From e33587f866aed70ca057bbc0ba0c890d2ae7a1cc Mon Sep 17 00:00:00 2001 From: Ben Date: Wed, 10 Jul 2019 14:13:13 -0500 Subject: [PATCH 1/5] fix: availability zone in AWS region (#93) * fix: availability zone in AWS region * fix: use data source to determine az --- examples/runner-default/main.tf | 6 +++++- examples/runner-docker/main.tf | 6 +++++- examples/runner-pre-registered/main.tf | 6 +++++- examples/runner-public/main.tf | 6 +++++- 4 files changed, 20 insertions(+), 4 deletions(-) diff --git a/examples/runner-default/main.tf b/examples/runner-default/main.tf index e4f2e8f24..0705dd5cc 100644 --- a/examples/runner-default/main.tf +++ b/examples/runner-default/main.tf @@ -1,3 +1,7 @@ +data "aws_availability_zones" "available" { + state = "available" +} + module "vpc" { source = "terraform-aws-modules/vpc/aws" version = "1.66.0" @@ -5,7 +9,7 @@ module "vpc" { name = "vpc-${var.environment}" cidr = "10.0.0.0/16" - azs = ["eu-west-1a"] + azs = ["${data.aws_availability_zones.available.names[0]}"] private_subnets = ["10.0.1.0/24"] public_subnets = ["10.0.101.0/24"] diff --git a/examples/runner-docker/main.tf b/examples/runner-docker/main.tf index 759e5de42..d10650529 100644 --- a/examples/runner-docker/main.tf +++ b/examples/runner-docker/main.tf @@ -1,3 +1,7 @@ +data "aws_availability_zones" "available" { + state = "available" +} + module "vpc" { source = "terraform-aws-modules/vpc/aws" version = "1.66.0" @@ -5,7 +9,7 @@ module "vpc" { name = "vpc-${var.environment}" cidr = "10.1.0.0/16" - azs = ["eu-west-1a"] + azs = ["${data.aws_availability_zones.available.names[0]}"] public_subnets = ["10.1.101.0/24"] enable_s3_endpoint = true diff --git a/examples/runner-pre-registered/main.tf b/examples/runner-pre-registered/main.tf index dd4699a24..89b021a1c 100644 --- a/examples/runner-pre-registered/main.tf +++ b/examples/runner-pre-registered/main.tf @@ -1,3 +1,7 @@ +data "aws_availability_zones" "available" { + state = "available" +} + module "vpc" { source = "terraform-aws-modules/vpc/aws" version = "1.60.0" @@ -5,7 +9,7 @@ module "vpc" { name = "vpc-${var.environment}" cidr = "10.0.0.0/16" - azs = ["eu-west-1a"] + azs = ["${data.aws_availability_zones.available.names[0]}"] private_subnets = ["10.0.1.0/24"] public_subnets = ["10.0.101.0/24"] diff --git a/examples/runner-public/main.tf b/examples/runner-public/main.tf index 7a2339f6e..57165337b 100644 --- a/examples/runner-public/main.tf +++ b/examples/runner-public/main.tf @@ -1,3 +1,7 @@ +data "aws_availability_zones" "available" { + state = "available" +} + module "vpc" { source = "terraform-aws-modules/vpc/aws" version = "1.66.0" @@ -5,7 +9,7 @@ module "vpc" { name = "vpc-${var.environment}" cidr = "10.1.0.0/16" - azs = ["eu-west-1b"] + azs = ["${data.aws_availability_zones.available.names[0]}"] public_subnets = ["10.1.101.0/24"] map_public_ip_on_launch = "false" From 08e024fe3e01884fdf44d4dc70809a13c3222706 Mon Sep 17 00:00:00 2001 From: Ben Date: Wed, 10 Jul 2019 14:25:18 -0500 Subject: [PATCH 2/5] fix: use a variable to determine timezone (#94) * fix: use a variable to determine timezone * fix: update documentation --- examples/runner-default/README.md | 1 + examples/runner-default/_docs/TF_MODULE.md | 1 + examples/runner-default/main.tf | 2 +- examples/runner-default/variables.tf | 6 ++++++ examples/runner-pre-registered/README.md | 1 + examples/runner-pre-registered/_docs/TF_MODULE.md | 1 + examples/runner-pre-registered/main.tf | 2 +- examples/runner-pre-registered/variables.tf | 6 ++++++ 8 files changed, 18 insertions(+), 2 deletions(-) diff --git a/examples/runner-default/README.md b/examples/runner-default/README.md index ae27f4e90..5a15030f9 100644 --- a/examples/runner-default/README.md +++ b/examples/runner-default/README.md @@ -17,3 +17,4 @@ The terraform version is managed using [tfenv](https://github.com/Zordrak/tfenv) | public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | | registration\_token | | string | n/a | yes | | runner\_name | Name of the runner, will be used in the runner config.toml | string | `"default-auto"` | no | +| timezone | Name of the timezone that the runner will be used in. | string | `"Europe/Amsterdam"` | no | diff --git a/examples/runner-default/_docs/TF_MODULE.md b/examples/runner-default/_docs/TF_MODULE.md index 5534028ce..44f5d1709 100644 --- a/examples/runner-default/_docs/TF_MODULE.md +++ b/examples/runner-default/_docs/TF_MODULE.md @@ -9,4 +9,5 @@ | public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | | registration\_token | | string | n/a | yes | | runner\_name | Name of the runner, will be used in the runner config.toml | string | `"default-auto"` | no | +| timezone | Name of the timezone that the runner will be used in. | string | `"Europe/Amsterdam"` | no | diff --git a/examples/runner-default/main.tf b/examples/runner-default/main.tf index 0705dd5cc..a7648fb0b 100644 --- a/examples/runner-default/main.tf +++ b/examples/runner-default/main.tf @@ -48,7 +48,7 @@ module "runner" { maximum_timeout = "3600" } - runners_off_peak_timezone = "Europe/Amsterdam" + runners_off_peak_timezone = "${var.timezone}" runners_off_peak_idle_count = 0 runners_off_peak_idle_time = 60 diff --git a/examples/runner-default/variables.tf b/examples/runner-default/variables.tf index c759b099b..bd34269a0 100644 --- a/examples/runner-default/variables.tf +++ b/examples/runner-default/variables.tf @@ -31,3 +31,9 @@ variable "gitlab_url" { } variable "registration_token" {} + +variable "timezone" { + description = "Name of the timezone that the runner will be used in." + type = "string" + default = "Europe/Amsterdam" +} diff --git a/examples/runner-pre-registered/README.md b/examples/runner-pre-registered/README.md index 7a07ff5e8..b556f19bd 100644 --- a/examples/runner-pre-registered/README.md +++ b/examples/runner-pre-registered/README.md @@ -17,3 +17,4 @@ The terraform version is managed using [tfenv](https://github.com/Zordrak/tfenv) | public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | | runner\_name | Name of the runner, will be used in the runner config.toml | string | n/a | yes | | runner\_token | Token for the runner, will be used in the runner config.toml | string | n/a | yes | +| timezone | Name of the timezone that the runner will be used in. | string | `"Europe/Amsterdam"` | no | diff --git a/examples/runner-pre-registered/_docs/TF_MODULE.md b/examples/runner-pre-registered/_docs/TF_MODULE.md index 708af6838..4c6e7e323 100644 --- a/examples/runner-pre-registered/_docs/TF_MODULE.md +++ b/examples/runner-pre-registered/_docs/TF_MODULE.md @@ -9,4 +9,5 @@ | public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | | runner\_name | Name of the runner, will be used in the runner config.toml | string | n/a | yes | | runner\_token | Token for the runner, will be used in the runner config.toml | string | n/a | yes | +| timezone | Name of the timezone that the runner will be used in. | string | `"Europe/Amsterdam"` | no | diff --git a/examples/runner-pre-registered/main.tf b/examples/runner-pre-registered/main.tf index 89b021a1c..fff63f022 100644 --- a/examples/runner-pre-registered/main.tf +++ b/examples/runner-pre-registered/main.tf @@ -39,7 +39,7 @@ module "runner" { runners_gitlab_url = "${var.gitlab_url}" runners_token = "${var.runner_token}" - runners_off_peak_timezone = "Europe/Amsterdam" + runners_off_peak_timezone = "${var.timezone}" runners_off_peak_idle_count = 0 runners_off_peak_idle_time = 60 diff --git a/examples/runner-pre-registered/variables.tf b/examples/runner-pre-registered/variables.tf index cfe1285f6..f541f9da2 100644 --- a/examples/runner-pre-registered/variables.tf +++ b/examples/runner-pre-registered/variables.tf @@ -32,3 +32,9 @@ variable "runner_token" { description = "Token for the runner, will be used in the runner config.toml" type = "string" } + +variable "timezone" { + description = "Name of the timezone that the runner will be used in." + type = "string" + default = "Europe/Amsterdam" +} From f38cba813db4347a49470133f172d80a460793fa Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Thu, 11 Jul 2019 17:03:30 +0200 Subject: [PATCH 3/5] Fix broken public example --- examples/runner-public/main.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/examples/runner-public/main.tf b/examples/runner-public/main.tf index 57165337b..35c36a5ac 100644 --- a/examples/runner-public/main.tf +++ b/examples/runner-public/main.tf @@ -31,7 +31,6 @@ module "runner" { vpc_id = "${module.vpc.vpc_id}" subnet_ids_gitlab_runner = "${module.vpc.public_subnets}" subnet_id_runners = "${element(module.vpc.public_subnets, 0)}" - aws_zone = "b" docker_machine_spot_price_bid = "0.1" From 78e22fb9284b1bd18cb1a5017577741ae8dc78e8 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Tue, 16 Jul 2019 22:34:38 +0200 Subject: [PATCH 4/5] Move cache to moudle (#96) FIx #91 --- README.md | 95 ++++++++++-------- _docs/README.md | 122 ++++++++++++++---------- _docs/TF_MODULE.md | 1 + bucket.tf | 29 ------ cache/README.md | 45 +++++++++ cache/_docs/README.md | 25 +++++ cache/_docs/TF_MODULE.md | 19 ++++ cache/main.tf | 59 ++++++++++++ cache/outputs.tf | 14 +++ cache/policies/cache.json | 18 ++++ cache/variables.tf | 33 +++++++ examples/runner-default/README.md | 13 ++- examples/runner-default/_docs/README.md | 12 ++- examples/runner-docker/README.md | 4 +- examples/runner-docker/_docs/README.md | 5 +- examples/runner-public/README.md | 14 ++- examples/runner-public/_docs/README.md | 15 ++- examples/runner-public/main.tf | 49 ++++++++++ main.tf | 50 +++++----- migrations/migration-state-3.7.x.sh | 7 ++ outputs.tf | 2 +- variables.tf | 11 +++ 22 files changed, 486 insertions(+), 156 deletions(-) delete mode 100644 bucket.tf create mode 100644 cache/README.md create mode 100644 cache/_docs/README.md create mode 100644 cache/_docs/TF_MODULE.md create mode 100644 cache/main.tf create mode 100644 cache/outputs.tf create mode 100644 cache/policies/cache.json create mode 100644 cache/variables.tf create mode 100755 migrations/migration-state-3.7.x.sh diff --git a/README.md b/README.md index 0dd4d3b5d..28c801a15 100644 --- a/README.md +++ b/README.md @@ -4,21 +4,41 @@ > *WIP*: Work in progress, conversion to Terraform 0.12 \#73. Feel free to checkout branch [Terraform 0.12](https://github.com/npalm/terraform-aws-gitlab-runner/tree/feature/terraform-0.12). -> *NEW*: The runner will register itself automatically to GitLab. No need to register the runner first, see also the [examples](./examples) +> *NEW*: Multiple instnaces of the runner can be created that share the same cache. See [example](./examples/runner-public) *MIGRATIONS*: Since 3.7 the runner cache is handled by sub module. To avoid re-creation of the bucket while upgrading a state migration is need. Please see the migration script `./migrations/migration-state-3.7.x.sh` -This repo contains a Terraform module and examples to run a [GitLab CI multi runner](https://docs.gitlab.com/runner/) on AWS Spot instances. See the blog post at [040code](https://040code.github.io/2017/12/09/runners-on-the-spot/) for a detailed description of the setup. +This [Terraform](https://www.terraform.io/) modules creates a [GitLab CI runner](https://docs.gitlab.com/runner/). A blog post describes the original version of the the runner. See the post at [040code](https://040code.github.io/2017/12/09/runners-on-the-spot/). The original setup of the module is based on the blog post: [Auto scale GitLab CI runners and save 90% on EC2 costs](https://about.gitlab.com/2017/11/23/autoscale-ci-runners/). -![GitLab Runners](https://github.com/npalm/assets/raw/master/images/2017-12-06_gitlab-multi-runner-aws.png) +The runners created by the module using by default spot instances for running the builds using the `docker+machine` executor. -The setup is based on the blog post: [Auto scale GitLab CI runners and save 90% on EC2 costs](https://about.gitlab.com/2017/11/23/autoscale-ci-runners/) The