From 913caef644c4ef4f8189b7c8078b1b35946d4af0 Mon Sep 17 00:00:00 2001 From: Tobias Huste Date: Wed, 15 May 2024 20:32:14 +0200 Subject: [PATCH] Integrate gitlab_runner role into hifis toolkit --- .github/labeler.yml | 6 + .github/workflows/gitlab_runner.yml | 74 +++ .github/workflows/prepare-action/action.yml | 2 +- Pipfile | 2 +- Pipfile.lock | 38 +- molecule/gitlab_runner/converge.yml | 12 + molecule/gitlab_runner/molecule.yml | 137 ++++ molecule/gitlab_runner/prepare.yml | 39 ++ molecule/gitlab_runner/requirements.yml | 8 + molecule/gitlab_runner/test_key | 7 + molecule/gitlab_runner/test_key.license | 4 + molecule/gitlab_runner/test_key.pub | 1 + molecule/gitlab_runner/test_key.pub.license | 4 + molecule/gitlab_runner/verify.yml | 126 ++++ requirements.yml | 4 + roles/gitlab_runner/CHANGELOG.md | 591 ++++++++++++++++++ roles/gitlab_runner/CITATION.cff | 38 ++ roles/gitlab_runner/HISTORY.md | 112 ++++ roles/gitlab_runner/HISTORY.md.license | 4 + roles/gitlab_runner/README.md | 448 +++++++++++++ roles/gitlab_runner/defaults/main.yml | 47 ++ roles/gitlab_runner/handlers/main.yml | 18 + roles/gitlab_runner/meta/main.yml | 43 ++ roles/gitlab_runner/requirements.yml | 9 + roles/gitlab_runner/tasks/configuration.yml | 98 +++ .../tasks/docker-machine-init.yml | 34 + .../tasks/install.autoscaler-plugin.yml | 24 + .../tasks/install.debianlike.yml | 61 ++ .../tasks/install.docker-machine.yml | 14 + roles/gitlab_runner/tasks/main.yml | 75 +++ roles/gitlab_runner/templates/clouds.yaml.j2 | 17 + roles/gitlab_runner/templates/config.toml.j2 | 126 ++++ .../templates/flatcar-linux-config.bu.j2 | 82 +++ .../templates/pin-gitlab-runner.pref.j2 | 4 + .../pin-gitlab-runner.pref.j2.license | 4 + .../gitlab_runner/templates/runner_config.j2 | 7 + roles/gitlab_runner/vars/debian.yml | 7 + 37 files changed, 2298 insertions(+), 29 deletions(-) create mode 100644 .github/workflows/gitlab_runner.yml create mode 100644 molecule/gitlab_runner/converge.yml create mode 100644 molecule/gitlab_runner/molecule.yml create mode 100644 molecule/gitlab_runner/prepare.yml create mode 100644 molecule/gitlab_runner/requirements.yml create mode 100644 molecule/gitlab_runner/test_key create mode 100644 molecule/gitlab_runner/test_key.license create mode 100644 molecule/gitlab_runner/test_key.pub create mode 100644 molecule/gitlab_runner/test_key.pub.license create mode 100644 molecule/gitlab_runner/verify.yml create mode 100644 roles/gitlab_runner/CHANGELOG.md create mode 100644 roles/gitlab_runner/CITATION.cff create mode 100644 roles/gitlab_runner/HISTORY.md create mode 100644 roles/gitlab_runner/HISTORY.md.license create mode 100644 roles/gitlab_runner/README.md create mode 100644 roles/gitlab_runner/defaults/main.yml create mode 100644 roles/gitlab_runner/handlers/main.yml create mode 100644 roles/gitlab_runner/meta/main.yml create mode 100644 roles/gitlab_runner/requirements.yml create mode 100644 roles/gitlab_runner/tasks/configuration.yml create mode 100644 roles/gitlab_runner/tasks/docker-machine-init.yml create mode 100644 roles/gitlab_runner/tasks/install.autoscaler-plugin.yml create mode 100644 roles/gitlab_runner/tasks/install.debianlike.yml create mode 100644 roles/gitlab_runner/tasks/install.docker-machine.yml create mode 100644 roles/gitlab_runner/tasks/main.yml create mode 100644 roles/gitlab_runner/templates/clouds.yaml.j2 create mode 100644 roles/gitlab_runner/templates/config.toml.j2 create mode 100644 roles/gitlab_runner/templates/flatcar-linux-config.bu.j2 create mode 100644 roles/gitlab_runner/templates/pin-gitlab-runner.pref.j2 create mode 100644 roles/gitlab_runner/templates/pin-gitlab-runner.pref.j2.license create mode 100644 roles/gitlab_runner/templates/runner_config.j2 create mode 100644 roles/gitlab_runner/vars/debian.yml diff --git a/.github/labeler.yml b/.github/labeler.yml index df903d6..e72b3fd 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -4,6 +4,12 @@ # SPDX-License-Identifier: Apache-2.0 --- +gitlab_runner: + - changed-files: + - any-glob-to-any-file: + - "roles/gitlab_runner/**" + - "molecule/gitlab_runner/**" + - ".github/workflows/gitlab_runner.yml" ssh_keys: - changed-files: - any-glob-to-any-file: diff --git a/.github/workflows/gitlab_runner.yml b/.github/workflows/gitlab_runner.yml new file mode 100644 index 0000000..eaa11c6 --- /dev/null +++ b/.github/workflows/gitlab_runner.yml @@ -0,0 +1,74 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- +name: "hifis.toolkit.gitlab_runner" + +on: + pull_request: + paths: + - '.github/workflows/gitlab_runner.yml' + - 'roles/gitlab_runner/**' + - 'molecule/gitlab_runner/**' + - 'Pipfile' + - 'Pipfile.lock' + push: + branches: + - "main" + tags: + - "v*.*.*" + paths: + - '.github/workflows/gitlab_runner.yml' + - 'roles/gitlab_runner/**' + - 'molecule/gitlab_runner/**' + - 'Pipfile' + - 'Pipfile.lock' + schedule: + - cron: "0 0 * * *" +env: + PY_COLORS: 1 + ANSIBLE_FORCE_COLOR: 1 + +jobs: + + test: + name: Run Molecule tests. + runs-on: ubuntu-24.04 + env: + PY_COLORS: 1 + ANSIBLE_FORCE_COLOR: 1 + strategy: + fail-fast: false + matrix: + image: + - "ghcr.io/hifis-net/ubuntu-systemd:20.04" + - "ghcr.io/hifis-net/ubuntu-systemd:22.04" + - "ghcr.io/hifis-net/ubuntu-systemd:24.04" + - "ghcr.io/hifis-net/debian-systemd:10" + - "ghcr.io/hifis-net/debian-systemd:11" + - "ghcr.io/hifis-net/debian-systemd:12" + + steps: + - name: "Check out the codebase." + uses: "actions/checkout@v4" + with: + path: "ansible_collections/hifis/toolkit" + + - name: "Prepare the job environment." + uses: "./ansible_collections/hifis/toolkit/.github/workflows/prepare-action" + + # https://github.com/ansible/molecule/issues/3806 + - name: "Help molecule to find the dependencies" + run: | + mkdir -p /home/runner/.ansible + ln -s /home/runner/work/ansible-collection-toolkit/ansible-collection-toolkit/ansible_collections/hifis/toolkit/roles \ + /home/runner/.ansible/roles + + - name: "Run Molecule tests." + run: "pipenv run molecule test -s gitlab_runner" + env: + MOLECULE_IMAGE: "${{ matrix.image }}" + AUTHENTICATION_TOKEN: ${{ secrets.authentication_token }} + working-directory: "ansible_collections/hifis/toolkit" diff --git a/.github/workflows/prepare-action/action.yml b/.github/workflows/prepare-action/action.yml index 261bc55..5323008 100644 --- a/.github/workflows/prepare-action/action.yml +++ b/.github/workflows/prepare-action/action.yml @@ -17,7 +17,7 @@ runs: uses: "actions/setup-python@v5" id: "setup-python" with: - python-version: "3.10" + python-version: "3.12" cache: "pipenv" - name: "Install dependencies via pipenv." diff --git a/Pipfile b/Pipfile index e3b38ac..c9345de 100644 --- a/Pipfile +++ b/Pipfile @@ -19,4 +19,4 @@ reuse = "~=3.0.2" ansible = "~=9.5.1" [requires] -python_version = "3.10" +python_version = "3.12" diff --git a/Pipfile.lock b/Pipfile.lock index c58982d..a40e806 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,11 +1,11 @@ { "_meta": { "hash": { - "sha256": "168f0c8e7026d5ab1f02101023c18fcb85dc01c11f3ade93bff44c3d68669b92" + "sha256": "89d7a0db99e726b5c5de71a5847627a01ba2fc2056a53989747605f995c52f0e" }, "pipfile-spec": 6, "requires": { - "python_version": "3.10" + "python_version": "3.12" }, "sources": [ { @@ -287,11 +287,11 @@ "develop": { "ansible-compat": { "hashes": [ - "sha256:74a91807808a39af48ab6595811b9340d1458db26b138362f48bf39292190705", - "sha256:b3e9f9d7c3a1ce6222de444e9dc6fece7eba70ac64f2a0befdc4e2d542018b4a" + "sha256:433fcc2212de13dd852c900bf17a70234847a1fe7b8edbea969cf321d5ad7841", + "sha256:8d6dad5b99e87faa82569c2aaa57dd28f07931657a9e56ff2a7fd0e2127cce29" ], "markers": "python_version >= '3.9'", - "version": "==4.1.11" + "version": "==24.5.1" }, "ansible-core": { "hashes": [ @@ -663,11 +663,11 @@ }, "platformdirs": { "hashes": [ - "sha256:031cd18d4ec63ec53e82dceaac0417d218a6863f7745dfcc9efe7793b7039bdf", - "sha256:17d5a1161b3fd67b390023cb2d3b026bbd40abde6fdb052dfbd3a29c3ba22ee1" + "sha256:2d7a1657e36a80ea911db832a8a6ece5ee53d8de21edd5cc5879af6530b1bfee", + "sha256:38b7b51f512eed9e84a22788b4bce1de17c0adb134d6becb09836e37d8654cd3" ], "markers": "python_version >= '3.8'", - "version": "==4.2.1" + "version": "==4.2.2" }, "pluggy": { "hashes": [ @@ -968,29 +968,13 @@ "markers": "python_version >= '3.8'", "version": "==0.4.1" }, - "tomli": { - "hashes": [ - "sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc", - "sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f" - ], - "markers": "python_version < '3.11'", - "version": "==2.0.1" - }, - "typing-extensions": { - "hashes": [ - "sha256:83f085bd5ca59c80295fc2a82ab5dac679cbe02b9f33f7d83af68e241bea51b0", - "sha256:c1f94d72897edaf4ce775bb7558d5b79d8126906a14ea5ed1635921406c0387a" - ], - "markers": "python_version < '3.11'", - "version": "==4.11.0" - }, "wcmatch": { "hashes": [ - "sha256:24c19cedc92bc9c9e27f39db4e1824d72f95bd2cea32b254a47a45b1a1b227ed", - "sha256:c0088c7f6426cf6bf27e530e2b7b734031905f7e490475fd83c7c5008ab581b3" + "sha256:17d3ad3758f9d0b5b4dedc770b65420d4dac62e680229c287bf24c9db856a478", + "sha256:a70222b86dea82fb382dd87b73278c10756c138bd6f8f714e2183128887b9eb2" ], "markers": "python_version >= '3.8'", - "version": "==8.5.1" + "version": "==8.5.2" }, "yamllint": { "hashes": [ diff --git a/molecule/gitlab_runner/converge.yml b/molecule/gitlab_runner/converge.yml new file mode 100644 index 0000000..9f88e97 --- /dev/null +++ b/molecule/gitlab_runner/converge.yml @@ -0,0 +1,12 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- +- name: Converge + hosts: all + tasks: + - name: "Include gitlab_runner role" + ansible.builtin.include_role: + name: "hifis.toolkit.gitlab_runner" diff --git a/molecule/gitlab_runner/molecule.yml b/molecule/gitlab_runner/molecule.yml new file mode 100644 index 0000000..86e90fd --- /dev/null +++ b/molecule/gitlab_runner/molecule.yml @@ -0,0 +1,137 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- +dependency: + name: galaxy + options: + requirements-file: "molecule/gitlab_runner/requirements.yml" +driver: + name: podman +platforms: + - name: instancegitlabciopenstack1 + image: ${MOLECULE_IMAGE:-ghcr.io/hifis-net/ubuntu-systemd:24.04} + pre_build_image: true + override_command: false + privileged: true # Required to run Docker in Podman + systemd: true + tty: true + - name: instancegitlabciopenstack2 + image: ${MOLECULE_IMAGE:-ghcr.io/hifis-net/ubuntu-systemd:24.04} + pre_build_image: true + override_command: false + privileged: true # Required to run Docker in Podman + systemd: true + tty: true +provisioner: + name: ansible + playbooks: + prepare: prepare.yml + converge: converge.yml + inventory: + hosts: + all: + vars: + gitlab_runner_concurrent: 4 + host_vars: + instancegitlabciopenstack1: + gitlab_runner_version: "16.11.0" + gitlab_runner_deb_file: "https://packages.gitlab.com/runner/gitlab-runner/packages/{{ ansible_distribution | lower }}/{{ ansible_distribution_release | lower }}/gitlab-runner_{{ gitlab_runner_pkg_version }}_amd64.deb/download.deb" + gitlab_runner_install_docker: true + gitlab_runner_ssh_public_key: "test_key.pub" + gitlab_runner_ssh_private_key: "test_key" + gitlab_runner_sentry_dsn: "https://public@sentry.example.com/1" + gitlab_runner_registry_mirrors: + - "http://registry-mirror1.example" + - "https://registry-mirror2.example" + gitlab_runner_insecure_registries: + - "registry-mirror1.example" + gitlab_runner_enable_session_server: true + gitlab_runner_list: + - name: "test01" + url: "https://gitlab.com" + description: "Molecule test runner" + authentication_token: ${AUTHENTICATION_TOKEN} + executor: "docker" + environment: ["CI_CPUS=8", "DOCKER_TLS_CERTDIR=/certs"] + docker_security_opts: ["seccomp=unconfined"] + docker_volumes: ["/cache", "/certs/client"] + docker_devices: ["/dev/kfd", "/dev/dri"] + docker_cpus: 2 + docker_gpus: "all" + docker_memory: "2g" + docker_image: "python:3.8" + docker_network_mtu: 1442 + tags: ["docker", "hifis"] + locked: True + limit: 10 + instancegitlabciopenstack2: + gitlab_runner_version: "16.11.0" + gitlab_runner_install_docker: false + gitlab_runner_ssh_public_key: "" + gitlab_runner_ssh_private_key: "" + gitlab_runner_registry_mirror: "https://registry-mirror.example" + gitlab_runner_listen_address: "127.0.0.1:9252" + gitlab_runner_set_default_network_opts: true + gitlab_runner_list: + - name: "test01" + url: "https://gitlab.com" + description: "Molecule test runner" + authentication_token: ${AUTHENTICATION_TOKEN} + executor: "docker+machine" + environment: ["CI_CPUS=8", "DOCKER_TLS_CERTDIR=/certs"] + docker_volumes: ["/cache", "/certs/client", "/opt/docker/daemon.json:/etc/docker/daemon.json:ro"] + docker_image: "python:3.8" + docker_shm_size: 2147483648 + docker_disable_cache: True + tags: ["docker", "hifis"] + locked: True + limit: 10 + machine_idle_count: 5 + machine_idle_time: 7200 + machine_max_builds: 4 + machine_max_growth_rate: 2 + machine_driver: "openstack" + machine_name: "auto-scale-%s" + machine_options: + - "openstack-auth-url=https://openstack.example:5000/v3" + - "openstack-image-id=73f07dd3-fa8b-468f-b6bc-b0cd4510f5d0" + - "openstack-flavor-name=m1.small" + - "openstack-net-id=7834deeb-8bd5-4fc7-b35b-24035d8f47a7" + - "openstack-username=gitlab-runner" + - "openstack-password=secret" + - "openstack-tenant-id=123456" + - "openstack-domain-name=default" + - "openstack-ssh-user=core" + - "openstack-sec-groups=Internal" + - "openstack-keypair-name=runners-internal" + - "openstack-private-key-file=/etc/gitlab-runner/gitlab_runner_key" + - "openstack-user-data-file=/etc/gitlab-runner/ignition.json" + - "openstack-active-timeout=300" + - "engine-registry-mirror=https://registry-mirror.example" + cache_type: "s3" + cache_server_address: "https://cache.example" + cache_access_key: "key" + cache_secret_key: "secret" + cache_bucket_name: "bucket" + cache_bucket_location: "eu-west-1" + cache_insecure: "false" +verifier: + name: ansible +scenario: + name: gitlab_runner + test_sequence: + - destroy + - dependency + - syntax + - create + - prepare + - check + - converge + - idempotence + - check + - side_effect + - verify + - destroy diff --git a/molecule/gitlab_runner/prepare.yml b/molecule/gitlab_runner/prepare.yml new file mode 100644 index 0000000..964ddba --- /dev/null +++ b/molecule/gitlab_runner/prepare.yml @@ -0,0 +1,39 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- +- name: Prepare + hosts: all + tasks: + - name: Install necessary packages + when: ansible_os_family == 'Debian' + block: + - name: Install missing dependencies + ansible.builtin.apt: + name: + - sudo # for `become` privilege escalation + - iproute2 # for gathering network facts + - ca-certificates # for Gitlab-Runner download + - gpg + - python3-debian + state: present + update_cache: yes + - name: Set up iptables + when: ansible_distribution == 'Debian' + block: + - name: "Install missing dependencies" + ansible.builtin.apt: + name: + - "iptables" + state: "present" + update_cache: yes + - name: "Use legacy iptables" + community.general.alternatives: + name: "iptables" + path: "/usr/sbin/iptables-legacy" + - name: "Use legacy ip6tables" + community.general.alternatives: + name: "ip6tables" + path: "/usr/sbin/ip6tables-legacy" diff --git a/molecule/gitlab_runner/requirements.yml b/molecule/gitlab_runner/requirements.yml new file mode 100644 index 0000000..49409de --- /dev/null +++ b/molecule/gitlab_runner/requirements.yml @@ -0,0 +1,8 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- +roles: + - name: geerlingguy.docker diff --git a/molecule/gitlab_runner/test_key b/molecule/gitlab_runner/test_key new file mode 100644 index 0000000..cdafeff --- /dev/null +++ b/molecule/gitlab_runner/test_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACAZxWIoT1CX3FFjc3+Em53Hy5ht8AbF8QHWQb25c3H2hQAAAJCiuPqvorj6 +rwAAAAtzc2gtZWQyNTUxOQAAACAZxWIoT1CX3FFjc3+Em53Hy5ht8AbF8QHWQb25c3H2hQ +AAAEBQMNsWaiJGO+9HM245p+bcdI6mucBBHnD+880/zEOOERnFYihPUJfcUWNzf4SbncfL +mG3wBsXxAdZBvblzcfaFAAAACXVzZXJAaG9zdAECAwQ= +-----END OPENSSH PRIVATE KEY----- diff --git a/molecule/gitlab_runner/test_key.license b/molecule/gitlab_runner/test_key.license new file mode 100644 index 0000000..b327045 --- /dev/null +++ b/molecule/gitlab_runner/test_key.license @@ -0,0 +1,4 @@ +SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) + +SPDX-License-Identifier: Apache-2.0 diff --git a/molecule/gitlab_runner/test_key.pub b/molecule/gitlab_runner/test_key.pub new file mode 100644 index 0000000..0bbfbcc --- /dev/null +++ b/molecule/gitlab_runner/test_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBnFYihPUJfcUWNzf4SbncfLmG3wBsXxAdZBvblzcfaF diff --git a/molecule/gitlab_runner/test_key.pub.license b/molecule/gitlab_runner/test_key.pub.license new file mode 100644 index 0000000..b327045 --- /dev/null +++ b/molecule/gitlab_runner/test_key.pub.license @@ -0,0 +1,4 @@ +SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) + +SPDX-License-Identifier: Apache-2.0 diff --git a/molecule/gitlab_runner/verify.yml b/molecule/gitlab_runner/verify.yml new file mode 100644 index 0000000..9989e67 --- /dev/null +++ b/molecule/gitlab_runner/verify.yml @@ -0,0 +1,126 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- +- name: Verify + hosts: all + tasks: + - name: Gather package facts + ansible.builtin.package_facts: + manager: auto + + - name: Gather service facts + ansible.builtin.service_facts: + + - name: Assert that docker is installed + when: gitlab_runner_install_docker + ansible.builtin.assert: + that: + - "'docker-ce' in ansible_facts.packages" + + - name: Assert that docker is not installed + when: not gitlab_runner_install_docker + ansible.builtin.assert: + that: + - "'docker-ce' not in ansible_facts.packages" + + - name: Assert that Docker systemd service is running + when: gitlab_runner_install_docker + ansible.builtin.assert: + that: + - "ansible_facts.services['docker.service'].state == 'running'" + - "ansible_facts.services['docker.service'].status == 'enabled'" + + - name: Check that docker-machine is properly installed + ansible.builtin.command: docker-machine version + changed_when: false + register: machine_version + when: "gitlab_runner_list | selectattr('executor', 'equalto', 'docker+machine') | list | length > 0" + failed_when: "'0.16.2-gitlab.25' not in machine_version.stdout" + + - name: Assert that Gitlab-Runner is installed + ansible.builtin.assert: + that: + - "'gitlab-runner' in ansible_facts.packages" + + - name: Assert that installed GitLab Runner version is equal to the desired one + ansible.builtin.assert: + that: + - "ansible_facts.packages['gitlab-runner'][0].version == gitlab_runner_version + '-1'" + when: + - gitlab_runner_version is defined + + - name: Assert that ignition.json file was created + ansible.builtin.stat: + path: /etc/gitlab-runner/ignition.json + register: ignition + failed_when: not ignition.stat.isreg + + - name: Determine generated SSH public key + when: gitlab_runner_ssh_public_key | default("") | length == 0 or gitlab_runner_ssh_public_key | default("") | length == 0 + block: + - name: Assert that SSH key pair was created + ansible.builtin.stat: + path: /etc/gitlab-runner/gitlab_runner_key + register: ssh_key + failed_when: not ssh_key.stat.isreg or ssh_key.stat.mode != "0600" + + - name: Read generated SSH public key + ansible.builtin.command: cat /etc/gitlab-runner/gitlab_runner_key.pub + register: generated_pub_key + changed_when: false + + - name: Store generated SSH public key in variable + ansible.builtin.set_fact: + gitlab_runner_ssh_key: "{{ generated_pub_key.stdout | trim }}" + + - name: Store predefined SSH public key in variable + ansible.builtin.set_fact: + gitlab_runner_ssh_key: "{{ lookup('file', gitlab_runner_ssh_public_key) | trim }}" + when: + - gitlab_runner_ssh_public_key | default("") | length > 0 + - gitlab_runner_ssh_private_key | default("") | length > 0 + + - name: Read flatcar linux config + ansible.builtin.command: cat /etc/gitlab-runner/ignition.json + register: flatcar_linux_config + changed_when: false + + - name: Assert that SSH public key exists in flatcar linux config + ansible.builtin.assert: + that: + - flatcar_linux_config.stdout.find(gitlab_runner_ssh_key) != -1 + + - name: Store authentication token environment variable as Ansible fact. + ansible.builtin.set_fact: + gitlab_runner_authentication_token: "{{ lookup('env', 'AUTHENTICATION_TOKEN') }}" + + - name: Assert that the runner was registered successfully + ansible.builtin.command: gitlab-runner list + changed_when: false + register: runners + failed_when: "'test01' not in runners.stderr" + # Do not verify runner registration in forks + when: "gitlab_runner_authentication_token | length > 0" + + - name: Assert that the verify command is successful + ansible.builtin.command: gitlab-runner verify + changed_when: false + register: runners_verify + failed_when: runners_verify.rc != 0 + + - name: "Assert that metrics endpoint is activated" + when: "gitlab_runner_listen_address is defined and gitlab_runner_listen_address | length > 0" + ansible.builtin.uri: + url: "http://{{ gitlab_runner_listen_address }}/metrics" + return_content: yes + register: "metrics" + failed_when: '"# TYPE gitlab_runner_version_info" not in metrics.content' + + - name: Unregister GitLab-Runner + ansible.builtin.command: gitlab-runner unregister --all-runners + changed_when: false + # Do not verify runner registration in forks + when: "gitlab_runner_authentication_token | length > 0" diff --git a/requirements.yml b/requirements.yml index 4e5cf05..fb5b2fc 100644 --- a/requirements.yml +++ b/requirements.yml @@ -7,4 +7,8 @@ collections: - name: "ansible.posix" + - name: "community.general" - name: "community.crypto" + +roles: + - name: geerlingguy.docker diff --git a/roles/gitlab_runner/CHANGELOG.md b/roles/gitlab_runner/CHANGELOG.md new file mode 100644 index 0000000..d9747f5 --- /dev/null +++ b/roles/gitlab_runner/CHANGELOG.md @@ -0,0 +1,591 @@ + + +# Changelog + +## [v3.0.0](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v3.0.0) (2024-05-07) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v2.1.0...v3.0.0) + +**Implemented enhancements:** + +- Add support for Ubuntu 24.04 [\#254](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/254) +- Allow to configure GitLab Runner Autoscaling without docker-machine [\#251](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/251) + +**Fixed bugs:** + +- Fix docker config file if variable is set to false [\#253](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/253) ([tobiashuste](https://github.com/tobiashuste)) + +**Closed issues:** + +- Require at least ansible-core 2.15 [\#257](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/257) + +**Merged pull requests:** + +- Require at least ansible-core 2.15 [\#258](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/258) ([tobiashuste](https://github.com/tobiashuste)) +- Update all dependencies [\#256](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/256) ([tobiashuste](https://github.com/tobiashuste)) +- Add support for Ubuntu 24.04 [\#255](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/255) ([tobiashuste](https://github.com/tobiashuste)) +- Beta: implement autoscaling using new autoscaler method [\#252](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/252) ([tobiashuste](https://github.com/tobiashuste)) +- Try new package registration method [\#239](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/239) ([tobiashuste](https://github.com/tobiashuste)) + +## [v2.1.0](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v2.1.0) (2024-04-19) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v2.0.2...v2.1.0) + +**Implemented enhancements:** + +- Support sentry\_dsn parameter [\#248](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/248) + +**Merged pull requests:** + +- feat: allow to configure the sentry\_dsn parameter [\#249](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/249) ([tobiashuste](https://github.com/tobiashuste)) +- chore\(deps-dev\): bump reuse from 3.0.1 to 3.0.2 [\#247](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/247) ([dependabot[bot]](https://github.com/apps/dependabot)) + +## [v2.0.2](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v2.0.2) (2024-03-12) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v2.0.1...v2.0.2) + +**Merged pull requests:** + +- Get rid of Poetry warning [\#245](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/245) ([tobiashuste](https://github.com/tobiashuste)) +- Update Butane to version 0.20.0 [\#244](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/244) ([tobiashuste](https://github.com/tobiashuste)) +- Install most recent docker-machine version 0.16.2-gitlab.25 [\#243](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/243) ([tobiashuste](https://github.com/tobiashuste)) + +## [v2.0.1](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v2.0.1) (2024-03-04) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v2.0.0...v2.0.1) + +**Fixed bugs:** + +- Allow to renew GPG repository key with same ID [\#240](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/240) ([tobiashuste](https://github.com/tobiashuste)) + +**Merged pull requests:** + +- Prepare release 2.0.1 [\#241](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/241) ([tobiashuste](https://github.com/tobiashuste)) + +## [v2.0.0](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v2.0.0) (2024-02-29) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v1.15.0...v2.0.0) + +**UPGRADE NOTES AND BREAKING CHANGES:** + +As of this release the role switched to the new runner registration workflow. +The ability to pass a [deprecated](https://docs.gitlab.com/ee/security/token_overview.html#runner-registration-tokens-deprecated) runner registration token has been removed. +Please use a [runner authentication token](https://docs.gitlab.com/ee/security/token_overview.html#runner-authentication-tokens) to register your runner. +The `registration_token` parameter has been replaced by `authentication_token`. +Please make sure that you adjust your config accordingly. [More...](https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html) + +**Implemented enhancements:** + +- Allow to remove session\_server configuration [\#175](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/175) +- Allow to remove the cache configuration [\#4](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/4) + +**Closed issues:** + +- Apply new gitlab-runner package version scheme [\#234](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/234) +- gitlab-runner registration token deprecated [\#104](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/104) + +**Merged pull requests:** + +- chore: prepare release v2.0.0 [\#237](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/237) ([Normo](https://github.com/Normo)) +- fix: apply new runner version scheme [\#236](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/236) ([Normo](https://github.com/Normo)) +- Deploy runner configuration via a template file [\#233](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/233) ([Normo](https://github.com/Normo)) +- chore\(deps-dev\): bump yamllint from 1.35.0 to 1.35.1 [\#232](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/232) ([dependabot[bot]](https://github.com/apps/dependabot)) + +## [v1.15.0](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v1.15.0) (2024-02-16) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v1.14.0...v1.15.0) + +**Implemented enhancements:** + +- feat: configure default-network-opts mtu [\#229](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/229) ([tobiashuste](https://github.com/tobiashuste)) + +**Merged pull requests:** + +- fix: use modern podman in ci to fix random failures [\#230](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/230) ([tobiashuste](https://github.com/tobiashuste)) +- chore\(deps-dev\): bump yamllint from 1.34.0 to 1.35.0 [\#228](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/228) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps-dev\): bump molecule-plugins from 23.5.0 to 23.5.3 [\#227](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/227) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps-dev\): bump yamllint from 1.33.0 to 1.34.0 [\#226](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/226) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps-dev\): bump reuse from 2.1.0 to 3.0.1 [\#225](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/225) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps-dev\): bump molecule from 6.0.2 to 6.0.3 [\#220](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/220) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps\): bump ansible from 8.6.1 to 8.7.0 [\#219](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/219) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps-dev\): bump ansible-lint from 6.22.0 to 6.22.1 [\#218](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/218) ([dependabot[bot]](https://github.com/apps/dependabot)) + +## [v1.14.0](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v1.14.0) (2023-12-14) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v1.13.0...v1.14.0) + +**Implemented enhancements:** + +- feat: allow to define the s3 bucket location [\#221](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/221) ([tobiashuste](https://github.com/tobiashuste)) + +## [v1.13.0](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v1.13.0) (2023-11-23) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v1.12.0...v1.13.0) + +**Implemented enhancements:** + +- Allow to downgrade GitLab-Runner package [\#214](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/214) + +**Merged pull requests:** + +- chore: prepare release version 1.13.0 [\#216](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/216) ([tobiashuste](https://github.com/tobiashuste)) +- feat: allow to downgrade gitlab-runner package [\#215](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/215) ([tobiashuste](https://github.com/tobiashuste)) +- chore\(deps\): bump ansible from 8.5.0 to 8.6.1 [\#213](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/213) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps-dev\): bump yamllint from 1.32.0 to 1.33.0 [\#212](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/212) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps-dev\): bump ansible-lint from 6.21.1 to 6.22.0 [\#210](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/210) ([dependabot[bot]](https://github.com/apps/dependabot)) + +## [v1.12.0](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v1.12.0) (2023-10-26) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v1.11.0...v1.12.0) + +**Implemented enhancements:** + +- Allow configuration of network\_mtu in Docker executor [\#205](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/205) + +**Merged pull requests:** + +- refactor: strip whitespaces before registry-mirrors in flatcar template [\#207](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/207) ([Normo](https://github.com/Normo)) +- chore: prepare release of version 1.12.0 [\#208](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/208) ([tobiashuste](https://github.com/tobiashuste)) +- feat: allow to configure network\_mtu parameter [\#206](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/206) ([tobiashuste](https://github.com/tobiashuste)) + +## [v1.11.0](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v1.11.0) (2023-10-25) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v1.10.0...v1.11.0) + +**Implemented enhancements:** + +- Allow to configure insecure registries in Flatcar config [\#202](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/202) + +**Merged pull requests:** + +- chore: prepare release of v1.11.0 [\#203](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/203) ([tobiashuste](https://github.com/tobiashuste)) +- feat: configure insecure registries in Flatcar config [\#201](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/201) ([tobiashuste](https://github.com/tobiashuste)) +- chore\(deps-dev\): bump ansible-lint from 6.20.3 to 6.21.1 [\#200](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/200) ([dependabot[bot]](https://github.com/apps/dependabot)) + +## [v1.10.0](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v1.10.0) (2023-10-13) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v1.9.0...v1.10.0) + +**Fixed bugs:** + +- Update Flatcar configuration [\#193](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/193) + +**Closed issues:** + +- Release version 1.10.0 [\#196](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/196) + +**Merged pull requests:** + +- chore: prepare release of v1.10.0 [\#197](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/197) ([tobiashuste](https://github.com/tobiashuste)) +- chore\(deps-dev\): bump ansible-lint from 6.18.0 to 6.20.3 [\#195](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/195) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Make Flatcar configuration compatible with most recent release [\#194](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/194) ([tobiashuste](https://github.com/tobiashuste)) +- chore\(deps\): bump ansible from 8.2.0 to 8.5.0 [\#192](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/192) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps\): bump actions/checkout from 3 to 4 [\#190](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/190) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps-dev\): bump molecule from 5.1.0 to 6.0.2 [\#189](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/189) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps-dev\): bump ansible-lint from 6.17.2 to 6.18.0 [\#188](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/188) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps-dev\): bump molecule-plugins from 23.4.1 to 23.5.0 [\#184](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/184) ([dependabot[bot]](https://github.com/apps/dependabot)) + +## [v1.9.0](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v1.9.0) (2023-07-21) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v1.8.0...v1.9.0) + +**Implemented enhancements:** + +- Allow to disable local Docker volumes based cache [\#181](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/181) + +**Merged pull requests:** + +- feat: allow to disable local docker cache [\#182](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/182) ([Normo](https://github.com/Normo)) +- chore\(deps-dev\): bump reuse from 1.1.2 to 2.1.0 [\#180](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/180) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore\(deps\): bump ansible from 8.1.0 to 8.2.0 [\#179](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/179) ([dependabot[bot]](https://github.com/apps/dependabot)) + +## [v1.8.0](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v1.8.0) (2023-07-03) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v1.7.0...v1.8.0) + +**Implemented enhancements:** + +- Add support for Debian 12 [\#168](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/168) +- Add support for session\_server config [\#165](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/165) +- Errors on first run in check\_mode [\#159](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/159) +- feat: add support for Debian 12 [\#170](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/170) ([tobiashuste](https://github.com/tobiashuste)) +- feat: add initial dry-run support [\#158](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/158) ([Normo](https://github.com/Normo)) + +**Fixed bugs:** + +- fix: skip registration tasks in initial dry run [\#166](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/166) ([tobiashuste](https://github.com/tobiashuste)) + +**Closed issues:** + +- Remove official support for unsupported Ansible versions [\#172](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/172) +- Remove official support for Ubuntu 18.04 [\#167](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/167) +- Provide citation metadata [\#160](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/160) + +**Merged pull requests:** + +- chore: update ansible-lint and update poetry reference [\#174](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/174) ([tobiashuste](https://github.com/tobiashuste)) +- chore: prepare release v1.8.0 [\#176](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/176) ([Normo](https://github.com/Normo)) +- chore: set minimum ansible version to 2.13 [\#173](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/173) ([Normo](https://github.com/Normo)) +- feat: enable session\_server configuration [\#171](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/171) ([Normo](https://github.com/Normo)) +- chore!: drop official support for Ubuntu 18.04 [\#169](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/169) ([tobiashuste](https://github.com/tobiashuste)) +- Bump ansible-lint from 6.15.0 to 6.17.0 [\#164](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/164) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 5.0.1 to 5.1.0 [\#163](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/163) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 8.0.0 to 8.1.0 [\#162](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/162) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore: add CITATION.cff [\#161](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/161) ([Normo](https://github.com/Normo)) +- Bump ansible from 7.4.0 to 8.0.0 [\#157](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/157) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump yamllint from 1.30.0 to 1.32.0 [\#155](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/155) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 5.0.0 to 5.0.1 [\#151](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/151) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule-plugins from 23.4.0 to 23.4.1 [\#150](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/150) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.14.6 to 6.15.0 [\#147](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/147) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 4.0.4 to 5.0.0 [\#146](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/146) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.14.3 to 6.14.6 [\#145](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/145) ([dependabot[bot]](https://github.com/apps/dependabot)) + +## [v1.7.0](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v1.7.0) (2023-03-30) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v1.6.1...v1.7.0) + +**Closed issues:** + +- Use Butane 0.17.0 by default [\#139](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/139) +- Update default docker-machine binary [\#137](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/137) + +**Merged pull requests:** + +- Bump ansible from 7.3.0 to 7.4.0 [\#141](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/141) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Use Butane 0.17.0 per default [\#140](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/140) ([tobiashuste](https://github.com/tobiashuste)) +- Use Docker-Machine v0.16.2-gitlab.20 by default [\#138](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/138) ([tobiashuste](https://github.com/tobiashuste)) +- Bump ansible-lint from 6.12.2 to 6.14.3 [\#136](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/136) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump yamllint from 1.29.0 to 1.30.0 [\#135](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/135) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 7.2.0 to 7.3.0 [\#131](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/131) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.11.0 to 6.12.2 [\#128](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/128) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump reuse from 1.1.0 to 1.1.2 [\#127](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/127) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 7.1.0 to 7.2.0 [\#125](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/125) ([dependabot[bot]](https://github.com/apps/dependabot)) + +## [v1.6.1](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v1.6.1) (2023-01-31) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v1.6.0...v1.6.1) + +**Fixed bugs:** + +- Butane download link not valid for arm64 architecture [\#121](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/121) +- Download correct binaries for non x86\_64 architectures [\#122](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/122) ([tobiashuste](https://github.com/tobiashuste)) + +**Merged pull requests:** + +- Bump ansible-lint from 6.10.2 to 6.11.0 [\#120](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/120) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Update ansible-lint by using workaround [\#119](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/119) ([tobiashuste](https://github.com/tobiashuste)) +- Bump ansible from 6.7.0 to 7.1.0 [\#118](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/118) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Require