With the recent efforts in upstream libvirt to centralize our CI on gitlab, let's add a new gitlab-specific flavor along with related playbook tasks. This flavour revolves around installing and configuring the gitlab-runner agent binary which requires the per-project registration token to be specified in order for the runner to be successfully registered with the gitlab server. Note that as part of the registration process each runner acquires a new unique access token. This means that we must ensure that the registration is run only on the first update, otherwise a new runner with a new access token is registered with the gitlab project. Signed-off-by: Erik Skultety <eskultet@xxxxxxxxxx> --- guests/group_vars/all/main.yml | 3 ++ guests/playbooks/update/main.yml | 5 ++ guests/playbooks/update/tasks/gitlab.yml | 64 ++++++++++++++++++++++++ 3 files changed, 72 insertions(+) create mode 100644 guests/playbooks/update/tasks/gitlab.yml diff --git a/guests/group_vars/all/main.yml b/guests/group_vars/all/main.yml index b73795e..9d9a413 100644 --- a/guests/group_vars/all/main.yml +++ b/guests/group_vars/all/main.yml @@ -5,3 +5,6 @@ ansible_ssh_pass: root jenkins_url: https://ci.centos.org/computer/{{ inventory_hostname }}/slave-agent.jnlp + +# In our case, ansible_system is either Linux or FreeBSD +gitlab_runner_url: https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-{{ ansible_system|lower }}-amd64 diff --git a/guests/playbooks/update/main.yml b/guests/playbooks/update/main.yml index e82055b..9e63391 100644 --- a/guests/playbooks/update/main.yml +++ b/guests/playbooks/update/main.yml @@ -58,3 +58,8 @@ - include: '{{ playbook_base }}/tasks/jenkins.yml' when: - flavor == 'jenkins' + + # Install the Gitlab runner agent + - include: '{{ playbook_base }}/tasks/gitlab.yml' + when: + - flavor == 'gitlab' diff --git a/guests/playbooks/update/tasks/gitlab.yml b/guests/playbooks/update/tasks/gitlab.yml new file mode 100644 index 0000000..9a30140 --- /dev/null +++ b/guests/playbooks/update/tasks/gitlab.yml @@ -0,0 +1,64 @@ +--- +- name: Look up Gitlab runner secret + set_fact: + gitlab_runner_secret: '{{ lookup("file", gitlab_runner_token_file) }}' + gitlab_runner_config_path: '/home/gitlab/.gitlab-runner/config.toml' + +- name: Download gitlab-runner agent + get_url: + url: '{{ gitlab_runner_url }}' + dest: /usr/local/bin/gitlab-runner + mode: '0755' + force: yes + +- name: Make sure the gitlab-runner config dir exists exists + file: + path: '{{ gitlab_runner_config_path | dirname }}' + owner: gitlab + group: gitlab + state: directory + register: rc_gitlab_runner_config_dir + +- name: Create and empty gitlab-runner config + file: + path: '{{ gitlab_runner_config_path }}' + owner: gitlab + group: gitlab + state: touch + when: rc_gitlab_runner_config_dir.changed + +# To ensure idempotency, we must run the registration only when we first +# created the config dir, otherwise we'll register a new runner on every +# update +- name: Register the gitlab-runner agent + shell: 'gitlab-runner register --non-interactive --config /home/gitlab/.gitlab-runner/config.toml --registration-token {{ gitlab_runner_secret }} --url https://gitlab.com --executor shell --tag-list {{ inventory_hostname }}' + when: rc_gitlab_runner_config_dir.changed + +- block: + - name: Install the gitlab-runner service unit + template: + src: '{{ playbook_base }}/templates/gitlab-runner.service.j2' + dest: /etc/systemd/system/gitlab-runner.service + + - name: Enable the gitlab-runner service + systemd: + name: gitlab-runner + state: started + enabled: yes + daemon_reload: yes + when: ansible_service_mgr == 'systemd' + +- block: + - name: Install the gitlab_runner rc service script + template: + src: '{{ playbook_base }}/templates/gitlab-runner.j2' + dest: '/usr/local/etc/rc.d/gitlab_runner' + mode: '0755' + + - name: Enable the gitlab-runner rc service + service: + name: gitlab_runner + state: started + enabled: yes + when: ansible_service_mgr != 'systemd' + -- 2.25.1