gitlab-ci runners that this project creates will be configured to use a shared cache via S3 by default. Additionally their logs will be streamed to CloudWatch. The s3 stored cache expiration is configurable and is set to expire in X days by default. Logging can be disabled. The accompanying post mentions that you have to register the the runner before running the Terraform scripts. Since version 3+ this is no longer required. You can simply define the runner configuration, including the runner registration token, via terraform. + - Shared cache in S3 with life cycle management to clear objects after x days. + - Logs streamed to CloudWatch. + - Runner agents registered automatically. -In addition to the auto scaling option (docker+machine executor) the docker executor is supported for a single node. +The runner support 3 main scenario's: + +### GitLab CI docker-machine runner - one runner agent + +In this scenario the runner agent is running on a single EC2 node and runners are created by [docker machine](https://docs.gitlab.com/runner/configuration/autoscale.html) using spot instances. Runners will scale automatically based on configuration. The module creates by default a S3 cache that is shared cross runners (spot instances). + +![runners-default](https://github.com/npalm/assets/raw/master/images/terraform-aws-gitlab-runner/runner-default.png) + +### GitLab CI docker-machine runner - multiple runner agents + +In this scenario the multiple runner agents can be created with different configuration by instantiating the module multiple times. Runners will scale automatically based on configuration. The S3 cache can be shared cross runners by managing the cache outside the module. + +![runners-cache](https://github.com/npalm/assets/raw/master/images/terraform-aws-gitlab-runner/runner-cache.png) + +### GitLab Ci docker runner + +In this scenario *not* docker machine is used but docker to schedule the builds. Builds will run on the same EC2 instance as the agent. No auto scaling is supported. + +![runners-docker](https://github.com/npalm/assets/raw/master/images/terraform-aws-gitlab-runner/runner-docker.png) ## Prerequisites ### Terraform -Ensure you have Terraform installed, see `.terraform-version` for the used version. A handy tool to mange your Terraform version is [tfenv](https://github.com/kamatama41/tfenv). +Ensure you have Terraform installed the modules is based on Terraform 0.11, see `.terraform-version` for the used version. A handy tool to mange your Terraform version is [tfenv](https://github.com/kamatama41/tfenv). On macOS it is simple to install `tfenv` using brew. @@ -34,16 +54,11 @@ tfenv install ### AWS -Export your AWS Security Credentials: - -``` sh -export AWS_ACCESS_KEY_ID=... -export AWS_SECRET_ACCESS_KEY=... -``` +Ensure you have setup you AWS credentials. The module requires access to IAM, EC2, CloudWatch, S3 and SSM. ### Service linked roles -The gitlab runner EC2 instance requires the following service linked roles: +The GitLab runner EC2 instance requires the following service linked roles: - AWSServiceRoleForAutoScaling - AWSServiceRoleForEC2Spot @@ -93,6 +108,12 @@ Once you have created the parameter, you must remove the variable `runners_token Finally, the runner still supports the manual runner creation. No changes are required. Please keep in mind that this setup will be removed in future releases. +### GitLab runner cache + +By default the module creates a a cache for the runner in S3. Old objects are automatically remove via a configurable life cycle policy on the bucket. + +Creation of the bucket can be disabled and managed outside this module. A good use case is for sharing the cache cross multiple runners. For this purpose the cache is implemented as sub module. For more details see the [cache module](./cache). An example implementation of this use case can be find in the [runner-public](./examples/runner-public) example. + ## Usage ### Configuration @@ -109,61 +130,56 @@ The base image used to host the GitLab Runner agent is the latest available Amaz ### Usage module +Below a basic examples of usages of the module. The dependencies such as a VPC, and SSH keys have a look at the [default example](./examples/runner-default). + ``` hcl + module "runner" { source = "npalm/gitlab-runner/aws" - version = "3.2.0" + version = "3.6.0" - aws_region = "${var.aws_region}" - environment = "${var.environment}" - ssh_public_key = "${file("${var.ssh_key_file}")}" + aws_region = "eu-west-1" + environment = "spot-runners" + + ssh_public_key = "${local_file.public_ssh_key.content}" vpc_id = "${module.vpc.vpc_id}" subnet_ids_gitlab_runner = "${module.vpc.private_subnets}" subnet_id_runners = "${element(module.vpc.private_subnets, 0)}" - runners_name = "my-spot-runner" - runners_gitlab_url = "https://www.gitlab.com" + runners_name = "aws-spot-instance-runner" + runners_gitlab_url = "https://gitlab.com" gitlab_runner_registration_config = { - registration_token = "" + registration_token = "${var.registration_token}" tag_list = "docker_spot_runner" - description = "Docker AWS Spot runner" + description = "runner default - auto" locked_to_project = "true" run_untagged = "false" maximum_timeout = "3600" } - - runners_off_peak_timezone = "Europe/Amsterdam" - runners_off_peak_idle_count = 0 - runners_off_peak_idle_time = 60 - - # working 9 to 5 :) - runners_off_peak_periods = "[\"* * 0-9,17-23 * * mon-fri *\", \"* * * * * sat,sun *\"]" } ``` -## Example +## Examples -A few [examples](examples) are provided. Use the following steps to deploy. Ensure your AWS and Terraform environment is set up correctly. All commands below should be run from the `terraform-aws-gitlab-runner/examples` directory. +A few [examples](examples) are provided. Use the following steps to deploy. Ensure your AWS and Terraform environment is set up correctly. All commands below should be run from the `terraform-aws-gitlab-runner/examples/` directory. -### AWS keys +### SSH keys SSH keys are generated by Terraform and stored in the `generated` directory of each example directory. -### Configure GitLab +### Versions -*This step is not needed anymore* Configure you runner via `gitlab_runner_registration_config`. Configuring GitLab via the step below is only needed when you choose to create the token manually and set the `runners_token` variable. +THe version of Terraform is locked down via tfenv, see the `.terraform-version` file for the expected versions. Providers are locked down as will in the `providers.tf` file. -Register a new runner: +### Configure -``` sh -docker run -it --rm gitlab/gitlab-runner register -``` +The examples are configured with defaults that should wrk in general. THe samples are in general configured for the region Ireland `eu-west-1`. The only parameter that needs to be provided is the GitLab registration token. The token can be find in GitLab in the runner section (global, group or repo scope). Create a file `terrafrom.tfvars` and the registration token. -Once done, lookup the token in GitLab and update the `terraform.tfvars` file. + registration_token = "MY_TOKEN" -## Create runner +### Run Run `terraform init` to initialize Terraform. Next you can run `terraform plan` to inspect the resources that will be created. @@ -188,6 +204,7 @@ terraform destroy | ami\_owners | The list of owners used to select the AMI of Gitlab runner agent instances. | list | `` | no | | aws\_region | AWS region. | string | n/a | yes | | aws\_zone | AWS availability zone (typically 'a', 'b', or 'c'). | string | `"a"` | no | +| cache\_bucket | Configuration to control the creation of th the cache bucket. By default the bucket will be crated and used as shared cache. To use the same cache cross multiple runners disable the cration of the cache and provice a policy and bucket name. See the public runner example for more details. | map | `` | no | | cache\_bucket\_prefix | Prefix for s3 cache bucket name. | string | `""` | no | | cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | string | `"false"` | no | | cache\_expiration\_days | Number of days before cache objects expires. | string | `"1"` | no | diff --git a/_docs/README.md b/_docs/README.md index d20e266eb..0f35ad907 100644 --- a/_docs/README.md +++ b/_docs/README.md @@ -1,57 +1,73 @@ -[![Build Status](https://travis-ci.com/npalm/terraform-aws-gitlab-runner.svg?branch=master)](https://travis-ci.com/npalm/terraform-aws-gitlab-runner) -[![Gitter](https://badges.gitter.im/terraform-aws-gitlab-runner/Lobby.svg)](https://gitter.im/terraform-aws-gitlab-runner/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge) +[![Build Status](https://travis-ci.com/npalm/terraform-aws-gitlab-runner.svg?branch=master)](https://travis-ci.com/npalm/terraform-aws-gitlab-runner) [![Gitter](https://badges.gitter.im/terraform-aws-gitlab-runner/Lobby.svg)](https://gitter.im/terraform-aws-gitlab-runner/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge) # Terraform module for GitLab auto scaling runners on AWS spot instances -> *WIP*: Work in progress, conversion to Terraform 0.12 #73. Feel free to checkout branch [Terraform 0.12](https://github.com/npalm/terraform-aws-gitlab-runner/tree/feature/terraform-0.12). -> *NEW*: The runner will register itself automatically to GitLab. No need to register the runner first, see also the [examples](./examples) +> *WIP*: Work in progress, conversion to Terraform 0.12 \#73. Feel free to checkout branch [Terraform 0.12](https://github.com/npalm/terraform-aws-gitlab-runner/tree/feature/terraform-0.12). -This repo contains a Terraform module and examples to run a [GitLab CI multi runner](https://docs.gitlab.com/runner/) on AWS Spot instances. See the blog post at [040code](https://040code.github.io/2017/12/09/runners-on-the-spot/) for a detailed description of the setup. +> *NEW*: Multiple instnaces of the runner can be created that share the same cache. See [example](./examples/runner-public) +> *MIGRATIONS*: Since 3.7 the runner cache is handled by sub module. To avoid re-creation of the bucket while upgrading a state migration is need. Please see the migration script `./migrations/migration-state-3.7.x.sh` -![GitLab Runners](https://github.com/npalm/assets/raw/master/images/2017-12-06_gitlab-multi-runner-aws.png) +This [Terraform](https://www.terraform.io/) modules creates a [GitLab CI runner](https://docs.gitlab.com/runner/). A blog post describes the original version of the the runner. See the post at [040code](https://040code.github.io/2017/12/09/runners-on-the-spot/). The original setup of the module is based on the blog post: [Auto scale GitLab CI runners and save 90% on EC2 costs](https://about.gitlab.com/2017/11/23/autoscale-ci-runners/). -The setup is based on the blog post: [Auto scale GitLab CI runners and save 90% on EC2 costs](https://about.gitlab.com/2017/11/23/autoscale-ci-runners/) The gitlab-ci runners that this project creates will be configured to use a shared cache via S3 by default. Additionally their logs will be streamed to CloudWatch. The s3 stored cache expiration is configurable and is set to expire in X days by default. Logging can be disabled. The accompanying post mentions that you have to register the the runner before running the Terraform scripts. Since version 3+ this is no longer required. You can simply define the runner configuration, including the runner registration token, via terraform. +The runners created by the module using by default spot instances for running the builds using the `docker+machine` executor. + +- Shared cache in S3 with life cycle management to clear objects after x days. +- Logs streamed to CloudWatch. +- Runner agents registered automatically. + +The runner support 3 main scenario's: + +### GitLab CI docker-machine runner - one runner agent +In this scenario the runner agent is running on a single EC2 node and runners are created