Saving system ID state file: access denied

Timeline

  • The generate global system ID MR merged in 15.7. This MR introduced the issue with Runner 15.7 where the service would not start with the saving system ID state file error. (2022-12-01)

  • The fix, allow runner to start when the config directory is not writeable, merged in 15.9.

  • We plan to reintroduce the behavior from %15.7 in %17.0, meaning that gitlab-runner will not start if a .runner_system_id file is missing. The file is generated any time that gitlab-runner is executed, including when running the register command.

Summary

After upgrading from 15.1.0 to 15.7.1 on Windows, the GitLab Runner service fails to start. This is because it is trying to write to its own directory, which is not writable for security reasons.

Steps to reproduce

Upgrade GitLab Runner service in a directory the service account cannot write to, as per documentation recommendations. Upgrade version must be any that came after !3758 (merged).

Try to start the service.

Actual behavior

Error in event log (not entirely verbatim because clipboard access not possible):

FATAL: Service run failed
loading system ID file: saving system ID state file: writing runner system ID: Open C:\GitLab-Runner\.runner_system_id: Zugriff verweigert

„Zugriff verweigert“ translates to “access denied”.

Expected behavior

GitLab Runner service should not attempt to write to its config folder.

Relevant logs and/or screenshots

See above

Environment description

OS: Windows 10 Professional x64
GitLab: self-hosted open source
Executor: Shell

config.toml contents

(Again, manually typed)

concurrent = 1
check_interval = 0

[session_server]
  session_timeout = 1800

[[runners]]
  name = "vm-win10"
  url = "https://gitlab.example.com/"
  token = "the-token"
  executor = "shell"
  builds_dir = "C:/GitLab-Work/Builds"
  cache_dir = "C:/GitLab-Work/Cache"
  [runners.cache]
    [runners.cache.s3]
    [runners.cache.gcs]

Used GitLab Runner version

Version 15.7.1 Revision 6d480948 amd64

Possible fixes

  • Writing .runner_system_id could be done out-of-band (during register or preferably using a separate verb)
    • This would have to be documented as a required upgrade step
  • .runner_system_id could be placed elsewhere
  • Documentation could be updated, mentioning Runner service must write to its config folder on Windows
  • Documentation could be updated, mentioning Runner service cannot use limited account on Windows
    • Not preferable
Edited by Darren Eastman