saibotk-de/infrastructure
saibotk-de/infrastructure
1
0
Fork 0
Code Issues Pull requests Releases 42 Activity

gitlab_runner: Refactor to allow multiple runners to be configured

Browse source 
This patch breaks existing configs! There now is a list of runners that has to be configured instead of just one.
This commit is contained in:
saibotk 2020-12-16 14:48:09 +01:00
parent 20c0e5ced4
commit 301061753f
No known key found for this signature in database
GPG key ID: A3299C587D5DF523
4 changed files with 116 additions and 98 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
roles/gitlab_runner/README.md
View file

@ -1,12 +1,12 @@
gitlab_runner
=========
This will setup a [gitlab-runner](https://docs.gitlab.com/runner/) instance via Docker, that is used to run CI jobs from a Gitlab instance.
By default a gitlab-runner with the docker executor is setup, that can be used to build various jobs (but is unpriviledged by default!).
This will set up a [gitlab-runner](https://docs.gitlab.com/runner/) instance via Docker, that is used to run CI jobs from a GitLab instance.
Multiple different runners can be created and configured for this runner instance.
**NOTE: Currently this will only allow to configure a docker, shell & docker+machine runner.**
**NOTE2: This will by default deploy docker machines with the priveleged flag enabled, so only use this in a trusted environment or set max builds to 1 to prevent malicious actions affecting other builds.**
**NOTE2: When deploying docker-machines with the privileged flag enabled, only use this in a trusted environment or set max builds to 1 to prevent malicious actions affecting other builds.**
Requirements
------------
@ -24,38 +24,47 @@ Role Variables
```yaml
# This image has the hetzner plugin pre-installed
gitlabrunner_image: "quay.io/shivering-isles/gitlab-hetzner-runner"
gitlabrunner_image_version: 13.5.0
# Adjust the name of the runner
gitlabrunner_name: "hetzner-docker-auto-scale"
# Set the docker executor
gitlabrunner_executor: "docker+machine"
# Should the docker runner start containers as privileged? (eg. needed for docker in docker / building with docker etc)
gitlabrunner_docker_privileged: true
# Should the docker socket be mounted into the containers? (SECURITY NOTE: This is critical, as it is effectively the same as root!)
gitlabrunner_docker_mount_socket: true
# The docker-machine driver that should be used (the server provider)
gitlabrunner_machine_driver: "hetzner"
# The template for naming new machines
gitlabrunner_machine_name: "machine-%s-gitlab-runner-{{ gitlabrunner_machine_options['hetzner-server-type'] }}"
# The "MachineOptions" field with parameters that depend on the driver (these usually provide the api token, which machine type is used etc...)
gitlabrunner_machine_options:
hetzner-api-token: "REPLACE_WITH_YOUR_API_TOKEN" # The Hetzner specific API token
hetzner-image: "debian-10" # The image that should be used for new machines
hetzner-server-type: "cx11" # The server type (the hardware configuration) to use for a new machine
hetzner-server-location: "fsn1" # The server location to use for a new machine
# Extra volumes that should be added to the gitlab runner container.
gitlabrunner_extra_volumes:
- "./hetzner_machine:/root/.docker/machine"
gitlabrunner_image_version: 13.6.0
# Extra paths that should be created (eg. to be mounted in the container)
gitlabrunner_extra_paths:
- "{{ gitlabrunner_install_location }}/hetzner_machine"
gitlabrunner_runners:
# Adjust the name of the runner
- name: "hetzner-docker-auto-scale"
# Set the docker executor
executor: "docker+machine"
# Should the docker runner start containers as privileged? (eg. needed for docker in docker / building with docker etc)
docker_privileged: true
# Should the docker socket be mounted into the containers? (SECURITY NOTE: This is critical, as it is effectively the same as root!)
docker_mount_socket: true
# The docker-machine driver that should be used (the server provider)
machine_driver: "hetzner"
# The template for naming new machines
machine_name: "machine-%s-gitlab-runner"
# The maximum amount of builds on a machine (VM) before a new one will be used
machine_max_builds: 20
# Time (in seconds) for machine to be in Idle state before it is removed.
machine_idle_time: 1800
# Number of machines, that need to be created and are waiting in Idle state.
machine_idle_count: 0
# The "MachineOptions" field with parameters that depend on the driver (these usually provide the api token, which machine type is used etc...)
machine_options:
hetzner-api-token: "REPLACE_WITH_YOUR_API_TOKEN" # The Hetzner specific API token
hetzner-image: "debian-10" # The image that should be used for new machines
hetzner-server-type: "cx11" # The server type (the hardware configuration) to use for a new machine
hetzner-server-location: "fsn1" # The server location to use for a new machine
engine-install-url: "https://releases.rancher.com/install-docker/19.03.9.sh" # Workaround until 20.10 gets an update https://github.com/JonasProgrammer/docker-machine-driver-hetzner/issues/54
# Extra volumes that should be added to the gitlab runner container.
gitlabrunner_extra_volumes:
- "./hetzner_machine:/root/.docker/machine"
```
Dependencies

