gitlab_ci_runner
: This module installs and configures Gitlab CI Runners.
gitlab_ci_runner::config
: Manages the configuration of Gitlab runnergitlab_ci_runner::install
: Manages the package of Gitlab runnergitlab_ci_runner::repo
: Manages the repository for Gitlab runnergitlab_ci_runner::service
: Manages the service of Gitlab runner
gitlab_ci_runner::runner
: This configures a Gitlab CI runner.
gitlab_ci_runner::register
: A function that registers a Gitlab runner on a Gitlab instance. Be careful, this will be triggered on noop runs as well!gitlab_ci_runner::register_to_file
: A function that registers a Gitlab runner on a Gitlab instance, if it doesn't already exist, and saves the retrieved authentication token tgitlab_ci_runner::to_toml
: Convert a data structure and output to TOML.gitlab_ci_runner::unregister
: A function that unregisters a Gitlab runner from a Gitlab instance. Be careful, this will be triggered on noop runs as well!gitlab_ci_runner::unregister_from_file
: A function that unregisters a Gitlab runner from a Gitlab instance, if the local token is there. This is meant to be used in conjunction with
Gitlab_ci_runner::Keyserver
: Type to match repo_keyserver Regex from: https://github.com/puppetlabs/puppetlabs-apt/blob/main/manifests/key.ppGitlab_ci_runner::Log_format
: Gitlab Runner log format configurationGitlab_ci_runner::Log_level
: Gitlab Runner log level configurationGitlab_ci_runner::Register
: A struct of all possible additionl options for gitlab_ci_runner::registerGitlab_ci_runner::Register_parameters
: A enum containing a possible keys used for Gitlab runner registrationsGitlab_ci_runner::Session_server
: Gitlab Runner session_server configuration
register_runner
: Registers a runner on a Gitlab instance.unregister_runner
: Unregisters a runner from a Gitlab instance.
This module installs and configures Gitlab CI Runners.
class { 'gitlab_ci_runner':
runners => {
example_runner => {
'registration-token' => 'gitlab-token',
'url' => 'https://gitlab.com',
'tag-list' => 'docker,aws',
},
},
}
The following parameters are available in the gitlab_ci_runner
class:
runners
runner_defaults
xz_package_name
concurrent
log_level
log_format
check_interval
shutdown_timeout
sentry_dsn
listen_address
session_server
manage_docker
install_method
binary_source
binary_path
manage_user
user
group
manage_repo
package_ensure
package_name
repo_base_url
repo_keyserver
config_path
config_owner
config_group
config_mode
manage_config_dir
config_dir_mode
http_proxy
ca_file
repo_keysource
package_keysource
package_gpgcheck
Data type: Hash
Hashkeys are used as $title in runners.pp. The subkeys have to be named as the parameter names from ´gitlab-runner register´ command cause they're later joined to one entire string using 2 hyphen to look like shell command parameters. See ´https://docs.gitlab.com/runner/register/#one-line-registration-command´ for details.
Default value: {}
Data type: Hash
A hash with defaults which will be later merged with $runners.
Default value: {}
Data type: String
The name of the 'xz' package. Needed for local docker installations.
Data type: Optional[Integer]
Limits how many jobs globally can be run concurrently. The most upper limit of jobs using all defined runners. 0 does not mean unlimited!
Default value: undef
Data type: Optional[Gitlab_ci_runner::Log_level]
Log level (options: debug, info, warn, error, fatal, panic). Note that this setting has lower priority than level set by command line argument --debug, -l or --log-level
Default value: undef
Data type: Optional[Gitlab_ci_runner::Log_format]
Log format (options: runner, text, json). Note that this setting has lower priority than format set by command line argument --log-format
Default value: undef
Data type: Optional[Integer]
Defines the interval length, in seconds, between new jobs check. The default value is 3; if set to 0 or lower, the default value will be used.
Default value: undef
Data type: Optional[Integer]
Number of seconds until the forceful shutdown operation times out and exits the process.
Default value: undef
Data type: Optional[String]
Enable tracking of all system level errors to sentry.
Default value: undef
Data type: Optional[Pattern[/.*:.+/]]
Address (:) on which the Prometheus metrics HTTP server should be listening.
Default value: undef
Data type: Optional[Gitlab_ci_runner::Session_server]
Session server lets users interact with jobs, for example, in the interactive web terminal.
Default value: undef
Data type: Boolean
If docker should be installs (uses the puppetlabs-docker).
