "sudo mv /tmp/start-runner.sh /var/lib/cloud/scripts/per-boot/start-runner.sh",
      "sudo chmod +x /var/lib/cloud/scripts/per-boot/start-runner.sh",
    ]
  }

}

EDIT /opt and everything in it are owned by root root, mkdir won't work without sudo
@toast-gear toast-gear reopened this Jan 11, 2022
@toast-gear toast-gear mentioned this issue Jan 11, 2022
Merged
@ScottGuymer
Copy link
Member

Nice find.

The issue here is that the provisioner doesn't execute as sudo. So when you inline a script like this its not run as sudo

  provisioner "shell" {
    environment_vars = [
      "RUNNER_TARBALL_URL=https://github.com/actions/runner/releases/download/v${var.runner_version}/actions-runner-linux-x64-${var.runner_version}.tar.gz"
    ]
    inline = [templatefile("../install-runner.sh", {
      install_runner = templatefile("../../modules/runners/templates/install-runner.sh", {
        ARM_PATCH                       = ""
        S3_LOCATION_RUNNER_DISTRIBUTION = ""
      })
    })]
  }

The solution is to upload the file first then execute it with sudo

  provisioner "file" {
    content = [templatefile("../install-runner.sh", {
      install_runner = templatefile("../../modules/runners/templates/install-runner.sh", {
        ARM_PATCH                       = ""
        S3_LOCATION_RUNNER_DISTRIBUTION = ""
      })
    })]
    destination = "/tmp/install-runner.sh"
  }

  provisioner "shell" {
    environment_vars = [
      "RUNNER_TARBALL_URL=https://github.com/actions/runner/releases/download/v${var.runner_version}/actions-runner-linux-x64-${var.runner_version}.tar.gz"
    ]
    inline = [
      "sudo chmod +x /tmp/install-runner.sh',
      "sudo /tmp/install-runner.sh"
    ]
  }

Not fully tested that but you get the idea. Would be happy to accept a PR to add this to the example.

@npalm
Copy link
Member

npalm commented Jan 11, 2022

In #1572 we moved the default location from the user space to /opt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ScottGuymer @npalm @toast-gear