Not Applicable for Dynamic Nodes
These prerequisites are not applicable for dynamic nodes as these prerequisites are automatically installed when you choose to run the build node as a non-root user.
The installation script that is generated when initializing a static node will not install any of the dependencies that would otherwise be automatically installed when you are the root user. These dependencies must be manually installed as outlined in this section.
- Following prerequisites must be installed in the build node. Since users are non-root, they won’t be able to install these libraries.
- Node.js v14.17.0
- Swap space is pre-configured in the system.
- Custom-certificates are updated in the node manually.
Currently, only manual node initialization is supported. So initialize the node using the same user you want to use to run other services, such as reqKick, rootless-docker, and so on.
reqKickis the Pipelines agent that needs to run on the build node to orchestrate the build.
Setting up Rootless Docker
Perform the following steps to set up rootless docker for static nodes:
- Login to static node as the root user and install all prerequisites mentioned above.
Run the following commands to install rootless docker and create a non-root used called
Initializing Static Nodes as a Non-Root User
To initialize a static node as a non-root user:
- Create a static node pool. Select the Enable running nodes with non-root users check box when adding the node pool.
- Add a static node and generate a manual initialization script. The script generated (for static) is slightly different for non-root.
SSH to the node and:
- Switch to
- Copy the generated script to
- Run the
chmod +x init.shcommand to provide executable permissions.
init.shis the name of the script.
- Execute the init script.
- Switch to
Running a dynamic or static build node as a non-root user has the following limitations:
- For static nodes, the build node agent will not auto-restart on rebooting the machine. Every time the machine is rebooted, users must manually run the initialization script to re-initialize the node.
This limitation is not applicable for dynamic nodes.
- If you run reqKick with non-root and choose the runtime as
host, you will not be able to perform actions that a root users is allowed to do, such as installing libraries, accessing all file-systems, and so on.
- Non-root users do not have permissions to add custom CA in the build node. It becomes the responsibility of the administrators to do so.