at least Python 3.9 to support the latest Ansible [\#117](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/117) ([tobiashuste](https://github.com/tobiashuste)) +- Bump yamllint from 1.28.0 to 1.29.0 [\#116](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/116) ([dependabot[bot]](https://github.com/apps/dependabot)) + +## [v1.6.0](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v1.6.0) (2023-01-05) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v1.5.0...v1.6.0) + +**Merged pull requests:** + +- Do not cancel jobs when a matrix job is failing [\#114](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/114) ([tobiashuste](https://github.com/tobiashuste)) +- Allow to define a list of registry mirrors [\#113](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/113) ([tobiashuste](https://github.com/tobiashuste)) +- Bump ansible from 6.6.0 to 6.7.0 [\#112](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/112) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 4.0.3 to 4.0.4 [\#111](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/111) ([dependabot[bot]](https://github.com/apps/dependabot)) + +## [v1.5.0](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v1.5.0) (2022-12-02) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v1.4.0...v1.5.0) + +**Implemented enhancements:** + +- Switch to butane instead of container-linux-config-transpiler [\#107](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/107) + +**Closed issues:** + +- Molecule folder not linted by molecule lint [\#105](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/105) + +**Merged pull requests:** + +- Bump reuse from 1.0.0 to 1.1.0 [\#109](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/109) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Switch from ct to using butane [\#108](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/108) ([tobiashuste](https://github.com/tobiashuste)) +- Lint folder molecule by molecule lint and fix linting violations [\#106](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/106) ([christianhueserhzdr](https://github.com/christianhueserhzdr)) +- Bump ansible-lint from 6.8.6 to 6.8.7 [\#103](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/103) ([dependabot[bot]](https://github.com/apps/dependabot)) + +## [v1.4.0](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v1.4.0) (2022-11-18) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v1.3.1...v1.4.0) + +**Implemented enhancements:** + +- Allow to configure cpus, memory and gpus [\#99](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/99) +- Add support for security\_opt and devices [\#97](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/97) + +**Fixed bugs:** + +- Configuration touched in check mode [\#87](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/87) +- Fix issues with newly introduced parameter gpu, memory and cpus [\#101](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/101) ([tobiashuste](https://github.com/tobiashuste)) +- Specify version explicitly in Debian apt pinning [\#92](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/92) ([tobiashuste](https://github.com/tobiashuste)) + +**Merged pull requests:** + +- Allow to configure cpus, memory and gpus [\#100](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/100) ([tobiashuste](https://github.com/tobiashuste)) +- Allow to configure docker devices and security\_opts [\#98](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/98) ([tobiashuste](https://github.com/tobiashuste)) +- Bump ansible from 6.5.0 to 6.6.0 [\#96](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/96) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.8.2 to 6.8.6 [\#95](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/95) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 4.0.2 to 4.0.3 [\#93](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/93) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Use setup-python action version 4 [\#91](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/91) ([tobiashuste](https://github.com/tobiashuste)) + +## [v1.3.1](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v1.3.1) (2022-10-19) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v1.3.0...v1.3.1) + +**Fixed bugs:** + +- Fix touching the runner configuration in check mode [\#88](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/88) ([tobiashuste](https://github.com/tobiashuste)) + +**Merged pull requests:** + +- Prepare release of version 1.3.1 [\#89](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/89) ([tobiashuste](https://github.com/tobiashuste)) + +## [v1.3.0](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v1.3.0) (2022-10-19) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v1.2.0...v1.3.0) + +**Implemented enhancements:** + +- Allow to configure the listen\_address option [\#82](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/82) + +**Merged pull requests:** + +- Prepare release of version 1.3.0 [\#85](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/85) ([tobiashuste](https://github.com/tobiashuste)) +- Bump molecule from 4.0.1 to 4.0.2 [\#84](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/84) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Allow to configure the listen\_address [\#83](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/83) ([tobiashuste](https://github.com/tobiashuste)) +- Bump ansible-lint from 6.8.1 to 6.8.2 [\#81](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/81) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 6.4.0 to 6.5.0 [\#80](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/80) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.7.0 to 6.8.1 [\#79](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/79) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Add codeowners [\#77](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/77) ([tobiashuste](https://github.com/tobiashuste)) + +## [v1.2.0](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v1.2.0) (2022-10-05) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v1.1.0...v1.2.0) + +**Fixed bugs:** + +- Use template module instead of copy [\#66](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/66) ([tobiashuste](https://github.com/tobiashuste)) + +**Merged pull requests:** + +- Prepare release of version 1.2.0 [\#74](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/74) ([tobiashuste](https://github.com/tobiashuste)) +- Fix GitHub Actions tests [\#72](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/72) ([tobiashuste](https://github.com/tobiashuste)) +- Bump molecule-podman from 2.0.2 to 2.0.3 [\#70](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/70) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.6.0 to 6.7.0 [\#69](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/69) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.5.2 to 6.6.0 [\#65](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/65) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 6.3.0 to 6.4.0 [\#64](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/64) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump yamllint from 1.27.1 to 1.28.0 [\#63](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/63) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.5.1 to 6.5.2 [\#62](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/62) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.4.0 to 6.5.1 [\#61](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/61) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 6.2.0 to 6.3.0 [\#60](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/60) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 6.1.0 to 6.2.0 [\#58](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/58) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.3.0 to 6.4.0 [\#57](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/57) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Specify molecule-podman dependency explicitly [\#56](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/56) ([tobiashuste](https://github.com/tobiashuste)) +- Bump molecule from 4.0.0 to 4.0.1 [\#55](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/55) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 5.9.0 to 6.1.0 [\#54](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/54) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump yamllint from 1.26.3 to 1.27.1 [\#53](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/53) ([dependabot[bot]](https://github.com/apps/dependabot)) + +## [v1.1.0](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v1.1.0) (2022-07-01) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v1.0.0...v1.1.0) + +**Implemented enhancements:** + +- Support configuration of shm\_size parameter [\#50](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/50) + +**Merged pull requests:** + +- Release version 1.1.0 [\#52](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/52) ([tobiashuste](https://github.com/tobiashuste)) +- Always use the latest version of geerlingguy.docker dependency [\#49](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/49) ([Normo](https://github.com/Normo)) + +## [v1.0.0](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v1.0.0) (2022-06-29) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v0.6.0...v1.0.0) + +**Implemented enhancements:** + +- Switch from molecule-docker to molecule-podman [\#36](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/36) +- Add support for Debian 11 [\#42](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/42) +- Add support for Ubuntu 22.04 [\#40](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/40) +- Add support for Debian 11 [\#43](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/43) ([tobiashuste](https://github.com/tobiashuste)) +- Add support for Ubuntu 22.04 [\#41](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/41) ([tobiashuste](https://github.com/tobiashuste)) +- Use molecule-podman instead of molecule-docker [\#37](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/37) ([tobiashuste](https://github.com/tobiashuste)) + +**Closed issues:** + +- Do not install docker dependency automatically [\#47](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/47) +- Release version 1.0.0 [\#45](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/45) + +**Merged pull requests:** + +- Release version 1.0.0 [\#46](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/46) ([tobiashuste](https://github.com/tobiashuste)) +- Install docker-machine version 0.16.2-gitlab.15 [\#44](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/44) ([tobiashuste](https://github.com/tobiashuste)) +- Install container-linux-config-transpiler v0.9.3 [\#39](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/39) ([tobiashuste](https://github.com/tobiashuste)) + +## [v0.6.0](https://github.com/hifis-net/ansible-role-gitlab-runner/tree/v0.6.0) (2022-06-17) + +[Full Changelog](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v0.5.1...v0.6.0) + +**Implemented enhancements:** + +- Link issue\_tracker URL to GitHub [\#31](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/31) +- Add badges to README [\#11](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/11) +- Implement a daily scheduled run of the CI pipeline [\#6](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/6) +- Update dependencies via Dependabot [\#5](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/5) +- Migrate changelog to github-changelog-generator [\#21](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/21) ([tobiashuste](https://github.com/tobiashuste)) +- Skip runner registration in molecule test run [\#14](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/14) ([tobiashuste](https://github.com/tobiashuste)) +- Add badges to README [\#12](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/12) ([tobiashuste](https://github.com/tobiashuste)) +- Use caching feature of setup-python action [\#10](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/10) ([tobiashuste](https://github.com/tobiashuste)) + +**Fixed bugs:** + +- CI pipeline in forks fails [\#9](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/9) + +**Closed issues:** + +- Release version 0.6.0 [\#23](https://github.com/hifis-net/ansible-role-gitlab-runner/issues/23) + +**Merged pull requests:** + +- Bump ansible from 5.8.0 to 5.9.0 [\#34](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/34) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 3.6.1 to 4.0.0 [\#33](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/33) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Update issue tracker link in the Galaxy meta information [\#32](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/32) ([tobiashuste](https://github.com/tobiashuste)) +- Release version 0.6.0 [\#30](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/30) ([tobiashuste](https://github.com/tobiashuste)) +- Bump ansible-lint from 6.2.1 to 6.3.0 [\#29](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/29) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump robertdebock/galaxy-action from 1.2.0 to 1.2.1 [\#27](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/27) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump reuse from 0.14.0 to 1.0.0 [\#26](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/26) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 5.7.1 to 5.8.0 [\#25](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/25) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.0.2 to 6.2.1 [\#24](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/24) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 