debops.gitlab_runner default variables
Sections
Package installation
- gitlab_runner__apt_upstream
Enable configuration of upstream GitLab Runner repository. Currently it's the only source of the required packages, but if you have downloaded them into your own APT repository, you can disable upstream using this variable.
gitlab_runner__apt_upstream: True
- gitlab_runner__apt_key
GPG key which signs the upstream APT repository package list.
gitlab_runner__apt_key: 'F6403F6544A38863DAA0B6E03F01618A51312F3F'
- gitlab_runner__apt_repo
APT sources.list
configuration of the upstream GitLab Runner repository.
gitlab_runner__apt_repo: 'deb https://packages.gitlab.com/runner/gitlab-runner/{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} main'
- gitlab_runner__base_packages
List of APT packages which will be installed by the role.
gitlab_runner__base_packages:
- 'gitlab-runner'
- '{{ ["vagrant-libvirt", "libguestfs-tools", "busybox", "patch"]
if gitlab_runner__vagrant_libvirt | bool
else [] }}'
- '{{ "vagrant-lxc" if gitlab_runner__vagrant_lxc | bool else [] }}'
- gitlab_runner__packages
List of additional APT packages to install with GitLab Runner.
gitlab_runner__packages: []
User, group, home directory
- gitlab_runner__user
System user account which will be used to run GitLab Runner jobs.
gitlab_runner__user: 'gitlab-runner'
- gitlab_runner__group
System group which will be used to run GitLab Runner jobs.
gitlab_runner__group: 'gitlab-runner'
- gitlab_runner__additional_groups
List of additional groups to which add the GitLab Runner user account, specified as dictionaries. Missing groups will be added automatically. Dictionary keys used by this variable:
name
: required, name of the group.system
: optional, bool. IfTrue
, the group will be a system group.
System groups have GID < 1000. If system
key is not specified, the value
of gitlab_runner__system
is used instead.
gitlab_runner__additional_groups: []
- gitlab_runner__system
If True
, the created user and groups will have UID and GID < 1000 and
will be considered "local" user and groups.
gitlab_runner__system: True
- gitlab_runner__home
Home directory of the GitLab Runner user.
gitlab_runner__home: '{{ (ansible_local.fhs.home | d("/var/local"))
+ "/" + gitlab_runner__user }}'
- gitlab_runner__comment
Comment or GECOS field set on the GitLab Runner account.
gitlab_runner__comment: 'GitLab Runner'
- gitlab_runner__shell
Default shell used by the GitLab Runner user account.
gitlab_runner__shell: '/bin/bash'
Global configuration
- gitlab_runner__concurrent
Global number of jobs that can run concurrently on all configured runners.
gitlab_runner__concurrent: '{{ ansible_processor_vcpus
if (ansible_local | d() and
ansible_local.docker_server | d() and
(ansible_local.docker_server.installed | d()) | bool)
else "1" }}'
- gitlab_runner__domain
The default domain used in different places of the role.
gitlab_runner__domain: '{{ ansible_domain }}'
- gitlab_runner__fqdn
The Fully Qualified Domain Name of the GitLab Runner host.
gitlab_runner__fqdn: '{{ ansible_fqdn }}'
- gitlab_runner__gitlab_srv_rr
List which contains the result of the DNS query for Gitlab server SRV
resource records in the host's domain. See RFC 2782 for details.
If there are no resource records, the role checks if a local Gitlab
installation is present and uses the host FQDN as the Gitlab API server
address. Finally, code.<domain>
is used as a fallback.
gitlab_runner__gitlab_srv_rr: '{{ q("debops.debops.dig_srv", "_gitlab._tcp." + gitlab_runner__domain,
ansible_fqdn
if (ansible_local | d() and ansible_local.gitlab | d() and
(ansible_local.gitlab.installed | d()) | bool)
else ("code." + gitlab_runner__domain), 443) }}'
- gitlab_runner__api_fqdn
The Fully Qualified Domain Name (FQDN) of the GitLab CI host which will control the runner operation.
The use of the FQDN instead of localhost
is required for X.509
certificate verification and for correct information in system logs.
gitlab_runner__api_fqdn: '{{ gitlab_runner__gitlab_srv_rr[0]["target"] }}'
- gitlab_runner__api_url
The HTTP API endpoint of the GitLab CI server. The role will check if the API server is available before trying to use it.
gitlab_runner__api_url: 'https://{{ gitlab_runner__api_fqdn }}/'
- gitlab_runner__api_token
The personal GitLab API access token used to register or remove the runners in GitLab. You can generate an access token in GitLab "User Settings", "Access Tokens" configuration page.
gitlab_runner__api_token: '{{ lookup("env", "GITLAB_API_TOKEN") }}'
- gitlab_runner__runner_type
The scope of the runner.