Default value: false
Data type: Enum['repo', 'binary']
If repo or binary should be installed
Default value: 'repo'
Data type: Stdlib::HTTPUrl
URL to the binary file
Default value: 'https://s3.dualstack.us-east-1.amazonaws.com/gitlab-runner-downloads/latest/binaries/gitlab-runner-linux-amd64'
Data type: Stdlib::Absolutepath
Absolute path where to install gitlab_runner binary
Default value: '/usr/local/bin/gitlab-runner'
Data type: Boolean
If the user should be managed.
Default value: false
Data type: String[1]
The user to manage.
Default value: 'gitlab-runner'
Data type: String[1]
The group to manage.
Default value: $user
Data type: Boolean
If the repository should be managed.
Default value: true
Data type: String
The package 'ensure' state.
Default value: installed
Data type: String
The name of the package.
Default value: 'gitlab-runner'
Data type: Stdlib::HTTPUrl
The base repository url.
Default value: 'https://packages.gitlab.com'
Data type: Optional[Gitlab_ci_runner::Keyserver]
The keyserver which should be used to get the repository key.
Default value: undef
Data type: String
The path to the config file of Gitlab runner.
Default value: '/etc/gitlab-runner/config.toml'
Data type: String[1]
The user owning the config file. (and config directory if managed).
Default value: 'root'
Data type: String[1]
The group ownership assigned to the config file (and config directory if managed).
Default value: 'root'
Data type: Stdlib::Filemode
The file permissions applied to the config file.
Default value: '0444'
Data type: Boolean
Manage the parent directory of the config file.
Default value: false
Data type: Optional[Stdlib::Filemode]
The file permissions applied to the config directory.
Default value: undef
Data type: Optional[Stdlib::HTTPUrl]
An HTTP proxy to use whilst registering runners.
This setting is only used when registering or unregistering runners and will be used for all runners in the runners
parameter.
If you have some runners that need to use a proxy and others that don't, leave runners
and http_proxy
unset and declare gitlab_ci_runnner::runner
resources separately.
If you do need to use an http proxy, you'll probably also want to configure other aspects of your runners to use it, (eg. setting http_proxy
environment variables, pre-clone-script
, pre-build-script
etc.)
Exactly how you might need to configure your runners varies between runner executors and specific use-cases.
This module makes no attempt to automatically alter your runner configurations based on the value of this parameter.
More information on what you might need to configure can be found here
Default value: undef
Data type: Optional[Stdlib::Unixpath]
A file containing public keys of trusted certificate authorities in PEM format.
This setting is only used when registering or unregistering runners and will be used for all runners in the runners
parameter.
It can be used when the certificate of the gitlab server is signed using a CA
and when upon registering a runner the following error is shown:
certificate verify failed (self signed certificate in certificate chain)
Using the CA file solves #124.
The ca_file must exist. If it doesn't, Gitlab runner token generation will be skipped. Gitlab runner will not register until either the file exists or the ca_file parameter is not specified.
Default value: undef
Data type: Stdlib::HTTPSUrl
URL to the gpg file used to sign the apt packages
Default value: "${repo_base_url}/gpg.key"
Data type: Optional[Stdlib::HTTPSUrl]
Default value: undef
Data type: Boolean
Default value: true
This configures a Gitlab CI runner.
gitlab_ci_runner::runner { 'testrunner':
config => {
'url' => 'https://gitlab.com',
'token' => '123456789abcdefgh', # Note this is different from the registration token used by `gitlab-runner register`
'executor' => 'shell',
},
}
gitlab_ci_runner::runner { 'autoscale-runner':
config => {
url => 'https://gitlab.com',
token => 'RUNNER_TOKEN', # Note this is different from the registration token used by `gitlab-runner register`
name => 'autoscale-runner',
executor => 'docker+machine',
limit => 10,
docker => {
image => 'ruby:2.6',
},
machine => {
OffPeakPeriods => [
'* * 0-9,18-23 * * mon-fri *',
'* * * * * sat,sun *',
],
OffPeakIdleCount => 1,
OffPeakIdleTime => 1200,
IdleCount => 5,
IdleTime => 600,
MaxBuilds => 100,
MachineName => 'auto-scale-%s',
MachineDriver => 'digitalocean',
MachineOptions => [
'digitalocean-image=coreos-stable',
'digitalocean-ssh-user=core',
'digitalocean-access-token=DO_ACCESS_TOKEN',
'digitalocean-region=nyc2',
'digitalocean-size=4gb',
'digitalocean-private-networking',
'engine-registry-mirror=http://10.11.12.13:12345',
],
},
cache => {
'Type' => 's3',
s3 => {
ServerAddress => 's3-eu-west-1.amazonaws.com',
AccessKey => 'AMAZON_S3_ACCESS_KEY',
SecretKey => 'AMAZON_S3_SECRET_KEY',
BucketName => 'runner',
Insecure => false,
},
},
},
}
The following parameters are available in the gitlab_ci_runner::runner
defined type:
Data type: Hash
Hash with configuration options. See https://docs.gitlab.com/runner/configuration/advanced-configuration.html for all possible options. If you omit the 'name' configuration, we will automatically use the $title of this define class.