5.7.0 to 5.7.1 [\#19](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/19) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 5.6.0 to 5.7.0 [\#18](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/18) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 3.5.2 to 3.6.1 [\#17](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/17) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 5.3.1 to 6.0.2 [\#16](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/16) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 5.1.0 to 5.6.0 [\#15](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/15) ([dependabot[bot]](https://github.com/apps/dependabot)) +- fixes\(\#5\): added dependabot.yml [\#8](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/8) ([tharun634](https://github.com/tharun634)) +- fixes\(\#6\): CI daily run [\#7](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/7) ([tharun634](https://github.com/tharun634)) +- Implement full lint and test workflow via GitHub Actions [\#1](https://github.com/hifis-net/ansible-role-gitlab-runner/pull/1) ([tobiashuste](https://github.com/tobiashuste)) + +## [0.5.1](https://github.com/hifis-net/ansible-role-gitlab-runner/releases/v0.5.1) - 2022-03-17 + +[List of commits](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v0.5.0...v0.5.1) + +### Fixed + +* Fix install from deb file if version is older than installed + ([!55](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/55) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +## [0.5.0](https://github.com/hifis-net/ansible-role-gitlab-runner/releases/v0.5.0) - 2022-03-16 + +[List of commits](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v0.4.0...v0.5.0) + +### Added + +* Add support for optionally installing gitlab-runner via a `.deb` file + ([!53](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/53) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +## [0.4.0](https://github.com/hifis-net/ansible-role-gitlab-runner/releases/v0.4.0) - 2022-03-03 + +[List of commits](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v0.3.0...v0.4.0) + +### Changed + +* Allow to update the installed GPG keys + ([!52](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/52) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +## [0.3.0](https://github.com/hifis-net/ansible-role-gitlab-runner/releases/v0.3.0) - 2022-01-11 + +[List of commits](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v0.2.2...v0.3.0) + +### Added + +* Add support for docker `tls_verify` parameter + ([!46](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/46) + by [Normo](https://gitlab.com/Normo)). + +### Changed + +* Bump geerlingguy.docker to version 4.1.1 + ([!48](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/48) + by [Normo](https://gitlab.com/Normo)). +* Bump container linux config transpiler to v0.9.2 + ([!47](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/47) + by [Normo](https://gitlab.com/Normo)). +* Bump Python dependencies to the latest version + ([!50](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/50) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +### Fixed + +* Fix debian docker issue in GitLab CI and bump runner version in tests + ([!49](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/49) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +## [0.2.2](https://github.com/hifis-net/ansible-role-gitlab-runner/releases/v0.2.2) - 2021-07-30 + +[List of commits](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v0.2.1...v0.2.2) + +### Fixed + +* Fix failing binfmt-init.service for multiarch support + ([!44](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/44) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +## [0.2.1](https://github.com/hifis-net/ansible-role-gitlab-runner/releases/v0.2.1) - 2021-07-30 + +[List of commits](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v0.2.0...v0.2.1) + +### Fixed + +* Correctly configure MTU and registry mirror for Docker-in-Docker + ([!43](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/43) + by [tobiashuste](https://gitlab.com/tobiashuste)). +* Fix bug when `cache_type` is undefined + ([!42](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/42) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +## [0.2.0](https://github.com/hifis-net/ansible-role-gitlab-runner/releases/v0.2.0) - 2021-07-28 + +[List of commits](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v0.1.0...v0.2.0) + +### Added +* Allow to configure autoscaling parameters + ([!36](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/36) + by [tobiashuste](https://gitlab.com/tobiashuste)). +* Create a test machine via docker-machine once + ([!39](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/39) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +### Changed +* Reference latest version of gitlab-runner throughout the role + ([!38](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/38) + by [tobiashuste](https://gitlab.com/tobiashuste)). +* Skip ignition check tasks if flatcar config is unchanged + ([!37](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/37) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +### Fixed +* Document the `limit` parameter + ([!40](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/40) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +## [0.1.0](https://github.com/hifis-net/ansible-role-gitlab-runner/releases/v0.1.0) - 2021-07-20 + +[List of commits](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/359ac4d5e6371452d5488fcf7daa3a43d935ddc1...v0.1.0) + +### Added +Initial release of the Ansible GitLab-Runner Role. + + +\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* diff --git a/roles/gitlab_runner/CITATION.cff b/roles/gitlab_runner/CITATION.cff new file mode 100644 index 0000000..d42630e --- /dev/null +++ b/roles/gitlab_runner/CITATION.cff @@ -0,0 +1,38 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) + +# SPDX-License-Identifier: Apache-2.0 + +cff-version: '1.2.0' +title: 'hifis.gitlab_runner Ansible role' +message: >- + "If you use this Ansible role, please cite it as + below." +abstract: 'Ansible role for deploying GitLab-Runner (optimized for use with Openstack).' +type: 'software' +authors: + - given-names: 'Norman' + family-names: 'Ziegner' + email: 'n.ziegner@hzdr.de' + affiliation: >- + Helmholtz-Zentrum Dresden - Rossendorf e. V. + (HZDR) + orcid: 'https://orcid.org/0000-0001-7579-216X' + - given-names: 'Tobias' + family-names: 'Huste' + email: 't.huste@hzdr.de' + affiliation: >- + Helmholtz-Zentrum Dresden - Rossendorf e. V. + (HZDR) + orcid: 'https://orcid.org/0000-0002-5590-7473' + - given-names: 'Christian' + family-names: 'Hüser' + email: 'c.hueser@hzdr.de' + affiliation: >- + Helmholtz-Zentrum Dresden - Rossendorf e. V. + (HZDR) + orcid: 'https://orcid.org/0000-0002-5028-6663' +repository-code: 'https://github.com/hifis-net/ansible-role-gitlab-runner' +repository-artifact: 'https://galaxy.ansible.com/hifis/gitlab_runner' +version: 'v3.0.0' +date-released: '2024-05-07' diff --git a/roles/gitlab_runner/HISTORY.md b/roles/gitlab_runner/HISTORY.md new file mode 100644 index 0000000..b698f54 --- /dev/null +++ b/roles/gitlab_runner/HISTORY.md @@ -0,0 +1,112 @@ +## [0.5.1](https://github.com/hifis-net/ansible-role-gitlab-runner/releases/v0.5.1) - 2022-03-17 + +[List of commits](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v0.5.0...v0.5.1) + +### Fixed + +* Fix install from deb file if version is older than installed + ([!55](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/55) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +## [0.5.0](https://github.com/hifis-net/ansible-role-gitlab-runner/releases/v0.5.0) - 2022-03-16 + +[List of commits](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v0.4.0...v0.5.0) + +### Added + +* Add support for optionally installing gitlab-runner via a `.deb` file + ([!53](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/53) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +## [0.4.0](https://github.com/hifis-net/ansible-role-gitlab-runner/releases/v0.4.0) - 2022-03-03 + +[List of commits](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v0.3.0...v0.4.0) + +### Changed + +* Allow to update the installed GPG keys + ([!52](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/52) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +## [0.3.0](https://github.com/hifis-net/ansible-role-gitlab-runner/releases/v0.3.0) - 2022-01-11 + +[List of commits](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v0.2.2...v0.3.0) + +### Added + +* Add support for docker `tls_verify` parameter + ([!46](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/46) + by [Normo](https://gitlab.com/Normo)). + +### Changed + +* Bump geerlingguy.docker to version 4.1.1 + ([!48](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/48) + by [Normo](https://gitlab.com/Normo)). +* Bump container linux config transpiler to v0.9.2 + ([!47](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/47) + by [Normo](https://gitlab.com/Normo)). +* Bump Python dependencies to the latest version + ([!50](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/50) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +### Fixed + +* Fix debian docker issue in GitLab CI and bump runner version in tests + ([!49](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/49) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +## [0.2.2](https://github.com/hifis-net/ansible-role-gitlab-runner/releases/v0.2.2) - 2021-07-30 + +[List of commits](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v0.2.1...v0.2.2) + +### Fixed + +* Fix failing binfmt-init.service for multiarch support + ([!44](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/44) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +## [0.2.1](https://github.com/hifis-net/ansible-role-gitlab-runner/releases/v0.2.1) - 2021-07-30 + +[List of commits](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v0.2.0...v0.2.1) + +### Fixed + +* Correctly configure MTU and registry mirror for Docker-in-Docker + ([!43](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/43) + by [tobiashuste](https://gitlab.com/tobiashuste)). +* Fix bug when `cache_type` is undefined + ([!42](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/42) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +## [0.2.0](https://github.com/hifis-net/ansible-role-gitlab-runner/releases/v0.2.0) - 2021-07-28 + +[List of commits](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/v0.1.0...v0.2.0) + +### Added +* Allow to configure autoscaling parameters + ([!36](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/36) + by [tobiashuste](https://gitlab.com/tobiashuste)). +* Create a test machine via docker-machine once + ([!39](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/39) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +### Changed +* Reference latest version of gitlab-runner throughout the role + ([!38](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/38) + by [tobiashuste](https://gitlab.com/tobiashuste)). +* Skip ignition check tasks if flatcar config is unchanged + ([!37](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/37) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +### Fixed +* Document the `limit` parameter + ([!40](https://gitlab.com/hifis/ansible/gitlab-ci-openstack/-/merge_requests/40) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +## [0.1.0](https://github.com/hifis-net/ansible-role-gitlab-runner/releases/v0.1.0) - 2021-07-20 + +[List of commits](https://github.com/hifis-net/ansible-role-gitlab-runner/compare/359ac4d5e6371452d5488fcf7daa3a43d935ddc1...v0.1.0) + +### Added +Initial release of the Ansible GitLab-Runner Role. diff --git a/roles/gitlab_runner/HISTORY.md.license b/roles/gitlab_runner/HISTORY.md.license new file mode 100644 index 0000000..b327045 --- /dev/null +++ b/roles/gitlab_runner/HISTORY.md.license @@ -0,0 +1,4 @@ +SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) + +SPDX-License-Identifier: Apache-2.0 diff --git a/roles/gitlab_runner/README.md b/roles/gitlab_runner/README.md new file mode 100644 index 0000000..c1e1597 --- /dev/null +++ b/roles/gitlab_runner/README.md @@ -0,0 +1,448 @@ + + +# GitLab CI Openstack + +[![CI](https://github.com/hifis-net/ansible-role-gitlab-runner/actions/workflows/ci.yml/badge.svg)](https://github.com/hifis-net/ansible-role-gitlab-runner/actions/workflows/ci.yml) +[![Ansible Role: hifis.gitlab_runner](https://img.shields.io/badge/role-hifis.gitlab__runner-blue)](https://galaxy.ansible.com/ui/standalone/roles/hifis/gitlab_runner/) +[![Ansible Role Downloads](https://img.shields.io/ansible/role/d/hifis/gitlab_runner)](https://galaxy.ansible.com/ui/standalone/roles/hifis/gitlab_runner/) +[![GitHub Release (latest by SemVer)](https://img.shields.io/github/v/release/hifis-net/ansible-role-gitlab-runner?color=blue&sort=semver)](https://github.com/hifis-net/ansible-role-gitlab-runner/releases) +[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/hifis-net/ansible-role-gitlab-runner/blob/main/LICENSE.md) +[![DOI](https://zenodo.org/badge/DOI/10.5281/zenodo.8090043.svg)](https://doi.org/10.5281/zenodo.8090043) + +This Ansible role provides a setup for GitLab CI in Openstack. + +## Requirements + +None. + +## Role Variables + +### GitLab-Runner variables + +```yaml +gitlab_runner_version: "16.9.0" +``` +The version of GitLab-Runner to install. + +```yaml +gitlab_runner_pkg_version: "16.9.0-1" +``` +The version to be used to determine the GitLab-Runner +[package](https://packages.gitlab.com/runner/gitlab-runner) (optional). + +```yaml +gitlab_runner_deb_file: "" +``` +If this is specified the package will be installed from a `.deb`-file. +If `://` is in the path, Ansible will attempt to download deb before installing. + +```yaml +gitlab_runner_concurrent: 1 +``` +Limits how many jobs can run concurrently. The maximum number is all defined runners. +`0` does not mean unlimited. + +```yaml +gitlab_runner_enable_session_server: false +``` +Boolean flag to control whether the session_server should be configured. + +```yaml +gitlab_runner_session_server_listen_address: "0.0.0.0:8093" +``` +An internal URL (`host:port`) for the session server. + +```yaml +gitlab_runner_sentry_dsn: "https://public@sentry.example.com/1" +``` + +Enables tracking of all system level errors to Sentry. +Empty string by default. + +```yaml +gitlab_runner_session_server_advertise_address: "0.0.0.0:8093" +``` +The URL (`host:port`) to access the session server. GitLab Runner exposes it to GitLab. + +```yaml +gitlab_runner_session_server_timeout: 1800 +``` +Number of seconds the session can stay active after the job completes. + +```yaml +gitlab_runner_install_docker: true +``` +Decide wether to install Docker via +[geerlingguy.docker](https://galaxy.ansible.com/geerlingguy/docker) role. +Docker is required for the `docker` executor but not for the +`docker+machine` executor. + +### Docker-machine variables + +```yaml +gitlab_runner_docker_machine_binary_url: "https://gitlab.com/gitlab-org/ci-cd/docker-machine/-/releases/v0.16.2-gitlab.25/downloads/docker-machine-Linux-{{ ansible_architecture }}" +``` + +The URL where to download the docker-machine binary file from. + +```yaml +gitlab_runner_docker_machine_binary_checksum: "sha256:04cc18c8f6ee0d71614064fa81116f20f3a37af53eeebf19bfb832ab9c46d3a0" +``` + +The checksum of the downloaded docker-machine binary. This must correspond to the file downloaded via the +`gitlab_runner_docker_machine_binary_url` variable. + +### Flatcar Linux configuration + +```yaml +gitlab_runner_transpiler_binary_url: "https://github.com/coreos/butane/releases/download/v0.20.0/butane-{{ ansible_architecture }}-unknown-linux-gnu" +``` + +The URL to the configuration transpiler binary that shall be used. + +```yaml +gitlab_runner_transpiler_binary_checksum: "sha256:28003c61b991d17d66c23cd3f305202ae14736b8e7fd941986b6086cf931ed4b" +``` + +The checksum of the download transpiler binary. This must correspond to the file +downloaded via the `gitlab_runner_transpiler_binary_url` variable. + +```yaml +gitlab_runner_namerservers: + - 9.9.9.9 + - 149.112.112.112 +``` + +The DNS nameservers to be used by the Openstack Flatcar virtual machine. + +```yaml +gitlab_runner_registry_mirrors: + - "http://registry-mirror-1.example" + - "https://registry-mirror-2.example" +``` + +(Optional) A list of Docker registry mirrors to be used. +Takes precedence over the `gitlab_runner_registry_mirror` variable. + +```yaml +gitlab_runner_insecure_registries: + - "registry-mirror-1.example" +``` + +(Optional) A list of Docker registries or mirrors that are considered to be insecure. + +```yaml +gitlab_runner_registry_mirror: "https://registry-mirror.example" +``` + +(Optional) The Docker registry mirror to be used. + +```yaml +gitlab_runner_mtu: 1450 +``` + +Configure the MTU (Maximum Transmission Unit) for the docker daemon in Flatcar +linux running in Openstack. The default of 1450 is proven to work for default +Openstack configurations. If you have a different setup, feel free to update +this value. +**Please note:** This value can cause strange network issues if not configured +properly. + +```yaml +gitlab_runner_set_default_network_opts: false +``` + +This variable enables the declaration of +[`default-network-opts`](https://docs.docker.com/engine/reference/commandline/dockerd/#default-network-options) +in the Docker daemon configuration options. +This helps to prevent docker-compose to create networks with an MTU of 1500, +even though a lower MTU is required. +With this change a user should not be required to set the MTU +on their own in docker-compose files. +Requires at least Docker 24. + +```yaml +gitlab_runner_ssh_public_key: "./files/id_ed25519.pub" +gitlab_runner_ssh_private_key: "./files/id_ed25519" +``` + +The (optional) file path to the SSH key pair on the Ansible controller used for +communicating with Runners. If this is left empty the role creates a new SSH +key pair at `/etc/gitlab-runner/gitlab_runner_key(.pub)`. + +```yaml +gitlab_runner_ssh_key_type: "ed25519" +``` +Specifies the type of SSH key to create. The possible values are `ed25519` +(default), `ecdsa` or `rsa`. + +```yaml +gitlab_runner_ssh_private_key_path: "/etc/gitlab-runner/gitlab_runner_key" +gitlab_runner_ssh_public_key_path: "/etc/gitlab-runner/gitlab_runner_key.pub" +``` +The file paths to the SSH key pair on the Runner host. + +### GitLab-Runner registration + +In order to register a runner with the GitLab instance of your choice, you need +to edit the `gitlab_runner_list` variable and add a list entry. +Each list entry corresponds to one registered GitLab-Runner. + +Below table lists and describes all available configuration options you can +specify for registering your GitLab-Runner with this Ansible role. + +| Key | Example | Description | +|-----------------------------|---------------------------------|--------------------------------------------------------------------------------------------------------------------------------| +| `name` | `"my-docker-runner"` | The name of the registered runner. | +| `url` | `"https://gitlab.com"` | The URL of the GitLab instance you want to register the runner with. | +| `description` | `"My first Docker runner"` | Description of the runner. | +| `authentication_token` | `"MY_SECURE_TOKEN"` | The runner authentication token required to register the runner. | +| `executor` | `docker` | Specify, the runner [executor](https://docs.gitlab.com/runner/executors/#selecting-the-executor). | +| `limit` | `0` | Limit how many jobs can be handled concurrently by this token. Default is `0` (no limit). | +| `environment` | `["DOCKER_TLS_CERTDIR=/certs"]` | Append or overwrite environment variables. | +| `docker_image` | `"python:3.8"` | Specify the default docker image to be used. Required for `docker` and `docker+machine` executor. | +| `docker_security_opts` | `["seccomp=unconfined"]` | Configure Docker security options. | +| `docker_devices` | `["/dev/kfd", "/dev/dri"]` | Add a host device to the container. Same syntax as the Docker `--device` flag. | +| `docker_volumes` | `["/cache", "/certs/client"]` | Additional volumes that should be mounted. Same syntax as the Docker -v flag. | +| `docker_shm_size` | `2147483648` | Shared memory size for images (in bytes). Default is 0 resulting in a fallback to the Docker default. | +| `docker_cpus` | `2` | Number of CPUs. Unset by default. | +| `docker_memory` | `2g` | Docker container memory limit. Unset by default. | +| `docker_gpus` | `all` | Specify GPUs to make available in Docker containers. Unset by default. | +| `docker_network_mtu` | `1442` | A custom MTU is necessary in some environments like VMs in Openstack. Requires Gitlab-Runner >= `16.5` | +| `docker_privileged` | `False` | Specify, if the container runs in privileged mode (insecure). Default is `False`. | +| `docker_tls_verify` | `True` | Specify, if TLS connections to the Docker daemon should be verified. Default is `False`. | +| `docker_disable_cache` | `False` | Specify, to disable the use of automatically created docker volumes for caching. | +| `machine_driver` | `"openstack"` | The driver to use when creating the machine via `docker-machine`. | +| `machine_name` | `"auto-scale-%s"` | The machine name template. (You need to include `%s`). | +| `machine_options` | See the machine example. | Additional machine creation options. | +| `machine_idle_count` | `2` | Number of machines that need to be created and waiting in Idle state. Default is `0`. | +| `machine_idle_scale_factor` | `0.0` | *(Experimental)* Number of Idle machines as a factor of the number of machines currently in use. Default is `0.0`. | +| `machine_idle_count_min` | `1` | Minimal number of machines that need to be created and waiting in Idle state when the IdleScaleFactor is in use. Default is 1. | +| `machine_idle_time` | `1800` | Time (in seconds) for machine to be in Idle state before it is removed. Default is `0`. | +| `machine_max_growth_rate` | `1` | The maximum number of machines that can be added to the runner in parallel. Default is `0` (no limit). | +| `machine_max_builds` | `1` | Maximum job (build) count before machine is removed. Default is `0`. | +| `cache_type` | `"s3"` | Type of caching to use. Currently only `s3` is supported by this role. | +| `cache_server_address` | `"https://s3.hifis.net"` | A `host:port` for the S3-compatible server. | +| `cache_access_key` | `"key"` | The access key specified for your S3 instance.. | +| `cache_secret_key` | `"secret"` | The secret key specified for your S3 instance. | +| `cache_bucket_name` | `"bucket-name"` | Name of the storage bucket where cache is stored. | +| `cache_bucket_location` | `"eu-west-1"` | Name of S3 region. (optional) | +| `cache_insecure` | `"false"` | Set to `"true"` if the S3 service is available by HTTP. Default is `"false"`. | + +#### Docker Example + +```yaml +gitlab_runner_list: + - name: "my-docker-runner" + url: "https://gitlab.com" + description: "My first Docker runner via Ansible." + authentication_token: ${AUTHENTICATION_TOKEN} + executor: "docker" + environment: ["CI_CPUS=8", "DOCKER_TLS_CERTDIR=/certs"] + docker_image: "python:3.8" + docker_volumes: ["/cache", "/certs/client"] + limit: 5 + # Optional cache configuration, only S3 is supported for now + cache_type: "s3" + cache_server_address: "https://cache.example" + cache_access_key: "key" + cache_secret_key: "secret" + cache_bucket_name: "bucket" + cache_insecure: "false" +``` + +For registering a runner using the Docker backend, a sample configuration is +given above. +Therefore, you need to obtain a registration token. +This can be either done on an instance, a group or a project level. +Visit the [GitLab documentation](https://docs.gitlab.com/runner/register/#requirements) +for further information. +In a production setup, please make sure to encrypt the token using +[Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html). + +### Docker-machine Example + +```yaml +gitlab_runner_list: + - name: "test01" + url: "https://gitlab.com" + description: "Molecule test runner" + authentication_token: "AUTHENTICATION_TOKEN" + executor: "docker+machine" + docker_image: "python:3.8" + docker_volumes: ["/cache", "/certs/client"] + machine_idle_count: 2 + machine_idle_time: 3600 + machine_max_growth_rate: 2 + machine_max_builds: 5 + machine_driver: "openstack" + machine_name: "auto-scale-%s" + machine_options: + - "openstack-auth-url=https://openstack.example:5000/v3" + - "openstack-image-id=73f07dd3-fa8b-468f-b6bc-b0cd4510f5d0" + - "openstack-flavor-name=m1.small" + - "openstack-net-id=7834deeb-8bd5-4fc7-b35b-24035d8f47a7" + - "openstack-username=gitlab-runner" + - "openstack-password=secret" + - "openstack-tenant-id=123456" + - "openstack-domain-name=default" + - "openstack-ssh-user=core" + - "openstack-sec-groups=Internal" + - "openstack-keypair-name=runners-internal" + - "openstack-private-key-file=/etc/gitlab-runner/gitlab_runner_key" + - "openstack-user-data-file=/etc/gitlab-runner/ignition.json" + - "openstack-active-timeout=300" + - "engine-registry-mirror=https://registry-mirror.example" +``` + +The most important changes compared to the docker runner registration is the +configuration of docker-machine. +Therefore, a suitable configuration for the +[driver](https://docs.docker.com/machine/drivers/) of your choice needs to be +created. +This project focuses on providing the best integration with Openstack but is +probably not limited to that. +The Openstack driver lists all possible configuration options that can be +specified via `machine_options`: https://docs.docker.com/machine/drivers/openstack/ + +## Docker-in-Docker if MTU other than 1500 + +If the Docker-MTU does not match 1500 which is very often the case for +Openstack installations, certain additional configuration is required. +Please make sure to add + +``` +"engine-opt=mtu={{ gitlab_runner_mtu }}" +``` + +to the list of your runner's `machine_options`. +`gitlab_runner_mtu` needs to be set to the correct value. + +Also you can configure Docker-in-Docker to make use of a registry mirror by +setting `gitlab_runner_registry_mirrors` or`gitlab_runner_registry_mirror` +to the required value. +This is optional. + +To make this all work you finally need to mount a file in your runner volume +configuration by adding + +``` +"/opt/docker/daemon.json:/etc/docker/daemon.json:ro" +``` + +to the list of configured `volumes`. + +### Beta: GitLab-Runner Autoscaling + +GitLab-Runner Autoscaling is the future way of implementing autoscaling on +cloud infrastructures. +This is the successor to the autoscaling technology based on Docker Machine, +which is deprecated and will no longer be supported through the course of 2025. +The new beta feature implements support for the new method in Openstack. + +#### Variables + +It is important to set these variables. Otherwise the role execution will fail. + +```yaml +gitlab_runner_autoscaler_plugin_url: "https://down.load/fleeting-plugin-openstack-binary" +``` + +The URL where to download the autoscaler plugin binary from. + +```yaml +gitlab_runner_autoscaler_plugin_checksum: "sha256:..." +``` + +The checksum of the autoscaler plugin binary file. + +```yaml +gitlab_runner_autoscaler_openstack_auth_url: "https://openstack.example:5000/v3" +``` + +The Openstack