Install machine runner 3 on macOS

Language Icon 1 month ago · 15 min read
Cloud Server v4.4+
Contribute Go to Code

This page describes how to install CircleCI’s machine runner 3 on macOS.

Prerequisites

To install machine runners and run jobs, you will need to have root access, and have the following utilities and tools installed on your system:

  • Homebrew

  • curl (installed by default on macOS)

  • sha256sum (if not pre-installed):

    • brew install coreutils

  • tar

  • The CircleCI CLI if you wish to install runners from the command line

Self-hosted runner terms agreement

  • Web app installation

  • CLI installation

Before you can install self-hosted runners through the web app, you will need to agree to the CircleCI Runner Terms. To be able to gain access to the Self-Hosted Runners section of the CircleCI web app or your CircleCI server app, an admin in your organization needs to navigate to Organization Settings  Self-Hosted Runners, and agree to the terms.

Runner terms and conditions

Once the terms have been accepted, Self-Hosted Runners will appear permanently in the side navigation.

Your role within your org is determined differently depending on how you integrate with your code, as follows:

  • If your code is integrated with CircleCI via the GitHub OAuth App or Bitbucket Cloud, CircleCI mirrors VCS permissions for organizations. If you are an admin on your organization’s VCS, you are an admin on CircleCI. If you are unsure, check the admin permissions on your VCS.

  • If your code is integrated with CircleCI via the GitHub App, GitLab, or Bitbucket Data Center, you can check roles by navigating to Organization Settings  People. Full details on roles and permissions are available in the Roles and permissions overview.

To find out which GitHub integration you are using, head to the CircleCI web app, select your org, select Organization Home from the sidebar, and inspect the URL in your browser:

For more information about the differences, see the GitHub docs comparison page.

If you are installing and using self-hosted runners through the CLI, you are agreeing to the CircleCI Runner Terms.

1. Create namespace and resource class

  • Web app installation

  • CLI installation

In order to install self-hosted runners, you will need to create a namespace and resource class token. To create resource classes and tokens, you need to be an organization admin in the VCS provider. You can read about namespaces and resource classes on the Concepts page.

You can view your installed runners on the inventory page, by clicking Self-Hosted Runners on the left navigation.

  1. On the CircleCI web app, navigate to Self-Hosted Runners and select Create Resource Class.

    Runner set up
  2. Next, you will create a custom resource class to use when configuring jobs to use your self-hosted runners. If this is your organization’s first time using self-hosted runners. You will need to create or enter a namespace. If your organization already creates orbs, do not create a new namespace, but instead enter the namespace your organization uses for orbs here too. Enter aname for your self-hosted runner resource class.

    Each organization can only create a single namespace. While not required, we suggest using a lowercase representation of your CircleCI account name. CircleCI will populate your org name as the suggested namespace by default in the UI.
    Runner set up
  3. Copy and save the resource class token. Self-hosted runners use this token to claim work for the associated resource class.

    The token cannot be retrieved again, be sure to store it safely.
    Runner set up
  4. Select the Machine tab and progress on to the platform-specific instructions in the next section of this installation guide.

If you are installing self-hosted runners for server, the CircleCI CLI needs to be configured using your server API key. Run circleci setup to configure the CLI and access the option to supply a new API token if required.

In order to install self-hosted runners, you will need to create a namespace and authentication token by performing the steps listed below.

To create resource classes and tokens you need to be an organization administrator in the VCS provider.

You can view your installed runners on the inventory page in the web app or your CircleCI server app, by clicking Self-Hosted Runners on the left navigation.

  1. Create a namespace for your organization’s self-hosted runners. Each organization can only create a single namespace. We suggest using a lowercase representation of your CircleCI organization’s account name. If you already use orbs, this namespace should be the same namespace orbs use.

    Use the following command to create a namespace:

    circleci namespace create <name> --org-id <your-organization-id>
    If your organization already has a namespace, you will receive an error if you run the above command to create a different namespace. The error message returns the name of the existing namespace. In this case, move on to step 2 below, using your existing namespace.
  2. Create a resource class for your self-hosted runner’s namespace using the following command:

    circleci runner resource-class create <namespace>/<resource-class> <description> --generate-token

    Make sure to replace <namespace> and <resource-class> with your org namespace and desired resource class name, respectively. You may optionally add a description.

    Example: circleci runner resource-class create my-namespace/my-resource-class my-description --generate-token.

    The resource class token is returned after the runner resource class is successfully created.

    The token cannot be retrieved again, so be sure to store it safely.

2. Install CircleCI runner on macOS

You can install runner on macOS with Homebrew.

  1. On the target macOS machine with Homebrew installed, run the following command to add the CircleCI repository:

    brew tap circleci-public/circleci
  2. Run the following command to install the circleci-runner package:

    You may see a notification indicating a background item for Circle Internet Services Inc. has been added.
    brew install circleci-runner
  3. Open the runner config.yaml file with the text editor of your choice, and modify the runner.name and api.auth_token values.

    nano $HOME/Library/Preferences/com.circleci.runner/config.yaml
    runner:
      name: "my-macos-runner"
      working_directory: "/Users/$USER/Library/com.circleci.runner/workdir"
      cleanup_working_directory: true
    api:
      auth_token: "your-auth-token"

    Replace api.auth_token with the token generated in the steps above, and choose a name for your runner.

