From dd24ace1ec77605fd7b2ec966a78080a955b001d Mon Sep 17 00:00:00 2001 From: DevMiner Date: Tue, 12 Nov 2024 13:59:13 +0100 Subject: [PATCH] chore: release to public --- .editorconfig | 9 ++ .github/workflows/molecule.yml | 32 ++++ .github/workflows/release.yml | 17 +++ .gitignore | 5 + .yamllint | 30 ++++ README.md | 137 ++++++++++++++++++ defaults/main.yml | 36 +++++ handlers/main.yml | 11 ++ meta/main.yml | 15 ++ molecule/default/INSTALL.rst | 22 +++ molecule/default/cleanup.yml | 10 ++ molecule/default/converge.yml | 10 ++ molecule/default/molecule.yml | 67 +++++++++ molecule/default/prepare.yml | 74 ++++++++++ molecule/default/verify.yml | 15 ++ tasks/cleanup.yml | 15 ++ tasks/configuration.yml | 17 +++ tasks/install.yml | 54 +++++++ tasks/main.yml | 28 ++++ tasks/registration.yml | 64 ++++++++ tasks/unregistration.yml | 19 +++ .../preferences.d/pin-gitlab-runner.pref.j2 | 4 + .../gitlab-runner.service.d/kill.conf.j2 | 3 + vars/Debian.yml | 6 + 24 files changed, 700 insertions(+) create mode 100644 .editorconfig create mode 100644 .github/workflows/molecule.yml create mode 100644 .github/workflows/release.yml create mode 100644 .gitignore create mode 100644 .yamllint create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 molecule/default/INSTALL.rst create mode 100644 molecule/default/cleanup.yml create mode 100644 molecule/default/converge.yml create mode 100644 molecule/default/molecule.yml create mode 100644 molecule/default/prepare.yml create mode 100644 molecule/default/verify.yml create mode 100644 tasks/cleanup.yml create mode 100644 tasks/configuration.yml create mode 100644 tasks/install.yml create mode 100644 tasks/main.yml create mode 100644 tasks/registration.yml create mode 100644 tasks/unregistration.yml create mode 100644 templates/etc/apt/preferences.d/pin-gitlab-runner.pref.j2 create mode 100644 templates/etc/systemd/system/gitlab-runner.service.d/kill.conf.j2 create mode 100644 vars/Debian.yml diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..c6c8b36 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,9 @@ +root = true + +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = true diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml new file mode 100644 index 0000000..8a520ab --- /dev/null +++ b/.github/workflows/molecule.yml @@ -0,0 +1,32 @@ +on: push + +jobs: + # TODO: Find a way to run against a Gitlab instance for testing + #molecule: + # name: Run molecule against role + # runs-on: ubuntu-latest + # steps: + # - uses: actions/checkout@v4 + + # - uses: actions/setup-python@v5 + # with: + # cache: pip + + # # TODO: Remove `requests` version pin https://github.com/ansible-community/molecule-plugins/issues/256 + # - run: python3 -m pip install ansible molecule molecule-docker 'requests<2.32.0' + + # - run: molecule test + + lint: + name: Lint role + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - uses: actions/setup-python@v5 + with: + cache: pip + + - run: python3 -m pip install ansible ansible-lint yamllint + + - run: ansible-lint . diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..d478130 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,17 @@ +on: + push: + tags: + - "v*" + +jobs: + ansible-galaxy: + name: Publish on Ansible Galaxy + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: + uses: robertdebock/galaxy-action@1.2.1 + with: + git_branch: main + galaxy_api_key: ${{ secrets.GALAXY_API_KEY }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f8e0030 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +*.retry +.kitchen/ +.kitchen.local.yml +.idea/ +tests/roles/external/ diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..987fc11 --- /dev/null +++ b/.yamllint @@ -0,0 +1,30 @@ +--- +extends: default + +# ignore-from-file: .gitignore +ignore: | + .devcontainer/ + .idea/ + +rules: + line-length: + max: 120 + truthy: + allowed-values: ['true', 'false', 'yes', 'no'] + check-keys: true + comments: + # https://github.com/prettier/prettier/issues/6780 + min-spaces-from-content: 1 + # https://github.com/adrienverge/yamllint/issues/384 + comments-indentation: false + document-start: disable + # 160 chars was the default