2

I'm installing a gitlab-runner service on MacOS using brew install gitlab-runner, after which I can start the service using brew services start gitlab-runner. If I start the service with sudo (or from the root account otherwise), then after a reboot of the machine, the service will start.

When starting the service without sudo - the service will not start after a reboot. There was something about "at login" language in the brew services help output, but it both doesn't work when logging in over SSH and also - I want the service to start at boot, even if the user has not logged in.

Any way to get a homebrew "user service" to start at boot on MacOS?

The issue with using sudo brew start is that the Gitlab runner service will run the jobs submitted to it as the user that started it - and I need the Gitlab jobs to not run as root.

Improve this question
1
  • 1
    If you don't get an answer here, the apple.stackexchange.com might be a better Stack Exchange site for this topic Commented Oct 19, 2023 at 10:06

2 Answers 2

Reset to default
1

It looks like brew doesn't support running "launch daemons" - it can only manage "launch agents" (this Apple documentation delves a bit into the difference between "agents" and "daemons", though - like most official Apple documentation - falls short of an actual spec), which means either run on boot as root or run on user login as a user.

But there is a way to have services running on boot as a user. I've solved my problem by:

  1. Run brew services start gitlab-runner (without sudo) to cause brew to generate the ~/Library/LaunchAgents/homebrew.mxcl.gitlab-runner.plist file that defines the service.
  2. Stop the service (brew services stop gitlab-runner)
  3. Move the file to /Library/LaunchDaemons/homebrew.mxcl.gitlab-runner.plist
  4. Edit the plist file to add the UserName key:
 <key>UserName</key> <string>myuser</string>
  1. Change ownership of the file to be owned by root (otherwise Launchd won't start it): chown root /Library/LaunchDaemons/homebrew.mxcl.gitlab-runner.plist
  2. reboot

The service would now start on boot and run under the user account specified in the daemon plist file.

Sample Use Case

In my use case, I'm using AWS mac1.metal "VM" to run the Gitlab runner, and I'm setting up the init script by setting the EC2 "user data" field to a bash script that can set up the Gitlab runner and start it automatically, and it looks something like this:

#!/bin/bash GITLAB_TOKEN=GET_THE_CI_TOKEN_FROM_SOMEWHERE # this script runs as root, so to use brew we need to run # a script as ec2-user: cat > /usr/local/bin/setup-ci.sh <<<'#!/bin/bash -x source .bash_profile brew upgrade brew update --auto-update brew install rbenv gitlab-runner rbenv init - bash >> .bash_profile source .bash_profile rbenv install 2.7.4 rbenv global 2.7.4 brew services start gitlab-runner sleep 10 # let the service settle before registering gitlab-runner register --non-interactive --url https://gitlab.com --registration-token "'"${GITLAB_TOKEN}"'" --executor shell --name mac-gitlab-runner --tag-list macos,ios --shell bash sleep 3 cat /Users/ec2-user/.gitlab-runner/config.toml # for debugging # update the plist file perl -lpe "m,RunAtLoad, and print \"\t<key>UserName</key><string>ec2-user</string>\"" ~/Library/LaunchAgents/homebrew.mxcl.gitlab-runner.plist > homebrew.mxcl.gitlab-runner.plist sudo mv homebrew.mxcl.gitlab-runner.plist /Library/LaunchDaemons/homebrew.mxcl.gitlab-runner.plist sudo /usr/sbin/chown root /Library/LaunchDaemons/homebrew.mxcl.gitlab-runner.plist # Try to stop service - it sometimes "fails", but we dont care about that brew services stop gitlab-runner || true ' chmod 755 /usr/local/bin/setup-ci.sh su - ec2-user -c /usr/local/bin/setup-ci.sh

After the launch complete, I reboot the EC2 instance and Gitlab runner comes up automatically, running as the ec2-user.

Improve this answer
4
  • are gitlab-runner shell jobs actually executing and working correctly?? Commented Oct 23, 2023 at 17:47
  • @race_carr Yes, that is correct. Commented Oct 24, 2023 at 7:52
  • @race_carr - I added my (almost complete) init script for AWS, for reference. Commented Oct 24, 2023 at 8:03
  • huh kudos to you! I hope it continues to work Commented Oct 25, 2023 at 16:01
0

I am making an assumption here, but it sounds like you are hoping to get gitlab-runner process to run without logging in to a User account on the Mac.
GitLab does not currently support that - https://docs.gitlab.com/runner/install/osx.html

you need to login to a user account on the Mac on run gitlab-runner that way.

Currently, the only proven way for it to work in macOS is by running the service in user-mode.

GitLab itself admits that it is "less secure" than other methods, i.e. they're admitting you have to turn off FileVault and enable auto-login or be prepared to manually login to the Mac if it shuts off or reboots.

Improve this answer
1
  • Unfortunately, "start on login" doesn't actually starts when logging through SSH, and while I would prefer to have this fully automated, logging through SSH is doable, but logging in graphically to start the Gitlab runner is a complete non-starter. Commented Oct 20, 2023 at 14:45

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.