Data type: Enum['present', 'absent']
If the runner should be 'present' or 'absent'. Will add/remove the configuration from config.toml Will also register/unregister the runner.
Default value: 'present'
Data type: Optional[Stdlib::Unixpath]
A path to a file containing public keys of trusted certificate authorities in PEM format. Used during runner registration/unregistration only.
Default value: undef
Data type: Optional[Stdlib::HTTPUrl]
Default value: undef
Type: Ruby 4.x API
A function that registers a Gitlab runner on a Gitlab instance. Be careful, this will be triggered on noop runs as well!
puppet apply -e "notice(gitlab_ci_runner::register('https://gitlab.com', 'registration-token'))"
gitlab_ci_runner::register(Stdlib::HTTPUrl $url, String[1] $token, Optional[Gitlab_ci_runner::Register] $additional_options, Optional[Optional[Stdlib::Unixpath]] $ca_file)
A function that registers a Gitlab runner on a Gitlab instance. Be careful, this will be triggered on noop runs as well!
Returns: Struct[{ id => Integer[1], token => String[1], }]
Returns a hash with the runner id and authentcation token
puppet apply -e "notice(gitlab_ci_runner::register('https://gitlab.com', 'registration-token'))"
Data type: Stdlib::HTTPUrl
The url to your Gitlab instance. Please only provide the host part (e.g https://gitlab.com)
Data type: String[1]
Registration token.
Data type: Optional[Gitlab_ci_runner::Register]
A hash with all additional configuration options for that runner
Data type: Optional[Optional[Stdlib::Unixpath]]
An absolute path to a trusted certificate authority file.
Type: Ruby 4.x API
A function that registers a Gitlab runner on a Gitlab instance, if it doesn't already exist, and saves the retrieved authentication token to a file. This is helpful for Deferred functions.
gitlab_ci_runner::runner { 'testrunner':
config => {
'url' => 'https://gitlab.com',
'token' => Deferred('gitlab_ci_runner::register_runner_to_file', [$config['url'], $config['registration-token'], 'testrunner'])
'executor' => 'shell',
},
}
gitlab_ci_runner::register_to_file(String[1] $url, Variant[String[1], Sensitive[String[1]]] $regtoken, String[1] $runner_name, Optional[Hash] $additional_options, Optional[Optional[String[1]]] $proxy, Optional[Optional[String[1]]] $ca_file)
A function that registers a Gitlab runner on a Gitlab instance, if it doesn't already exist, and saves the retrieved authentication token to a file. This is helpful for Deferred functions.
Returns: String[1]
Returns the authentication token
gitlab_ci_runner::runner { 'testrunner':
config => {
'url' => 'https://gitlab.com',
'token' => Deferred('gitlab_ci_runner::register_runner_to_file', [$config['url'], $config['registration-token'], 'testrunner'])
'executor' => 'shell',
},
}
Data type: String[1]
The url to your Gitlab instance. Please only provide the host part (e.g https://gitlab.com)
Data type: Variant[String[1], Sensitive[String[1]]]
Registration token.
Data type: String[1]
The name of the runner. Use as identifier for the retrieved auth token.
Data type: Optional[Hash]
A hash with all additional configuration options for that runner
Data type: Optional[Optional[String[1]]]
The HTTP proxy to use when registering
Data type: Optional[Optional[String[1]]]
An absolute path to a trusted certificate authority file.
Type: Ruby 4.x API
Convert a data structure and output to TOML.
file { '/tmp/config.toml':
ensure => file,
content => to_toml($myhash),
}
The gitlab_ci_runner::to_toml function.
Returns: String
Converted data as TOML string
file { '/tmp/config.toml':
ensure => file,
content => to_toml($myhash),
}
Data type: Hash
Data structure which needs to be converted into TOML
Type: Ruby 4.x API
A function that unregisters a Gitlab runner from a Gitlab instance. Be careful, this will be triggered on noop runs as well!
puppet apply -e "notice(gitlab_ci_runner::unregister('https://gitlab.com', 'runner-auth-token'))"
gitlab_ci_runner::unregister(Stdlib::HTTPUrl $url, String[1] $token, Optional[Optional[Stdlib::Unixpath]] $ca_file)
A function that unregisters a Gitlab runner from a Gitlab instance. Be careful, this will be triggered on noop runs as well!
