saibotk-de/infrastructure
saibotk-de/infrastructure
1
0
Fork 0
Code Issues Pull requests Releases 42 Activity

gitlab_runner: Refactor to allow multiple runners to be configured

Browse source 
This patch breaks existing configs! There now is a list of runners that has to be configured instead of just one.
This commit is contained in:
saibotk 2020-12-16 14:48:09 +01:00
parent 20c0e5ced4
commit 301061753f
No known key found for this signature in database
GPG key ID: A3299C587D5DF523
4 changed files with 116 additions and 98 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
roles/gitlab_runner/README.md
View file

@ -1,12 +1,12 @@
gitlab_runner gitlab_runner
========= =========
This will setup a [gitlab-runner](https://docs.gitlab.com/runner/) instance via Docker, that is used to run CI jobs from a Gitlab instance. This will set up a [gitlab-runner](https://docs.gitlab.com/runner/) instance via Docker, that is used to run CI jobs from a GitLab instance.
By default a gitlab-runner with the docker executor is setup, that can be used to build various jobs (but is unpriviledged by default!). Multiple different runners can be created and configured for this runner instance.
**NOTE: Currently this will only allow to configure a docker, shell & docker+machine runner.** **NOTE: Currently this will only allow to configure a docker, shell & docker+machine runner.**
**NOTE2: This will by default deploy docker machines with the priveleged flag enabled, so only use this in a trusted environment or set max builds to 1 to prevent malicious actions affecting other builds.** **NOTE2: When deploying docker-machines with the privileged flag enabled, only use this in a trusted environment or set max builds to 1 to prevent malicious actions affecting other builds.**
Requirements Requirements
------------ ------------
@ -24,38 +24,47 @@ Role Variables
```yaml ```yaml
# This image has the hetzner plugin pre-installed # This image has the hetzner plugin pre-installed
gitlabrunner_image: "quay.io/shivering-isles/gitlab-hetzner-runner" gitlabrunner_image: "quay.io/shivering-isles/gitlab-hetzner-runner"
gitlabrunner_image_version: 13.5.0 gitlabrunner_image_version: 13.6.0
# Adjust the name of the runner
gitlabrunner_name: "hetzner-docker-auto-scale"
# Set the docker executor
gitlabrunner_executor: "docker+machine"
# Should the docker runner start containers as privileged? (eg. needed for docker in docker / building with docker etc)
gitlabrunner_docker_privileged: true
# Should the docker socket be mounted into the containers? (SECURITY NOTE: This is critical, as it is effectively the same as root!)
gitlabrunner_docker_mount_socket: true
# The docker-machine driver that should be used (the server provider)
gitlabrunner_machine_driver: "hetzner"
# The template for naming new machines
gitlabrunner_machine_name: "machine-%s-gitlab-runner-{{ gitlabrunner_machine_options['hetzner-server-type'] }}"
# The "MachineOptions" field with parameters that depend on the driver (these usually provide the api token, which machine type is used etc...)
gitlabrunner_machine_options:
hetzner-api-token: "REPLACE_WITH_YOUR_API_TOKEN" # The Hetzner specific API token
hetzner-image: "debian-10" # The image that should be used for new machines
hetzner-server-type: "cx11" # The server type (the hardware configuration) to use for a new machine
hetzner-server-location: "fsn1" # The server location to use for a new machine
# Extra volumes that should be added to the gitlab runner container.
gitlabrunner_extra_volumes:
- "./hetzner_machine:/root/.docker/machine"
# Extra paths that should be created (eg. to be mounted in the container) # Extra paths that should be created (eg. to be mounted in the container)
gitlabrunner_extra_paths: gitlabrunner_extra_paths:
- "{{ gitlabrunner_install_location }}/hetzner_machine" - "{{ gitlabrunner_install_location }}/hetzner_machine"
gitlabrunner_runners:
# Adjust the name of the runner
- name: "hetzner-docker-auto-scale"
# Set the docker executor
executor: "docker+machine"
# Should the docker runner start containers as privileged? (eg. needed for docker in docker / building with docker etc)
docker_privileged: true
# Should the docker socket be mounted into the containers? (SECURITY NOTE: This is critical, as it is effectively the same as root!)
docker_mount_socket: true
# The docker-machine driver that should be used (the server provider)
machine_driver: "hetzner"
# The template for naming new machines
machine_name: "machine-%s-gitlab-runner"
# The maximum amount of builds on a machine (VM) before a new one will be used
machine_max_builds: 20
# Time (in seconds) for machine to be in Idle state before it is removed.
machine_idle_time: 1800
# Number of machines, that need to be created and are waiting in Idle state.
machine_idle_count: 0
# The "MachineOptions" field with parameters that depend on the driver (these usually provide the api token, which machine type is used etc...)
machine_options:
hetzner-api-token: "REPLACE_WITH_YOUR_API_TOKEN" # The Hetzner specific API token
hetzner-image: "debian-10" # The image that should be used for new machines
hetzner-server-type: "cx11" # The server type (the hardware configuration) to use for a new machine
hetzner-server-location: "fsn1" # The server location to use for a new machine
engine-install-url: "https://releases.rancher.com/install-docker/19.03.9.sh" # Workaround until 20.10 gets an update https://github.com/JonasProgrammer/docker-machine-driver-hetzner/issues/54
# Extra volumes that should be added to the gitlab runner container.
gitlabrunner_extra_volumes:
- "./hetzner_machine:/root/.docker/machine"
``` ```
Dependencies Dependencies

