-
Notifications
You must be signed in to change notification settings - Fork 273
/
Copy pathregister-runner.yml
221 lines (215 loc) · 10.4 KB
/
register-runner.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
---
- name: Accept gitlab server self signed cert as valid CA
when: force_accept_gitlab_server_self_signed
block:
- name: Grab the server cert for "{{ gitlab_runner_coordinator_url }}"
community.crypto.get_certificate:
host: "{{ gitlab_runner.url | default(gitlab_runner_coordinator_url) | regex_replace('https?:\/\/([^\/]+)\/?.*', '\\1') }}"
port: 443
asn1_base64: true # need to hard code to prevent depreciation warning
register: gitlab_server_cert
- name: Save the GitLab server self signed cert to the default CA path
ansible.builtin.copy:
content: "{{ gitlab_server_cert.cert }}"
dest: "{{ tls_ca_file }}"
mode: '0644'
- name: Update CA bundle with self signe cert of the gitlab server
ansible.builtin.import_tasks: update-ca-bundle.yml
- name: Update CA bundle with self signe cert of the gitlab server
ansible.builtin.import_tasks: update-ca-bundle.yml
when: force_accept_gitlab_server_self_signed
- name: Construct the runner command without secrets
ansible.builtin.set_fact:
register_runner_cmd: >-
{{ gitlab_runner_executable }} register
{% if gitlab_runner_registration_token_type != "authentication-token" %}
--locked='{{ gitlab_runner.locked | default(false) }}'
--tag-list '{{ gitlab_runner.tags | default([]) | join(",") }}'
{% if gitlab_runner.run_untagged | default(true) %}
--run-untagged
{% endif %}
{% if gitlab_runner.protected | default(false) %}
--access-level="ref_protected"
{% endif %}
{% endif %}
--non-interactive
--url '{{ gitlab_runner.url | default(gitlab_runner_coordinator_url) }}'
--name '{{ actual_gitlab_runner_name }}'
{% if gitlab_runner.clone_url | default(false) %}
--clone-url "{{ gitlab_runner.clone_url }}"
{% endif %}
--executor '{{ gitlab_runner.executor | default("shell") }}'
{% if gitlab_runner.shell is defined %}
--shell '{{ gitlab_runner.shell }}'
{% endif %}
--limit '{{ gitlab_runner.concurrent_specific | default(0) }}'
--output-limit '{{ gitlab_runner.output_limit | default(4096) }}'
{% for env_var in gitlab_runner.env_vars | default([]) %}
--env '{{ env_var }}'
{% endfor %}
{% if gitlab_runner.tls_ca_file | default(false) %}
--tls-ca-file "{{ gitlab_runner.tls_ca_file }}"
{% endif %}
--docker-image '{{ gitlab_runner.docker_image | default("alpine") }}'
{% if gitlab_runner.docker_helper_image is defined %}
--docker-helper-image "{{ gitlab_runner.docker_helper_image }}"
{% endif %}
{% if gitlab_runner.docker_privileged | default(false) %}
--docker-privileged
{% endif %}
{% if gitlab_runner.docker_wait_for_services_timeout | default(false) %}
--docker-wait-for-services-timeout '{{ gitlab_runner.docker_wait_for_services_timeout | default(30) }}'
{% endif %}
{% if gitlab_runner.docker_tlsverify | default(false) %}
--docker-tlsverify '{{ gitlab_runner.docker_tlsverify | default("true") }}'
{% endif %}
{% if gitlab_runner.docker_dns | default(false) %}
--docker-dns '{{ gitlab_runner.docker_dns | default("1.1.1.1") }}'
{% endif %}
{% if gitlab_runner.docker_dns_search | default(false) %}
--docker-dns-search '{{ gitlab_runner.docker_dns_search | default([]) }}'
{% endif %}
{% if gitlab_runner.docker_disable_cache | default(false) %}
--docker-disable-cache
{% endif %}
{% if gitlab_runner.docker_oom_kill_disable | default(false) %}
--docker-oom-kill-disable '{{ gitlab_runner.docker_oom_kill_disable | default("false") }}'
{% endif %}
{% for policy in gitlab_runner.docker_allowed_pull_policies | default([]) %}
--docker-allowed-pull-policies "{{ policy }}"
{% endfor %}
{% for policy in gitlab_runner.docker_pull_policy | default([]) %}
--docker-pull-policy "{{ policy }}"
{% endfor %}
{% for volume in gitlab_runner.docker_volumes | default([]) %}
--docker-volumes "{{ volume }}"
{% endfor %}
{% for device in gitlab_runner.docker_devices | default([]) %}
--docker-devices "{{ device }}"
{% endfor %}
{% if gitlab_runner.docker_network_mode is defined %}
--docker-network-mode '{{ gitlab_runner.docker_network_mode }}'
{% endif %}
--ssh-user '{{ gitlab_runner.ssh_user | default("") }}'
--ssh-host '{{ gitlab_runner.ssh_host | default("") }}'
--ssh-port '{{ gitlab_runner.ssh_port | default("") }}'
--ssh-identity-file '{{ gitlab_runner.ssh_identity_file | default("") }}'
{% if gitlab_runner.executor == "virtualbox" and gitlab_runner.virtualbox_base_name %}
--virtualbox-base-name '{{ gitlab_runner.virtualbox_base_name }}'
--virtualbox-base-snapshot '{{ gitlab_runner.virtualbox_base_snapshot | default("") }}'
--virtualbox-base-folder '{{ gitlab_runner.virtualbox_base_folder | default("") }}'
--virtualbox-disable-snapshots='{{ gitlab_runner.virtualbox_disable_snapshots | default(false) }}'
