diff --git a/REFERENCE.md b/REFERENCE.md
index 20529cd..7cd85e7 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -19,24 +19,24 @@
### Defined types
-* [`gitlab_ci_runner::runner`](#gitlab_ci_runnerrunner): This configures a Gitlab CI runner.
+* [`gitlab_ci_runner::runner`](#gitlab_ci_runner--runner): This configures a Gitlab CI runner.
### Functions
-* [`gitlab_ci_runner::register`](#gitlab_ci_runnerregister): A function that registers a Gitlab runner on a Gitlab instance. Be careful, this will be triggered on noop runs as well!
-* [`gitlab_ci_runner::register_to_file`](#gitlab_ci_runnerregister_to_file): A function that registers a Gitlab runner on a Gitlab instance, if it doesn't already exist, _and_ saves the retrieved authentication token t
-* [`gitlab_ci_runner::to_toml`](#gitlab_ci_runnerto_toml): Convert a data structure and output to TOML.
-* [`gitlab_ci_runner::unregister`](#gitlab_ci_runnerunregister): A function that unregisters a Gitlab runner from a Gitlab instance. Be careful, this will be triggered on noop runs as well!
-* [`gitlab_ci_runner::unregister_from_file`](#gitlab_ci_runnerunregister_from_file): A function that unregisters a Gitlab runner from a Gitlab instance, if the local token is there. This is meant to be used in conjunction with
+* [`gitlab_ci_runner::register`](#gitlab_ci_runner--register): A function that registers a Gitlab runner on a Gitlab instance. Be careful, this will be triggered on noop runs as well!
+* [`gitlab_ci_runner::register_to_file`](#gitlab_ci_runner--register_to_file): A function that registers a Gitlab runner on a Gitlab instance, if it doesn't already exist, _and_ saves the retrieved authentication token t
+* [`gitlab_ci_runner::to_toml`](#gitlab_ci_runner--to_toml): Convert a data structure and output to TOML.
+* [`gitlab_ci_runner::unregister`](#gitlab_ci_runner--unregister): A function that unregisters a Gitlab runner from a Gitlab instance. Be careful, this will be triggered on noop runs as well!
+* [`gitlab_ci_runner::unregister_from_file`](#gitlab_ci_runner--unregister_from_file): A function that unregisters a Gitlab runner from a Gitlab instance, if the local token is there. This is meant to be used in conjunction with
### Data types
-* [`Gitlab_ci_runner::Keyserver`](#gitlab_ci_runnerkeyserver): Type to match repo_keyserver Regex from: https://github.com/puppetlabs/puppetlabs-apt/blob/main/manifests/key.pp
-* [`Gitlab_ci_runner::Log_format`](#gitlab_ci_runnerlog_format): Gitlab Runner log format configuration
-* [`Gitlab_ci_runner::Log_level`](#gitlab_ci_runnerlog_level): Gitlab Runner log level configuration
-* [`Gitlab_ci_runner::Register`](#gitlab_ci_runnerregister): A struct of all possible additionl options for gitlab_ci_runner::register
-* [`Gitlab_ci_runner::Register_parameters`](#gitlab_ci_runnerregister_parameters): A enum containing a possible keys used for Gitlab runner registrations
-* [`Gitlab_ci_runner::Session_server`](#gitlab_ci_runnersession_server): Gitlab Runner session_server configuration
+* [`Gitlab_ci_runner::Keyserver`](#Gitlab_ci_runner--Keyserver): Type to match repo_keyserver Regex from: https://github.com/puppetlabs/puppetlabs-apt/blob/main/manifests/key.pp
+* [`Gitlab_ci_runner::Log_format`](#Gitlab_ci_runner--Log_format): Gitlab Runner log format configuration
+* [`Gitlab_ci_runner::Log_level`](#Gitlab_ci_runner--Log_level): Gitlab Runner log level configuration