by [docker machine](https://docs.gitlab.com/runner/configuration/autoscale.html) using spot instances. Runners will scale automatically based on configuration. The module creates by default a S3 cache that is shared cross runners (spot instances). + +![runners-default](https://github.com/npalm/assets/raw/master/images/terraform-aws-gitlab-runner/runner-default.png) + +### GitLab CI docker-machine runner - multiple runner agents +In this scenario the multiple runner agents can be created with different configuration by instantiating the module multiple times. Runners will scale automatically based on configuration. The S3 cache can be shared cross runners by managing the cache outside the module. + +![runners-cache](https://github.com/npalm/assets/raw/master/images/terraform-aws-gitlab-runner/runner-cache.png) + +### GitLab Ci docker runner +In this scenario *not* docker machine is used but docker to schedule the builds. Builds will run on the same EC2 instance as the agent. No auto scaling is supported. + +![runners-docker](https://github.com/npalm/assets/raw/master/images/terraform-aws-gitlab-runner/runner-docker.png) -In addition to the auto scaling option (docker+machine executor) the docker executor is supported for a single node. ## Prerequisites ### Terraform -Ensure you have Terraform installed, see `.terraform-version` for the used version. A handy tool to mange your Terraform version is [tfenv](https://github.com/kamatama41/tfenv). +Ensure you have Terraform installed the modules is based on Terraform 0.11, see `.terraform-version` for the used version. A handy tool to mange your Terraform version is [tfenv](https://github.com/kamatama41/tfenv). On macOS it is simple to install `tfenv` using brew. -```sh +``` sh brew install tfenv ``` Next install a Terraform version. -```sh +``` sh tfenv install ``` ### AWS -Export your AWS Security Credentials: +Ensure you have setup you AWS credentials. The module requires access to IAM, EC2, CloudWatch, S3 and SSM. + -```sh -export AWS_ACCESS_KEY_ID=... -export AWS_SECRET_ACCESS_KEY=... -``` ### Service linked roles -The gitlab runner EC2 instance requires the following service linked roles: +The GitLab runner EC2 instance requires the following service linked roles: -- AWSServiceRoleForAutoScaling -- AWSServiceRoleForEC2Spot + - AWSServiceRoleForAutoScaling + - AWSServiceRoleForEC2Spot By default the EC2 instance is allowed to create the required roles, but this can be disabled by setting the option `allow_iam_service_linked_role_creation` to `false`. If disabled you must ensure the roles exist. You can create them manually or via Terraform. -```hcl +``` hcl resource "aws_iam_service_linked_role" "spot" { aws_service_name = "spot.amazonaws.com" } @@ -67,7 +83,7 @@ By default the runner is registered on initial deployment. In previous versions To register the runner automatically set the variable `gitlab_runner_registration_config["token"]`. This token value can be found in your GitLab project, group, or global settings. For a generic runner you can find the token in the admin section. By default the runner will be locked to the target project, not run untagged. Below is an example of the configuration map. -```hcl +``` hcl gitlab_runner_registration_config = { registration_token = "" tag_list = "" @@ -80,7 +96,7 @@ gitlab_runner_registration_config = { For migration to the new setup simply add the runner token to the parameter store. Once the runner is started it will lookup the required values via the parameter store. If the value is `null` a new runner will be created. -```sh +``` sh # set the following variables, look up the variables in your Terraform config. # see your Terraform variables to fill in the vars below. aws-region=<${var.aws_region}> @@ -94,13 +110,19 @@ Once you have created the parameter, you must remove the variable `runners_token Finally, the runner still supports the manual runner creation. No changes are required. Please keep in mind that this setup will be removed in future releases. +### GitLab runner cache + +By default the module creates a a cache for the runner in S3. Old objects are automatically remove via a configurable life cycle policy on the bucket. + +Creation of the bucket can be disabled and managed outside this module. A good use case is for sharing the cache cross multiple runners. For this purpose the cache is implemented as sub module. For more details see the [cache module](./cache). An example implementation of this use case can be find in the [runner-public](./examples/runner-public) example. + ## Usage ### Configuration Update the variables in `terraform.tfvars` according to your needs and add the following variables. See the previous step for instructions on how to obtain the token. -```hcl +``` hcl runner_name = "NAME_OF_YOUR_RUNNER" gitlab_url = "GITLAB_URL" runner_token = "RUNNER_TOKEN" @@ -110,72 +132,70 @@ The base image used to host the GitLab Runner agent is the latest available Amaz ### Usage module -```hcl +Below a basic examples of usages of the module. The dependencies such as a VPC, and SSH keys have a look at the [default example](./examples/runner-default). + +``` hcl + module "runner" { source = "npalm/gitlab-runner/aws" - version = "3.2.0" + version = "3.6.0" - aws_region = "${var.aws_region}" - environment = "${var.environment}" - ssh_public_key = "${file("${var.ssh_key_file}")}" + aws_region = "eu-west-1" + environment = "spot-runners" + + ssh_public_key = "${local_file.public_ssh_key.content}" vpc_id = "${module.vpc.vpc_id}" subnet_ids_gitlab_runner = "${module.vpc.private_subnets}" subnet_id_runners = "${element(module.vpc.private_subnets, 0)}" - runners_name = "my-spot-runner" - runners_gitlab_url = "https://www.gitlab.com" + runners_name = "aws-spot-instance-runner" + runners_gitlab_url = "https://gitlab.com" gitlab_runner_registration_config = { - registration_token = "" + registration_token = "${var.registration_token}" tag_list = "docker_spot_runner" - description = "Docker AWS Spot runner" + description = "runner default - auto" locked_to_project = "true" run_untagged = "false" maximum_timeout = "3600" } - - runners_off_peak_timezone = "Europe/Amsterdam" - runners_off_peak_idle_count = 0 - runners_off_peak_idle_time = 60 - - # working 9 to 5 :) - runners_off_peak_periods = "[\"* * 0-9,17-23 * * mon-fri *\", \"* * * * * sat,sun *\"]" } ``` -## Example +## Examples -A few [examples](examples) are provided. Use the following steps to deploy. Ensure your AWS and Terraform environment is set up correctly. All commands below should be run from the `terraform-aws-gitlab-runner/examples` directory. +A few [examples](examples) are provided. Use the following steps to deploy. Ensure your AWS and Terraform environment is set up correctly. All commands below should be run from the `terraform-aws-gitlab-runner/examples/` directory. -### AWS keys +### SSH keys SSH keys are generated by Terraform and stored in the `generated` directory of each example directory. -### Configure GitLab +### Versions -*This step is not needed anymore* Configure you runner via `gitlab_runner_registration_config`. Configuring GitLab via the step below is only needed when you choose to create the token manually and set the `runners_token` variable. +THe version of Terraform is locked down via tfenv, see the `.terraform-version` file for the expected versions. Providers are locked down as will in the `providers.tf` file. -Register a new runner: +### Configure -```sh -docker run -it --rm gitlab/gitlab-runner register +The examples are configured with defaults that should wrk in general. THe samples are in general configured for the region Ireland `eu-west-1`. The only parameter that needs to be provided is the GitLab registration token. The token can be find in GitLab in the runner section (global, group or repo scope). Create a file `terrafrom.tfvars` and the registration token. + +``` +registration_token = "MY_TOKEN" ``` -Once done, lookup the token in GitLab and update the `terraform.tfvars` file. +### Run -## Create runner Run `terraform init` to initialize Terraform. Next you can run `terraform plan` to inspect the resources that will be created. To create the runner run: -```sh +``` sh terraform apply ``` To destroy runner: -```sh +``` sh terraform destroy ``` diff --git a/_docs/TF_MODULE.md b/_docs/TF_MODULE.md index f92f23b22..49099da8e 100644 --- a/_docs/TF_MODULE.md +++ b/_docs/TF_MODULE.md @@ -7,6 +7,7 @@ | ami\_owners | The list of owners used to select the AMI of Gitlab runner agent instances. | list | `` | no | | aws\_region | AWS region. | string | n/a | yes | | aws\_zone | AWS availability zone (typically 'a', 'b', or 'c'). | string | `"a"` | no | +| cache\_bucket | Configuration to control the creation of th the cache bucket. By default the bucket will be crated and used as shared cache. To use the same cache cross multiple runners disable the cration of the cache and provice a policy and bucket name. See the public runner example for more details. | map | `` | no | | cache\_bucket\_prefix | Prefix for s3 cache bucket name. | string | `""` | no | | cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | string | `"false"` | no | | cache\_expiration\_days | Number of days before cache objects expires. | string | `"1"` | no | diff --git a/bucket.tf b/bucket.tf deleted file mode 100644 index 3538dbca3..000000000 --- a/bucket.tf +++ /dev/null @@ -1,29 +0,0 @@ -data "aws_caller_identity" "current" {} - -resource "aws_s3_bucket" "build_cache" { - bucket = "${var.cache_bucket_prefix}${data.aws_caller_identity.current.account_id}-gitlab-runner-cache" - acl = "private" - - tags = "${local.tags}" - - force_destroy = true - - versioning { - enabled = "${var.cache_bucket_versioning}" - } - - lifecycle_rule { - id = "clear" - enabled = true - - prefix = "runner/" - - expiration { - days = "${var.cache_expiration_days}" - } - - noncurrent_version_expiration { - days = "${var.cache_expiration_days}" - } - } -} diff --git a/cache/README.md b/cache/README.md new file mode 100644 index 000000000..92dcd0846 --- /dev/null +++ b/cache/README.md @@ -0,0 +1,45 @@ +# Cache module + +This sub module creates an S3 bucket for build caches. The cache will have by default a life cycle policy the module will create a policy that can be used to access the cache. + +## Usages + +``` + +module "cache" { + source = "https://github.com/npalm/terraform-aws-gitlab-runner/tree/move-cache-to-moudle/cache" + environment = "cache" +} + +module "runner" { + source = "npalm/gitlab-runner/aws" + + ... + + cache_bucket = { + create = false + policy = "${module.cache.policy_arn}" + bucket = "${module.cache.bucket}" + } + +} +``` + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| cache\_bucket\_prefix | Prefix for s3 cache bucket name. | string | `""` | no | +| cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | string | `"false"` | no | +| cache\_expiration\_days | Number of days before cache objects expires. | string | `"1"` | no | +| create\_cache\_bucket | This module is by default included in the runner module. To disable the creation of the bucket this paramter can be disabled. | string | `"true"` | no | +| environment | A name that identifies the environment, used as prefix and for tagging. | string | n/a | yes | +| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | map | `` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| arn | The ARN of the created bucket. | +| bucket | Name of the created bucket. | +| policy\_arn | Policy for users of the cache (bucket). | diff --git a/cache/_docs/README.md b/cache/_docs/README.md new file mode 100644 index 000000000..ad393ff7b --- /dev/null +++ b/cache/_docs/README.md @@ -0,0 +1,25 @@ +# Cache module + +This sub module creates an S3 bucket for build caches. The cache will have by default a life cycle policy the module will create a policy that can be used