From 2a9d7f5f28da98809028e5e9d43662ba3d139573 Mon Sep 17 00:00:00 2001 From: Ewan Date: Thu, 5 Jan 2023 16:59:09 +0100 Subject: [PATCH 01/12] set traefik to use LE production CA --- playbooks/templates/traefik.hcl.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/templates/traefik.hcl.j2 b/playbooks/templates/traefik.hcl.j2 index 829c588..b935fda 100644 --- a/playbooks/templates/traefik.hcl.j2 +++ b/playbooks/templates/traefik.hcl.j2 @@ -125,7 +125,7 @@ entryPoint = "traefik" email = "{{ job_fact.certificate_email }}" storage = "/config/{{ nomad_datacenter }}.json" # comment for production - caServer = "https://acme-staging-v02.api.letsencrypt.org/directory" + #caServer = "https://acme-staging-v02.api.letsencrypt.org/directory" {% endif %} {% if job_fact.acme_challenge is defined %} {% if job_fact.acme_challenge == 'dns' and azure %} From 62b2df8ce59aebfb5f84ab196d601a44a94f58d8 Mon Sep 17 00:00:00 2001 From: Ewan Date: Thu, 5 Jan 2023 17:21:18 +0100 Subject: [PATCH 02/12] Working version of gitlab-runners role --- .../roles/gitlab_runners/defaults/main.yml | 11 +++ playbooks/roles/gitlab_runners/tasks/main.yml | 48 +++++++++++++ .../templates/gitlab-runner-exec.hcl | 38 ++++++++++ .../templates/gitlab-runner.hcl | 71 +++++++++++++++++++ .../templates/gitlab_runners.hcl.j2 | 67 +++++++++++++++++ playbooks/roles/gitlab_runners/test.hcl | 22 ++++++ 6 files changed, 257 insertions(+) create mode 100644 playbooks/roles/gitlab_runners/defaults/main.yml create mode 100644 playbooks/roles/gitlab_runners/tasks/main.yml create mode 100644 playbooks/roles/gitlab_runners/templates/gitlab-runner-exec.hcl create mode 100644 playbooks/roles/gitlab_runners/templates/gitlab-runner.hcl create mode 100644 playbooks/roles/gitlab_runners/templates/gitlab_runners.hcl.j2 create mode 100644 playbooks/roles/gitlab_runners/test.hcl diff --git a/playbooks/roles/gitlab_runners/defaults/main.yml b/playbooks/roles/gitlab_runners/defaults/main.yml new file mode 100644 index 0000000..2d02416 --- /dev/null +++ b/playbooks/roles/gitlab_runners/defaults/main.yml @@ -0,0 +1,11 @@ +nomad_gitlab_runner_job_name: gitlab_runners +nomad_gitlab_runner_group_count: 3 +nomad_gitlab_runner_job_resources: + cpu: 1000 + memory: 1000 +nomad_gitlab_runner_docker_image: "gitlab/gitlab-runner:{{ nomad_gitlab_runner_docker_image_tag }}" +nomad_gitlab_runner_docker_image_tag: "v15.6.1" +nomad_gitlab_runner_docker_network_mode: "host" +nomad_gitlab_runner_shared_config_file_path: "/alloc/config.toml" +nomad_gitlab_runner_container_ci_docker_image: "docker:20.10.16" + diff --git a/playbooks/roles/gitlab_runners/tasks/main.yml b/playbooks/roles/gitlab_runners/tasks/main.yml new file mode 100644 index 0000000..89fa0e2 --- /dev/null +++ b/playbooks/roles/gitlab_runners/tasks/main.yml @@ -0,0 +1,48 @@ + +- name: Check to see if Gitlab job is already running + ansible.builtin.uri: + url: "http://nomad.service.consul:4646/v1/job/{{ nomad_gitlab_runner_job_name }}" + method: GET + remote_src: yes + register: pre_job_status + ignore_errors: true + run_once: true + +- block: + - name: Wait until Gitlab server is ready + ansible.builtin.uri: + url: "http://consul.service.consul:8500/v1/health/checks/{{ nomad_gitlab_services[0].name }}" + method: GET + remote_src: yes + async: 600 + poll: 5 + register: gitlab_status + until: gitlab_status | json_query('json[0].Status') == 'passing' + retries: 20 + delay: 5 + run_once: true + + - name: spawn nomad job {{ nomad_gitlab_runner_job_name }} + community.general.nomad_job: + host: "nomad.service.consul" + state: present + content: "{{ lookup('ansible.builtin.template', nomad_gitlab_runner_job_name + '.hcl.j2') }}" + use_ssl: false + register: nomad_job_spawn + retries: 10 + delay: 5 + until: nomad_job_spawn.failed == false + run_once: true + + - name: Check the job state is healthy + ansible.builtin.uri: + url: "http://nomad.service.consul:4646/v1/job/{{ nomad_gitlab_runner_job_name }}" + method: GET + remote_src: yes + async: 600 + poll: 10 + register: job_status + until: job_status | json_query('json.Status') == 'running' + retries: 10 + delay: 10 + when: pre_job_status.status == 404 diff --git a/playbooks/roles/gitlab_runners/templates/gitlab-runner-exec.hcl b/playbooks/roles/gitlab_runners/templates/gitlab-runner-exec.hcl new file mode 100644 index 0000000..0c583f5 --- /dev/null +++ b/playbooks/roles/gitlab_runners/templates/gitlab-runner-exec.hcl @@ -0,0 +1,38 @@ + +job "gitlab-runner" { + datacenters = ["ewandc1"] + type = "service" + + constraint { + attribute = "${attr.kernel.name}" + value = "linux" + } + + group "gitlab-runner" { + count = 1 + task "gitlab-runner" { + driver = "exec" + config { + command = "alloc/gitlab-runner/gitlab-runner" + args = ["run"] + } + artifact { + source = "https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64" + destination = "alloc/gitlab-runner/gitlab-runner" + mode = "file" + } + } + # task "gitlab-runner-register" { + # lifecycle { + # hook = "poststart" + # sidecar = false + # } + # driver = "exec" + # config { + # command = "alloc/gitlab-runner/gitlab-runner" + # args = ["register", "--non-interactive", "--url https://gitlab.ewan.kangaroot.net", "--registration-token 'Q6TBHQ8XMPXXVV49A683JBQTNQ9REJ'", "--executor 'docker'", "--docker-image alpine:latest" ] + # } + # } + } +} + diff --git a/playbooks/roles/gitlab_runners/templates/gitlab-runner.hcl b/playbooks/roles/gitlab_runners/templates/gitlab-runner.hcl new file mode 100644 index 0000000..046463c --- /dev/null +++ b/playbooks/roles/gitlab_runners/templates/gitlab-runner.hcl @@ -0,0 +1,71 @@ +job "gitlab-runner" { + datacenters = ["ewandc1"] + type = "service" + + constraint { + attribute = "${attr.kernel.name}" + value = "linux" + } + + group "gitlab-runner" { + count = 5 + task "gitlab-runner" { + driver = "docker" + resources { + cpu = 1000 + memory = 2000 + } + config { + image = "gitlab/gitlab-runner:v15.6.1" + command = "run" + args = ["--config", "/alloc/config.toml"] + network_mode = "host" + volumes = [ + "alloc/config:/etc/gitlab-runner", + "/var/run/docker.sock:/var/run/docker.sock" + ] + logging { + type = "loki" + } + } + } + task "gitlab-runner-register" { + driver = "docker" + config { + image = "gitlab/gitlab-runner:v15.6.1" + command = "register" + args = [ + "--non-interactive", + "--config", + "/alloc/config.toml", + "--executor", + "docker", + "--docker-image", + "docker:20.10.16", + "--docker-volumes", + "/var/run/docker.sock:/var/run/docker.sock", + "--url", + "https://gitlab.ewan.kangaroot.net", + "--registration-token", + "Q6TBHQ8XMPXXVV49A683JBQTNQ9REJ", + "--description", + "docker-runner", + "--tag-list", + "docker", + "--run-untagged=true", + "--locked=false", + "--access-level=not_protected" + ] + network_mode = "host" + volumes = [ + "alloc/config:/etc/gitlab-runner", + ] + } + lifecycle { + hook = "prestart" + sidecar = false + } + } + } +} + diff --git a/playbooks/roles/gitlab_runners/templates/gitlab_runners.hcl.j2 b/playbooks/roles/gitlab_runners/templates/gitlab_runners.hcl.j2 new file mode 100644 index 0000000..9deb325 --- /dev/null +++ b/playbooks/roles/gitlab_runners/templates/gitlab_runners.hcl.j2 @@ -0,0 +1,67 @@ +job "{{ nomad_gitlab_runner_job_name }}" { + datacenters = ["{{ nomad_datacenter }}"] + type = "service" + + constraint { + attribute = "${attr.kernel.name}" + value = "linux" + } + + group "gitlab-runner" { + count = {{ nomad_gitlab_runner_group_count }} + task "gitlab-runner" { + driver = "docker" + resources { + cpu = {{ nomad_gitlab_runner_job_resources.cpu }} + memory = {{ nomad_gitlab_runner_job_resources.memory }} + } + config { + image = "{{ nomad_gitlab_runner_docker_image }}" + command = "run" + args = ["--config", "{{ nomad_gitlab_runner_shared_config_file_path }}"] + network_mode = "host" + volumes = [ + "/var/run/docker.sock:/var/run/docker.sock" + ] + logging { + type = "loki" + } + } + } + task "gitlab-runner-register" { + driver = "docker" + config { + image = "gitlab/gitlab-runner:v15.6.1" + command = "register" + args = [ + "--non-interactive", + "--config", + "{{ nomad_gitlab_runner_shared_config_file_path }}", + "--executor", + "docker", + "--docker-image", + "{{ nomad_gitlab_runner_container_ci_docker_image }}", + "--docker-volumes", + "/var/run/docker.sock:/var/run/docker.sock", + "--url", + "https://gitlab.{{ zone }}", + "--registration-token", + "{{ nomad_gitlab_shared_runner_token }}", + "--description", + "docker-runner-${env["NOMAD_SHORT_ALLOC_ID"]}", + "--tag-list", + "docker", + "--run-untagged=true", + "--locked=false", + "--access-level=not_protected" + ] + network_mode = "host" + } + lifecycle { + hook = "prestart" + sidecar = false + } + } + } +} + diff --git a/playbooks/roles/gitlab_runners/test.hcl b/playbooks/roles/gitlab_runners/test.hcl new file mode 100644 index 0000000..c8ae9cb --- /dev/null +++ b/playbooks/roles/gitlab_runners/test.hcl @@ -0,0 +1,22 @@ +job "debug" { + datacenters = ["ewandc1"] + type = "service" + + constraint { + attribute = "${attr.kernel.name}" + value = "linux" + } + + group "gitlab-runner" { + count = 1 + task "test" { + driver = "exec" + config { + command = "" + #args = ["$user"] + } + } + } +} + + From 9835d11e3d403d1d391b1a985f357d450196e0cc Mon Sep 17 00:00:00 2001 From: Ewan Date: Thu, 5 Jan 2023 17:21:45 +0100 Subject: [PATCH 03/12] Add gitlab_runners role to runtime playbook --- playbooks/runtime.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/playbooks/runtime.yml b/playbooks/runtime.yml index 18a4844..e17bb99 100644 --- a/playbooks/runtime.yml +++ b/playbooks/runtime.yml @@ -48,3 +48,7 @@ tags: - gitlab when: gitlab_enabled | bool + - role: gitlab_runners + tags: + - gitlab_runners + when: gitlab_runners_enabled | bool From ca57a1000c8796175b8d1819e8c6f66c238a0467 Mon Sep 17 00:00:00 2001 From: Ewan Date: Thu, 5 Jan 2023 17:22:23 +0100 Subject: [PATCH 04/12] Reduce traefik instance count 1 as a solution to Gitlab cert problems --- playbooks/templates/traefik.hcl.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/templates/traefik.hcl.j2 b/playbooks/templates/traefik.hcl.j2 index b935fda..ed9bf93 100644 --- a/playbooks/templates/traefik.hcl.j2 +++ b/playbooks/templates/traefik.hcl.j2 @@ -8,7 +8,7 @@ job "traefik" { value = "1" weight = 100 } - count = 3 + count = 1 network { port "http" { From 225b0ffd5e2ef5f9a080ee0864d1d12d5eaeb714 Mon Sep 17 00:00:00 2001 From: Ewan Date: Thu, 5 Jan 2023 17:24:50 +0100 Subject: [PATCH 05/12] Add sample non-default gitlab_runners configuration to example inventory --- azure-inv/group_vars/all/gitlab-runners.yml | 1 + 1 file changed, 1 insertion(+) create mode 100644 