  4. If you are using CircleCI server you will need to provide the URL for your install. You can do this by either setting the CIRCLECI_RUNNER_API_URL environment variable:

    export CIRCLECI_RUNNER_API_URL="your server domain"

    Or by adding the URL to $HOME/Library/Preferences/com.circleci.runner/config.yaml using text editor of your choice.

    api:
      auth_token: "your-auth-token"
      # On server, set url to the hostname of your server installation.
      url: https://your.domain.here

If you are migrating an existing configuration from a previous runner installation, you may move the existing launch agent file from its current path to the new path.

This will overwrite the default config file installed via brew and replace it with your existing config file.

mv /Library/Preferences/com.circleci.runner/launch-agent-config.yaml $HOME/Library/Preferences/com.circleci.runner/config.yaml

After copying the file, you may remove the logging block to send logs to the default location for machine runner 3 (specified below):

# remove this block from your existing config
logging:
  file: /Library/Logs/com.circleci.runner.log

3. Review and accept the Apple signature notarization

The binary must be approved to run on your macOS system because the self-hosted runner is not compiled from source during installation. This can be done via the macOS UI by accepting the pop-up asking if you wish to run the binary from the internet, or programmatically.

  1. Verify the signature and notarization with this command:

    spctl -a -vvv -t install "$(brew --prefix)/bin/circleci-runner"

    It should return an output that looks like this:

    /opt/homebrew/bin/circleci-runner: accepted
    source=Notarized Developer ID
    origin=Developer ID Application: Circle Internet Services Inc.
  2. When ready, run the command to accept the notarization. You will need to enter the macOS system password.

    sudo xattr -r -d com.apple.quarantine "$(brew --prefix)/bin/circleci-runner"

4. Start macOS machine runner 3

To start the macOS machine runner 3 for the first time, you will need to bootstrap the service. Depending on whether you are using a GUI or non-GUI session (for example, when remotely tunneling into the machine), the commands to bootstrap the service will differ:

  • GUI domain

  • User domain

  1. For running the agent in a GUI session, you can bootstrap the provided .plist file and enable the service by running the following commands:

    launchctl bootstrap gui/$(id -u) $HOME/Library/LaunchAgents/com.circleci.runner.plist
    launchctl enable gui/$(id -u)/com.circleci.runner
    launchctl kickstart -k gui/$(id -u)/com.circleci.runner
  2. Finally, you can check the service is running by invoking the following command:

    launchctl print gui/$(id -u)/com.circleci.runner
  1. When using a non-GUI (or headless) session, the provided .plist file should be moved to /Library/LaunchAgents. This location is for per-user agents configured by the administrator, which allows the service to load after a reboot. Run the following command to do this:

    sudo mv $HOME/Library/LaunchAgents/com.circleci.runner.plist /Library/LaunchAgents/
  2. Now you can bootstrap the .plist file and enable the service by running the following commands:

    launchctl bootstrap user/$(id -u) /Library/LaunchAgents/com.circleci.runner.plist
    launchctl enable user/$(id -u)/com.circleci.runner
    launchctl kickstart -k user/$(id -u)/com.circleci.runner
  3. Finally, you can check the service is running by invoking the following command:

    launchctl print user/$(id -u)/com.circleci.runner

Machine runner configuration example

Once you have installed configuration runner, select Continue in the CircleCI web app and you will be presented with an example configuration snippet showing a job configured to use your new self-hosted runner resource class.

Runner set up

The fields you must set for a specific job to run using your machine runners are:

  • machine: true

  • resource_class: <namespace>/<resource-class>

Simple example of how you could set up a job:

version: 2.1

workflows:
  build-workflow:
    jobs:
      - runner
jobs:
  runner:
    machine: true
    resource_class: <namespace>/<resource-class>
    steps:
      - run: echo "Hi I'm on Runners!"

The job will then execute using your self-hosted runner when you push the .circleci/config.yml to your VCS provider.

Stop macOS machine runner 3

To stop the machine runner service, run the following command to disable the machine runner service, depending on the service target used in the previous step:

  • GUI domain

  • User domain

launchctl disable gui/$(id -u)/com.circleci.runner
launchctl disable user/$(id -u)/com.circleci.runner

Uninstall machine runner 3 on macOS

To uninstall machine runner 3 from your macOS device, follow these steps.

  1. Stop the machine runner service by using the following command to disable it, depending on the service target used during installation:

    • GUI domain

    • User domain

    Targeting the GUI domain:

    launchctl bootout gui/$(id -u)/com.circleci.runner

    Targeting the user domain:

    launchctl bootout user/$(id -u)/com.circleci.runner
  2. Uninstall machine runner:

    • Keep logs and configuration

    • Purge logs and configuration

    To uninstall without purging logs and configuration files, run the following command.

    brew uninstall --cask circleci-public/homebrew-circleci/circleci-runner
    This command will purge all logs and configuration files.

    To uninstall and purge all logs and configuration files, run the following command.

    brew uninstall --cask --zap circleci-public/homebrew-circleci/circleci-runner

Access runner logs

On your macOS machine, logs from circleci-runner are located in the following directory by default.

$HOME/Library/Logs/com.circleci.runner/runner.log