Added IAM outputs, additional volumes mounts into runner, fix ssh var…

… name (#99) * Mount docker socket (#1) * Adding optional Docker socket mount * Adding new variables to README, fixing PR template * Sorting variables in doc * Adding jq check&install * Fixing Docker socket mount * Use runners_iam_instance_profile_name (#2) * Added credentials ecr helper * Adding more useful outputs (#5) * Feature/terraform 0.12 mounts (#4) * Additional volumes support * Fixing output * Fixed outputs typos and added an example * Fixed outputs typos and added an example * move locals to separate file to fix formatting * format * Use indented heredoc
cattle-ops · Jul 22, 2019 · 13455c1 · 13455c1
1 parent 062957a
commit 13455c1
Show file tree

Hide file tree

Showing 8 changed files with 51 additions and 41 deletions.
diff --git a/README.md b/README.md
@@ -273,7 +273,7 @@ terraform destroy
 
 | Name | Description |
 |------|-------------|
-| runner\_agent\_role | ARN of the rule used for the ec2 instance for the GitLab runner agent. |
+| runner\_agent\_role | ARN of the role used for the ec2 instance for the GitLab runner agent. |
 | runner\_as\_group\_name | Name of the autoscaling group for the gitlab-runner instance |
 | runner\_cache\_bucket\_arn | ARN of the S3 for the build cache. |
-| runner\_role | ARN of the rule used for the docker machine runners. |
+| runner\_role | ARN of the role used for the docker machine runners. |
diff --git a/_docs/TF_MODULE.md b/_docs/TF_MODULE.md
@@ -76,8 +76,8 @@
 
 | Name | Description |
 |------|-------------|
-| runner\_agent\_role | ARN of the rule used for the ec2 instance for the GitLab runner agent. |
+| runner\_agent\_role | ARN of the role used for the ec2 instance for the GitLab runner agent. |
 | runner\_as\_group\_name | Name of the autoscaling group for the gitlab-runner instance |
 | runner\_cache\_bucket\_arn | ARN of the S3 for the build cache. |
-| runner\_role | ARN of the rule used for the docker machine runners. |
+| runner\_role | ARN of the role used for the docker machine runners. |
 
diff --git a/examples/runner-public/main.tf b/examples/runner-public/main.tf
@@ -44,7 +44,7 @@ module "runner" {
   runners_environment_vars = ["KEY=Value", "FOO=bar"]
 
   runners_privileged          = "false"
-  runners_mount_docker_socket = "true"
+  runners_additional_volumes = ["/var/run/docker.sock:/var/run/docker.sock"]
 
   gitlab_runner_registration_config = {
     registration_token = var.registration_token

diff --git a/locals.tf b/locals.tf
@@ -0,0 +1,20 @@
+locals {
+  // Convert list to a string separated and prepend by a comma
+  docker_machine_options_string = format(
+    ",%s",
+    join(",", formatlist("%q", var.docker_machine_options)),
+  )
+
+  // Ensure off peak is optional
+  runners_off_peak_periods_string = var.runners_off_peak_periods == "" ? "" : format("OffPeakPeriods = %s", var.runners_off_peak_periods)
+
+  // Define key for runner token for SSM
+  secure_parameter_store_runner_token_key = "${var.environment}-${var.secure_parameter_store_runner_token_key}"
+
+  // custom names for instances and security groups
+  name_runner_instance       = var.overrides["name_runner_agent_instance"] == "" ? local.tags["Name"] : var.overrides["name_runner_agent_instance"]
+  name_sg                    = var.overrides["name_sg"] == "" ? local.tags["Name"] : var.overrides["name_sg"]
+  runners_additional_volumes = <<-EOT
+  %{~for volume in var.runners_additional_volumes~},"${volume}"%{endfor~}
+  EOT
+}
diff --git a/main.tf b/main.tf
@@ -4,24 +4,6 @@ resource "aws_key_pair" "key" {
   public_key = var.ssh_public_key
 }
 