97
roles/gitlab_runner/defaults/main.yml
View file

@ -29,60 +29,67 @@ gitlabrunner_image_version: "alpine-v13.6.0"
# Extra paths that should be created (eg. to be mounted in the container) # Extra paths that should be created (eg. to be mounted in the container)
gitlabrunner_extra_paths: [] gitlabrunner_extra_paths: []
# Should the docker socket be mounted to the gitlab runner (usually needed for the docker executor)
gitlabrunner_mount_docker_socket: false
# Extra volumes that should be added to the gitlab runner container. # Extra volumes that should be added to the gitlab runner container.
gitlabrunner_extra_volumes: [] gitlabrunner_extra_volumes: []
# The URL of the instance that this runner should be associated with
gitlabrunner_gitlab_url: https://gitlab.example.com
# The token that you received when registering the runner (not the register token!!!)
# Register a runner first to obtain a token: https://docs.gitlab.com/runner/register/index.html#docker
# Can be done via the API and the registration token: eg. `curl --request POST "https://gitlab.example.com/api/v4/runners" --form "token=<registration_token>"`
gitlabrunner_gitlab_token:
# The name of the runner
gitlabrunner_name: "docker-runner"
# The maximum overall concurrent running jobs. This is the most upper limit of number of jobs using all defined runners, local and autoscale. # The maximum overall concurrent running jobs. This is the most upper limit of number of jobs using all defined runners, local and autoscale.
gitlabrunner_concurrent: 1 gitlabrunner_concurrent: 1
# The limit of machines created by the runner and with that also the limit of jobs that can be handled concurrently by this specific autoscale runner.
gitlabrunner_limit: 1
# The interval in seconds, to check for available jobs. (0 means default value is used. See https://docs.gitlab.com/runner/configuration/advanced-configuration.html#how-check_interval-works) # The interval in seconds, to check for available jobs. (0 means default value is used. See https://docs.gitlab.com/runner/configuration/advanced-configuration.html#how-check_interval-works)
gitlabrunner_check_interval: 0 gitlabrunner_check_interval: 0
# The executor that is used for this runner. gitlabrunner_runners:
# Eg. "docker", "shell", "docker+machine" # The URL of the instance that this runner should be associated with
gitlabrunner_executor: "docker" - gitlab_url: https://gitlab.example.com
# Should the docker runner start containers as privileged? (eg. needed for docker in docker / building with docker etc) # The token that you received when registering the runner (not the register token!!!)
gitlabrunner_docker_privileged: false # Register a runner first to obtain a token: https://docs.gitlab.com/runner/register/index.html#docker
# Should the docker socket be mounted into the containers? (SECURITY NOTE: This is critical, as it is effectively the same as root!) # Can be done via the API and the registration token: eg. `curl --request POST "https://gitlab.example.com/api/v4/runners" --form "token=<registration_token>"`
gitlabrunner_docker_mount_socket: false gitlab_token:
# The image that should be used for jobs by default
gitlabrunner_docker_image: "docker.io/library/docker:stable"
# The docker-machine driver that should be used (the server provider) # The name of the runner
gitlabrunner_machine_driver: "hetzner" name: "docker-runner"