Returns: Struct[{ status => Enum['success'], }]
Returns a hash with the runner id and authentcation token
puppet apply -e "notice(gitlab_ci_runner::unregister('https://gitlab.com', 'runner-auth-token'))"
Data type: Stdlib::HTTPUrl
The url to your Gitlab instance. Please only provide the host part (e.g https://gitlab.com)
Data type: String[1]
Runners authentication token.
Data type: Optional[Optional[Stdlib::Unixpath]]
An absolute path to a trusted certificate authority file.
Type: Ruby 4.x API
A function that unregisters a Gitlab runner from a Gitlab instance, if the local token is there. This is meant to be used in conjunction with the gitlab_ci_runner::register_to_file function.
file { '/etc/gitlab-runner/auth-token-testrunner':
file => absent,
content => Deferred('gitlab_ci_runner::unregister_from_file', ['http://gitlab.example.org'])
}
gitlab_ci_runner::unregister_from_file(String[1] $url, String[1] $runner_name, Optional[Optional[String[1]]] $proxy, Optional[Optional[String[1]]] $ca_file)
A function that unregisters a Gitlab runner from a Gitlab instance, if the local token is there. This is meant to be used in conjunction with the gitlab_ci_runner::register_to_file function.
Returns: Any
file { '/etc/gitlab-runner/auth-token-testrunner':
file => absent,
content => Deferred('gitlab_ci_runner::unregister_from_file', ['http://gitlab.example.org'])
}
Data type: String[1]
The url to your Gitlab instance. Please only provide the host part (e.g https://gitlab.com)
Data type: String[1]
The name of the runner. Use as identifier for the retrived auth token.
Data type: Optional[Optional[String[1]]]
HTTP proxy to use when unregistering
Data type: Optional[Optional[String[1]]]
An absolute path to a trusted certificate authority file.
Type to match repo_keyserver Regex from: https://github.com/puppetlabs/puppetlabs-apt/blob/main/manifests/key.pp
Alias of Pattern[/\A((hkp|hkps|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?(\/[a-zA-Z\d\-_.]+)*\/?$/]
Gitlab Runner log format configuration
Alias of Enum['runner', 'text', 'json']
Gitlab Runner log level configuration
Alias of Enum['debug', 'info', 'warn', 'error', 'fatal', 'panic']
A struct of all possible additionl options for gitlab_ci_runner::register
Alias of
Struct[{
Optional[description] => String[1],
Optional[info] => Hash[String[1],String[1]],
Optional[active] => Boolean,
Optional[locked] => Boolean,
Optional[run_untagged] => Boolean,
Optional[tag_list] => Array[String[1]],
Optional[access_level] => Enum['not_protected', 'ref_protected'],
Optional[maximum_timeout] => Integer,
}]
A enum containing a possible keys used for Gitlab runner registrations
Alias of Enum['description', 'info', 'active', 'locked', 'run_untagged', 'run-untagged', 'tag_list', 'tag-list', 'access_level', 'access-level', 'maximum_timeout', 'maximum-timeout']
Gitlab Runner session_server configuration
Alias of
Struct[{
listen_address => String[1],
advertise_address => String[1],
session_timeout => Optional[Integer],
}]
Registers a runner on a Gitlab instance.
Supports noop? false
Data type: String[1]
The url to your Gitlab instance. Please only provide the host part (e.g https://gitlab.com)
Data type: String[1]
Registration token.
Data type: Optional[String[1]]
Runners description.
Data type: Optional[Hash]
Runners metadata.
Data type: Optional[Boolean]
Whether the Runner is active.
Data type: Optional[Boolean]
Whether the Runner should be locked for current project.
Data type: Optional[Boolean]
Whether the Runner should handle untagged jobs.
Data type: Optional[Array[String[1]]]
List of Runners tags.
Data type: Optional[Enum['not_protected', 'ref_protected']]
The access_level of the runner.
Data type: Optional[Integer[1]]
Maximum timeout set when this Runner will handle the job.
Unregisters a runner from a Gitlab instance.
Supports noop? false
Data type: String[1]
The url to your Gitlab instance. Please provide the host part only! (e.g https://gitlab.com)
Data type: String[1]
Runners authentication token.