Commit bd6b2f73 authored by Lucas Kanashiro's avatar Lucas Kanashiro

Add Gitlab Runner formula

parent 4f5cca74
Gitlab Runner - Salt formula
-----------------------------------------------
This `salt` formula automate the installation of a Gitlab Runner, where runner runs inside docker containers.
The target of this formula are Debian Stretch VMs on Google Compute Engine (GCE). Those VMs have the `stretch-backports` repository enabled by default. Remember to allow http and https traffic during the creation of the VMs on GCE web UI.
Some config files are need to properly deploy the `runner`: `top.sls` and `pillar/top.sls` contains what will be executed in each VM, and `pillar/runner.sls` contains customizable variables. In the repository you can find examples of all these files, all you need to do is rename those files removing the `.example` extension of their names. Detailed information of each of these files will be presented below.
The `top.sls` file contains the hostname of the VMs managed by salt minions and which salt states will be applied to each VM. This file is presente below:
```
base:
'<runner_hostname>':
- common
- runner.docker
- runner
```
The `runner` VM should be managed by a salt minion, and its key should be accepted by the salt master.
The `pillar/top.sls` file describes which config file will be available to each VM:
```
base:
'<runner_hostname>':
- runner
```
Now let's see what is needed in the config files under `pillar` directory. This is the content of the `pillar/runner.sls`:
```
runner:
config:
config_path: <config_path>
docker_socket: <docker_socket>
base_docker_image: <docker_image>
gitlab_url: <gitlab_url>
gitlab_domain: <gitlab_domain>
registration_token: <token>
```
Below is the description of the variable:
* `config_path`: The path of the directory containing configuration files. By default is used `/etc/gitlab-runner`
* `docker_socket`: The path to the docker socket file. By default is used `/var/run/docker.sock`
* `base_docker_image`: Name of the docker image used by default in the runner.
* `gitlab_url`: URL of the Gitlab Instance. You can find it via web UI in the Runners session.
* `gitlab_domain`: Domain name used by the Gitlab Instance.
* `registration_token`: Token used to register new runners. You can find it via web UI in the Runners session.
We also need the `ca.crt` file used by the Gitlab CI server which will be used by the runner to trust on the server. You should copy from the server and paste it in `agent/config` as `ca.crt`.
With those files in place we can apply the salt states via the salt master. Again, at this point you should have the salt master and minions already configured, where salt master can communicate with minions without problems.
Do not forget to edit the `/etc/salt/master` config file to point to the right path. `file_roots` should point to the root of this repository and `pillar_roots` should point to the `pillar` directory inside this repository.
Finally, to deploy the Gitlab Runner you need to run the following command from the salt master:
```
# salt '<runner_hostname>' state.apply
```
uptodate:
pkg.uptodate:
- refresh: True
runner:
config:
config_path: <config_path>
docker_socket: <docker_socket>
base_docker_image: <docker_image>
gitlab_url: <gitlab_url>
gitlab_domain: <gitlab_domain>
registration_token: <token>
base:
'<runner_hostname>':
- runner
[Unit]
Description=Docker container image for Gitlab Runner
After=docker.service
Requires=docker.service
[Service]
ExecStartPre=-/usr/bin/docker rm gitlab-runner-valve
# TODO: Fixup local image build before deploying this line.
ExecStartPre=/usr/bin/docker run -d --name gitlab-runner-valve --restart always --network="host" -v {{ config_path }}:/etc/gitlab-runner -v {{ docker_socket }}:/var/run/docker.sock gitlab-runner-valve:latest
ExecStart=/usr/bin/docker logs -f gitlab-runner-valve
ExecStop=-/usr/bin/docker stop gitlab-runner-valve
ExecStopPost=-/usr/bin/docker stop gitlab-runner-valve
ExecStopPost=-/usr/bin/docker rm -f gitlab-runner-valve
Type=simple
Restart=always
RestartSec=15
TimeoutStartSec=20
TimeoutStopSec=15
[Install]
WantedBy=multi-user.target
apt-transport-https:
pkg.installed
docker_repo:
pkgrepo.managed:
- humanname: Docker apt repository
- name: deb [arch=amd64] https://download.docker.com/linux/debian stretch stable
- file: /etc/apt/sources.list.d/docker.list
- key_url: https://download.docker.com/linux/debian/gpg
docker-ce:
pkg:
- installed
- refresh: True
- require:
- pkgrepo: docker_repo
{% set config_path = pillar['runner']['config']['config_path'] %}
{% set docker_socket = pillar['runner']['config']['docker_socket'] %}
{% set base_image = pillar['runner']['config']['base_docker_image'] %}
{% set url = pillar['runner']['config']['gitlab_url'] %}
{% set domain = pillar['runner']['config']['gitlab_domain'] %}
{% set token = pillar['runner']['config']['registration_token'] %}
pull_docker_image:
cmd.run:
- name: docker pull gitlab/gitlab-runner:latest
tag_docker_image:
cmd.run:
- name: docker tag gitlab/gitlab-runner:latest gitlab-runner-valve
- require:
- cmd: pull_docker_image
gitlab_runner_service:
file.managed:
- name: /etc/systemd/system/gitlab-runner.service
- source: salt://runner/config/gitlab-runner.service.j2
- template: jinja
- context:
config_path: {{ config_path }}
docker_socket: {{ docker_socket }}
- user: root
- group: root
- mode: 640
gitlab_config_dir:
file.directory:
- name: /srv/gitlab-runner/config/certs
- user: root
- group: root
- mode: 640
- makedirs: True
gitlab_ci_certificate:
file.managed:
- name: /srv/gitlab-runner/config/certs/{{ domain }}.crt
- source: salt://runner/config/{{ domain }}.crt
- user: root
- group: root
- mode: 640
- require:
- file: gitlab_config_dir
gitlab-runner:
service.running:
- enable: True
- require:
- file: gitlab_runner_service
- file: gitlab_ci_certificate
register_runner:
cmd.run:
- name: >
docker run --rm --network="host" -v {{ config_path }}:/etc/gitlab-runner gitlab-runner-valve register \
--non-interactive \
--executor "docker" \
--docker-image {{ base_image }} \
--docker-network-mode "host" \
--url "{{ url }}" \
--registration-token "{{ token }}" \
--description "docker-runner" \
--tag-list "docker" \
--run-untagged="true" \
--locked="false"
- require:
- service: gitlab-runner
base:
'<runner_hostname>':
- common
- runner.docker
- runner
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment