From 13455c1174eed1deaa524545b3590de2fbe66b65 Mon Sep 17 00:00:00 2001 From: Aleksandr Stepanov Date: Mon, 22 Jul 2019 22:51:22 +0300 Subject: [PATCH] Added IAM outputs, additional volumes mounts into runner, fix ssh var name (#99) * Mount docker socket (#1) * Adding optional Docker socket mount * Adding new variables to README, fixing PR template * Sorting variables in doc * Adding jq check&install * Fixing Docker socket mount * Use runners_iam_instance_profile_name (#2) * Added credentials ecr helper * Adding more useful outputs (#5) * Feature/terraform 0.12 mounts (#4) * Additional volumes support * Fixing output * Fixed outputs typos and added an example * Fixed outputs typos and added an example * move locals to separate file to fix formatting * format * Use indented heredoc --- README.md | 4 ++-- _docs/TF_MODULE.md | 4 ++-- examples/runner-public/main.tf | 2 +- locals.tf | 20 ++++++++++++++++++++ main.tf | 22 +--------------------- outputs.tf | 23 +++++++++++++++++++---- template/runner-config.tpl | 2 +- variables.tf | 15 +++++---------- 8 files changed, 51 insertions(+), 41 deletions(-) create mode 100644 locals.tf diff --git a/README.md b/README.md index 576fc3c62..bd9502b84 100644 --- a/README.md +++ b/README.md @@ -273,7 +273,7 @@ terraform destroy | Name | Description | |------|-------------| -| runner\_agent\_role | ARN of the rule used for the ec2 instance for the GitLab runner agent. | +| runner\_agent\_role | ARN of the role used for the ec2 instance for the GitLab runner agent. | | runner\_as\_group\_name | Name of the autoscaling group for the gitlab-runner instance | | runner\_cache\_bucket\_arn | ARN of the S3 for the build cache. | -| runner\_role | ARN of the rule used for the docker machine runners. | +| runner\_role | ARN of the role used for the docker machine runners. | diff --git a/_docs/TF_MODULE.md b/_docs/TF_MODULE.md index 9475a6b71..afc72ca51 100644 --- a/_docs/TF_MODULE.md +++ b/_docs/TF_MODULE.md @@ -76,8 +76,8 @@ | Name | Description | |------|-------------| -| runner\_agent\_role | ARN of the rule used for the ec2 instance for the GitLab runner agent. | +| runner\_agent\_role | ARN of the role used for the ec2 instance for the GitLab runner agent. | | runner\_as\_group\_name | Name of the autoscaling group for the gitlab-runner instance | | runner\_cache\_bucket\_arn | ARN of the S3 for the build cache. | -| runner\_role | ARN of the rule used for the docker machine runners. | +| runner\_role | ARN of the role used for the docker machine runners. | diff --git a/examples/runner-public/main.tf b/examples/runner-public/main.tf index d144bfdc8..49fdf4344 100644 --- a/examples/runner-public/main.tf +++ b/examples/runner-public/main.tf @@ -44,7 +44,7 @@ module "runner" { runners_environment_vars = ["KEY=Value", "FOO=bar"] runners_privileged = "false" - runners_mount_docker_socket = "true" + runners_additional_volumes = ["/var/run/docker.sock:/var/run/docker.sock"] gitlab_runner_registration_config = { registration_token = var.registration_token diff --git a/locals.tf b/locals.tf new file mode 100644 index 000000000..cc88eb7a4 --- /dev/null +++ b/locals.tf @@ -0,0 +1,20 @@ +locals { + // Convert list to a string separated and prepend by a comma + docker_machine_options_string = format( + ",%s", + join(",", formatlist("%q", var.docker_machine_options)), + ) + + // Ensure off peak is optional + runners_off_peak_periods_string = var.runners_off_peak_periods == "" ? "" : format("OffPeakPeriods = %s", var.runners_off_peak_periods) + + // Define key for runner token for SSM + secure_parameter_store_runner_token_key = "${var.environment}-${var.secure_parameter_store_runner_token_key}" + + // custom names for instances and security groups + name_runner_instance = var.overrides["name_runner_agent_instance"] == "" ? local.tags["Name"] : var.overrides["name_runner_agent_instance"] + name_sg = var.overrides["name_sg"] == "" ? local.tags["Name"] : var.overrides["name_sg"] + runners_additional_volumes = <<-EOT + %{~for volume in var.runners_additional_volumes~},"${volume}"%{endfor~} + EOT +} diff --git a/main.tf b/main.tf index eb9b3f5f5..187f2e3e3 100644 --- a/main.tf +++ b/main.tf @@ -4,24 +4,6 @@ resource "aws_key_pair" "key" { public_key = var.ssh_public_key } -locals { - // Convert list to a string separated and prepend by a