authentication URL of Keystone. + +```yaml +gitlab_runner_autoscaler_openstack_username: "gitlab-runner" +``` + +The username of the Openstack user to interact with the API. + +```yaml +gitlab_runner_autoscaler_openstack_password: "123456" +``` + +The corresponding password of the user. + +```yaml +gitlab_runner_autoscaler_openstack_project_id: "project_id" +``` + +Specify the project id in Openstack. + +```yaml +gitlab_runner_autoscaler_openstack_user_domain_name: "Default" +``` + +Domain name of the user authenticating with Openstack. + +```yaml +gitlab_runner_autoscaler_openstack_region_name: "RegionOne" +``` + +Region name of the Openstack cluster. + +#### Example configuration + +```yaml +gitlab_runner_list: + - name: "Test Runner" + url: "https://gitlab.com" + description: "Autoscale Runner for Openstack" + limit: 0 + authentication_token: "{{ gitlab_runner_authentication_token }}" + executor: "docker-autoscaler" + environment: "test" + docker_image: "ubuntu:latest" + docker_disable_cache: True + docker_volumes: ["/tmp/certs:/certs", "/opt/docker/daemon.json:/etc/docker/daemon.json:ro"] + docker_shm_size: 2147483648 + docker_privileged: true + docker_network_mtu: "{{ gitlab_runner_mtu }}" + locked: false + tags: "{{ gitlab_runner_tags | default([]) }}" + run_untagged: "{{ gitlab_runner_run_untagged | default(false) }}" + cache_insecure: "false" + autoscaler_max_builds: 1 + autoscaler_idle_count: 4 + autoscaler_max_instances: "10" + autoscaler_group_name: "autoscaler-runners" + autoscaler_cloud_name: "openstack" + autoscaler_clouds_config: "/etc/gitlab-runner/clouds.yaml" + autoscaler_flavor_ref: "5be35abe-a4d5-427f-a0f8-c7afe19961e2" + autoscaler_image_ref: "8225b31c-86fc-4e48-a3e4-8bf800d5fc8d" + autoscaler_network_id: "ea80dd07-5dc2-4f18-af04-733ace5892ef" + autoscaler_security_group: "c693de06-7dba-4694-9fd6-1b785904eff3" + autoscaler_scheduler_hint: "c98090ea-6893-4810-b066-5c3f34038c2a" + autoscaler_username: "core" + autoscaler_keyname: "runner-internal" +``` + +## Dependencies + +GitLab-Runner for Openstack depends on `docker-machine` requiring docker to be available on the system. + +- Docker - [geerlingguy.docker](https://galaxy.ansible.com/geerlingguy/docker) + +## License + +[Apache-2.0](LICENSES/Apache-2.0.txt) + +## Author Information + +This role was created by [HIFIS Software Services](https://hifis.net/). diff --git a/roles/gitlab_runner/defaults/main.yml b/roles/gitlab_runner/defaults/main.yml new file mode 100644 index 0000000..593b9c0 --- /dev/null +++ b/roles/gitlab_runner/defaults/main.yml @@ -0,0 +1,47 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- +gitlab_runner_version: "" + +gitlab_runner_pkg_version: "{{ gitlab_runner_version + '-1' if gitlab_runner_version | length > 0 and gitlab_runner_version is version('16.9.0', 'ge') else gitlab_runner_version }}" + +gitlab_runner_deb_file: "" + +gitlab_runner_docker_machine_binary_url: "https://gitlab.com/gitlab-org/ci-cd/docker-machine/-/releases/v0.16.2-gitlab.25/downloads/docker-machine-Linux-{{ ansible_architecture }}" + +gitlab_runner_docker_machine_binary_checksum: "sha256:04cc18c8f6ee0d71614064fa81116f20f3a37af53eeebf19bfb832ab9c46d3a0" + +gitlab_runner_transpiler_binary_url: "https://github.com/coreos/butane/releases/download/v0.20.0/butane-{{ ansible_architecture }}-unknown-linux-gnu" + +gitlab_runner_transpiler_binary_checksum: "sha256:28003c61b991d17d66c23cd3f305202ae14736b8e7fd941986b6086cf931ed4b" + +gitlab_runner_install_docker: true + +gitlab_runner_namerservers: + - 9.9.9.9 + - 149.112.112.112 + +gitlab_runner_mtu: 1450 + +gitlab_runner_set_default_network_opts: false + +gitlab_runner_config_path: "/etc/gitlab-runner/config.toml" + +gitlab_runner_listen_address: "" + +gitlab_runner_sentry_dsn: "" + +gitlab_runner_list: [] + +gitlab_runner_insecure_registries: [] + +gitlab_runner_ssh_private_key_path: "/etc/gitlab-runner/gitlab_runner_key" +gitlab_runner_ssh_public_key_path: "/etc/gitlab-runner/gitlab_runner_key.pub" + +gitlab_runner_enable_session_server: false +gitlab_runner_session_server_listen_address: "0.0.0.0:8093" +gitlab_runner_session_server_advertise_address: "{{ gitlab_runner_session_server_listen_address }}" +gitlab_runner_session_server_timeout: 1800 diff --git a/roles/gitlab_runner/handlers/main.yml b/roles/gitlab_runner/handlers/main.yml new file mode 100644 index 0000000..7d5f9eb --- /dev/null +++ b/roles/gitlab_runner/handlers/main.yml @@ -0,0 +1,18 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- + +- name: "Transpile the flatcar linux configuration" + ansible.builtin.command: "butane -o /etc/gitlab-runner/ignition.json /etc/gitlab-runner/flatcar-linux-config.bu" + changed_when: True + +- name: Restart GitLab-Runner + ansible.builtin.service: + name: gitlab-runner + state: restarted + when: not gitlab_runner_is_initial_dryrun + +... diff --git a/roles/gitlab_runner/meta/main.yml b/roles/gitlab_runner/meta/main.yml new file mode 100644 index 0000000..8da50eb --- /dev/null +++ b/roles/gitlab_runner/meta/main.yml @@ -0,0 +1,43 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- +galaxy_info: + role_name: "gitlab_runner" + author: "hifis" + description: "Install GitLab CI in Openstack" + company: "Helmholtz Association" + issue_tracker_url: "https://github.com/hifis-net/ansible-role-gitlab-runner/issues" + license: "Apache-2.0" + min_ansible_version: "2.15" + + platforms: + - name: "Ubuntu" + versions: + - "focal" + - "jammy" + - "noble" + - name: "Debian" + versions: + - "buster" + - "bullseye" + - "bookworm" + + galaxy_tags: + - "gitlab" + - "runner" + - "ci" + - "cd" + - "openstack" + +collections: + - "community.crypto" + +dependencies: + - role: "geerlingguy.docker" + when: "gitlab_runner_install_docker" + vars: + docker_install_compose: false +... diff --git a/roles/gitlab_runner/requirements.yml b/roles/gitlab_runner/requirements.yml new file mode 100644 index 0000000..b453ef2 --- /dev/null +++ b/roles/gitlab_runner/requirements.yml @@ -0,0 +1,9 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- +roles: + - name: geerlingguy.docker + version: 4.1.1 diff --git a/roles/gitlab_runner/tasks/configuration.yml b/roles/gitlab_runner/tasks/configuration.yml new file mode 100644 index 0000000..c677019 --- /dev/null +++ b/roles/gitlab_runner/tasks/configuration.yml @@ -0,0 +1,98 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- +- name: "Prepare SSH keys" + when: + - gitlab_runner_ssh_public_key | default("") | length > 0 + - gitlab_runner_ssh_private_key | default("") | length > 0 + block: + - name: "Place SSH public key on the host for communicating with Runners." + ansible.builtin.copy: + src: "{{ gitlab_runner_ssh_public_key }}" + dest: "{{ gitlab_runner_ssh_public_key_path }}" + owner: root + group: root + mode: 0644 + + - name: "Place SSH private key on the host for communicating with Runners." + ansible.builtin.copy: + src: "{{ gitlab_runner_ssh_private_key }}" + dest: "{{ gitlab_runner_ssh_private_key_path }}" + owner: root + group: root + mode: 0600 + +- name: "Create SSH key pair for communicating with Runners." + community.crypto.openssh_keypair: # noqa: args[module] + path: "{{ gitlab_runner_ssh_private_key_path }}" + type: "{{ gitlab_runner_ssh_key_type | default('ed25519') }}" + register: gitlab_runner_ssh_keypair + when: "not gitlab_runner_is_initial_dryrun" # skip if run for the first time in check mode + +- name: Download and install container-linux-config-transpiler + ansible.builtin.get_url: + url: "{{ gitlab_runner_transpiler_binary_url }}" + dest: /usr/local/bin/butane + mode: "0755" + checksum: "{{ gitlab_runner_transpiler_binary_checksum }}" + +- name: Place the container linux configuration on the host + ansible.builtin.template: + src: flatcar-linux-config.bu.j2 + dest: /etc/gitlab-runner/flatcar-linux-config.bu + owner: root + group: root + mode: 0644 + register: "flatcar_config_task" + when: "not gitlab_runner_is_initial_dryrun" # skip if run for the first time in check mode + notify: + - "Transpile the flatcar linux configuration" + +- name: "Check if ignition.json is available and create it in any case" + when: "not flatcar_config_task.changed" # noqa no-handler + ansible.builtin.stat: + path: "/etc/gitlab-runner/ignition.json" + register: ignition_exists + changed_when: not ignition_exists.stat.exists + notify: + - "Transpile the flatcar linux configuration" + +# This block is required to prepare for possible updates of the transpiler +# tool resulting in a different result. Also this helps to fix any kind of +# manual manipulation. +- name: "Check if ignition.json is up-to-date" + when: "not flatcar_config_task.changed and ignition_exists.stat.exists" # noqa no-handler + block: + - name: "Create temporary directory" + ansible.builtin.tempfile: + state: "directory" + suffix: "ignition" + register: temp_directory + changed_when: false + check_mode: no + + - name: "Dry-run of transpile the flatcar linux configuration" + ansible.builtin.command: "butane -o {{ (temp_directory.path, 'ignition.json') | path_join }} /etc/gitlab-runner/flatcar-linux-config.bu" + changed_when: false + check_mode: no + + - name: "Stat temporary ignition.json file" + ansible.builtin.stat: + path: "{{ (temp_directory.path, 'ignition.json') | path_join }}" + register: "temp_ignition_stats" + changed_when: + - temp_ignition_stats.stat.checksum != ignition_exists.stat.checksum + check_mode: no + notify: + - "Transpile the flatcar linux configuration" + + always: + - name: "Remove temporary directory" + ansible.builtin.file: + path: "{{ temp_directory.path }}" + state: absent + changed_when: false + check_mode: no diff --git a/roles/gitlab_runner/tasks/docker-machine-init.yml b/roles/gitlab_runner/tasks/docker-machine-init.yml new file mode 100644 index 0000000..2f9cdcb --- /dev/null +++ b/roles/gitlab_runner/tasks/docker-machine-init.yml @@ -0,0 +1,34 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- +- name: "Check if docker-machine initialization is necessary" + ansible.builtin.stat: + path: "/root/.docker/machine/certs/ca.pem" + register: "docker_machine_config" + +- name: "Initialize docker-machine once" + when: "not docker_machine_config.stat.exists" + block: + - name: "Extract machine options as command line parameters" + ansible.builtin.set_fact: + machine_options: "--{{ gitlab_runner.machine_options | join(' --') }}" + + - name: "Create a VM once via docker-machine" + when: "not ansible_check_mode" + ansible.builtin.command: "docker-machine create -d {{ gitlab_runner.machine_driver }} {{ machine_options }} test" + register: "creation_cmd" + changed_when: "creation_cmd.rc == 0" + tags: "notest" + + always: + - name: "Remove the VM" + when: "not ansible_check_mode" + ansible.builtin.command: "docker-machine rm -y --force test" + register: "removal_cmd" + changed_when: "removal_cmd.rc == 0" + failed_when: false + tags: "notest" +... diff --git a/roles/gitlab_runner/tasks/install.autoscaler-plugin.yml b/roles/gitlab_runner/tasks/install.autoscaler-plugin.yml new file mode 100644 index 0000000..dbec49f --- /dev/null +++ b/roles/gitlab_runner/tasks/install.autoscaler-plugin.yml @@ -0,0 +1,24 @@ +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- +- name: "Download and install autoscaler plugin" + ansible.builtin.get_url: + url: "{{ gitlab_runner_autoscaler_plugin_url }}" + dest: "/usr/local/bin/fleeting-plugin-openstack" + checksum: "{{ gitlab_runner_autoscaler_plugin_checksum }}" + mode: '0755' + owner: "root" + group: "root" + +- name: "Place clouds.yaml template" + ansible.builtin.template: + src: "clouds.yaml.j2" + dest: "/etc/gitlab-runner/clouds.yaml" + owner: "root" + group: "root" + mode: '0600' + no_log: true + +... diff --git a/roles/gitlab_runner/tasks/install.debianlike.yml b/roles/gitlab_runner/tasks/install.debianlike.yml new file mode 100644 index 0000000..927a352 --- /dev/null +++ b/roles/gitlab_runner/tasks/install.debianlike.yml @@ -0,0 +1,61 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- + +- name: Install GitLab-Runner dependencies + ansible.builtin.apt: + pkg: + - debian-archive-keyring + - apt-transport-https + - gnupg + state: present + update_cache: yes + +- name: Install gitlab-runner via apt-get + when: gitlab_runner_deb_file | length == 0 + + block: + - name: "Add packages repository packages.gitlab.com/runner/gitlab-runner" + ansible.builtin.deb822_repository: + name: "gitlab-runner" + types: "deb" + uris: "https://packages.gitlab.com/runner/gitlab-runner/{{ ansible_distribution | lower }}/" + suites: "{{ ansible_distribution_release }}" + components: "main" + signed_by: "https://packages.gitlab.com/runner/gitlab-runner/gpgkey" + state: "present" + enabled: true + + - name: "Use APT pinning for Debian os" + ansible.builtin.template: + src: "pin-gitlab-runner.pref.j2" + dest: "/etc/apt/preferences.d/pin-gitlab-runner.pref" + owner: "root" + group: "root" + mode: '0644' + when: "ansible_distribution == 'Debian'" + + - name: Install gitlab-runner with downgrade option + ansible.builtin.apt: + name: "{{ gitlab_runner_package_name }}" + state: present + update_cache: yes + allow_downgrade: true + when: "not gitlab_runner_is_initial_dryrun" # skip if run for the first time in check mode + +- name: Gather the package facts + ansible.builtin.package_facts: + manager: auto + +- name: Install gitlab-runner from a .deb file + ansible.builtin.apt: + deb: "{{ gitlab_runner_deb_file }}" + allow_downgrade: yes + when: + - gitlab_runner_deb_file | length > 0 + - "'gitlab-runner' not in ansible_facts.packages or + ansible_facts.packages['gitlab-runner'][0].version is version(gitlab_runner_pkg_version, 'ne')" +... diff --git a/roles/gitlab_runner/tasks/install.docker-machine.yml b/roles/gitlab_runner/tasks/install.docker-machine.yml