to access the cache. + +## Usages +``` + +module "cache" { + source = "https://github.com/npalm/terraform-aws-gitlab-runner/tree/move-cache-to-moudle/cache" + environment = "cache" +} + +module "runner" { + source = "npalm/gitlab-runner/aws" + + ... + + cache_bucket = { + create = false + policy = "${module.cache.policy_arn}" + bucket = "${module.cache.bucket}" + } + +} +``` diff --git a/cache/_docs/TF_MODULE.md b/cache/_docs/TF_MODULE.md new file mode 100644 index 000000000..7ab5b89ad --- /dev/null +++ b/cache/_docs/TF_MODULE.md @@ -0,0 +1,19 @@ +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| cache\_bucket\_prefix | Prefix for s3 cache bucket name. | string | `""` | no | +| cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | string | `"false"` | no | +| cache\_expiration\_days | Number of days before cache objects expires. | string | `"1"` | no | +| create\_cache\_bucket | This module is by default included in the runner module. To disable the creation of the bucket this paramter can be disabled. | string | `"true"` | no | +| environment | A name that identifies the environment, used as prefix and for tagging. | string | n/a | yes | +| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | map | `` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| arn | The ARN of the created bucket. | +| bucket | Name of the created bucket. | +| policy\_arn | Policy for users of the cache (bucket). | + diff --git a/cache/main.tf b/cache/main.tf new file mode 100644 index 000000000..fe87f5038 --- /dev/null +++ b/cache/main.tf @@ -0,0 +1,59 @@ +data "aws_caller_identity" "current" { + count = "${var.create_cache_bucket ? 1 : 0}" +} + +locals { + tags = "${merge(map("Name", format("%s", var.environment)), + map("Environment", format("%s", var.environment)), + var.tags)}" +} + +resource "aws_s3_bucket" "build_cache" { + count = "${var.create_cache_bucket ? 1 : 0}" + + bucket = "${var.cache_bucket_prefix}${data.aws_caller_identity.current.account_id}-gitlab-runner-cache" + acl = "private" + + tags = "${local.tags}" + + force_destroy = true + + versioning { + enabled = "${var.cache_bucket_versioning}" + } + + lifecycle_rule { + id = "clear" + enabled = true + + prefix = "runner/" + + expiration { + days = "${var.cache_expiration_days}" + } + + noncurrent_version_expiration { + days = "${var.cache_expiration_days}" + } + } +} + +data "template_file" "docker_machine_cache_policy" { + count = "${var.create_cache_bucket ? 1 : 0}" + + template = "${file("${path.module}/policies/cache.json")}" + + vars { + s3_cache_arn = "${aws_s3_bucket.build_cache.arn}" + } +} + +resource "aws_iam_policy" "docker_machine_cache" { + count = "${var.create_cache_bucket ? 1 : 0}" + + name = "${var.environment}-docker-machine-cache" + path = "/" + description = "Policy for docker machine instance to access cache" + + policy = "${data.template_file.docker_machine_cache_policy.rendered}" +} diff --git a/cache/outputs.tf b/cache/outputs.tf new file mode 100644 index 000000000..e77c1f7fa --- /dev/null +++ b/cache/outputs.tf @@ -0,0 +1,14 @@ +output "policy_arn" { + description = "Policy for users of the cache (bucket)." + value = "${element(concat(aws_iam_policy.docker_machine_cache.*.arn, list("")), 0)}" +} + +output "bucket" { + description = "Name of the created bucket." + value = "${element(concat(aws_s3_bucket.build_cache.*.bucket, list("")), 0)}" +} + +output "arn" { + description = "The ARN of the created bucket." + value = "${element(concat(aws_s3_bucket.build_cache.*.arn, list("")), 0)}" +} diff --git a/cache/policies/cache.json b/cache/policies/cache.json new file mode 100644 index 000000000..ca138e004 --- /dev/null +++ b/cache/policies/cache.json @@ -0,0 +1,18 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "allowGitLabRunnersAccessCache", + "Effect": "Allow", + "Action": [ + "s3:PutObject", + "s3:PutObjectAcl", + "s3:GetObject", + "s3:GetObjectAcl" + ], + "Resource": [ + "${s3_cache_arn}/*" + ] + } + ] +} diff --git a/cache/variables.tf b/cache/variables.tf new file mode 100644 index 000000000..5b54d0a35 --- /dev/null +++ b/cache/variables.tf @@ -0,0 +1,33 @@ +variable "environment" { + description = "A name that identifies the environment, used as prefix and for tagging." + type = "string" +} + +variable "cache_bucket_prefix" { + description = "Prefix for s3 cache bucket name." + type = "string" + default = "" +} + +variable "cache_bucket_versioning" { + description = "Boolean used to enable versioning on the cache bucket, false by default." + type = "string" + default = "false" +} + +variable "cache_expiration_days" { + description = "Number of days before cache objects expires." + default = 1 +} + +variable "tags" { + description = "Map of tags that will be added to created resources. By default resources will be tagged with name and environment." + type = "map" + default = {} +} + +variable "create_cache_bucket" { + description = "This module is by default included in the runner module. To disable the creation of the bucket this paramter can be disabled." + type = "string" + default = true +} diff --git a/examples/runner-default/README.md b/examples/runner-default/README.md index 5a15030f9..2cc9797d3 100644 --- a/examples/runner-default/README.md +++ b/examples/runner-default/README.md @@ -1,10 +1,15 @@ -# Example - Spot Runner - Private subnets +# Example - Spot Runner - Private subnet -Example how to run builds on spot instances in a private subnet. +In this scenario the runner agent is running on a single EC2 node and runners are created by [docker machine](https://docs.gitlab.com/runner/configuration/autoscale.html) using spot instances. Runners will scale automatically based on configuration. The module creates by default a S3 cache that is shared cross runners (spot instances). -## Prerequisite +![runners-default](https://github.com/npalm/assets/raw/master/images/terraform-aws-gitlab-runner/runner-default.png) -The terraform version is managed