comma - docker_machine_options_string = format( - ",%s", - join(",", formatlist("%q", var.docker_machine_options)), - ) - - // Ensure off peak is optional - runners_off_peak_periods_string = var.runners_off_peak_periods == "" ? "" : format("OffPeakPeriods = %s", var.runners_off_peak_periods) - - // Define key for runner token for SSM - secure_parameter_store_runner_token_key = "${var.environment}-${var.secure_parameter_store_runner_token_key}" - - // custom names for instances and security groups - name_runner_instance = var.overrides["name_runner_agent_instance"] == "" ? local.tags["Name"] : var.overrides["name_runner_agent_instance"] - name_sg = var.overrides["name_sg"] == "" ? local.tags["Name"] : var.overrides["name_sg"] -} - resource "aws_security_group" "runner" { name_prefix = "${var.environment}-security-group" vpc_id = var.vpc_id @@ -163,8 +145,7 @@ data "template_file" "runners" { runners_security_group_name = aws_security_group.docker_machine.name runners_monitoring = var.runners_monitoring runners_instance_profile = aws_iam_instance_profile.docker_machine.name - runners_mount_docker_socket = var.runners_mount_docker_socket - runners_docker_socket = var.runners_docker_socket + runners_additional_volumes = local.runners_additional_volumes docker_machine_options = length(var.docker_machine_options) == 0 ? "" : local.docker_machine_options_string runners_name = var.runners_name runners_tags = var.overrides["name_docker_machine_runners"] == "" ? format( @@ -412,4 +393,3 @@ resource "aws_iam_role_policy_attachment" "ssm" { role = aws_iam_role.instance.name policy_arn = aws_iam_policy.ssm[0].arn } - diff --git a/outputs.tf b/outputs.tf index 5f43e4899..a029cb3ae 100644 --- a/outputs.tf +++ b/outputs.tf @@ -8,12 +8,27 @@ output "runner_cache_bucket_arn" { value = module.cache.arn } -output "runner_agent_role" { - description = "ARN of the rule used for the ec2 instance for the GitLab runner agent." +output "runner_cache_bucket_name" { + description = "Name of the S3 for the build cache." + value = module.cache.bucket +} + +output "runner_agent_role_arn" { + description = "ARN of the role used for the ec2 instance for the GitLab runner agent." value = aws_iam_role.instance.arn } -output "runner_role" { - description = "ARN of the rule used for the docker machine runners." +output "runner_agent_role_name" { + description = "Name of the role used for the ec2 instance for the GitLab runner agent." + value = aws_iam_role.instance.name +} + +output "runner_role_arn" { + description = "ARN of the role used for the docker machine runners." value = aws_iam_role.docker_machine.arn } + +output "runner_role_name" { + description = "Name of the role used for the docker machine runners." + value = aws_iam_role.docker_machine.name +} diff --git a/template/runner-config.tpl b/template/runner-config.tpl index 10d147dc4..8d6af5813 100644 --- a/template/runner-config.tpl +++ b/template/runner-config.tpl @@ -18,7 +18,7 @@ check_interval = 0 image = "${runners_image}" privileged = ${runners_privileged} disable_cache = false - volumes = ["/cache"%{ if runners_mount_docker_socket == "true" },"${runners_docker_socket}"%{ endif ~}] + volumes = ["/cache"${runners_additional_volumes}] shm_size = ${runners_shm_size} pull_policy = "${runners_pull_policy}" [runners.cache] diff --git a/variables.tf b/variables.tf index 600b745b5..cea808a52 100644 --- a/variables.tf +++ b/variables.tf @@ -50,6 +50,7 @@ variable "ssh_key_pair" { variable "ssh_public_key" { description = "Public SSH key used for the GitLab runner EC2 instance." type = string + default = "" } variable "docker_machine_instance_type" { @@ -121,16 +122,10 @@ variable "runners_privileged" { default = "true" } -variable "runners_mount_docker_socket" { - description = "Runners will mount volume with Docker socket, will be used in the runner config.toml" - type = string - default = "false" -} - -variable "runners_docker_socket" { - description = "Location of Docker socket on host if socket mount if enabled, will be used in the runner config.toml" - type = string - default = "/var/run/docker.sock:/var/run/docker.sock" +variable "runners_additional_volumes" { + description = "Additional volumes that will be used in the runner config.toml, e.g Docker socket" + type = list + default = [] } variable "runners_shm_size" {