used by old E204 rule, but + # you can easily change it or disable in your .yamllint file. + braces: + min-spaces-inside: 0 # yamllint defaults to 0 + max-spaces-inside: 1 # yamllint defaults to 0 + # key-duplicates: + # forbid-duplicated-merge-keys: true # not enabled by default + octal-values: + forbid-implicit-octal: true # yamllint defaults to false + forbid-explicit-octal: true # yamllint defaults to false diff --git a/README.md b/README.md new file mode 100644 index 0000000..1f49fb6 --- /dev/null +++ b/README.md @@ -0,0 +1,137 @@ +# GitLab Runner Ansible role + +This Ansible role installs and configures GitLab runner. + +**Please note:** Only the **docker** and **shell** executor is supported. Other executors are +untested and may not work out of the box with this role. + +Currently supported operating systems: +- Debian 12 + +## Requirements +This role has been tested with the following dependencies: + +`ansible_core` >= `2.17.1` +Ansible Collections + - `community.general` >= `9.2.0` +Python >= `3.11.2` + +### Testing +- `molecule` >= `24.7.0` +- `molecule-plugins[docker]` >= `23.5.3` + +## Role Variables +### Required +- `gitlab_access_token`: **Required.** GitLab Personal Access Token with `admin` scope. + +### Optional +- `os_pkg_gitlab_runner`: Optional. Installation package name. +- `gitlab_gpg_key_url`: Optional. URL for GitLab's official gpg key. +- `gitlab_url`:Optional. URL of GitLab server. +- `gitlab_apt_repository_url`: Optional. GitLab Runner apt repository URL. +- `apt_os_dependencies`: Optional. OS dependencies that should be installed. + +- `runner_count`: Optional. The number of runner instances. +- `runner_name`: Optional. The runner's name. +- `runner_executor`: Optional. The runner's executor that is used to run your +builds. +- `runner_concurrent`: Optional. Limits how many jobs globally can be run +concurrently. +- `runner_builds_limit`: Optional. Maximum number of builds processed by a +runner. +- `runner_is_locked`: Optional. If true, runner cannot be assigned to other +projects. +- `runner_is_paused`: Optional. If true, runner will not receive any new jobs. +- `runner_run_untagged_builds`: Optional. Register to run untagged builds. +- `runner_tags`: Optional. List of tags. +- `runner_metrics_enabled`: Optional. If true, runner will expose Prometheus +metrics via embedded HTTP server. +- `runner_metrics_listen_address`. Optional. `:` address on which +the Prometheus metrics HTTP server should be listening (default: `':9252'`). + +- `runner_docker_image`: Optional. Docker image to be used. +- `runner_docker_privileged`: Optional. Give extended privileges to docker +container. +- `runner_docker_services_timeout`: Optional. How long to wait for service +startup. +- `runner_stop_timeout`: Optional. Timeout in seconds for the service stop +command after which systemd will just `SIGKILL` the process. + +- `runner_user`: Optional. User that will be used to run the runner. Only used +if `runner_executor` is set to `shell`. +- `runner_group`: Optional. Group that will be used to run the runner. Only used +if `runner_executor` is set to `shell`. + +- `force_unregistration`: Optional. Force unregistration of all existing runners, +- `force_reregistration`: Optional. Force unregistration of all existing +runners before registration. + +- `runner_cleanup_is_enabled`: Optional. If true, GitLab Runner cleanup tool +will be used. +- `runner_cleanup_container_name`: Optional. GitLab Runner cleanup container +name. +- `runner_cleanup_container_image`: Optional. GitLab Runner cleanup container +image. +- `runner_cleanup_volumes`: Optional. GitLab Runner cleanup volumes. +- `runner_cleanup_env`: Optional. GitLab Runner cleanup environment variables. + +- `runner_config_path`: Optional. Path to GitLab Runner's configuration file +(TOML format). + +- `env_compose_http_timeout`: Optional. Value for `COMPOSE_HTTP_TIMEOUT` +environment variable injected to build environment. +- `env_docker_driver`: Optional. Value for `DOCKER_DRIVER` environment variable +injected to build environment. +- `env_docker_tls_certdir`: Optional. Value for `DOCKER_TLS_CERTDIR` +environment variable