azure-inv/group_vars/all/gitlab-runners.yml diff --git a/azure-inv/group_vars/all/gitlab-runners.yml b/azure-inv/group_vars/all/gitlab-runners.yml new file mode 100644 index 0000000..c369e20 --- /dev/null +++ b/azure-inv/group_vars/all/gitlab-runners.yml @@ -0,0 +1 @@ +gitlab_runners_enabled: true From e3d9eceea683e757a0e24631cb65b7a5778aa29d Mon Sep 17 00:00:00 2001 From: Ewan Date: Mon, 16 Jan 2023 14:17:23 +0100 Subject: [PATCH 06/12] Removed out of date test job specs --- .../templates/gitlab-runner-exec.hcl | 38 ---------- .../templates/gitlab-runner.hcl | 71 ------------------- 2 files changed, 109 deletions(-) delete mode 100644 playbooks/roles/gitlab_runners/templates/gitlab-runner-exec.hcl delete mode 100644 playbooks/roles/gitlab_runners/templates/gitlab-runner.hcl diff --git a/playbooks/roles/gitlab_runners/templates/gitlab-runner-exec.hcl b/playbooks/roles/gitlab_runners/templates/gitlab-runner-exec.hcl deleted file mode 100644 index 0c583f5..0000000 --- a/playbooks/roles/gitlab_runners/templates/gitlab-runner-exec.hcl +++ /dev/null @@ -1,38 +0,0 @@ - -job "gitlab-runner" { - datacenters = ["ewandc1"] - type = "service" - - constraint { - attribute = "${attr.kernel.name}" - value = "linux" - } - - group "gitlab-runner" { - count = 1 - task "gitlab-runner" { - driver = "exec" - config { - command = "alloc/gitlab-runner/gitlab-runner" - args = ["run"] - } - artifact { - source = "https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64" - destination = "alloc/gitlab-runner/gitlab-runner" - mode = "file" - } - } - # task "gitlab-runner-register" { - # lifecycle { - # hook = "poststart" - # sidecar = false - # } - # driver = "exec" - # config { - # command = "alloc/gitlab-runner/gitlab-runner" - # args = ["register", "--non-interactive", "--url https://gitlab.ewan.kangaroot.net", "--registration-token 'Q6TBHQ8XMPXXVV49A683JBQTNQ9REJ'", "--executor 'docker'", "--docker-image alpine:latest" ] - # } - # } - } -} - diff --git a/playbooks/roles/gitlab_runners/templates/gitlab-runner.hcl b/playbooks/roles/gitlab_runners/templates/gitlab-runner.hcl deleted file mode 100644 index 046463c..0000000 --- a/playbooks/roles/gitlab_runners/templates/gitlab-runner.hcl +++ /dev/null @@ -1,71 +0,0 @@ -job "gitlab-runner" { - datacenters = ["ewandc1"] - type = "service" - - constraint { - attribute = "${attr.kernel.name}" - value = "linux" - } - - group "gitlab-runner" { - count = 5 - task "gitlab-runner" { - driver = "docker" - resources { - cpu = 1000 - memory = 2000 - } - config { - image = "gitlab/gitlab-runner:v15.6.1" - command = "run" - args = ["--config", "/alloc/config.toml"] - network_mode = "host" - volumes = [ - "alloc/config:/etc/gitlab-runner", - "/var/run/docker.sock:/var/run/docker.sock" - ] - logging { - type = "loki" - } - } - } - task "gitlab-runner-register" { - driver = "docker" - config { - image = "gitlab/gitlab-runner:v15.6.1" - command = "register" - args = [ - "--non-interactive", - "--config", - "/alloc/config.toml", - "--executor", - "docker", - "--docker-image", - "docker:20.10.16", - "--docker-volumes", - "/var/run/docker.sock:/var/run/docker.sock", - "--url", - "https://gitlab.ewan.kangaroot.net", - "--registration-token", - "Q6TBHQ8XMPXXVV49A683JBQTNQ9REJ", - "--description", - "docker-runner", - "--tag-list", - "docker", - "--run-untagged=true", - "--locked=false", - "--access-level=not_protected" - ] - network_mode = "host" - volumes = [ - "alloc/config:/etc/gitlab-runner", - ] - } - lifecycle { - hook = "prestart" - sidecar = false - } - } - } -} - From 