It can be one of the following values: instance_type
,
group_type
or project_type
gitlab_runner__runner_type: 'instance_type'
- gitlab_runner__group_id
The ID of the group that the runner is created in.
Required if gitlab_runner__runner_type
is group_type
.
gitlab_runner__group_id: ~
- gitlab_runner__project_id
The ID of the project that the runner is created in.
Required if gitlab_runner__runner_type
is project_type
.
gitlab_runner__project_id: ~
- gitlab_runner__executor
Default "executor" used by the runners.
gitlab_runner__executor: 'shell'
- gitlab_runner__metrics_server
The embedded Prometheus metrics server listener configuration in format:
[host]:<port>
.
gitlab_runner__metrics_server: ''
- gitlab_runner__environment
A set of custom environment variables added to each GitLab Runner. See Environment variables for more details.
gitlab_runner__environment: {}
GitLab Runner instances
GitLab Runner instances are configured as separate dictionary entries. Each
entry supports keys of the same name as most of the default variables with
gitlab_runner__
stripped, for example item.docker_volumes
instead of
gitlab_runner__docker_volumes
. If a key is not specified, a default value
will be used if configured on the role level.
An instance requires at least an item.name
key, which is used as the
Runner instance description. The item.state
key can be used to delete an
instance, when it's set to absent
.
- gitlab_runner__default_instances
List of default GitLab Runner instances.
gitlab_runner__default_instances:
- name: '{{ ansible_hostname + "-shell" }}'
executor: 'shell'
run_untagged: False
state: '{{ "absent"
if (ansible_local | d() and ansible_local.docker_server | d() and
(ansible_local.docker_server.installed | d()) | bool)
else "present" }}'
- name: '{{ ansible_hostname + "-docker" }}'
executor: 'docker'
tags: [ 'docker' ]
state: '{{ "present"
if (ansible_local | d() and ansible_local.docker_server | d() and
(ansible_local.docker_server.installed | d()) | bool)
else "absent" }}'
- name: '{{ ansible_hostname + "-docker-root" }}'
executor: 'docker'
concurrent: '{{ ansible_processor_vcpus }}'
docker_privileged: True
run_untagged: False
tags: [ 'docker-privileged' ]
state: '{{ "present"
if (ansible_local | d() and ansible_local.docker_server | d() and
(ansible_local.docker_server.installed | d()) | bool)
else "absent" }}'
- gitlab_runner__instances
Global list of GitLab Runner instances.
gitlab_runner__instances: []
- gitlab_runner__group_instances
List of GitLab Runner instances in Ansible host group.
gitlab_runner__group_instances: []
- gitlab_runner__host_instances
List of GitLab Runner instances on a particular host.
gitlab_runner__host_instances: []
Custom file upload
- gitlab_runner__custom_files
List of custom files to upload to GitLab Runner host. Each entry is
a dictionary with keys the same as the copy
module options.
This list is meant to be configured for all hosts.
gitlab_runner__custom_files: []
- gitlab_runner__group_custom_files
List of custom files to upload to GitLab Runner host. Each entry is
a dictionary with keys the same as the copy
module options.
This list is meant to be configured for a group of hosts.
gitlab_runner__group_custom_files: []
- gitlab_runner__host_custom_files
List of custom files to upload to GitLab Runner host. Each entry is
a dictionary with keys the same as the copy
module options.
This list is meant to be configured for specific hosts.
gitlab_runner__host_custom_files: []
Shell executor configuration
These variables control what features are configured on the GitLab Runner host to use by the shell executor.
- gitlab_runner__vagrant_libvirt
Enable or disable support for Vagrant libvirt plugin (configuration of this support also implies installation of vagrant on the GitLab Runner host).
Enabling Vagrant libvirt will add the gitlab-runner
UNIX account to the
libvirt
and kvm
UNIX groups, required for libvirt access by Vagrant.
gitlab_runner__vagrant_libvirt: '{{ True
if (ansible_local | d() and ansible_local.libvirtd | d() and
(ansible_local.libvirtd.installed | d()) | bool and
(ansible_distribution_release not in
["trusty"]))
else False }}'
- gitlab_runner__vagrant_libvirt_patch
Patch vagrant-libvirt
source code to fix an issue with removed SSH host
keys that prevent interaction with Vagrant VMs.
