rework for new runner registration method

Signed-off-by: Nicolas Froger <nico@cri.epita.fr>

rework for new runner registration method
Signed-off-by: Nicolas Froger <nico@cri.epita.fr>
b43b9fed · Nicolas Froger · ec26994a · b43b9fed · b43b9fed · b43b9fed
Verified Commit b43b9fed authored 1 year ago by Nicolas Froger
--- a/defaults/main.yml
+++ b/defaults/main.yml
 ---

-gitlab_runner_version: '13.9.0'
+gitlab_runner_version: '16.8.0'

 gitlab_runner_concurrent: "{{ ansible_processor_vcpus }}"
 gitlab_runner_check_interval: 3
-gitlab_runner_log_level: 'warn'
+gitlab_runner_log_level: warn

 gitlab_runner_session_timeout: 1800

@@ -25,8 +25,8 @@ gitlab_runner_default:
  docker:
    activate_dind: false
    dind_type: service  # you can choose between `service` and `socket`
-    dind_version: "19.03.12-dind"
-    image: "alpine:3.12.0"
+    dind_version: "25.0.3-dind"
+    image: "alpine:3.19"
    privileged: "false"
    disable_entrypoint_overwrite: "true"
    disable_oom_kill: "false"

--- a/files/gitlab_runners.fact
+++ b/files/gitlab_runners.fact
@@ -9,7 +9,11 @@ regex_token = re.compile(r"=([a-zA-Z0-9-_]+)")
 regex_status = re.compile(r"[.][.][.] (is )?([a-z]+)")


-output = subprocess.check_output(["gitlab-runner", "verify"], stderr=subprocess.STDOUT)
+output = subprocess.run(
+    ["gitlab-runner", "verify", "--delete"],
+    stdout=subprocess.PIPE,
+    stderr=subprocess.STDOUT,
+).stdout
 output = output.splitlines()

 config = toml.load("/etc/gitlab-runner/config.toml")
@@ -22,13 +26,34 @@ output = output[3:]
 runners = []

 for runner in config["runners"]:
-    runners.append({"name": runner["name"], "url": runner["url"], "auth_token": runner["token"], "registered": False})
+    runners.append(
+        {
+            "name": runner["name"],
+            "url": runner["url"],
+            "auth_token": runner["token"],
+            "registered": False,
+        }
+    )

 for line in output:
    match_tok = regex_token.search(line.decode("utf8"))
    match_status = regex_status.search(line.decode("utf8"))

-    runner = next(r for r in runners if r["auth_token"][:8] == match_tok.group(1))
+    runner = next(
+        (
+            r
+            for r in runners
+            if (
+                r["auth_token"][5:14]
+                if r["auth_token"].startswith("glrt-")
+                else r["auth_token"][:8]
+            )
+            == match_tok.group(1)
+        ),
+        None,
+    )
+    if runner is None:
+        continue
    runner["registered"] = True
    runner["status"] = match_status.group(2)


--- a/tasks/install_gitlab_repo.yml
+++ b/tasks/install_gitlab_repo.yml
 ---

- name: Install dependencies
-  package:
-    name: gpg
+- name: Install dependencies for installation with apt
+  ansible.builtin.apt:
+    pkg:
+      - gpg
+      - apt-transport-https
    state: present

- name: Install packagecloud.io gpg key
-  apt_key:
+- name: Install GitLab GPG key
+  ansible.builtin.apt_key:
    id: 3F01618A51312F3F
    url: https://packages.gitlab.com/runner/gitlab-runner/gpgkey
    state: present

 - name: Add apt repository
-  apt_repository:
+  ansible.builtin.apt_repository:
    repo: "deb https://packages.gitlab.com/runner/gitlab-runner/{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} main"  # yamllint disable-line rule:line-length
    state: present


--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -3,93 +3,65 @@
 - import_tasks: install_gitlab_repo.yml

 - name: APT pinning for debian
-  copy:
+  ansible.builtin.copy:
    src: pin-gitlab-runner.pref
-    dest: '/etc/apt/preferences.d/pin-gitlab-runner.pref'
+    dest: /etc/apt/preferences.d/pin-gitlab-runner.pref
    mode: 0644
  when: ansible_distribution == 'Debian'

 - name: Install gitlab runner
-  apt:
+  ansible.builtin.apt:
    name: "gitlab-runner={{ gitlab_runner_version }}"
    update_cache: true
-  when: ansible_distribution != 'Debian'
-
- name: Install gitlab runner with skel disabled
-  apt:
-    name: "gitlab-runner={{ gitlab_runner_version }}"
-    update_cache: true
-  environment:
-    GITLAB_RUNNER_DISABLE_SKEL: true
-  when: ansible_distribution == 'Debian'

 - name: Make sure that Ansible fact directory exists
-  file:
-    path: '/etc/ansible/facts.d'
-    state: 'directory'
-    owner: 'root'
-    group: 'root'
-    mode: '0755'
+  ansible.builtin.file:
+    path: /etc/ansible/facts.d
+    state: directory
+    owner: root
+    group: root
+    mode: "0755"

 - name: Install fact script dependencies
-  apt:
+  ansible.builtin.apt:
    name: "python3-toml"