+* [`Gitlab_ci_runner::Register`](#Gitlab_ci_runner--Register): A struct of all possible additionl options for gitlab_ci_runner::register
+* [`Gitlab_ci_runner::Register_parameters`](#Gitlab_ci_runner--Register_parameters): A enum containing a possible keys used for Gitlab runner registrations
+* [`Gitlab_ci_runner::Session_server`](#Gitlab_ci_runner--Session_server): Gitlab Runner session_server configuration
### Tasks
@@ -69,32 +69,32 @@ class { 'gitlab_ci_runner':
The following parameters are available in the `gitlab_ci_runner` class:
-* [`runners`](#runners)
-* [`runner_defaults`](#runner_defaults)
-* [`xz_package_name`](#xz_package_name)
-* [`concurrent`](#concurrent)
-* [`log_level`](#log_level)
-* [`log_format`](#log_format)
-* [`check_interval`](#check_interval)
-* [`sentry_dsn`](#sentry_dsn)
-* [`listen_address`](#listen_address)
-* [`session_server`](#session_server)
-* [`manage_docker`](#manage_docker)
-* [`manage_repo`](#manage_repo)
-* [`package_ensure`](#package_ensure)
-* [`package_name`](#package_name)
-* [`repo_base_url`](#repo_base_url)
-* [`repo_keyserver`](#repo_keyserver)
-* [`config_path`](#config_path)
-* [`config_owner`](#config_owner)
-* [`config_group`](#config_group)
-* [`config_mode`](#config_mode)
-* [`manage_config_dir`](#manage_config_dir)
-* [`config_dir_mode`](#config_dir_mode)
-* [`http_proxy`](#http_proxy)
-* [`ca_file`](#ca_file)
-
-##### `runners`
+* [`runners`](#-gitlab_ci_runner--runners)
+* [`runner_defaults`](#-gitlab_ci_runner--runner_defaults)
+* [`xz_package_name`](#-gitlab_ci_runner--xz_package_name)
+* [`concurrent`](#-gitlab_ci_runner--concurrent)
+* [`log_level`](#-gitlab_ci_runner--log_level)
+* [`log_format`](#-gitlab_ci_runner--log_format)
+* [`check_interval`](#-gitlab_ci_runner--check_interval)
+* [`sentry_dsn`](#-gitlab_ci_runner--sentry_dsn)
+* [`listen_address`](#-gitlab_ci_runner--listen_address)
+* [`session_server`](#-gitlab_ci_runner--session_server)
+* [`manage_docker`](#-gitlab_ci_runner--manage_docker)
+* [`manage_repo`](#-gitlab_ci_runner--manage_repo)
+* [`package_ensure`](#-gitlab_ci_runner--package_ensure)
+* [`package_name`](#-gitlab_ci_runner--package_name)
+* [`repo_base_url`](#-gitlab_ci_runner--repo_base_url)
+* [`repo_keyserver`](#-gitlab_ci_runner--repo_keyserver)
+* [`config_path`](#-gitlab_ci_runner--config_path)
+* [`config_owner`](#-gitlab_ci_runner--config_owner)
+* [`config_group`](#-gitlab_ci_runner--config_group)
+* [`config_mode`](#-gitlab_ci_runner--config_mode)
+* [`manage_config_dir`](#-gitlab_ci_runner--manage_config_dir)
+* [`config_dir_mode`](#-gitlab_ci_runner--config_dir_mode)
+* [`http_proxy`](#-gitlab_ci_runner--http_proxy)
+* [`ca_file`](#-gitlab_ci_runner--ca_file)
+
+##### `runners`
Data type: `Hash`
@@ -102,7 +102,7 @@ Hashkeys are used as $title in runners.pp. The subkeys have to be named as the p
Default value: `{}`
-##### `runner_defaults`
+##### `runner_defaults`
Data type: `Hash`
@@ -110,85 +110,85 @@ A hash with defaults which will be later merged with $runners.
Default value: `{}`
-##### `xz_package_name`
+##### `xz_package_name`
Data type: `String`
The name of the 'xz' package. Needed for local docker installations.
-##### `concurrent`
+##### `concurrent`
Data type: `Optional[Integer]`
Limits how many jobs globally can be run concurrently. The most upper limit of jobs using all defined runners. 0 does not mean unlimited!