4547dd49918334dd7b40cb2af60910dce804926c Mon Sep 17 00:00:00 2001 From: Ewan Date: Mon, 16 Jan 2023 14:47:25 +0100 Subject: [PATCH 07/12] Add warning to not change shared config file path --- playbooks/roles/gitlab_runners/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/playbooks/roles/gitlab_runners/defaults/main.yml b/playbooks/roles/gitlab_runners/defaults/main.yml index 2d02416..b31c904 100644 --- a/playbooks/roles/gitlab_runners/defaults/main.yml +++ b/playbooks/roles/gitlab_runners/defaults/main.yml @@ -6,6 +6,8 @@ nomad_gitlab_runner_job_resources: nomad_gitlab_runner_docker_image: "gitlab/gitlab-runner:{{ nomad_gitlab_runner_docker_image_tag }}" nomad_gitlab_runner_docker_image_tag: "v15.6.1" nomad_gitlab_runner_docker_network_mode: "host" + +# Changing from /alloc might cause breakages nomad_gitlab_runner_shared_config_file_path: "/alloc/config.toml" nomad_gitlab_runner_container_ci_docker_image: "docker:20.10.16" From 6feb2c6218d077e36017c7b26228899b47846ca9 Mon Sep 17 00:00:00 2001 From: Ewan Date: Mon, 16 Jan 2023 15:48:48 +0100 Subject: [PATCH 08/12] Change register task docker image to variable --- playbooks/roles/gitlab_runners/templates/gitlab_runners.hcl.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/gitlab_runners/templates/gitlab_runners.hcl.j2 b/playbooks/roles/gitlab_runners/templates/gitlab_runners.hcl.j2 index 9deb325..2fa6d4a 100644 --- a/playbooks/roles/gitlab_runners/templates/gitlab_runners.hcl.j2 +++ b/playbooks/roles/gitlab_runners/templates/gitlab_runners.hcl.j2 @@ -31,7 +31,7 @@ job "{{ nomad_gitlab_runner_job_name }}" { task "gitlab-runner-register" { driver = "docker" config { - image = "gitlab/gitlab-runner:v15.6.1" + image = "{{ nomad_gitlab_runner_docker_image }}" command = "register" args = [ "--non-interactive", From e465cf83fc6c83c0a5b6134e2ad1de862badc7f2 Mon Sep 17 00:00:00 2001 From: Ewan Date: Wed, 18 Jan 2023 14:21:51 +0100 Subject: [PATCH 09/12] Add toggle for LE server to use prod only for runners --- playbooks/templates/traefik.hcl.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/playbooks/templates/traefik.hcl.j2 b/playbooks/templates/traefik.hcl.j2 index ed9bf93..f603899 100644 --- a/playbooks/templates/traefik.hcl.j2 +++ b/playbooks/templates/traefik.hcl.j2 @@ -125,7 +125,9 @@ entryPoint = "traefik" email = "{{ job_fact.certificate_email }}" storage = "/config/{{ nomad_datacenter }}.json" # comment for production - #caServer = "https://acme-staging-v02.api.letsencrypt.org/directory" + {% if gitlab_runners_enabled is false %} + caServer = "https://acme-staging-v02.api.letsencrypt.org/directory" + {% endif %} {% endif %} {% if job_fact.acme_challenge is defined %} {% if job_fact.acme_challenge == 'dns' and azure %} From 5c846b8295dedc807bfe4cef3ad71bdc6ce3b551 Mon Sep 17 00:00:00 2001 From: Ewan Gilchrist Date: Mon, 20 Mar 2023 11:28:59 +0100 Subject: [PATCH 10/12] Added platform check for loki logging config --- .../roles/gitlab_runners/templates/gitlab_runners.hcl.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/playbooks/roles/gitlab_runners/templates/gitlab_runners.hcl.j2 b/playbooks/roles/gitlab_runners/templates/gitlab_runners.hcl.j2 index 2fa6d4a..fd65e95 100644 --- a/playbooks/roles/gitlab_runners/templates/gitlab_runners.hcl.j2 +++ b/playbooks/roles/gitlab_runners/templates/gitlab_runners.hcl.j2 @@ -23,9 +23,11 @@ job "{{ nomad_gitlab_runner_job_name }}" { volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ] + {% if 'aarch64' != ansible_architecture %} logging { - type = "loki" + type = "loki" } + {% endif %} } } task "gitlab-runner-register" { From 5ef70469aabfb337a685384a4cadf6290fa3fe7b Mon Sep 17 00:00:00 2001 From: Ewan Gilchrist Date: Mon, 20 Mar 2023 11:31:07 +0100 Subject: [PATCH 11/12] Remove mistakingly comitted test file --- playbooks/roles/gitlab_runners/test.hcl | 22 ---------------------- 1 file changed, 22 deletions(-) delete mode 100644 playbooks/roles/gitlab_runners/test.hcl diff --git a/playbooks/roles/gitlab_runners/test.hcl b/playbooks/roles/gitlab_runners/test.hcl deleted file mode 100644 index c8ae9cb..0000000 --- a/playbooks/roles/gitlab_runners/test.hcl +++ /dev/null @@ -1,22 +0,0 @@ -job "debug" { - datacenters = ["ewandc1"] - type = "service" - - constraint { - attribute = "${attr.kernel.name}" - value = "linux" - } - - group "gitlab-runner" { - count = 1 - task "test" { - driver = "exec" - config { - command = "" - #args = ["$user"] - } - } - } -} - - From d9d2721e8c9580bbab99adac1911638e6f9ed784 Mon Sep 17 00:00:00 2001 From: Ewan Gilchrist Date: Thu, 23 Mar 2023 12:45:45 +0100 Subject: [PATCH 12/12] Update Gitlab runner to include new LE Staging config --- playbooks/roles/gitlab_runners/defaults/main.yml | 5 +++++ playbooks/roles/gitlab_runners/tasks/main.yml | 6 ++++++ .../gitlab_runners/templates/gitlab_runners.hcl.j2 | 12 ++++++++++++ playbooks/roles/nomad/defaults/main.yml | 3 +++ 4 files changed, 26 insertions(+) diff --git a/playbooks/roles/gitlab_runners/defaults/main.yml b/playbooks/roles/gitlab_runners/defaults/main.yml index b31c904..632a9cd 100644 --- a/playbooks/roles/gitlab_runners/defaults/main.yml +++ b/playbooks/roles/gitlab_runners/defaults/main.yml @@ -1,4 +1,7 @@ nomad_gitlab_runner_job_name: gitlab_runners +gitlab_runners_enabled: false + + nomad_gitlab_runner_group_count: 3 nomad_gitlab_runner_job_resources: cpu: 1000 @@ -11,3 +14,5 @@ nomad_gitlab_runner_docker_network_mode: "host" nomad_gitlab_runner_shared_config_file_path: "/alloc/config.toml" nomad_gitlab_runner_container_ci_docker_image: "docker:20.10.16" +nomad_gitlab_runner_letsencrypt_staging_cert_path: "/alloc/gitlab_staging_cert.crt" + diff --git a/playbooks/roles/gitlab_runners/tasks/main.yml b/playbooks/roles/gitlab_runners/tasks/main.yml index 89fa0e2..22e399b 100644 --- a/playbooks/roles/gitlab_runners/tasks/main.yml +++ b/playbooks/roles/gitlab_runners/tasks/main.yml @@ -22,6 +22,12 @@ delay: 5 run_once: true + - name: Download Gitlab cert using OpenSSL + shell: + cmd: "openssl s_client -connect gitlab.{{ zone }}:443 2>/dev/null | openssl x509 -outform pem" + register: nomad_gitlab_letsencrypt_staging_cert_pem + when: nomad_letsencrypt_staging | bool + - name: spawn nomad job {{ nomad_gitlab_runner_job_name }} community.general.nomad_job: host: "nomad.service.consul" diff --git a/playbooks/roles/gitlab_runners/templates/gitlab_runners.hcl.j2 b/playbooks/roles/gitlab_runners/templates/gitlab_runners.hcl.j2 index fd65e95..df9fe88 100644 --- a/playbooks/roles/gitlab_runners/templates/gitlab_runners.hcl.j2 +++ b/playbooks/roles/gitlab_runners/templates/gitlab_runners.hcl.j2 @@ -39,6 +39,10 @@ job "{{ nomad_gitlab_runner_job_name }}" { "--non-interactive", "--config", "{{ nomad_gitlab_runner_shared_config_file_path }}", + {%- if nomad_letsencrypt_staging is true -%} + --tls-ca-file, + '{{ nomad_gitlab_runner_letsencrypt_staging_cert_path }}', + {%- endif -%} "--executor", "docker", "--docker-image", @@ -59,6 +63,14 @@ job "{{ nomad_gitlab_runner_job_name }}" { ] network_mode = "host" } + {%- if nomad_letsencrypt_staging is true -%} + template { + data = <