injected to build environment. + +## Dependencies + +- [geerlingguy.docker](https://github.com/geerlingguy/ansible-role-docker) to use the `docker` executor + +## Example Playbook + +```yaml +- hosts: servers + become: true + vars: + gitlab_access_token: "xxxxx-oemL-tu-cvi" + tasks: + - name: "Include netresearch.gitlab_runner" + ansible.builtin.include_role: + name: "netresearch.gitlab_runner" +``` + +## Testing + +For testing we use `Molecule` in combination with `Docker`. +For more information see: +- [Test requirements](molecule/default/INSTALL.rst) +- [Molecule](https://molecule.readthedocs.io/en/latest/) + +Additionally we have two scenarios: +- Debian 12 + +1. Get a GitLab PAT with the `admin` scope. +2. For starting the tests, please run: + ```bash + molecule test -- --extra-vars "gitlab_access_token=" + ``` + For development you can also run the test step-by-step for Debian scenario: + ```bash + # create testing environment + molecule create + + # rollout Ansible config + molecule converge -- --extra-vars "gitlab_access_token=TOKEN_HERE" + + # start tests + molecule verify + + # login into the testing environment + molecule login --host + ``` + +## License + +AGPL-3.0-or-later diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..b9040f0 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,36 @@ +--- +os_pkg_gitlab_runner: "gitlab-runner" +gitlab_gpg_key_url: https://packages.gitlab.com/runner/gitlab-runner/gpgkey +gitlab_url: "YOUR_GITLAB_URL" +gitlab_apt_repository_url: https://packages.gitlab.com/runner/gitlab-runner/ +gitlab_access_token: "YOUR_ACCESS_TOKEN" + +runner_count: 1 +runner_concurrent: 1 +runner_name: "{{ ansible_hostname }}" +runner_executor: docker +runner_is_locked: false +runner_is_paused: false +runner_run_untagged_builds: true +runner_tags: +runner_metrics_enabled: false +runner_stop_timeout: 3600 + +runner_docker_volume_mount_daemon: "/etc/docker/daemon.json:/etc/docker/daemon.json:ro" +runner_docker_volume_mount_ssl: "/etc/ssl/certs:/etc/ssl/certs:ro" +runner_docker_image: "docker:stable" +runner_docker_privileged: false +runner_docker_services_timeout: 90 + +runner_user: gitlab-runner +runner_home: /home/gitlab-runner + +force_reregistration: false +force_unregistration: false + +runner_cleanup_is_enabled: true +runner_config_path: /etc/gitlab-runner/config.toml + +env_compose_http_timeout: 360 +env_docker_driver: overlay2 +env_docker_tls_certdir: diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..8689d3f --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,11 @@ +--- +# handlers file for ansible-role-gitlab-runner +- name: Restart gitlab-runner service + ansible.builtin.service: + name: gitlab-runner + state: restarted + +- name: Reload systemd + ansible.builtin.systemd: + name: gitlab-runner + daemon_reload: true diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..44958d9 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + role_name: gitlab_runner + namespace: netresearch + author: it@netresearch.de + description: Ansible role that installs and configures GitLab runner. + company: Netresearch DTT GmbH + license: AGPL-3.0-or-later + min_ansible_version: "2.17.1" + platforms: + - name: Debian + versions: + - bookworm + galaxy_tags: [] +dependencies: [] diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst new file mode 100644 index 0000000..0429313 --- /dev/null +++ b/molecule/default/INSTALL.rst @@ -0,0 +1,22 @@ +********************************* +Docker driver installation guide +********************************* + +Requirements +============ + +* Docker + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip3 install ansible ansible-lint molecule "molecule-plugins[docker]" diff --git a/molecule/default/cleanup.yml b/molecule/default/cleanup.yml new file mode 100644 index 0000000..cb18941 --- /dev/null +++ b/molecule/default/cleanup.yml @@ -0,0 +1,10 @@ +--- +- name: Cleanup + hosts: all + become: true + vars: + force_unregistration: true + tasks: + - name: "Include netresearch.gitlab_runner" + ansible.builtin.include_role: + name: "netresearch.gitlab_runner" diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..3e9fefd --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,10 @@ +--- +- name: Converge + hosts: all + become: true + vars: + runner_run_untagged_builds: false + tasks: + - name: "Include netresearch.gitlab_runner" + ansible.builtin.include_role: + name: "netresearch.gitlab_runner" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..98b7342 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,67 @@ +--- +dependency: + name: galaxy + +driver: + name: docker + +platforms: + - name: shell-runner + image: geerlingguy/docker-debian12-ansible:latest + privileged: true + pre_build_image: true + cgroupns: host + cgroupns_mode: host + command: /lib/systemd/systemd + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + groups: + - shell + + - name: docker-runner + image: geerlingguy/docker-debian12-ansible:latest + privileged: true + pre_build_image: true + cgroupns: host + cgroupns_mode: host + command: /lib/systemd/systemd + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + groups: + - docker + +provisioner: + name: ansible + inventory: + group_vars: + docker: + runner_executor: "docker" + runner_tags: + - test_docker_runner_please_dont_use_kthxbye + shell: + runner_executor: "shell" + runner_tags: + - test_shell_runner_please_dont_use_kthxbye + + options: + D: true + +verifier: + name: ansible + +scenario: + test_sequence: + - destroy + - syntax + - create + - prepare + - converge + - idempotence + - side_effect + - verify + - cleanup + - destroy + + destroy_sequence: + - dependency + - destroy diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml new file mode 100644 index 0000000..d800ab5 --- /dev/null +++ b/molecule/default/prepare.yml @@ -0,0 +1,74 @@ +--- +- name: Prepare Docker Runner + hosts: docker + become: true + vars: + python_string: "{{ 'python3' if ansible_python_version is version('3.0.0', '>=') else 'python' }}" + docker_apt_release_channel: stable + docker_apt_repository: + "deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution | lower }} \ + {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" + docker_apt_key_url: "https://download.docker.com/linux/debian/gpg" + docker_apt_key_id: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88" + docker_apt_dependencies: + - apt-transport-https + - ca-certificates + - curl + - gnupg2 + - software-properties-common + - cron + docker_package_name: "docker-ce" + docker_daemon_name: "docker" + docker_python_module: "docker" + + tasks: + - name: Install Docker dependencies + ansible.builtin.apt: + name: "{{ docker_apt_dependencies }}" + state: present + update_cache: true + + - name: Add Docker's official GPG apt key + ansible.builtin.apt_key: + url: "{{ docker_apt_key_url }}" + id: "{{ docker_apt_key_id }}" + state: present + + - name: Add Docker repository + ansible.builtin.apt_repository: + repo: "{{ docker_apt_repository }}" + state: present + update_cache: true + + - name: Install Docker CE. + ansible.builtin.package: + name: "{{ docker_package_name }}" + state: present + + - name: Ensure Docker is started and enabled at boot. + ansible.builtin.service: + name: "{{ docker_daemon_name }}" + state: started + enabled: true + + - name: Install python dependencies + ansible.builtin.apt: + name: + - "{{ python_string }}-setuptools" + - "{{ python_string }}-pip" + state: present + + - name: Add Docker python module + ansible.builtin.pip: + name: "{{ docker_python_module }}" + state: present + executable: "{{ 'pip3' if python_string == 'python3' else 'pip2' }}" + +- name: Prepare Shell Runner + hosts: shell + become: true + tasks: + - name: Execute apt update + ansible.builtin.apt: + state: present + update_cache: true diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml new file mode 100644 index 0000000..907f886 --- /dev/null +++ b/molecule/default/verify.yml @@ -0,0 +1,15 @@ +--- +- name: Verify + hosts: all + gather_facts: false + become: true + tasks: + - name: Get gitlab-runner service status + ansible.builtin.service: + name: gitlab-runner + register: gitlab_runner_service + + - name: Asserts + ansible.builtin.assert: + that: + gitlab_runner_service diff --git a/tasks/cleanup.yml b/tasks/cleanup.yml new file