diff --git a/roles/gitlab_runner/README.md b/roles/gitlab_runner/README.md index ad6252e..7dd2f91 100644 --- a/roles/gitlab_runner/README.md +++ b/roles/gitlab_runner/README.md @@ -1,12 +1,12 @@ gitlab_runner ========= -This will setup a [gitlab-runner](https://docs.gitlab.com/runner/) instance via Docker, that is used to run CI jobs from a Gitlab instance. -By default a gitlab-runner with the docker executor is setup, that can be used to build various jobs (but is unpriviledged by default!). +This will set up a [gitlab-runner](https://docs.gitlab.com/runner/) instance via Docker, that is used to run CI jobs from a GitLab instance. +Multiple different runners can be created and configured for this runner instance. **NOTE: Currently this will only allow to configure a docker, shell & docker+machine runner.** -**NOTE2: This will by default deploy docker machines with the priveleged flag enabled, so only use this in a trusted environment or set max builds to 1 to prevent malicious actions affecting other builds.** +**NOTE2: When deploying docker-machines with the privileged flag enabled, only use this in a trusted environment or set max builds to 1 to prevent malicious actions affecting other builds.** Requirements ------------ @@ -24,38 +24,47 @@ Role Variables ```yaml # This image has the hetzner plugin pre-installed gitlabrunner_image: "quay.io/shivering-isles/gitlab-hetzner-runner" -gitlabrunner_image_version: 13.5.0 - -# Adjust the name of the runner -gitlabrunner_name: "hetzner-docker-auto-scale" - -# Set the docker executor -gitlabrunner_executor: "docker+machine" - -# Should the docker runner start containers as privileged? (eg. needed for docker in docker / building with docker etc) -gitlabrunner_docker_privileged: true -# Should the docker socket be mounted into the containers? (SECURITY NOTE: This is critical, as it is effectively the same as root!) -gitlabrunner_docker_mount_socket: true - -# The docker-machine driver that should be used (the server provider) -gitlabrunner_machine_driver: "hetzner" -# The template for naming new machines -gitlabrunner_machine_name: "machine-%s-gitlab-runner-{{ gitlabrunner_machine_options['hetzner-server-type'] }}" - -# The "MachineOptions" field with parameters that depend on the driver (these usually provide the api token, which machine type is used etc...) -gitlabrunner_machine_options: - hetzner-api-token: "REPLACE_WITH_YOUR_API_TOKEN" # The Hetzner specific API token - hetzner-image: "debian-10" # The image that should be used for new machines - hetzner-server-type: "cx11" # The server type (the hardware configuration) to use for a new machine - hetzner-server-location: "fsn1" # The server location to use for a new machine - -# Extra volumes that should be added to the gitlab runner container. -gitlabrunner_extra_volumes: - - "./hetzner_machine:/root/.docker/machine" +gitlabrunner_image_version: 13.6.0 # Extra paths that should be created (eg. to be mounted in the container) gitlabrunner_extra_paths: - "{{ gitlabrunner_install_location }}/hetzner_machine" + +gitlabrunner_runners: + # Adjust the name of the runner + - name: "hetzner-docker-auto-scale" + + # Set the docker executor + executor: "docker+machine" + + # Should the docker runner start containers as privileged? (eg. needed for docker in docker / building with docker etc) + docker_privileged: true + # Should the docker socket be mounted into the containers? (SECURITY NOTE: This is critical, as it is effectively the same as root!) + docker_mount_socket: true + + # The docker-machine driver that should be used (the server provider) + machine_driver: "hetzner" + # The template for naming new machines + machine_name: "machine-%s-gitlab-runner" + # The maximum amount of builds on a machine (VM) before a new one will be used + machine_max_builds: 20 + # Time (in seconds) for machine to be in Idle state before it is removed. + machine_idle_time: 1800 + # Number of machines, that need to be created and are waiting in Idle state. + machine_idle_count: 0 + + # The "MachineOptions" field with parameters that depend on the driver (these usually provide the api token, which machine type is used etc...) + machine_options: + hetzner-api-token: "REPLACE_WITH_YOUR_API_TOKEN" # The Hetzner specific API token + hetzner-image: "debian-10" # The image that should be used for new machines + hetzner-server-type: "cx11" # The server type (the hardware configuration) to use for a new machine + hetzner-server-location: "fsn1" # The server location to use for a new machine + engine-install-url: "https://releases.rancher.com/install-docker/19.03.9.sh" # Workaround until 20.10 gets an update https://github.com/JonasProgrammer/docker-machine-driver-hetzner/issues/54 + + # Extra volumes that should be added to the gitlab runner container. + gitlabrunner_extra_volumes: + - "./hetzner_machine:/root/.docker/machine" + ``` Dependencies