Use su to install the runner

This change executes the runner install script provided via userdata using
su. The script itself has also been changed to assume it's running as the
runner user.

Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>

cloudconfig/templates.go

@@ -94,10 +94,10 @@ function downloadAndExtractRunner() {
 	TEMP_TOKEN="Authorization: Bearer {{ .TempDownloadToken }}"
 	fi
 	curl --retry 5 --retry-delay 5 --retry-connrefused --fail -L -H "${TEMP_TOKEN}" -o "/home/{{ .RunnerUsername }}/{{ .FileName }}" "{{ .DownloadURL }}" || fail "failed to download tools"
-	mkdir -p /home/runner/actions-runner || fail "failed to create actions-runner folder"
+	mkdir -p /home/{{ .RunnerUsername }}/actions-runner || fail "failed to create actions-runner folder"
 	sendStatus "extracting runner"
 	tar xf "/home/{{ .RunnerUsername }}/{{ .FileName }}" -C /home/{{ .RunnerUsername }}/actions-runner/ || fail "failed to extract runner"
-	chown {{ .RunnerUsername }}:{{ .RunnerGroup }} -R /home/{{ .RunnerUsername }}/actions-runner/ || fail "failed to change owner"
+	# chown {{ .RunnerUsername }}:{{ .RunnerGroup }} -R /home/{{ .RunnerUsername }}/actions-runner/ || fail "failed to change owner"
 }
 
 TEMP_TOKEN=""
@@ -119,8 +119,8 @@ if [ -z "$CACHED_RUNNER" ];then
 else
 	sendStatus "using cached runner found in $CACHED_RUNNER"
 	sudo cp -a "$CACHED_RUNNER"  "/home/{{ .RunnerUsername }}/actions-runner"
+	sudo chown {{ .RunnerUsername }}:{{ .RunnerGroup }} -R "/home/{{ .RunnerUsername }}/actions-runner" || fail "failed to change owner"
 	cd /home/{{ .RunnerUsername }}/actions-runner
-	chown {{ .RunnerUsername }}:{{ .RunnerGroup }} -R "/home/{{ .RunnerUsername }}/actions-runner" || fail "failed to change owner"
 fi
 
 
@@ -129,7 +129,7 @@ set +e
 attempt=1
 while true; do
 	ERROUT=$(mktemp)
-	sudo -u {{ .RunnerUsername }} -- ./config.sh --unattended --url "{{ .RepoURL }}" --token "$GITHUB_TOKEN" $RUNNER_GROUP_OPT --name "{{ .RunnerName }}" --labels "{{ .RunnerLabels }}" --ephemeral 2>$ERROUT
+	./config.sh --unattended --url "{{ .RepoURL }}" --token "$GITHUB_TOKEN" $RUNNER_GROUP_OPT --name "{{ .RunnerName }}" --labels "{{ .RunnerLabels }}" --ephemeral 2>$ERROUT
 	if [ $? -eq 0 ]; then
 		rm $ERROUT || true
 		sendStatus "runner successfully configured after $attempt attempt(s)"
@@ -140,7 +140,7 @@ while true; do
 
 	# if the runner is already configured, remove it and try again. In the past configuring a runner
 	# managed to register it but timed out later, resulting in an error.
-	sudo -u {{ .RunnerUsername }} -- ./config.sh remove --token "$GITHUB_TOKEN" || true
+	./config.sh remove --token "$GITHUB_TOKEN" || true
 
 	if [ $attempt -gt 5 ];then
 		rm $ERROUT || true
@@ -155,7 +155,7 @@ done
 set -e
 
 sendStatus "installing runner service"
-./svc.sh install {{ .RunnerUsername }} || fail "failed to install service"
+sudo ./svc.sh install {{ .RunnerUsername }} || fail "failed to install service"
 
 if [ -e "/sys/fs/selinux" ];then
 	sudo chcon -h user_u:object_r:bin_t /home/runner/ || fail "failed to change selinux context"
@@ -163,7 +163,7 @@ if [ -e "/sys/fs/selinux" ];then
 fi
 
 sendStatus "starting service"
-./svc.sh start || fail "failed to start service"
+sudo ./svc.sh start || fail "failed to start service"
 
 set +e
 AGENT_ID=$(grep "agentId" /home/{{ .RunnerUsername }}/actions-runner/.runner |  tr -d -c 0-9)

util/util.go

@@ -277,7 +277,7 @@ func GetCloudConfig(bootstrapParams params.BootstrapInstance, tools github.Runne
 
 		cloudCfg.AddSSHKey(bootstrapParams.SSHKeys...)
 		cloudCfg.AddFile(installScript, "/install_runner.sh", "root:root", "755")
-		cloudCfg.AddRunCmd("/install_runner.sh")
+		cloudCfg.AddRunCmd(fmt.Sprintf("su -l -c /install_runner.sh %s", appdefaults.DefaultUser))
 		cloudCfg.AddRunCmd("rm -f /install_runner.sh")
 		if bootstrapParams.CACertBundle != nil && len(bootstrapParams.CACertBundle) > 0 {
 			if err := cloudCfg.AddCACert(bootstrapParams.CACertBundle); err != nil {