See the patch file in files/patches/
directory for more details.
gitlab_runner__vagrant_libvirt_patch: '{{ True
if (gitlab_runner__vagrant_libvirt | bool and
ansible_distribution_release in
["stretch", "buster"])
else False }}'
- gitlab_runner__vagrant_libvirt_patch_state
Select the state of the custom vagrant-libvirt
patches managed by this
role. If the state is present
, the patches will be applied on the host;
the absent
state will remove them and restore the source to its original
state.
gitlab_runner__vagrant_libvirt_patch_state: 'present'
- gitlab_runner__vagrant_lxc
Enable or disable support for Vagrant LXC plugin (configuration of this support also implies installation of vagrant on the GitLab Runner host). Enabling Vagrant LXC will give limited sudo access for the GitLab Runner UNIX account to allow access to LXC commands.
gitlab_runner__vagrant_lxc: '{{ True
if (ansible_local | d() and ansible_local.lxc | d() and
(ansible_local.lxc.installed | d()) | bool and
(ansible_distribution_release not in
["trusty"]))
else False }}'
SSH key and host management
- gitlab_runner__ssh_generate
Generate ~/.ssh/id_rsa
SSH private and public key if it doesn't exist.
The generated SSH key does not contain a passhprase so that it can be used
non-interactively by gitlab-runner
daemon.
gitlab_runner__ssh_generate: False
- gitlab_runner__ssh_generate_bits
Size of the generated SSH key.
gitlab_runner__ssh_generate_bits: '4096'
- gitlab_runner__ssh_install_to
List of hosts which should have the gitlab-runner
SSH key installed using
a delegate_to
Ansible mechanism and authorized_key
module. Ansible
will use connection information available in inventory to reach hosts. Each entry
is a dictionary with keys:
host
: the host address, it should be accessible to Ansible Controlleruser
: user account which should will have the SSH key installedoptions
: SSHauthorized_keys
options to set for a given keybecome
: whether or not to use become once connected
gitlab_runner__ssh_install_to: []
- gitlab_runner__ssh_known_hosts
List of host names which SSH host fingerprints should be scanned and added to
the ~/.ssh/known_hosts
file of the gitlab-runner
account. This should
allow git clone
commands over SSH.
gitlab_runner__ssh_known_hosts: [ '{{ gitlab_runner__fqdn }}' ]
SSH executor configuration
You should refer to SSH executor documentation for information about what can be configured and the required syntax.
- gitlab_runner__ssh_host
FQDN host where SSH executor should connect to, unless overridden in the runner instance configuration.
gitlab_runner__ssh_host: ''
- gitlab_runner__ssh_port
Port to use by the SSH executor.
gitlab_runner__ssh_port: '22'
- gitlab_runner__ssh_user
Username which the SSH executor should use to connect to the remote host.
gitlab_runner__ssh_user: ''
- gitlab_runner__ssh_identity_file
Absolute path to the SSH identity file stored on the remote host which should be used by the SSH executor to connect to the ssh host.
gitlab_runner__ssh_identity_file: ''
- gitlab_runner__ssh_password
Password which should be used by the SSH executor to connect to the host. This password is only used for SSH authentication, normally you should use an identity file instead.
gitlab_runner__ssh_password: ''
Docker executor configuration
You should refer to the Docker executor documentation for information about what can be configured and what's the specific syntax of each option.
- gitlab_runner__docker_host
Specify the FQDN hostname of the remote Docker host. If nothing is specified, local Docker instance is used.
gitlab_runner__docker_host: ''
- gitlab_runner__docker_tls_cert_path
Path to a directory with X.509 certificate, private key and CA certificate used to authenticate to a remote Docker instance.
gitlab_runner__docker_tls_cert_path: ''
- gitlab_runner__docker_image
Name of the Docker image to use for containers.
gitlab_runner__docker_image: 'debian'
- gitlab_runner__docker_privileged
Enable or disable execution of Docker containers in privileged mode.
gitlab_runner__docker_privileged: False
- gitlab_runner__docker_disable_cache
Enable or disable use of cache by Docker.
gitlab_runner__docker_disable_cache: False
- gitlab_runner__docker_cache_dir
Directory with Docker cache data.
gitlab_runner__docker_cache_dir: ''
- gitlab_runner__docker_cap_add
Specify list of POSIX capabilities to add to a container.
gitlab_runner__docker_cap_add: []
- gitlab_runner__docker_cap_drop
Specify list of POSIX capabilities to drop from a container.
gitlab_runner__docker_cap_drop: [ 'NET_ADMIN', 'SYS_ADMIN', 'DAC_OVERRIDE' ]
- gitlab_runner__docker_devices
List of devices to add to a Docker container.