-Default value: ``undef``
+Default value: `undef`
-##### `log_level`
+##### `log_level`
Data type: `Optional[Gitlab_ci_runner::Log_level]`
Log level (options: debug, info, warn, error, fatal, panic). Note that this setting has lower priority than level set by command line argument --debug, -l or --log-level
-Default value: ``undef``
+Default value: `undef`
-##### `log_format`
+##### `log_format`
Data type: `Optional[Gitlab_ci_runner::Log_format]`
Log format (options: runner, text, json). Note that this setting has lower priority than format set by command line argument --log-format
-Default value: ``undef``
+Default value: `undef`
-##### `check_interval`
+##### `check_interval`
Data type: `Optional[Integer]`
defines the interval length, in seconds, between new jobs check. The default value is 3; if set to 0 or lower, the default value will be used.
-Default value: ``undef``
+Default value: `undef`
-##### `sentry_dsn`
+##### `sentry_dsn`
Data type: `Optional[String]`
Enable tracking of all system level errors to sentry.
-Default value: ``undef``
+Default value: `undef`
-##### `listen_address`
+##### `listen_address`
Data type: `Optional[Pattern[/.*:.+/]]`
Address (:) on which the Prometheus metrics HTTP server should be listening.
-Default value: ``undef``
+Default value: `undef`
-##### `session_server`
+##### `session_server`
Data type: `Optional[Gitlab_ci_runner::Session_server]`
Session server lets users interact with jobs, for example, in the interactive web terminal.
-Default value: ``undef``
+Default value: `undef`
-##### `manage_docker`
+##### `manage_docker`
Data type: `Boolean`
If docker should be installs (uses the puppetlabs-docker).
-Default value: ``false``
+Default value: `false`
-##### `manage_repo`
+##### `manage_repo`
Data type: `Boolean`
If the repository should be managed.
-Default value: ``true``
+Default value: `true`
-##### `package_ensure`
+##### `package_ensure`
Data type: `String`
@@ -196,7 +196,7 @@ The package 'ensure' state.
Default value: `installed`
-##### `package_name`
+##### `package_name`
Data type: `String`
@@ -204,7 +204,7 @@ The name of the package.
Default value: `'gitlab-runner'`
-##### `repo_base_url`
+##### `repo_base_url`
Data type: `Stdlib::HTTPUrl`
@@ -212,15 +212,15 @@ The base repository url.
Default value: `'https://packages.gitlab.com'`
-##### `repo_keyserver`
+##### `repo_keyserver`
Data type: `Optional[Gitlab_ci_runner::Keyserver]`
The keyserver which should be used to get the repository key.
-Default value: ``undef``
+Default value: `undef`
-##### `config_path`
+##### `config_path`
Data type: `String`
@@ -228,7 +228,7 @@ The path to the config file of Gitlab runner.
Default value: `'/etc/gitlab-runner/config.toml'`
-##### `config_owner`
+##### `config_owner`
Data type: `String[1]`
@@ -237,7 +237,7 @@ The user owning the config file.
Default value: `'root'`
-##### `config_group`
+##### `config_group`
Data type: `String[1]`
@@ -246,7 +246,7 @@ The group ownership assigned to the config file
Default value: `'root'`
-##### `config_mode`
+##### `config_mode`
Data type: `Stdlib::Filemode`
@@ -254,23 +254,23 @@ The file permissions applied to the config file.
Default value: `'0444'`
-##### `manage_config_dir`
+##### `manage_config_dir`
Data type: `Boolean`
Manage the parent directory of the config file.
-Default value: ``false``
+Default value: `false`
-##### `config_dir_mode`
+##### `config_dir_mode`
Data type: `Optional[Stdlib::Filemode]`
The file permissions applied to the config directory.
-Default value: ``undef``
+Default value: `undef`
-##### `http_proxy`
+##### `http_proxy`
Data type: `Optional[Stdlib::HTTPUrl]`
@@ -282,9 +282,9 @@ Exactly how you might need to configure your runners varies between runner execu
This module makes no attempt to automatically alter your runner configurations based on the value of this parameter.