97
roles/gitlab_runner/defaults/main.yml
View file

@ -29,60 +29,67 @@ gitlabrunner_image_version: "alpine-v13.6.0"
# Extra paths that should be created (eg. to be mounted in the container)
gitlabrunner_extra_paths: []
# Should the docker socket be mounted to the gitlab runner (usually needed for the docker executor)
gitlabrunner_mount_docker_socket: false
# Extra volumes that should be added to the gitlab runner container.
gitlabrunner_extra_volumes: []
# The URL of the instance that this runner should be associated with
gitlabrunner_gitlab_url: https://gitlab.example.com
# The token that you received when registering the runner (not the register token!!!)
# Register a runner first to obtain a token: https://docs.gitlab.com/runner/register/index.html#docker
# Can be done via the API and the registration token: eg. `curl --request POST "https://gitlab.example.com/api/v4/runners" --form "token=<registration_token>"`
gitlabrunner_gitlab_token:
# The name of the runner
gitlabrunner_name: "docker-runner"
# The maximum overall concurrent running jobs. This is the most upper limit of number of jobs using all defined runners, local and autoscale.
gitlabrunner_concurrent: 1
# The limit of machines created by the runner and with that also the limit of jobs that can be handled concurrently by this specific autoscale runner.
gitlabrunner_limit: 1
# The interval in seconds, to check for available jobs. (0 means default value is used. See https://docs.gitlab.com/runner/configuration/advanced-configuration.html#how-check_interval-works)
gitlabrunner_check_interval: 0
# The executor that is used for this runner.
# Eg. "docker", "shell", "docker+machine"
gitlabrunner_executor: "docker"
gitlabrunner_runners:
# The URL of the instance that this runner should be associated with
- gitlab_url: https://gitlab.example.com
# Should the docker runner start containers as privileged? (eg. needed for docker in docker / building with docker etc)
gitlabrunner_docker_privileged: false
# Should the docker socket be mounted into the containers? (SECURITY NOTE: This is critical, as it is effectively the same as root!)
gitlabrunner_docker_mount_socket: false
# The image that should be used for jobs by default
gitlabrunner_docker_image: "docker.io/library/docker:stable"
# The token that you received when registering the runner (not the register token!!!)
# Register a runner first to obtain a token: https://docs.gitlab.com/runner/register/index.html#docker
# Can be done via the API and the registration token: eg. `curl --request POST "https://gitlab.example.com/api/v4/runners" --form "token=<registration_token>"`
gitlab_token:
# The docker-machine driver that should be used (the server provider)
gitlabrunner_machine_driver: "hetzner"
# The template for naming new machines
gitlabrunner_machine_name: "machine-%s-gitlab-runner"
# The maximum amount of builds on a machine (VM) before a new one will be used
gitlabrunner_machine_max_builds: 20
# Time (in seconds) for machine to be in Idle state before it is removed.
gitlabrunner_machine_idle_time: 1800
# Number of machines, that need to be created and are waiting in Idle state.
gitlabrunner_machine_idle_count: 0
# The name of the runner
name: "docker-runner"
# The "MachineOptions" field with parameters that depend on the driver (these usually provide the api token, which machine type is used etc...)
# This for example are parameters for the Hetzner driver (but remember, that this will need the hetzner docker-machine plugin)
gitlabrunner_machine_options:
hetzner-api-token: "TOKENHERE" # The Hetzner specific API token
hetzner-image: "debian-10" # The image that should be used for new machines
hetzner-server-type: "cx11" # The server type (the hardware configuration) to use for a new machine
hetzner-server-location: "fsn1" # The server location to use for a new machine
# The limit of machines created by the runner and with that also the limit of jobs that can be handled concurrently by this specific runner.
limit: 1
# S3 Runner cache configuration to improve performance between runs (see https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching)
gitlabrunner_cache_s3:
enabled: false
server: s3.example.com
access_key: ""
secret_key: ""
bucket: "runner"
# The executor that is used for this runner.
# Eg. "docker", "shell", "docker+machine"
executor: "docker"
# Should the docker runner start containers as privileged? (eg. needed for docker in docker / building with docker etc)
docker_privileged: false
# Should the docker socket be mounted into the containers? (SECURITY NOTE: This is critical, as it is effectively the same as root!)
docker_mount_socket: false
# The image that should be used for jobs by default
docker_image: "docker.io/library/docker:stable"
# The docker-machine driver that should be used (the server provider)
machine_driver: "hetzner"
# The template for naming new machines
machine_name: "machine-%s-gitlab-runner"
# The maximum amount of builds on a machine (VM) before a new one will be used
machine_max_builds: 20
# Time (in seconds) for machine to be in Idle state before it is removed.
machine_idle_time: 1800
# Number of machines, that need to be created and are waiting in Idle state.
machine_idle_count: 0
# The "MachineOptions" field with parameters that depend on the driver (these usually provide the api token, which machine type is used etc...)
# This for example are parameters for the Hetzner driver (but remember, that this will need the hetzner docker-machine plugin)
machine_options:
hetzner-api-token: "TOKENHERE" # The Hetzner specific API token
hetzner-image: "debian-10" # The image that should be used for new machines
hetzner-server-type: "cx11" # The server type (the hardware configuration) to use for a new machine
hetzner-server-location: "fsn1" # The server location to use for a new machine
# S3 Runner cache configuration to improve performance between runs (see https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching)
cache_s3:
enabled: false
server: s3.example.com
access_key: ""
secret_key: ""
bucket: "runner"