diff --git a/roles/gitlab_runner/defaults/main.yml b/roles/gitlab_runner/defaults/main.yml index 1307a21..479dc7c 100644 --- a/roles/gitlab_runner/defaults/main.yml +++ b/roles/gitlab_runner/defaults/main.yml @@ -29,60 +29,67 @@ gitlabrunner_image_version: "alpine-v13.6.0" # Extra paths that should be created (eg. to be mounted in the container) gitlabrunner_extra_paths: [] +# Should the docker socket be mounted to the gitlab runner (usually needed for the docker executor) +gitlabrunner_mount_docker_socket: false + # Extra volumes that should be added to the gitlab runner container. gitlabrunner_extra_volumes: [] -# The URL of the instance that this runner should be associated with -gitlabrunner_gitlab_url: https://gitlab.example.com - -# The token that you received when registering the runner (not the register token!!!) -# Register a runner first to obtain a token: https://docs.gitlab.com/runner/register/index.html#docker -# Can be done via the API and the registration token: eg. `curl --request POST "https://gitlab.example.com/api/v4/runners" --form "token="` -gitlabrunner_gitlab_token: - -# The name of the runner -gitlabrunner_name: "docker-runner" # The maximum overall concurrent running jobs. This is the most upper limit of number of jobs using all defined runners, local and autoscale. gitlabrunner_concurrent: 1 -# The limit of machines created by the runner and with that also the limit of jobs that can be handled concurrently by this specific autoscale runner. -gitlabrunner_limit: 1 + # The interval in seconds, to check for available jobs. (0 means default value is used. See https://docs.gitlab.com/runner/configuration/advanced-configuration.html#how-check_interval-works) gitlabrunner_check_interval: 0 -# The executor that is used for this runner. -# Eg. "docker", "shell", "docker+machine" -gitlabrunner_executor: "docker" +gitlabrunner_runners: + # The URL of the instance that this runner should be associated with + - gitlab_url: https://gitlab.example.com -# Should the docker runner start containers as privileged? (eg. needed for docker in docker / building with docker etc) -gitlabrunner_docker_privileged: false -# Should the docker socket be mounted into the containers? (SECURITY NOTE: This is critical, as it is effectively the same as root!) -gitlabrunner_docker_mount_socket: false -# The image that should be used for jobs by default -gitlabrunner_docker_image: "docker.io/library/docker:stable" + # The token that you received when registering the runner (not the register token!!!) + # Register a runner first to obtain a token: https://docs.gitlab.com/runner/register/index.html#docker + # Can be done via the API and the registration token: eg. `curl --request POST "https://gitlab.example.com/api/v4/runners" --form "token="` + gitlab_token: -# The docker-machine driver that should be used (the server provider) -gitlabrunner_machine_driver: "hetzner" -# The template for naming new machines -gitlabrunner_machine_name: "machine-%s-gitlab-runner" -# The maximum amount of builds on a machine (VM) before a new one will be used -gitlabrunner_machine_max_builds: 20 -# Time (in seconds) for machine to be in Idle state before it is removed. -gitlabrunner_machine_idle_time: 1800 -# Number of machines, that need to be created and are waiting in Idle state. -gitlabrunner_machine_idle_count: 0 + # The name of the runner + name: "docker-runner" -# The "MachineOptions" field with parameters that depend on the driver (these usually provide the api token, which machine type is used etc...) -# This for example are parameters for the Hetzner driver (but remember, that this will need the hetzner docker-machine plugin) -gitlabrunner_machine_options: - hetzner-api-token: "TOKENHERE" # The Hetzner specific API token - hetzner-image: "debian-10" # The image that should be used for new machines - hetzner-server-type: "cx11" # The server type (the hardware configuration) to use for a new machine - hetzner-server-location: "fsn1" # The server location to use for a new machine + # The limit of machines created by the runner and with that also the limit of jobs that can be handled concurrently by this specific runner. + limit: 1 -# S3 Runner cache configuration to improve performance between runs (see https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching) -gitlabrunner_cache_s3: - enabled: false - server: s3.example.com - access_key: "" - secret_key: "" - bucket: "runner" + # The executor that is used for this runner. + # Eg. "docker", "shell", "docker+machine" + executor: "docker" + + # Should the docker runner start containers as privileged? (eg. needed for docker in docker / building with docker etc) + docker_privileged: false + # Should the docker socket be mounted into the containers? (SECURITY NOTE: This is critical, as it is effectively the same as root!) + docker_mount_socket: false + # The image