More information on what you might need to configure can be found [here](https://docs.gitlab.com/runner/configuration/proxy.html)
-Default value: ``undef``
+Default value: `undef`
-##### `ca_file`
+##### `ca_file`
Data type: `Optional[Stdlib::Unixpath]`
@@ -294,12 +294,13 @@ It can be used when the certificate of the gitlab server is signed using a CA
and when upon registering a runner the following error is shown:
`certificate verify failed (self signed certificate in certificate chain)`
Using the CA file solves https://github.com/voxpupuli/puppet-gitlab_ci_runner/issues/124.
+The ca_file must exist. If it doesn't, Gitlab runner token generation will be skipped. Gitlab runner will not register until either the file exists or the ca_file parameter is not specified.
-Default value: ``undef``
+Default value: `undef`
## Defined types
-### `gitlab_ci_runner::runner`
+### `gitlab_ci_runner::runner`
This configures a Gitlab CI runner.
@@ -370,12 +371,12 @@ gitlab_ci_runner::runner { 'autoscale-runner':
The following parameters are available in the `gitlab_ci_runner::runner` defined type:
-* [`config`](#config)
-* [`ensure`](#ensure)
-* [`ca_file`](#ca_file)
-* [`http_proxy`](#http_proxy)
+* [`config`](#-gitlab_ci_runner--runner--config)
+* [`ensure`](#-gitlab_ci_runner--runner--ensure)
+* [`ca_file`](#-gitlab_ci_runner--runner--ca_file)
+* [`http_proxy`](#-gitlab_ci_runner--runner--http_proxy)
-##### `config`
+##### `config`
Data type: `Hash`
@@ -383,7 +384,7 @@ Hash with configuration options.
See https://docs.gitlab.com/runner/configuration/advanced-configuration.html for all possible options.
If you omit the 'name' configuration, we will automatically use the $title of this define class.
-##### `ensure`
+##### `ensure`
Data type: `Enum['present', 'absent']`
@@ -393,26 +394,26 @@ Will also register/unregister the runner.
Default value: `'present'`
-##### `ca_file`
+##### `ca_file`
Data type: `Optional[Stdlib::Unixpath]`
A path to a file containing public keys of trusted certificate authorities in PEM format.
Used during runner registration/unregistration only.
-Default value: ``undef``
+Default value: `undef`
-##### `http_proxy`
+##### `http_proxy`
Data type: `Optional[Stdlib::HTTPUrl]`
-Default value: ``undef``
+Default value: `undef`
## Functions
-### `gitlab_ci_runner::register`
+### `gitlab_ci_runner::register`
Type: Ruby 4.x API
@@ -464,7 +465,7 @@ Data type: `Optional[Optional[Stdlib::Unixpath]]`
An absolute path to a trusted certificate authority file.
-### `gitlab_ci_runner::register_to_file`
+### `gitlab_ci_runner::register_to_file`
Type: Ruby 4.x API
@@ -542,7 +543,7 @@ Data type: `Optional[Optional[String[1]]]`
An absolute path to a trusted certificate authority file.
-### `gitlab_ci_runner::to_toml`
+### `gitlab_ci_runner::to_toml`
Type: Ruby 4.x API
@@ -582,7 +583,7 @@ Data type: `Hash`
Data structure which needs to be converted into TOML
-### `gitlab_ci_runner::unregister`
+### `gitlab_ci_runner::unregister`
Type: Ruby 4.x API
@@ -628,7 +629,7 @@ Data type: `Optional[Optional[Stdlib::Unixpath]]`
An absolute path to a trusted certificate authority file.
-### `gitlab_ci_runner::unregister_from_file`
+### `gitlab_ci_runner::unregister_from_file`
Type: Ruby 4.x API
@@ -690,38 +691,26 @@ An absolute path to a trusted certificate authority file.