{% endif %}
{% if gitlab_runner.cache_type is defined %}
--cache-type '{{ gitlab_runner.cache_type }}'
{% endif %}
{% if gitlab_runner.cache_shared | default(false) %}
--cache-shared
{% endif %}
{% if gitlab_runner.cache_path is defined %}
--cache-path '{{ gitlab_runner.cache_path }}'
{% endif %}
{% if gitlab_runner.cache_s3_server_address is defined %}
--cache-s3-server-address '{{ gitlab_runner.cache_s3_server_address }}'
{% if gitlab_runner.cache_s3_access_key is defined %}
--cache-s3-access-key '{{ gitlab_runner.cache_s3_access_key }}'
{% endif %}
{% endif %}
{% if gitlab_runner.cache_s3_bucket_name is defined %}
--cache-s3-bucket-name '{{ gitlab_runner.cache_s3_bucket_name }}'
{% endif %}
{% if gitlab_runner.cache_s3_bucket_location is defined %}
--cache-s3-bucket-location '{{ gitlab_runner.cache_s3_bucket_location }}'
{% endif %}
{% if gitlab_runner.cache_gcs_bucket_name is defined %}
--cache-gcs-bucket-name '{{ gitlab_runner.cache_gcs_bucket_name }}'
{% endif %}
{% if gitlab_runner.cache_gcs_credentials_file is defined %}
--cache-gcs-credentials-file '{{ gitlab_runner.cache_gcs_credentials_file }}'
{% endif %}
{% if gitlab_runner.cache_gcs_access_id is defined %}
--cache-gcs-access-id '{{ gitlab_runner.cache_gcs_access_id }}'
{% endif %}
{% if gitlab_runner.cache_azure_account_name is defined %}
--cache-azure-account-name '{{ gitlab_runner.cache_azure_account_name }}'
{% endif %}
{% if gitlab_runner.cache_azure_container_name is defined %}
--cache-azure-container-name '{{ gitlab_runner.cache_azure_container_name }}'
{% endif %}
{% if gitlab_runner.cache_azure_storage_domain is defined %}
--cache-azure-storage-domain '{{ gitlab_runner.cache_azure_storage_domain }}'
{% endif %}
{% if gitlab_runner.builds_dir | default(false) %}
--builds-dir '{{ gitlab_runner.builds_dir }}'
{% endif %}
{% if gitlab_runner.custom_build_dir_enabled | default(false) %}
--custom_build_dir-enabled
{% endif %}
{% if gitlab_runner.cache_dir | default(false) %}
--cache-dir '{{ gitlab_runner.cache_dir }}'
{% endif %}
{% if gitlab_runner.cache_s3_insecure | default(false) %}
--cache-s3-insecure
{% endif %}
{% if gitlab_runner.extra_registration_option is defined %}
{{ gitlab_runner.extra_registration_option }}
{% endif %}
- name: Apply updates (if any) by unregister the runner and let it then register later on
when: gitlab_runner_config_update_mode == 'by_registering'
block:
- name: Check if the configuration has changed since the last run
ansible.builtin.copy:
content: >
{{ register_runner_cmd }}
{% if gitlab_runner_registration_token_type == "authentication-token" %}
--token '{{ gitlab_runner.token | hash("sha1") }}'
{% else %}
--registration-token '{{ gitlab_runner.token | default(gitlab_runner_registration_token) | hash("sha1") }}'
{% endif %}
{% if gitlab_runner.cache_s3_secret_key is defined %}
--cache-s3-secret-key '{{ gitlab_runner.cache_s3_secret_key | hash("sha1") }}'
{% endif %}
{% if gitlab_runner.cache_gcs_private_key is defined %}
--cache-gcs-private-key '{{ gitlab_runner.cache_gcs_private_key }}'
{% endif %}
{% if gitlab_runner.cache_azure_account_key is defined %}
--cache-azure-account-key '{{ gitlab_runner.cache_azure_account_key }}'
{% endif %}
{% if gitlab_runner.ssh_password is defined %}
--ssh-password '{{ gitlab_runner.ssh_password | hash("sha1") }}'
{% endif %}
dest: "{{ gitlab_runner_config_file_location }}/last-runner-config-{{ actual_gitlab_runner_name }}"
mode: "0644"
register: runner_config_state
- name: Unregister runner
ansible.builtin.import_tasks: unregister-runner.yml
when:
- actual_gitlab_runner_name in registered_gitlab_runner_names
- runner_config_state.changed
- name: List configured runners
ansible.builtin.import_tasks: list-configured-runners-unix.yml
- name: Register runner to GitLab
ansible.builtin.command: >
{{ register_runner_cmd }}
{% if gitlab_runner_registration_token_type == "authentication-token" %}
--token '{{ gitlab_runner.token }}'
{% else %}
--registration-token '{{ gitlab_runner.token | default(gitlab_runner_registration_token) }}'
{% endif %}
{% if gitlab_runner.cache_s3_secret_key is defined %}
--cache-s3-secret-key '{{ gitlab_runner.cache_s3_secret_key }}'
{% endif %}
{% if gitlab_runner.cache_gcs_private_key is defined %}
--cache-gcs-private-key '{{ gitlab_runner.cache_gcs_private_key }}'
{% endif %}
{% if gitlab_runner.cache_azure_account_key is defined %}
--cache-azure-account-key '{{ gitlab_runner.cache_azure_account_key }}'
{% endif %}
{% if gitlab_runner.ssh_password is defined %}
--ssh-password '{{ gitlab_runner.ssh_password }}'
{% endif %}
when:
- actual_gitlab_runner_name not in registered_gitlab_runner_names
- gitlab_runner.state | default('present') == 'present'
no_log: "{{ gitlab_runner_no_log_secrets | default(true) }}"
become: "{{ gitlab_runner_system_mode }}"