-locals {
-  // Convert list to a string separated and prepend by a comma
-  docker_machine_options_string = format(
-    ",%s",
-    join(",", formatlist("%q", var.docker_machine_options)),
-  )
-
-  // Ensure off peak is optional
-  runners_off_peak_periods_string = var.runners_off_peak_periods == "" ? "" : format("OffPeakPeriods = %s", var.runners_off_peak_periods)
-
-  // Define key for runner token for SSM
-  secure_parameter_store_runner_token_key = "${var.environment}-${var.secure_parameter_store_runner_token_key}"
-
-  // custom names for instances and security groups
-  name_runner_instance = var.overrides["name_runner_agent_instance"] == "" ? local.tags["Name"] : var.overrides["name_runner_agent_instance"]
-  name_sg              = var.overrides["name_sg"] == "" ? local.tags["Name"] : var.overrides["name_sg"]
-}
-
 resource "aws_security_group" "runner" {
   name_prefix = "${var.environment}-security-group"
   vpc_id      = var.vpc_id
@@ -163,8 +145,7 @@ data "template_file" "runners" {
     runners_security_group_name = aws_security_group.docker_machine.name
     runners_monitoring          = var.runners_monitoring
     runners_instance_profile    = aws_iam_instance_profile.docker_machine.name
-    runners_mount_docker_socket = var.runners_mount_docker_socket
-    runners_docker_socket       = var.runners_docker_socket
+    runners_additional_volumes  = local.runners_additional_volumes
     docker_machine_options      = length(var.docker_machine_options) == 0 ? "" : local.docker_machine_options_string
     runners_name                = var.runners_name
     runners_tags = var.overrides["name_docker_machine_runners"] == "" ? format(
@@ -412,4 +393,3 @@ resource "aws_iam_role_policy_attachment" "ssm" {
   role       = aws_iam_role.instance.name
   policy_arn = aws_iam_policy.ssm[0].arn
 }
-
diff --git a/outputs.tf b/outputs.tf
@@ -8,12 +8,27 @@ output "runner_cache_bucket_arn" {
   value       = module.cache.arn
 }
 
-output "runner_agent_role" {
-  description = "ARN of the rule used for the ec2 instance for the GitLab runner agent."
+output "runner_cache_bucket_name" {
+  description = "Name of the S3 for the build cache."
+  value       = module.cache.bucket
+}
+
+output "runner_agent_role_arn" {
+  description = "ARN of the role used for the ec2 instance for the GitLab runner agent."
   value       = aws_iam_role.instance.arn
 }
 
-output "runner_role" {
-  description = "ARN of the rule used for the docker machine runners."
+output "runner_agent_role_name" {
+  description = "Name of the role used for the ec2 instance for the GitLab runner agent."
+  value       = aws_iam_role.instance.name
+}
+
+output "runner_role_arn" {
+  description = "ARN of the role used for the docker machine runners."
   value       = aws_iam_role.docker_machine.arn
 }
+
+output "runner_role_name" {
+  description = "Name of the role used for the docker machine runners."
+  value       = aws_iam_role.docker_machine.name
+}
diff --git a/template/runner-config.tpl b/template/runner-config.tpl
@@ -18,7 +18,7 @@ check_interval = 0
     image = "${runners_image}"
     privileged = ${runners_privileged}
     disable_cache = false
-    volumes = ["/cache"%{ if runners_mount_docker_socket == "true" },"${runners_docker_socket}"%{ endif ~}]
+    volumes = ["/cache"${runners_additional_volumes}]
     shm_size = ${runners_shm_size}
     pull_policy = "${runners_pull_policy}"
   [runners.cache]

diff --git a/variables.tf b/variables.tf
@@ -50,6 +50,7 @@ variable "ssh_key_pair" {
 variable "ssh_public_key" {
   description = "Public SSH key used for the GitLab runner EC2 instance."
   type        = string
+  default     = ""
 }
 
 variable "docker_machine_instance_type" {
@@ -121,16 +122,10 @@ variable "runners_privileged" {
   default     = "true"
 }
 
-variable "runners_mount_docker_socket" {
-  description = "Runners will mount volume with Docker socket, will be used in the runner config.toml"
-  type        = string
-  default     = "false"
-}
-
-variable "runners_docker_socket" {
-  description = "Location of Docker socket on host if socket mount if enabled, will be used in the runner config.toml"
-  type        = string
-  default     = "/var/run/docker.sock:/var/run/docker.sock"
+variable "runners_additional_volumes" {
+  description = "Additional volumes that will be used in the runner config.toml, e.g Docker socket"
+  type        = list
+  default     = []
 }
 
 variable "runners_shm_size" {