Getting started
GitLab CI registration token
To register a Runner with your GitLab CI instance, you need to provide a personal API access token. It can be generated using the profile preferences of your GitLab user account.
Personal API access tokens are created for specific GitLab user accounts and
shouldn't be shared in the Ansible inventory or secrets managed by the
debops.secret Ansible role. The debops.gitlab_runner role checks
the $GITLAB_API_TOKEN
environment variable on the Ansible Controller to get
the token string and use it for registration.
For convenience, the token can be stored in the .env
configuration file
at the root of the DebOps project directory, which uses the dotenv
format.
Variables defined in this file will be automatically sourced in the execution
environment when the debops script is invoked. Users can check the
runtime environment by executing the command:
debops env
The .env
file is ignored by git and shouldn't be committed
into the project's version control.
To change the environment variable that holds the API access token, or save
the token in Ansible inventory, you can use the gitlab_runner__api_token
variable.
Initial configuration
By default, debops.gitlab_runner
will configure a single Runner instance
which uses a shell executor. If a Docker installation is detected via Ansible
local facts, the role will disable the shell executor and configure two Docker
executors - one unprivileged, and one privileged. The executors will have a set
of tags that identify them, shell executors will have additional tags that
describe the host's architecture, OS release, etc.
If the debops.lxc
role has been used to configure LXC support on the host,
the debops.gitlab_runner
will install the vagrant-lxc
package and
configure sudo support for it. Using a shell executor you can start
and stop Vagrant Boxes using LXC containers and execute commands inside them.
If the debops.libvirtd
role has been used to configure libvirt support on
the host, the debops.gitlab_runner
will install the vagrant-libvirt
package and configure sudo support for it. Using a shell executor
you can start and stop Vagrant Boxes using libvirt and execute commands inside
them.
The Runner instances can be configured with variables specified as the keys of the dictionary that holds the specific Runner configuration. If any required keys are not specified, the value of the global variable will be used instead.
Some of the variables will be added together (Docker volumes, for example), so that you can define a list of global values included in all of the Runner instances.
Environment variables
You can use gitlab_runner__environment
default variable to specify a custom
set of environment variables to configure in a GitLab Runner instance. You can
use the global variable, or set the environment at the instance level by
specifying it as item.environment
variable.
The environment variables can be specified in a different ways:
a single variable as a string:
gitlab_runner__environment: 'VARIABLE=value'
a list of environment variables:
gitlab_runner__environment: - 'VARIABLE1=value1' - 'VARIABLE2=value2'
a YAML dictionary with variable names as keys and their values as values:
gitlab_runner__environment: VARIABLE1: 'value1' VARIABLE2: 'value2'
Different specifications cannot be mixed together.
Example inventory
To install GitLab Runner service on a host, it needs to be added to the
[debops_service_gitlab_runner]
inventory host group:
[debops_service_gitlab_runner]
hostname
Example playbook
Here's an example playbook that can be used to enable and manage the GitLab Runner service on a set of hosts:
---
- name: Manage GitLab Runner service
collections: [ 'debops.debops', 'debops.roles01',
'debops.roles02', 'debops.roles03' ]
hosts: [ 'debops_service_gitlab_runner' ]
become: True
environment: '{{ inventory__environment | d({})
| combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}'
roles:
- role: keyring
tags: [ 'role::keyring', 'skip::keyring', 'role::gitlab_runner' ]
keyring__dependent_apt_keys:
- '{{ gitlab_runner__keyring__dependent_apt_keys }}'
- role: gitlab_runner
tags: [ 'role::gitlab_runner', 'skip::gitlab_runner' ]