mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
disable-oom-alert-on-build-machines
infrastructure/roles/gitlab_runner/tasks/main.yml

93 lines
4.1 KiB
YAML
Raw Permalink Blame History

- name: Install dependencies
pacman: name=docker,python-docker,python-gitlab,gitlab-runner state=present
notify: Restart gitlab-runner
- name: Install docker.slice
copy: src=docker.slice dest=/etc/systemd/system/ owner=root group=root mode=0644
notify: Systemd daemon-reload
- name: Start docker
systemd_service: name=docker enabled=yes state=started daemon_reload=yes
- name: Create /etc/docker directory
file: state=directory owner=root group=root mode=0755 path=/etc/docker
- name: Configure Docker daemon for IPv6
copy: src=daemon.json dest=/etc/docker/daemon.json owner=root group=root mode=0644
notify: Restart docker
# We want to give our gitlab-runners full IPv6 capabilities. Sadly, IPv6 and Docker aren't friends. :(
# https://medium.com/@skleeschulte/how-to-enable-ipv6-for-docker-containers-on-ubuntu-18-04-c68394a219a2
# https://github.com/docker/docker.github.io/blob/c0eb65aabe4de94d56bbc20249179f626df5e8c3/engine/userguide/networking/default_network/ipv6.md
# https://github.com/moby/moby/issues/36954
- name: Add IPv6 NAT for docker
ansible.posix.firewalld:
zone: public
permanent: true
state: enabled
immediate: true
rich_rule: rule family="ipv6" destination not address="fd00::1/80" source address="fd00::/80" masquerade
when: configure_firewall
tags:
- firewall
# Please register the runner with this command and save the token as a host var:
# gitlab-runner register \
# --non-interactive \
# --url=https://gitlab.archlinux.org/ \
# --docker-image=archlinux:latest \
# --tag-list=docker \ # Use docker,secure for secure runners and docker,secure-vm for secure VM runners
# --registration-token="{{ vault_gitlab_runner_registration_token }}" \
# --executor=docker \
# --description="{{ inventory_hostname }}" \
# --run-untagged=true \ # Use false for secure runners
# --locked=false \ # Use true for secure runners
# --access-level=not_protected # Use ref_protected for secure runners
# Note: Secure runners must be added manually to the relevant projects
- name: Install runner configuration
template: src=config.toml.j2 dest=/etc/gitlab-runner/config.toml owner=root group=root mode=0600
notify: Restart gitlab-runner
- name: Install gitlab-runner-docker-cleanup.{service,timer}
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
loop:
- gitlab-runner-docker-cleanup.service
- gitlab-runner-docker-cleanup.timer
notify:
- Restart gitlab-runner-docker-cleanup.timer
- name: Start and enable gitlab-runner-docker-cleanup.timer
systemd_service: name=gitlab-runner-docker-cleanup.timer state=started enabled=yes daemon_reload=yes
- name: Start and enable gitlab runner service
systemd_service: name=gitlab-runner state=started enabled=yes daemon_reload=yes
- name: Setup libvirt-executor
when: "'gitlab_vm_runners' in group_names"
block:
- name: Install libvirt-executor-fetch-image dependencies
pacman: name=rsop state=present
- name: Create libvirt-executor data directory
file: path=/usr/local/lib/libvirt-executor state=directory owner=root group=root mode=0755
- name: Install libvirt-executor
copy: src={{ item.src }} dest={{ item.dest }} owner=root group=root mode={{ item.mode }}
loop:
- {src: arch-boxes.asc, dest: /usr/local/lib/libvirt-executor/, mode: 644}
- {src: libvirt-executor, dest: /usr/local/bin/, mode: 755}
- {src: libvirt-executor-fetch-image, dest: /usr/local/bin/, mode: 755}
- name: Install libvirt-executor domain template
template: src=domain_template.xml.j2 dest=/usr/local/lib/libvirt-executor/domain_template.xml owner=root group=root mode=0644
- name: Install libvirt-executor-fetch-image.{service,timer}
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
loop:
- libvirt-executor-fetch-image.service
- libvirt-executor-fetch-image.timer
- name: Start and enable libvirt-executor-fetch-image.timer
systemd_service: name=libvirt-executor-fetch-image.timer state=started enabled=yes daemon_reload=yes
View Git Blame Copy Permalink