that should be used for jobs by default + docker_image: "docker.io/library/docker:stable" + + # The docker-machine driver that should be used (the server provider) + machine_driver: "hetzner" + # The template for naming new machines + machine_name: "machine-%s-gitlab-runner" + # The maximum amount of builds on a machine (VM) before a new one will be used + machine_max_builds: 20 + # Time (in seconds) for machine to be in Idle state before it is removed. + machine_idle_time: 1800 + # Number of machines, that need to be created and are waiting in Idle state. + machine_idle_count: 0 + + # The "MachineOptions" field with parameters that depend on the driver (these usually provide the api token, which machine type is used etc...) + # This for example are parameters for the Hetzner driver (but remember, that this will need the hetzner docker-machine plugin) + machine_options: + hetzner-api-token: "TOKENHERE" # The Hetzner specific API token + hetzner-image: "debian-10" # The image that should be used for new machines + hetzner-server-type: "cx11" # The server type (the hardware configuration) to use for a new machine + hetzner-server-location: "fsn1" # The server location to use for a new machine + + # S3 Runner cache configuration to improve performance between runs (see https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching) + cache_s3: + enabled: false + server: s3.example.com + access_key: "" + secret_key: "" + bucket: "runner" diff --git a/roles/gitlab_runner/templates/config.toml b/roles/gitlab_runner/templates/config.toml index 918b9b0..fa40a55 100644 --- a/roles/gitlab_runner/templates/config.toml +++ b/roles/gitlab_runner/templates/config.toml @@ -18,44 +18,46 @@ concurrent = {{ gitlabrunner_concurrent }} check_interval = {{ gitlabrunner_check_interval }} +{% for gitlabrunner in gitlabrunner_runners %} [[runners]] - name = "{{ gitlabrunner_name }}" - limit = {{ gitlabrunner_limit }} - url = "{{ gitlabrunner_gitlab_url }}" - token = "{{ gitlabrunner_gitlab_token }}" - executor = "{{ gitlabrunner_executor }}" -{% if gitlabrunner_executor == "docker" or gitlabrunner_executor == "docker+machine" %} + name = "{{ gitlabrunner.name }}" + limit = {{ gitlabrunner.limit | default(1) }} + url = "{{ gitlabrunner.gitlab_url }}" + token = "{{ gitlabrunner.gitlab_token }}" + executor = "{{ gitlabrunner.executor }}" +{% if gitlabrunner.executor == "docker" or gitlabrunner.executor == "docker+machine" %} [runners.docker] - image = "{{ gitlabrunner_docker_image }}" - privileged = {{ gitlabrunner_docker_privileged | bool | lower }} + image = "{{ gitlabrunner.docker_image | default("docker.io/library/docker:stable") }}" + privileged = {{ gitlabrunner.docker_privileged | bool | lower }} volumes = [ "/cache", -{% if gitlabrunner_docker_mount_socket %} +{% if gitlabrunner.docker_mount_socket %} "/var/run/docker.sock:/var/run/docker.sock" {% endif %} ] {% endif %} -{% if gitlabrunner_executor == "docker+machine" %} +{% if gitlabrunner.executor == "docker+machine" %} [runners.machine] - IdleCount = {{ gitlabrunner_machine_idle_count }} - IdleTime = {{ gitlabrunner_machine_idle_time }} - MaxBuilds = {{ gitlabrunner_machine_max_builds }} - MachineDriver = "{{ gitlabrunner_machine_driver }}" - MachineName = "{{ gitlabrunner_machine_name }}" + IdleCount = {{ gitlabrunner.machine_idle_count }} + IdleTime = {{ gitlabrunner.machine_idle_time }} + MaxBuilds = {{ gitlabrunner.machine_max_builds }} + MachineDriver = "{{ gitlabrunner.machine_driver }}" + MachineName = "{{ gitlabrunner.machine_name }}" MachineOptions = [ -{% for key, value in gitlabrunner_machine_options.items() %} +{% for key, value in gitlabrunner.machine_options.items() %} "{{ key }}={{ value }}", {% endfor %} ] {% endif %} [runners.cache] -{% if gitlabrunner_cache_s3.enabled %} +{% if gitlabrunner.cache_s3.enabled %} Type = "s3" Shared = false [runners.cache.s3] - ServerAddress = "{{ gitlabrunner_cache_s3.server }}" - AccessKey = "{{ gitlabrunner_cache_s3.access_key }}" - SecretKey = "{{ gitlabrunner_cache_s3.secret_key }}" - BucketName = "{{ gitlabrunner_cache_s3.bucket }}" + ServerAddress = "{{ gitlabrunner.cache_s3.server }}" + AccessKey = "{{ gitlabrunner.cache_s3.access_key }}" + SecretKey = "{{ gitlabrunner.cache_s3.secret_key }}" + BucketName = "{{ gitlabrunner.cache_s3.bucket }}" Insecure = false {% endif %} +{% endfor %} diff --git a/roles/gitlab_runner/templates/docker-compose.yml b/roles/gitlab_runner/templates/docker-compose.yml index c19a13d..eaa8924 100644 --- a/roles/gitlab_runner/templates/docker-compose.yml +++ b/roles/gitlab_runner/templates/docker-compose.yml @@ -24,7 +24,7 @@ services: memswap_limit: 256mb volumes: - "./config:/etc/gitlab-runner" -{% if gitlabrunner_executor == "docker" %} +{% if gitlabrunner_mount_docker_socket %} - "/var/run/docker.sock:/var/run/docker.sock" {% endif %} {% for item in gitlabrunner_extra_volumes %}