## Data types
-### `Gitlab_ci_runner::Keyserver`
+### `Gitlab_ci_runner::Keyserver`
Type to match repo_keyserver
Regex from: https://github.com/puppetlabs/puppetlabs-apt/blob/main/manifests/key.pp
-Alias of
-
-```puppet
-Pattern[/\A((hkp|hkps|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?(\/[a-zA-Z\d\-_.]+)*\/?$/]
-```
+Alias of `Pattern[/\A((hkp|hkps|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?(\/[a-zA-Z\d\-_.]+)*\/?$/]`
-### `Gitlab_ci_runner::Log_format`
+### `Gitlab_ci_runner::Log_format`
Gitlab Runner log format configuration
-Alias of
-
-```puppet
-Enum['runner', 'text', 'json']
-```
+Alias of `Enum['runner', 'text', 'json']`
-### `Gitlab_ci_runner::Log_level`
+### `Gitlab_ci_runner::Log_level`
Gitlab Runner log level configuration
-Alias of
-
-```puppet
-Enum['debug', 'info', 'warn', 'error', 'fatal', 'panic']
-```
+Alias of `Enum['debug', 'info', 'warn', 'error', 'fatal', 'panic']`
-### `Gitlab_ci_runner::Register`
+### `Gitlab_ci_runner::Register`
A struct of all possible additionl options for gitlab_ci_runner::register
@@ -740,17 +729,13 @@ Struct[{
}]
```
-### `Gitlab_ci_runner::Register_parameters`
+### `Gitlab_ci_runner::Register_parameters`
A enum containing a possible keys used for Gitlab runner registrations
-Alias of
-
-```puppet
-Enum['description', 'info', 'active', 'locked', 'run_untagged', 'run-untagged', 'tag_list', 'tag-list', 'access_level', 'access-level', 'maximum_timeout', 'maximum-timeout']
-```
+Alias of `Enum['description', 'info', 'active', 'locked', 'run_untagged', 'run-untagged', 'tag_list', 'tag-list', 'access_level', 'access-level', 'maximum_timeout', 'maximum-timeout']`
-### `Gitlab_ci_runner::Session_server`
+### `Gitlab_ci_runner::Session_server`
Gitlab Runner session_server configuration
diff --git a/lib/puppet/functions/gitlab_ci_runner/register_to_file.rb b/lib/puppet/functions/gitlab_ci_runner/register_to_file.rb
index 9cf6688..3d8d3da 100644
--- a/lib/puppet/functions/gitlab_ci_runner/register_to_file.rb
+++ b/lib/puppet/functions/gitlab_ci_runner/register_to_file.rb
@@ -41,6 +41,11 @@ def register_to_file(url, regtoken, runner_name, additional_options = {}, proxy
return 'DUMMY-NOOP-TOKEN' if Puppet.settings[:noop]
begin
+ # Confirm the specified ca file exists
+ if !ca_file.nil? && !File.exist?(ca_file)
+ Puppet.warning('Unable to register gitlab runner at this time as the specified `ca_file` does not exist (yet). If puppet is managing this file, the next run should complete the registration process.')
+ return 'Specified CA file doesn\'t exist, not attempting to create authtoken'
+ end
authtoken = PuppetX::Gitlab::Runner.register(url, additional_options.merge('token' => regtoken), proxy, ca_file)['token']
# If this function is used as a Deferred function the Gitlab Runner config dir
diff --git a/lib/puppet/functions/gitlab_ci_runner/unregister_from_file.rb b/lib/puppet/functions/gitlab_ci_runner/unregister_from_file.rb
index 51f596e..d0c9ebe 100644
--- a/lib/puppet/functions/gitlab_ci_runner/unregister_from_file.rb
+++ b/lib/puppet/functions/gitlab_ci_runner/unregister_from_file.rb
@@ -34,6 +34,10 @@ def unregister_from_file(url, runner_name, proxy = nil, ca_file = nil)
message
else
begin
+ if !ca_file.nil? && !File.exist?(ca_file)
+ Puppet.warning('Unable to unregister gitlab runner at this time as the specified `ca_file` does not exist. The runner config will be removed from this hosts config only; please remove from gitlab manually.')