new file mode 100644 index 0000000..1fa5e51 --- /dev/null +++ b/roles/gitlab_runner/tasks/install.docker-machine.yml @@ -0,0 +1,14 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- +- name: Download and install docker-machine binary + ansible.builtin.get_url: + url: "{{ gitlab_runner_docker_machine_binary_url }}" + dest: /usr/local/bin/docker-machine + mode: '0755' + checksum: "{{ gitlab_runner_docker_machine_binary_checksum }}" + +... diff --git a/roles/gitlab_runner/tasks/main.yml b/roles/gitlab_runner/tasks/main.yml new file mode 100644 index 0000000..cf19aa5 --- /dev/null +++ b/roles/gitlab_runner/tasks/main.yml @@ -0,0 +1,75 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- +- name: "Set OS family dependent variables" + ansible.builtin.include_vars: "{{ ansible_os_family | lower }}.yml" + +- name: "Set variable if autoscaling runner must be configured" + ansible.builtin.set_fact: + gitlab_runner_install_docker_machine: "{{ gitlab_runner_list | selectattr('executor', 'equalto', 'docker+machine') | list | length > 0 }}" + gitlab_runner_install_autoscaler: "{{ gitlab_runner_list | selectattr('executor', 'equalto', 'docker-autoscaler') | list | length > 0 }}" + +- name: "Check if directory /etc/gitlab-runner already exists" + ansible.builtin.stat: + path: "/etc/gitlab-runner" + register: "gitlab_runner_dir" + +- name: "Determine if this is an initial dry-run" + ansible.builtin.set_fact: + gitlab_runner_is_initial_dryrun: "{{ ansible_check_mode and not gitlab_runner_dir.stat.exists }}" + +- name: "Include docker-machine tasks" + ansible.builtin.include_tasks: install.docker-machine.yml + when: "gitlab_runner_install_docker_machine" + +- name: "Include installation tasks for Debian-like OS" + ansible.builtin.include_tasks: install.debianlike.yml + when: ansible_os_family == "Debian" + +- name: "Include autoscaler install tasks" + ansible.builtin.include_tasks: install.autoscaler-plugin.yml + when: "gitlab_runner_install_autoscaler" + +- name: "Include tasks to configure the system" + ansible.builtin.include_tasks: configuration.yml + +- name: "Ignition configuration must be generated before docker-machine init" + ansible.builtin.meta: "flush_handlers" + +- name: "Initialize docker-machine" + ansible.builtin.include_tasks: "docker-machine-init.yml" + when: "gitlab_runner_install_docker_machine" + no_log: true + loop: "{{ gitlab_runner_list }}" + loop_control: + loop_var: gitlab_runner + +- name: "Slurp ignition json" + ansible.builtin.slurp: + src: "/etc/gitlab-runner/ignition.json" + register: "ignition_json" + when: "gitlab_runner_install_autoscaler" + +- name: "Template config file" + ansible.builtin.template: + src: "config.toml.j2" + dest: "{{ gitlab_runner_config_path }}" + owner: "{{ gitlab_runner_config_owner | default('root') }}" + group: "{{ gitlab_runner_config_group | default('root') }}" + mode: "0600" + notify: "Restart GitLab-Runner" + no_log: true + vars: + ignition_content: "{{ ignition_json['content'] | b64decode }}" + +- name: "Start GitLab-Runner" + ansible.builtin.service: + name: "gitlab-runner" + state: "started" + when: "not gitlab_runner_is_initial_dryrun" + + +... diff --git a/roles/gitlab_runner/templates/clouds.yaml.j2 b/roles/gitlab_runner/templates/clouds.yaml.j2 new file mode 100644 index 0000000..e49f5f7 --- /dev/null +++ b/roles/gitlab_runner/templates/clouds.yaml.j2 @@ -0,0 +1,17 @@ +{# +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 +#} +clouds: + openstack: + auth: + auth_url: "{{ gitlab_runner_autoscaler_openstack_auth_url }}" + username: "{{ gitlab_runner_autoscaler_openstack_username }}" + password: "{{ gitlab_runner_autoscaler_openstack_password }}" + project_id: "{{ gitlab_runner_autoscaler_openstack_project_id }}" + project_name: "{{ gitlab_runner_autoscaler_openstack_project_name }}" + user_domain_name: "{{ gitlab_runner_autoscaler_openstack_user_domain_name }}" + region_name: "{{ gitlab_runner_autoscaler_openstack_region_name }}" + interface: "public" + identity_api_version: 3 diff --git a/roles/gitlab_runner/templates/config.toml.j2 b/roles/gitlab_runner/templates/config.toml.j2 new file mode 100644 index 0000000..ef654fe --- /dev/null +++ b/roles/gitlab_runner/templates/config.toml.j2 @@ -0,0 +1,126 @@ +{# +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 +#} +concurrent = {{ gitlab_runner_concurrent }} +{% if gitlab_runner_listen_address | length > 0 %} +listen_address = "{{ gitlab_runner_listen_address }}" +{% endif %} +check_interval = {{ gitlab_runner_check_interval | default(0) }} +shutdown_timeout = {{ gitlab_runner_shutdown_timeout | default(0) }} +{% if gitlab_runner_sentry_dsn | length > 0 %} +sentry_dsn = "{{ gitlab_runner_sentry_dsn }}" +{% endif %} + +[session_server] +{% if gitlab_runner_enable_session_server %} + listen_address = "{{ gitlab_runner_session_server_listen_address }}" + advertise_address = "{{ gitlab_runner_session_server_advertise_address }}" +{% endif %} + session_timeout = {{ gitlab_runner_session_server_timeout }} +{% for runner in gitlab_runner_list %} + +[[runners]] + name = "{{ runner.name }}" + limit = {{ runner.limit | default(0) }} + output_limit = {{ runner.output_limit | default(4096) }} + url = "{{ runner.url }}" + token = "{{ runner.authentication_token }}" + executor = "{{ runner.executor | default('docker') }}" + environment = {{ runner.environment | default([]) | to_json }} + [runners.cache] +{% if runner.cache_type | default('') == 's3' %} + Type = "{{ runner.cache_type }}" +{% endif %} + MaxUploadedArchiveSize = 0 +{% if runner.cache_type | default('') == 's3' %} + [runners.cache.s3] + ServerAddress = "{{ runner.cache_server_address }}" + AccessKey = "{{ runner.cache_access_key }}" + SecretKey = "{{ runner.cache_secret_key }}" + BucketName = "{{ runner.cache_bucket_name }}" + Insecure = {{ runner.cache_insecure | default(false) | bool | to_json }} +{% if runner.cache_bucket_location | default('') | length > 0 %} + BucketLocation = "{{ runner.cache_bucket_location }}" +{% endif %} +{% endif %} +{% if "docker" in runner.executor %} + [runners.docker] + tls_verify = {{ runner.docker_tls_verify | default(false) | bool | to_json }} + image = "{{ runner.docker_image }}" +{% if runner.docker_memory | default('') | length > 0 %} + memory = "{{ runner.docker_memory }}" +{% endif %} +{% if runner.docker_cpus | default('') | string | length > 0 %} + cpus = "{{ runner.docker_cpus }}" +{% endif %} + privileged = {{ runner.docker_privileged | default(false) | bool | to_json }} + disable_entrypoint_overwrite = false + oom_kill_disable = false +{% if runner.docker_gpus | default('') | length > 0 %} + gpus = "{{ runner.docker_gpus }}" +{% endif %} +{% if runner.docker_security_opts | default([]) | length > 0 %} + security_opt = {{ runner.docker_security_opts | default([]) | to_json }} +{% endif %} +{% if runner.docker_devices | default([]) | length > 0 %} + devices = {{ runner.docker_devices | default([]) | to_json }} +{% endif %} + disable_cache = {{ runner.docker_disable_cache | default(false) | bool | to_json }} + volumes = {{ runner.docker_volumes | default([]) | to_json }} + shm_size = {{ runner.docker_shm_size | default(0) }} +{% if runner.docker_network_mtu | default(0) > 0 %} + network_mtu = {{ runner.docker_network_mtu }} +{% endif %} +{% endif %} +{% if runner.executor == "docker+machine" %} + [runners.machine] + MaxGrowthRate = {{ runner.machine_max_growth_rate | default(0) }} + IdleCount = {{ runner.machine_idle_count | default(0) }} + IdleScaleFactor = {{ runner.machine_idle_scale_factor | default(0.0) }} + IdleCountMin = {{ runner.machine_idle_count_min | default(0) }} + IdleTime = {{ runner.machine_idle_time | default(0) }} + MaxBuilds = {{ runner.machine_max_builds | default(0) }} + MachineDriver = "{{ runner.machine_driver }}" + MachineName = "{{ runner.machine_name }}" + MachineOptions = {{ runner.machine_options | default([]) | to_json }} +{% endif %} +{% if runner.executor == "docker-autoscaler" %} + [runners.autoscaler] + capacity_per_instance = 1 + max_use_count = {{ runner.autoscaler_max_builds | default(0) }} + max_instances = {{ runner.autoscaler_max_instances }} + plugin = "fleeting-plugin-openstack" + + [runners.autoscaler.plugin_config] + cloud = "{{ runner.autoscaler_cloud_name }}" + clouds_config = "{{ runner.autoscaler_clouds_config }}" + name = "{{ runner.autoscaler_group_name | default('autoscaler-runners') }}" + boot_time = "3m" + + [runners.autoscaler.plugin_config.server_spec] + name = "autoscaler-%d" + description = "{{ runner.description }}" + tags = [ "gitlab-ci" ] + imageRef = "{{ runner.autoscaler_image_ref }}" + flavorRef = "{{ runner.autoscaler_flavor_ref }}" + key_name = "{{ runner.autoscaler_keyname }}" + networks = [ { uuid = "{{ runner.autoscaler_network_id }}" } ] + security_groups = [ "{{ runner.autoscaler_security_group }}" ] + scheduler_hints = { group = "{{ runner.autoscaler_scheduler_hint }}" } + user_data = '{{ ignition_content | to_json }}' + + [runners.autoscaler.connector_config] + username = "{{ runner.autoscaler_username }}" + key_path = "{{ gitlab_runner_ssh_private_key_path }}" + use_static_credentials = true + keepalive = "30s" + timeout = "0m" + use_external_addr = false + + [[runners.autoscaler.policy]] + idle_count = {{ runner.autoscaler_idle_count | default(0) }} +{% endif %} +{% endfor %} diff --git a/roles/gitlab_runner/templates/flatcar-linux-config.bu.j2 b/roles/gitlab_runner/templates/flatcar-linux-config.bu.j2 new file mode 100644 index 0000000..79e9975 --- /dev/null +++ b/roles/gitlab_runner/templates/flatcar-linux-config.bu.j2 @@ -0,0 +1,82 @@ +{# +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 +#} +variant: flatcar +version: 1.1.0 +passwd: + users: + - name: core + ssh_authorized_keys: + - {{ gitlab_runner_ssh_keypair.public_key }} +storage: + files: + - path: /etc/resolv.conf + overwrite: true + mode: 0644 + contents: + inline: | +{% for nameserver in gitlab_runner_namerservers %} + nameserver {{ nameserver }} +{% endfor %} + - path: /opt/docker/daemon.json + mode: 0644 + contents: + inline: | + { +{% set registry_mirrors_list = [] %} +{% if gitlab_runner_registry_mirrors is defined %} + {%- set registry_mirrors_list = gitlab_runner_registry_mirrors %} +{% elif gitlab_runner_registry_mirror is defined %} + {%- set registry_mirrors_list = [gitlab_runner_registry_mirror] %} +{% endif %} +{% if registry_mirrors_list | length > 0 %} + "registry-mirrors": {{ registry_mirrors_list | to_json }}, +{% endif %} +{% if gitlab_runner_insecure_registries | length > 0 %} + "insecure-registries": {{ gitlab_runner_insecure_registries | to_json }}, +{% endif %} +{% if gitlab_runner_set_default_network_opts %} + "default-network-opts": { + "bridge": { + "com.docker.network.bridge.mtu": "{{ gitlab_runner_mtu }}" + } + }, +{% endif %} + "mtu": {{ gitlab_runner_mtu }} + } + - path: /etc/flatcar/update.conf + overwrite: true + contents: + inline: | + REBOOT_STRATEGY=off + mode: 0420 +systemd: + units: + - name: docker.service + enabled: true + dropins: + - name: 10-docker-opts.conf + contents: | + [Service] + Environment="DOCKER_OPTS=--mtu={{ gitlab_runner_mtu }} {% if gitlab_runner_set_default_network_opts %}--default-network-opt bridge=com.docker.network.bridge.mtu={{ gitlab_runner_mtu }}{% endif %}{% if registry_mirrors_list | length > 0 %}{% for registry_mirror in registry_mirrors_list %} --registry-mirror={{ registry_mirror }}{% endfor %}{% endif %}{% if gitlab_runner_insecure_registries | length > 0 %}{% for insecure_registry in gitlab_runner_insecure_registries %} --insecure-registry={{ insecure_registry }}{% endfor %}{% endif %}" + - name: binfmt-init.service + enabled: true + contents: | + [Unit] + Description=Initialize binfmt_misc support. + After=docker.service network-online.target + + [Service] + Type=oneshot + Restart=on-failure + RemainAfterExit=true + ExecStartPre=/usr/bin/docker pull multiarch/qemu-user-static:register + ExecStart=/usr/bin/docker run --rm --privileged multiarch/qemu-user-static:register --reset + Restart=on-failure + RestartSec=15 + + [Install] + WantedBy=multi-user.target diff --git a/roles/gitlab_runner/templates/pin-gitlab-runner.pref.j2 b/roles/gitlab_runner/templates/pin-gitlab-runner.pref.j2 new file mode 100644 index 0000000..9505097 --- /dev/null +++ b/roles/gitlab_runner/templates/pin-gitlab-runner.pref.j2 @@ -0,0 +1,4 @@ +Explanation: Prefer GitLab provided packages over the Debian native ones +Package: gitlab-runner +Pin: origin packages.gitlab.com{% if gitlab_runner_version | length > 0 %}, version {{ gitlab_runner_pkg_version }}{% endif +%} +Pin-Priority: 1001 diff --git a/roles/gitlab_runner/templates/pin-gitlab-runner.pref.j2.license b/roles/gitlab_runner/templates/pin-gitlab-runner.pref.j2.license new file mode 100644 index 0000000..b327045 --- /dev/null +++ b/roles/gitlab_runner/templates/pin-gitlab-runner.pref.j2.license @@ -0,0 +1,4 @@ +SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) + +SPDX-License-Identifier: Apache-2.0 diff --git a/roles/gitlab_runner/templates/runner_config.j2 b/roles/gitlab_runner/templates/runner_config.j2 new file mode 100644 index 0000000..7475b42 --- /dev/null +++ b/roles/gitlab_runner/templates/runner_config.j2 @@ -0,0 +1,7 @@ +{# +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 +#} +{{ runner_config }} diff --git a/roles/gitlab_runner/vars/debian.yml b/roles/gitlab_runner/vars/debian.yml new file mode 100644 index 0000000..00a8d5d --- /dev/null +++ b/roles/gitlab_runner/vars/debian.yml @@ -0,0 +1,7 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden - Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- +gitlab_runner_package_name: "{{ 'gitlab-runner=' + gitlab_runner_pkg_version if gitlab_runner_version else 'gitlab-runner' }}"