 - name: Copy Ansible fact file
-  copy:
+  ansible.builtin.copy:
    src: gitlab_runners.fact
-    dest: '/etc/ansible/facts.d/gitlab_runners.fact'
-    mode: u+rx,g+rx
+    dest: /etc/ansible/facts.d/gitlab_runners.fact
+    owner: root
+    group: root
+    mode: "0754"
+
+- name: Generate runner configuration
+  ansible.builtin.template:
+    src: config.toml.j2
+    dest: '/etc/gitlab-runner/config.toml'
+    owner: root
+    group: root
+    mode: 0600

 - name: Gather Gitlab runners facts if not gathered
-  setup:
-    filter: "ansible_local"
+  ansible.builtin.setup:
+    filter:
+      - ansible_local
  when: ansible_local.gitlab_runners is undefined

- name: Register missing runners
-  uri:
-    url: "{{ item.url }}/api/v4/runners"
-    method: POST
-    body_format: form-urlencoded
-    body:
-      token: "{{ item.reg_token }}"
-      description: "{{ item.name }}"
-      active: "true"
-    status_code: 201
-    return_content: true
-  loop: "{{ gitlab_runners | default([], true) }}"
-  when: not (ansible_local.gitlab_runners | json_query(query))
-  vars:
-    query: |
-      [? name==`{{ item.name }}` && url==`{{ item.url }}` && registered==`true`]
-  register: gitlab_runner_auth
-
 - name: Unregister not present runners
-  uri:
-    url: "{{ item.url }}/api/v4/runners"
-    method: DELETE
-    body_format: form-urlencoded
-    body:
-      token: "{{ item.auth_token }}"
-      description: "{{ item.name }}"
-      active: "true"
-    status_code: 204
-    return_content: true
+  ansible.builtin.command:
+    argv:
+      - gitlab-runner
+      - unregister
+      - --name
+      - "{{ item.name }}"
  loop: "{{ ansible_local.gitlab_runners | default([], true) }}"
  when: not (gitlab_runners | json_query(query))
  vars:
    query: '[? name==`{{ item.name }}` && url==`{{ item.url }}`]'

- name: Generate runner configuration
-  template:
-    src: config.toml.j2
-    dest: '/etc/gitlab-runner/config.toml'
-    owner: root
-    group: root
-    mode: 0600
-
 - name: Set cron commands and names
-  set_fact:
+  ansible.builtin.set_fact:
    cron_prune_volumes:
      name: "prune unused docker volumes"
      job: "docker volume prune -f"
@@ -98,7 +70,7 @@
      job: "docker system prune -f -a"

 - name: Add cronjob for pruning docker volumes every 6 hours
-  cron: "{{ cron_prune_volumes | combine(gitlab_runner_prune_volumes_cron) | from_yaml }}"  # yamllint disable-line rule:line-length
+  ansible.builtin.cron: "{{ cron_prune_volumes | combine(gitlab_runner_prune_volumes_cron) | from_yaml }}"  # yamllint disable-line rule:line-length

 - name: Add cronjob for pruning docker images at 3am
-  cron: "{{ cron_prune_images | combine(gitlab_runner_prune_images_cron) | from_yaml }}"  # yamllint disable-line rule:line-length
+  ansible.builtin.cron: "{{ cron_prune_images | combine(gitlab_runner_prune_images_cron) | from_yaml }}"  # yamllint disable-line rule:line-length
--- a/templates/config.toml.j2
+++ b/templates/config.toml.j2
 #jinja2: trim_blocks: True, lstrip_blocks: True

 {%- set runners = []                                                                  -%}
-{%- for gitlab_runner in (gitlab_runners | default([], true))                         -%}
-{%-   set runner = gitlab_runner.copy()                                               -%}
-{%-   for fact in ansible_local.gitlab_runners                                        -%}
-{%-     if fact.name == runner.name and fact.url == runner.url                        -%}
-{%-       set _ = runner.__setitem__("token", fact.auth_token)                        -%}
-{%-     endif                                                                         -%}
-{%-   endfor                                                                          -%}
-{%-   if runner.token is not defined                                                  -%}
-{%-     for result in gitlab_runner_auth.results                                      -%}
-{%-       if result.item.name == runner.name and result.item.url == runner.url        -%}
-{%-         set _ = runner.__setitem__("token", result.json.token)                    -%}
-{%-       endif                                                                       -%}
-{%-     endfor                                                                        -%}
-{%-   endif                                                                           -%}
+{%- for runner in (gitlab_runners | default([], true))                                -%}
 {%-   set _ = runners.append(gitlab_runner_default | combine(runner, recursive=True)) -%}
 {%- endfor                                                                            -%}

-
-concurrent = {{ gitlab_runner_concurrent | default(ansible_processor_vcpus) }}
-check_interval = {{ gitlab_runner_check_interval | default(3) }}
-log_level = "{{ gitlab_runner_log_level | default('warn') }}"
+concurrent = {{ gitlab_runner_concurrent }}
+check_interval = {{ gitlab_runner_check_interval }}
+log_level = "{{ gitlab_runner_log_level }}"

 [session_server]
-  session_timeout = {{ gitlab_runner_session_timeout | default(1800) }}
+  session_timeout = {{ gitlab_runner_session_timeout }}

 {% for runner in runners %}
 [[runners]]