# The template for naming new machines
gitlabrunner_machine_name: "machine-%s-gitlab-runner"
# The maximum amount of builds on a machine (VM) before a new one will be used
gitlabrunner_machine_max_builds: 20
# Time (in seconds) for machine to be in Idle state before it is removed.
gitlabrunner_machine_idle_time: 1800
# Number of machines, that need to be created and are waiting in Idle state.
gitlabrunner_machine_idle_count: 0
# The "MachineOptions" field with parameters that depend on the driver (these usually provide the api token, which machine type is used etc...) # The limit of machines created by the runner and with that also the limit of jobs that can be handled concurrently by this specific runner.
# This for example are parameters for the Hetzner driver (but remember, that this will need the hetzner docker-machine plugin) limit: 1
gitlabrunner_machine_options:
hetzner-api-token: "TOKENHERE" # The Hetzner specific API token
hetzner-image: "debian-10" # The image that should be used for new machines
hetzner-server-type: "cx11" # The server type (the hardware configuration) to use for a new machine
hetzner-server-location: "fsn1" # The server location to use for a new machine
# S3 Runner cache configuration to improve performance between runs (see https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching) # The executor that is used for this runner.
gitlabrunner_cache_s3: # Eg. "docker", "shell", "docker+machine"
enabled: false executor: "docker"
server: s3.example.com
access_key: "" # Should the docker runner start containers as privileged? (eg. needed for docker in docker / building with docker etc)
secret_key: "" docker_privileged: false
bucket: "runner" # Should the docker socket be mounted into the containers? (SECURITY NOTE: This is critical, as it is effectively the same as root!)
docker_mount_socket: false
# The image that should be used for jobs by default
docker_image: "docker.io/library/docker:stable"
# The docker-machine driver that should be used (the server provider)
machine_driver: "hetzner"
# The template for naming new machines
machine_name: "machine-%s-gitlab-runner"
# The maximum amount of builds on a machine (VM) before a new one will be used
machine_max_builds: 20
# Time (in seconds) for machine to be in Idle state before it is removed.
machine_idle_time: 1800
# Number of machines, that need to be created and are waiting in Idle state.
machine_idle_count: 0
# The "MachineOptions" field with parameters that depend on the driver (these usually provide the api token, which machine type is used etc...)
# This for example are parameters for the Hetzner driver (but remember, that this will need the hetzner docker-machine plugin)
machine_options:
hetzner-api-token: "TOKENHERE" # The Hetzner specific API token
hetzner-image: "debian-10" # The image that should be used for new machines
hetzner-server-type: "cx11" # The server type (the hardware configuration) to use for a new machine
hetzner-server-location: "fsn1" # The server location to use for a new machine
# S3 Runner cache configuration to improve performance between runs (see https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching)
cache_s3:
enabled: false
server: s3.example.com
access_key: ""
secret_key: ""
bucket: "runner"