gitlab_runner__docker_devices: []
- gitlab_runner__docker_extra_hosts
List of additional /etc/hosts
entries to set in a Docker container.
gitlab_runner__docker_extra_hosts: []
- gitlab_runner__docker_links
List of other containers to link to a given container.
gitlab_runner__docker_links: []
- gitlab_runner__docker_services
List of other services enabled in a container.
gitlab_runner__docker_services: []
- gitlab_runner__docker_volumes
List of volumes mounted in a container.
gitlab_runner__docker_volumes: []
- gitlab_runner__docker_allowed_images
Specify a wildcard list of images which can be listed in a .gitlab-ci.yml
file and are allowed to be used.
gitlab_runner__docker_allowed_images: []
- gitlab_runner__docker_allowed_services
Specify a wildcard list of services which can be listed in
a .gitlab-ci.yml
file and are allowed to be used.
gitlab_runner__docker_allowed_services: []
Docker Machine and autoscaling
You should refer to the GitLab Runner autoscaling documentation for information about what can be configured and what's the specific syntax of each option.
- gitlab_runner__machine_idle_count
Number of machines, that need to be created and waiting in Idle state.
gitlab_runner__machine_idle_count: '{{ ansible_processor_cores }}'
- gitlab_runner__machine_idle_time
Time (in seconds) for machine to be in Idle state before it is removed.
gitlab_runner__machine_idle_time: '600'
- gitlab_runner__machine_max_builds
Builds count after which machine will be removed.
gitlab_runner__machine_max_builds: '100'
- gitlab_runner__machine_name
Name of the machine. It must contain %s
, which will be replaced with
a unique machine identifier.
gitlab_runner__machine_name: 'auto-scale-%s.{{ gitlab_runner__domain }}'
- gitlab_runner__machine_driver
Docker Machine "driver" to use. You should refer to Docker Machine documentation for more information about supported drivers.
gitlab_runner__machine_driver: 'generic'
- gitlab_runner__machine_offpeakperiods
Autoscale can be configured with the support for Off Peak time mode periods. Time periods when the scheduler is in the OffPeak mode.You should refer to Gitlab Runner Advanced configuration documentation for more information about OffPeakPeriods syntax.
gitlab_runner__machine_offpeakperiods: ["* * 0-7,19-23 * * mon-fri *", "* * * * * sat,sun *"]
- gitlab_runner__machine_offpeakidlecount
Like IdleCount, but for Off Peak time periods.
gitlab_runner__machine_offpeakidlecount: 0
- gitlab_runner__machine_offpeakidletime
Like IdleTime, but for Off Peak time mperiods.
gitlab_runner__machine_offpeakidletime: 1200
- gitlab_runner__machine_options
List of options to pass to Docker Machine. See the GitLab Runner autoscaling documentation for more details.
gitlab_runner__machine_options: []
Distributed cache configuration
You should refer to the GitLab Runner cache documentation for information about what can be configured and what's the specific syntax of each option.
- gitlab_runner__cache
Enable the support for distributed cache.
gitlab_runner__cache: False
- gitlab_runner__cache_type
Select the cache type. Currently only s3
is supported.
gitlab_runner__cache_type: 's3'
- gitlab_runner__cache_server_address
Specify the cache server address.
gitlab_runner__cache_server_address: ''
- gitlab_runner__cache_access_key
Specify the cache access key.
gitlab_runner__cache_access_key: ''
- gitlab_runner__cache_secret_key
Specify the cache secret key.
gitlab_runner__cache_secret_key: ''
- gitlab_runner__cache_bucket_name
Name of the S3 bucket to use for the cache.
gitlab_runner__cache_bucket_name: ''
- gitlab_runner__cache_bucket_location
Cache bucket location
gitlab_runner__cache_bucket_location: ''
- gitlab_runner__cache_insecure
Enable or disable connections to the S3 service over HTTP instead of HTTPS.
gitlab_runner__cache_insecure: False
Enables cache sharing between runners.
gitlab_runner__cache_shared: False
- gitlab_runner__run_untagged
Enable or disable running untagged jobs.
gitlab_runner__run_untagged: True
Configuration for other Ansible roles
- gitlab_runner__keyring__dependent_apt_keys
Configuration for the debops.keyring Ansible role.
gitlab_runner__keyring__dependent_apt_keys:
- id: '{{ gitlab_runner__apt_key }}'
repo: '{{ gitlab_runner__apt_repo }}'
state: '{{ "present" if gitlab_runner__apt_upstream | bool else "absent" }}'