44
roles/gitlab_runner/templates/config.toml
View file

@ -18,44 +18,46 @@
concurrent = {{ gitlabrunner_concurrent }}
check_interval = {{ gitlabrunner_check_interval }}
{% for gitlabrunner in gitlabrunner_runners %}
[[runners]]
name = "{{ gitlabrunner_name }}"
limit = {{ gitlabrunner_limit }}
url = "{{ gitlabrunner_gitlab_url }}"
token = "{{ gitlabrunner_gitlab_token }}"
executor = "{{ gitlabrunner_executor }}"
{% if gitlabrunner_executor == "docker" or gitlabrunner_executor == "docker+machine" %}
name = "{{ gitlabrunner.name }}"
limit = {{ gitlabrunner.limit | default(1) }}
url = "{{ gitlabrunner.gitlab_url }}"
token = "{{ gitlabrunner.gitlab_token }}"
executor = "{{ gitlabrunner.executor }}"
{% if gitlabrunner.executor == "docker" or gitlabrunner.executor == "docker+machine" %}
[runners.docker]
image = "{{ gitlabrunner_docker_image }}"
privileged = {{ gitlabrunner_docker_privileged | bool | lower }}
image = "{{ gitlabrunner.docker_image | default("docker.io/library/docker:stable") }}"
privileged = {{ gitlabrunner.docker_privileged | bool | lower }}
volumes = [
"/cache",
{% if gitlabrunner_docker_mount_socket %}
{% if gitlabrunner.docker_mount_socket %}
"/var/run/docker.sock:/var/run/docker.sock"
{% endif %}
]
{% endif %}
{% if gitlabrunner_executor == "docker+machine" %}
{% if gitlabrunner.executor == "docker+machine" %}
[runners.machine]
IdleCount = {{ gitlabrunner_machine_idle_count }}
IdleTime = {{ gitlabrunner_machine_idle_time }}
MaxBuilds = {{ gitlabrunner_machine_max_builds }}
MachineDriver = "{{ gitlabrunner_machine_driver }}"
MachineName = "{{ gitlabrunner_machine_name }}"
IdleCount = {{ gitlabrunner.machine_idle_count }}
IdleTime = {{ gitlabrunner.machine_idle_time }}
MaxBuilds = {{ gitlabrunner.machine_max_builds }}
MachineDriver = "{{ gitlabrunner.machine_driver }}"
MachineName = "{{ gitlabrunner.machine_name }}"
MachineOptions = [
{% for key, value in gitlabrunner_machine_options.items() %}
{% for key, value in gitlabrunner.machine_options.items() %}
"{{ key }}={{ value }}",
{% endfor %}
]
{% endif %}
[runners.cache]
{% if gitlabrunner_cache_s3.enabled %}
{% if gitlabrunner.cache_s3.enabled %}
Type = "s3"
Shared = false
[runners.cache.s3]
ServerAddress = "{{ gitlabrunner_cache_s3.server }}"
AccessKey = "{{ gitlabrunner_cache_s3.access_key }}"
SecretKey = "{{ gitlabrunner_cache_s3.secret_key }}"
BucketName = "{{ gitlabrunner_cache_s3.bucket }}"
ServerAddress = "{{ gitlabrunner.cache_s3.server }}"
AccessKey = "{{ gitlabrunner.cache_s3.access_key }}"
SecretKey = "{{ gitlabrunner.cache_s3.secret_key }}"
BucketName = "{{ gitlabrunner.cache_s3.bucket }}"
Insecure = false
{% endif %}
{% endfor %}

2
roles/gitlab_runner/templates/docker-compose.yml
View file

@ -24,7 +24,7 @@ services:
memswap_limit: 256mb
volumes:
- "./config:/etc/gitlab-runner"
{% if gitlabrunner_executor == "docker" %}
{% if gitlabrunner_mount_docker_socket %}
- "/var/run/docker.sock:/var/run/docker.sock"
{% endif %}
{% for item in gitlabrunner_extra_volumes %}