When I would like to do something that requiers sudo privelegies, the build process stucks and when ps aux for that command, it hanging in the list but doing nothing.

E.g.:

in the buildscript:

# stop nginx
echo "INFO: stopping nginx. pid [$(cat /opt/nginx/logs/nginx.pid)]"
sudo kill $(cat /opt/nginx/logs/nginx.pid)

in the gitlab ci output console:

INFO: stopping nginx. pid [2741]

kill $(cat /opt/nginx/logs/nginx.pid) # with a spinning wheel

in the bash:

> ps aux | grep nginx

root      6698  0.0  0.1  37628  1264 ?        Ss   19:25   0:00 nginx: master process /opt/nginx/sbin/nginx
nobody    6700  0.3  0.3  41776  3832 ?        S    19:25   0:00 nginx: worker process
kai   7015  0.0  0.0   4176   580 pts/0    S+   19:27   0:00 sh -c sudo kill $(cat /opt/nginx/logs/nginx.pid)
kai   7039  0.0  0.0   7828   844 pts/2    S+   19:27   0:00 grep nginx

So:

• not the sudo kill $(cat /opt/nginx/logs/nginx.pid) is going to execute, but sh -c sudo kill $(cat /opt/nginx/logs/nginx.pid)
• it is hanging up, without response (sounds for me like it asks for a password interactively)

There are a couple of ways to resolve this.

Grant sudo permissions

You can grant sudo permissions to the gitlab-runner user as this is who is executing the build script.

$ sudo usermod -a -G sudo gitlab-runner

You now have to remove the password restriction for sudo for the gitlab-runner user.

Start the sudo editor with

$ sudo visudo

Now add the following to the bottom of the file

gitlab-runner ALL=(ALL) NOPASSWD: ALL

Do not do this for gitlab runners that can be executed by untrusted users.

SSH Runner

You can configure the gitlab-ci-runner to connect to a remote host using SSH. You configure this to use a user remotely that has sudo permissions, and perform the build using that user. The remote host can be the same machine that the gitlab runner is executing on, or it can be another host.

This build user account will still need to have sudo and passwordless permissions. Follow the instruction below, except replace gitlab-runner with the build user.