mode 100644 index 0000000..1fa69db --- /dev/null +++ b/tasks/cleanup.yml @@ -0,0 +1,15 @@ +--- +- name: "Cleanup | Create a cron job that runs Docker Cache Pruner" + ansible.builtin.cron: + name: "gitlab-docker-prune" + minute: "30" + hour: "1" + day: "*" + month: "*" + weekday: "0" + user: root + job: "/usr/share/gitlab-runner/clear-docker-cache prune-volumes" + cron_file: ansible_gitlab-docker-prune + when: + - runner_cleanup_is_enabled | bool + - runner_executor == "docker" diff --git a/tasks/configuration.yml b/tasks/configuration.yml new file mode 100644 index 0000000..fa906cb --- /dev/null +++ b/tasks/configuration.yml @@ -0,0 +1,17 @@ +--- +- name: "Configuration | Create config directory for overriding default systemd service" + ansible.builtin.file: + path: /etc/systemd/system/gitlab-runner.service.d + state: directory + owner: root + group: root + mode: "0755" + +- name: "Configuration | Override service stop behavior" + ansible.builtin.template: + src: etc/systemd/system/gitlab-runner.service.d/kill.conf.j2 + dest: /etc/systemd/system/gitlab-runner.service.d/kill.conf + owner: root + group: root + mode: "0644" + notify: Reload systemd diff --git a/tasks/install.yml b/tasks/install.yml new file mode 100644 index 0000000..32a108c --- /dev/null +++ b/tasks/install.yml @@ -0,0 +1,54 @@ +--- +- name: "Install" + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' + block: + - name: "Install | Install dependencies" + ansible.builtin.apt: + name: "{{ apt_os_dependencies }}" + state: present + + - name: "Install | Install Python dependencies" + ansible.builtin.apt: + name: + - "python3-setuptools" + - "python3-pip" + state: present + + - name: "Install | Add GitLab Python module" + ansible.builtin.pip: + name: "{{ item }}" + state: present + loop: + - "python-gitlab" + - "python-debian" + + # SRVGL-205: use deb822_repository instead of deprecated apt_key + # https://github.com/ansible/ansible/issues/78063 + - name: "Install | Add GitLab's gpg key" + ansible.builtin.deb822_repository: + name: "gitlab-runner" + types: ["deb", "deb-src"] + uris: "{{ gitlab_apt_repository_url }}{{ ansible_distribution | lower }}" + suites: "{{ ansible_distribution_release | lower }}" + components: "main" + signed_by: "{{ gitlab_gpg_key_url }}" + + - name: "Install | Prefer GitLab provided packages using APT pinning" + ansible.builtin.template: + src: etc/apt/preferences.d/pin-gitlab-runner.pref.j2 + dest: /etc/apt/preferences.d/pin-gitlab-runner.pref + owner: root + group: root + mode: "0644" + + +- name: "Install | Add GitLab Runner package" + ansible.builtin.package: + name: "{{ os_pkg_gitlab_runner }}" + state: present + +- name: "Install | Start and enable service" + ansible.builtin.service: + name: gitlab-runner + enabled: true + state: started diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..fe6f1a7 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: "Install | Set OS family dependent variables" + ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" + tags: always + +- name: "Install | Set OS dependent variables" + ansible.builtin.include_vars: "{{ item }}" + with_first_found: + - files: + - "{{ ansible_distribution }}.yml" + errors: ignore + tags: always + +- name: "GitLab Runner | Installation" + ansible.builtin.include_tasks: install.yml + +- name: "GitLab Runner | Registration" + ansible.builtin.include_tasks: registration.yml + +- name: "GitLab Runner | Configuration" + ansible.builtin.include_tasks: configuration.yml + +- name: "GitLab Runner | Cleanup" + ansible.builtin.include_tasks: cleanup.yml + +- name: "GitLab Runner | Unregistration" + ansible.builtin.include_tasks: unregistration.yml + when: force_unregistration diff --git a/tasks/registration.yml b/tasks/registration.yml new file mode 100644 index 0000000..5425cbc --- /dev/null +++ b/tasks/registration.yml @@ -0,0 +1,64 @@ +--- +- name: "Registration | Count registered Runners" + ansible.builtin.command: grep -c 'name = ' "{{ runner_config_path }}" + register: registered_runners_count + ignore_errors: true + changed_when: false + check_mode: false + +- name: "Registration | Unregister all Runners" + ansible.builtin.command: gitlab-runner unregister --all-runners + when: force_reregistration or + runner_count < registered_runners_count.stdout | int + register: output + changed_when: "'Unregistering runner from GitLab succeeded' in output.stdout" + +- name: "Registration | Ensure Runner configuration file is removed" + ansible.builtin.file: + path: "{{ runner_config_path }}" + state: absent + when: force_reregistration + +- name: "Registration | Check registered Runners" + ansible.builtin.command: gitlab-runner list + register: registered_runners + changed_when: false + check_mode: false + +- name: "Registration | Create instance-level runner" + community.general.gitlab_runner: + api_url: "{{ gitlab_url }}" + api_token: "{{ gitlab_access_token }}" + description: "{{ runner_name }} #{{ item }}" + state: present + active: "{{ runner_is_paused }}" + tag_list: "{{ runner_tags }}" + run_untagged: "{{ runner_run_untagged_builds }}" + locked: "{{ runner_is_locked }}" + loop: "{{ range(1, runner_count + 1, 1) | list }}" + when: registered_runners.stderr.find('\n%s %s%s' | format(runner_name, '#', item)) == -1 + register: runner + +- name: "Registration | Register Runner" + ansible.builtin.command: > + gitlab-runner register + --non-interactive + --name "{{ runner_name }} #{{ item }}" + --url '{{ gitlab_url }}' + --token '{{ runner.results[item - 1].runner.token }}' + --executor '{{ runner_executor }}' + --docker-volumes='{{ runner_docker_volume_mount_daemon }}' + --docker-volumes='{{ runner_docker_volume_mount_ssl }}' + --env 'COMPOSE_HTTP_TIMEOUT={{ env_compose_http_timeout }}' + --env 'DOCKER_DRIVER={{ env_docker_driver }}' + --env 'DOCKER_TLS_CERTDIR={{ env_docker_tls_certdir }}' + {{ '--docker-image ' + runner_docker_image if runner_executor == 'docker' else '' }} + {{ '--docker-privileged ' if runner_executor == 'docker' and runner_docker_privileged else '' }} + {{ '--docker-wait-for-services-timeout ' + + runner_docker_services_timeout | string if runner_executor == 'docker' else '' }} + loop: "{{ range(1, runner_count + 1, 1) | list }}" + when: + - registered_runners.stderr.find('\n%s %s%s' | format(runner_name, '#', item)) == -1 + - runner.results[item - 1].runner.token is defined + register: output + changed_when: "'Runner registered successfully' in output.stderr" diff --git a/tasks/unregistration.yml b/tasks/unregistration.yml new file mode 100644 index 0000000..2960813 --- /dev/null +++ b/tasks/unregistration.yml @@ -0,0 +1,19 @@ +--- +- name: "Unregistration | Unregister all Runners" + ansible.builtin.command: gitlab-runner unregister --all-runners + register: output + changed_when: "'Unregistering runner from GitLab succeeded' in output.stdout" + +- name: "Unregistration | Ensure Runner configuration file is removed" + ansible.builtin.file: + path: "{{ runner_config_path }}" + state: absent + +- name: "Unregistration | Unregister instance-level runner" + community.general.gitlab_runner: + api_url: "{{ gitlab_url }}" + api_token: "{{ gitlab_access_token }}" + description: "{{ runner_name }} #{{ item }}" + state: absent + loop: "{{ range(1, runner_count + 1, 1) | list }}" + register: runner diff --git a/templates/etc/apt/preferences.d/pin-gitlab-runner.pref.j2 b/templates/etc/apt/preferences.d/pin-gitlab-runner.pref.j2 new file mode 100644 index 0000000..9998a89 --- /dev/null +++ b/templates/etc/apt/preferences.d/pin-gitlab-runner.pref.j2 @@ -0,0 +1,4 @@ +Explanation: Prefer GitLab provided packages over the Debian native ones +Package: gitlab-runner +Pin: origin packages.gitlab.com +Pin-Priority: 1001 diff --git a/templates/etc/systemd/system/gitlab-runner.service.d/kill.conf.j2 b/templates/etc/systemd/system/gitlab-runner.service.d/kill.conf.j2 new file mode 100644 index 0000000..1170269 --- /dev/null +++ b/templates/etc/systemd/system/gitlab-runner.service.d/kill.conf.j2 @@ -0,0 +1,3 @@ +[Service] +TimeoutStopSec={{ runner_stop_timeout }} +KillSignal=SIGQUIT diff --git a/vars/Debian.yml b/vars/Debian.yml new file mode 100644 index 0000000..3dac56c --- /dev/null +++ b/vars/Debian.yml @@ -0,0 +1,6 @@ +--- +apt_os_dependencies: + - apt-transport-https + - curl + - debian-archive-keyring + - gnupg