44
roles/gitlab_runner/templates/config.toml
View file

@ -18,44 +18,46 @@
concurrent = {{ gitlabrunner_concurrent }} concurrent = {{ gitlabrunner_concurrent }}
check_interval = {{ gitlabrunner_check_interval }} check_interval = {{ gitlabrunner_check_interval }}
{% for gitlabrunner in gitlabrunner_runners %}
[[runners]] [[runners]]
name = "{{ gitlabrunner_name }}" name = "{{ gitlabrunner.name }}"
limit = {{ gitlabrunner_limit }} limit = {{ gitlabrunner.limit | default(1) }}
url = "{{ gitlabrunner_gitlab_url }}" url = "{{ gitlabrunner.gitlab_url }}"
token = "{{ gitlabrunner_gitlab_token }}" token = "{{ gitlabrunner.gitlab_token }}"
executor = "{{ gitlabrunner_executor }}" executor = "{{ gitlabrunner.executor }}"
{% if gitlabrunner_executor == "docker" or gitlabrunner_executor == "docker+machine" %} {% if gitlabrunner.executor == "docker" or gitlabrunner.executor == "docker+machine" %}
[runners.docker] [runners.docker]
image = "{{ gitlabrunner_docker_image }}" image = "{{ gitlabrunner.docker_image | default("docker.io/library/docker:stable") }}"
privileged = {{ gitlabrunner_docker_privileged | bool | lower }} privileged = {{ gitlabrunner.docker_privileged | bool | lower }}
volumes = [ volumes = [
"/cache", "/cache",
{% if gitlabrunner_docker_mount_socket %} {% if gitlabrunner.docker_mount_socket %}
"/var/run/docker.sock:/var/run/docker.sock" "/var/run/docker.sock:/var/run/docker.sock"
{% endif %} {% endif %}
] ]
{% endif %} {% endif %}
{% if gitlabrunner_executor == "docker+machine" %} {% if gitlabrunner.executor == "docker+machine" %}
[runners.machine] [runners.machine]
IdleCount = {{ gitlabrunner_machine_idle_count }} IdleCount = {{ gitlabrunner.machine_idle_count }}
IdleTime = {{ gitlabrunner_machine_idle_time }} IdleTime = {{ gitlabrunner.machine_idle_time }}
MaxBuilds = {{ gitlabrunner_machine_max_builds }} MaxBuilds = {{ gitlabrunner.machine_max_builds }}
MachineDriver = "{{ gitlabrunner_machine_driver }}" MachineDriver = "{{ gitlabrunner.machine_driver }}"
MachineName = "{{ gitlabrunner_machine_name }}" MachineName = "{{ gitlabrunner.machine_name }}"
MachineOptions = [ MachineOptions = [
{% for key, value in gitlabrunner_machine_options.items() %} {% for key, value in gitlabrunner.machine_options.items() %}
"{{ key }}={{ value }}", "{{ key }}={{ value }}",
{% endfor %} {% endfor %}
] ]
{% endif %} {% endif %}
[runners.cache] [runners.cache]
{% if gitlabrunner_cache_s3.enabled %} {% if gitlabrunner.cache_s3.enabled %}
Type = "s3" Type = "s3"
Shared = false Shared = false
[runners.cache.s3] [runners.cache.s3]
ServerAddress = "{{ gitlabrunner_cache_s3.server }}" ServerAddress = "{{ gitlabrunner.cache_s3.server }}"
AccessKey = "{{ gitlabrunner_cache_s3.access_key }}" AccessKey = "{{ gitlabrunner.cache_s3.access_key }}"
SecretKey = "{{ gitlabrunner_cache_s3.secret_key }}" SecretKey = "{{ gitlabrunner.cache_s3.secret_key }}"
BucketName = "{{ gitlabrunner_cache_s3.bucket }}" BucketName = "{{ gitlabrunner.cache_s3.bucket }}"
Insecure = false Insecure = false
{% endif %} {% endif %}
{% endfor %}

2
roles/gitlab_runner/templates/docker-compose.yml
View file

@ -24,7 +24,7 @@ services:
memswap_limit: 256mb memswap_limit: 256mb
volumes: volumes:
- "./config:/etc/gitlab-runner" - "./config:/etc/gitlab-runner"
{% if gitlabrunner_executor == "docker" %} {% if gitlabrunner_mount_docker_socket %}
- "/var/run/docker.sock:/var/run/docker.sock" - "/var/run/docker.sock:/var/run/docker.sock"
{% endif %} {% endif %}
{% for item in gitlabrunner_extra_volumes %} {% for item in gitlabrunner_extra_volumes %}