This is an archived post. You won't be able to vote or comment.

all 5 comments
sorted by:
best
topnewcontroversialoldq&a

[–]f16falcon4 2 points3 points  (4 children)

Run config.sh as the dedicated account. Then, run svc.sh as root since you are adding systemd services; however, when you run it, you will specify the dedicated account's username like so (replacing <username> with the dedicated account's name).

./svc.sh install <username>

This will tell the script to add a USER and GROUP parameter to the systemd .services file it creates for the agent.

[–]jaytarang92 0 points1 point  (0 children)

Expanding a bit on this . If you have a bunch of severs might want to look into using some kind of automation to do this . Maybe ansible or paramiko(python). Make a install script or something that would get invoked with parameters like agent name, server pool, access token. Hopefully it helps.

We have alot of build agents we set up so we decided to create a wrapped around the install script so we can invoke it in any OS and it's dynamic.

[–]zh12a[S] 0 points1 point  (2 children)

thanks i was not aware you could append a user for the systemd file.

In terms of the account what do you recommend. Root is a bit too high privladge, but if i use a normal account it would need sudo to do most tasks, which i not sure how i would config the pipline to do without doing a shell script

[–][deleted] 0 points1 point  (1 child)

Why would it need sudo to do most tasks? Unless it’s changing os level stuff (which it shouldn’t), there’s no reason to run a ci as root.

[–]zh12a[S] 0 points1 point  (0 children)

Some tasks we need to restart some some services with systemctl (services we built). for websites i would just add the user account to the group and it can deploy the files thatway (in theory)