Overview
When using runAsNonRootUser
and runAsUser
you may experience the following error message in your CircleCI job.
CircleCI failed to run this build, check your config. Try re-running the build and
if this issue persists, open a Support ticket. Detail: failed to copy circleci-agent
into container "primary",
Error: error executing command mkdir -p $HOME/.local/bin/circleci :
error executing command /bin/bash -c set -o pipefail ; mkdir -p
$HOME/.local/bin/circleci 2>&1 | tee /proc/1/fd/1 :
command terminated with exit code 1
This is typically a case of the user in runAsUser
not matching the User ID within the image.
Solution
Step 1
Verify the User ID configured in the Docker image.
$ docker pull <image_name>
$ docker run --rm <image_name> echo $UID
Step 2
Confirm the runAsUser
matches the UID returned by the first command.
agent:
resourceClasses:
<namespace>/<runner_name>:
spec:
containers:
securityContext:
runAsNonRoot: true
runAsUser: <the_UID_found_before>
Example
As an example, we can test this with a cimg/base:current
image.
$ docker pull cimg/base:current
$ docker run --rm cimg/base:current echo $UID
1000
We can see that after running the docker run
command, it returns 1000
to us.
If your runAsUser
does not match the same as $UID
in the Docker image, you need to update either one of them to allow your container to run in your Container Runner.
Comments
Article is closed for comments.