+ return 'Specified CA file doesn\'t exist, not attempting to create authtoken'
+ end
PuppetX::Gitlab::Runner.unregister(url, { 'token' => authtoken }, proxy, ca_file)
message = "Successfully unregistered gitlab runner #{runner_name}"
Puppet.debug message
diff --git a/manifests/init.pp b/manifests/init.pp
index 1ac87d0..7c19eca 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -66,12 +66,13 @@
# This module makes no attempt to automatically alter your runner configurations based on the value of this parameter.
# More information on what you might need to configure can be found [here](https://docs.gitlab.com/runner/configuration/proxy.html)
# @param ca_file
-# A file containing public keys of trusted certificate authorities in PEM format.
+# A file containing public keys of trusted certificate authorities in PEM format.
# This setting is only used when registering or unregistering runners and will be used for all runners in the `runners` parameter.
# It can be used when the certificate of the gitlab server is signed using a CA
# and when upon registering a runner the following error is shown:
# `certificate verify failed (self signed certificate in certificate chain)`
# Using the CA file solves https://github.com/voxpupuli/puppet-gitlab_ci_runner/issues/124.
+# The ca_file must exist. If it doesn't, Gitlab runner token generation will be skipped. Gitlab runner will not register until either the file exists or the ca_file parameter is not specified.
#
class gitlab_ci_runner (
String $xz_package_name, # Defaults in module hieradata
diff --git a/spec/functions/register_to_file_spec.rb b/spec/functions/register_to_file_spec.rb
index bb12962..b122b56 100644
--- a/spec/functions/register_to_file_spec.rb
+++ b/spec/functions/register_to_file_spec.rb
@@ -44,12 +44,20 @@
it { is_expected.to run.with_params(url, regtoken, runner_name).and_return(return_hash['token']) }
- context 'with ca_file option' do
+ context 'with existing file ca_file option' do
+ before do
+ allow(PuppetX::Gitlab::Runner).to receive(:register).with(url, { 'token' => regtoken }, nil, '/tmp').and_return(return_hash)
+ end
+
+ it { is_expected.to run.with_params(url, regtoken, runner_name, {}, nil, '/tmp').and_return(return_hash['token']) }
+ end
+
+ context 'with non existent ca_file option' do
before do
allow(PuppetX::Gitlab::Runner).to receive(:register).with(url, { 'token' => regtoken }, nil, '/path/to/ca_file').and_return(return_hash)
end
- it { is_expected.to run.with_params(url, regtoken, runner_name, {}, nil, '/path/to/ca_file').and_return(return_hash['token']) }
+ it { is_expected.to run.with_params(url, regtoken, runner_name, {}, nil, '/path/to/ca_file').and_return('Specified CA file doesn\'t exist, not attempting to create authtoken') }
end
end
diff --git a/spec/functions/unregister_from_file_spec.rb b/spec/functions/unregister_from_file_spec.rb
index b5dbbcd..676d346 100644
--- a/spec/functions/unregister_from_file_spec.rb
+++ b/spec/functions/unregister_from_file_spec.rb
@@ -24,12 +24,20 @@
it { is_expected.to run.with_params(url, runner_name).and_return('Successfully unregistered gitlab runner testrunner') }
- context 'with ca_file option' do
+ context 'with existing file ca_file option' do
+ before do
+ allow(PuppetX::Gitlab::Runner).to receive(:unregister).with(url, { 'token' => 'authtoken' }, nil, '/tmp').and_return(nil)
+ end
+
+ it { is_expected.to run.with_params(url, runner_name, nil, '/tmp').and_return('Successfully unregistered gitlab runner testrunner') }
+ end
+
+ context 'with non existent ca_file option' do
before do
allow(PuppetX::Gitlab::Runner).to receive(:unregister).with(url, { 'token' => 'authtoken' }, nil, '/path/to/ca_file').and_return(nil)
end
- it { is_expected.to run.with_params(url, runner_name, nil, '/path/to/ca_file').and_return('Successfully unregistered gitlab runner testrunner') }
+ it { is_expected.to run.with_params(url, runner_name, nil, '/path/to/ca_file').and_return('Specified CA file doesn\'t exist, not attempting to create authtoken') }
end
end