using [tfenv](https://github.com/Zordrak/tfenv). If you are not using `tfenv` please check `.terraform-version` for the tested version. +This examples shows: + + - Usages of public / private subnets. + - Usages of runner of peak time mode configuration. + - Registration via GitLab token. + - Auto scaling using `docker+machine` executor. ## Inputs diff --git a/examples/runner-default/_docs/README.md b/examples/runner-default/_docs/README.md index ad1d5b803..9124cb6ef 100644 --- a/examples/runner-default/_docs/README.md +++ b/examples/runner-default/_docs/README.md @@ -1,7 +1,11 @@ -# Example - Spot Runner - Private subnets +# Example - Spot Runner - Private subnet -Example how to run builds on spot instances in a private subnet. +In this scenario the runner agent is running on a single EC2 node and runners are created by [docker machine](https://docs.gitlab.com/runner/configuration/autoscale.html) using spot instances. Runners will scale automatically based on configuration. The module creates by default a S3 cache that is shared cross runners (spot instances). -## Prerequisite +![runners-default](https://github.com/npalm/assets/raw/master/images/terraform-aws-gitlab-runner/runner-default.png) -The terraform version is managed using [tfenv](https://github.com/Zordrak/tfenv). If you are not using `tfenv` please check `.terraform-version` for the tested version. +This examples shows: +- Usages of public / private subnets. +- Usages of runner of peak time mode configuration. +- Registration via GitLab token. +- Auto scaling using `docker+machine` executor. diff --git a/examples/runner-docker/README.md b/examples/runner-docker/README.md index 1f32b8dc1..f75e582e4 100644 --- a/examples/runner-docker/README.md +++ b/examples/runner-docker/README.md @@ -1,6 +1,8 @@ # Example - Runner - Docker runner -Example how create a gitlab runner using the docker executor on a single node, running in a private subnet. +In this scenario the docker executor is used to schedule the builds. Builds will run on the same EC2 instance as the agent. No auto scaling is supported. + +![runners-docker](https://github.com/npalm/assets/raw/master/images/terraform-aws-gitlab-runner/runner-docker.png) ## Prerequisite diff --git a/examples/runner-docker/_docs/README.md b/examples/runner-docker/_docs/README.md index 8c920e836..1c01c75eb 100644 --- a/examples/runner-docker/_docs/README.md +++ b/examples/runner-docker/_docs/README.md @@ -1,6 +1,9 @@ # Example - Runner - Docker runner -Example how create a gitlab runner using the docker executor on a single node, running in a private subnet. +In this scenario the docker executor is used to schedule the builds. Builds will run on the same EC2 instance as the agent. No auto scaling is supported. + +![runners-docker](https://github.com/npalm/assets/raw/master/images/terraform-aws-gitlab-runner/runner-docker.png) + ## Prerequisite diff --git a/examples/runner-public/README.md b/examples/runner-public/README.md index 39bedb334..1bdaba8b3 100644 --- a/examples/runner-public/README.md +++ b/examples/runner-public/README.md @@ -1,10 +1,20 @@ # Example - Spot Runner - Public subnets -Example how create a gitlab runner, running in a public subnet. +In this scenario the multiple runner agents can be created with different configuration by instantiating the module multiple times. Runners will scale automatically based on configuration. The S3 cache can be shared cross runners by managing the cache outside the module. + +![runners-cache](https://github.com/npalm/assets/raw/master/images/terraform-aws-gitlab-runner/runner-cache.png) + +This examples shows: + + - Usages of public subnets. + - Useages of multiple runner instances sharing a common cache. + - Overrides for tag naming. + - Registration via GitLab token. + - Auto scaling using `docker+machine` executor. ## Prerequisite -The terraform version is managed using [tfenv](https://github.com/Zordrak/tfenv). If you are not using `tfenv` please check `.terraform-version` for the tested version. +The Terraform version is managed using [tfenv](https://github.com/Zordrak/tfenv). If you are not using `tfenv` please check `.terraform-version` for the tested version. ## Inputs diff --git a/examples/runner-public/_docs/README.md b/examples/runner-public/_docs/README.md index 38c477c98..ea5e96538 100644 --- a/examples/runner-public/_docs/README.md +++ b/examples/runner-public/_docs/README.md @@ -1,7 +1,18 @@ # Example - Spot Runner - Public subnets -Example how create a gitlab runner, running in a public subnet. +In this scenario the multiple runner agents can be created with different configuration by instantiating the module multiple times. Runners will scale automatically based on configuration. The S3 cache can be shared cross runners by managing the cache outside the module. + +![runners-cache](https://github.com/npalm/assets/raw/master/images/terraform-aws-gitlab-runner/runner-cache.png) + +This examples shows: +- Usages of public subnets. +- Useages of multiple runner instances sharing a common cache. +- Overrides for tag naming. +- Registration via GitLab token. +- Auto scaling using `docker+machine` executor. + ## Prerequisite -The terraform version is managed using [tfenv](https://github.com/Zordrak/tfenv). If you are not using `tfenv` please check `.terraform-version` for the tested version. +The Terraform version is managed using [tfenv](https://github.com/Zordrak/tfenv). If you are not using `tfenv` please check `.terraform-version` for the tested version. + diff --git a/examples/runner-public/main.tf b/examples/runner-public/main.tf index 35c36a5ac..2f3e26e8b 100644 --- a/examples/runner-public/main.tf +++ b/examples/runner-public/main.tf @@ -19,6 +19,11 @@ module "vpc" { } } +module "cache" { + source = "../../cache" + environment = "${var.environment}" +} + module "runner" { source = "../../" @@ -52,4 +57,48 @@ module "runner" { name_runner_agent_instance = "my-runner-agent" name_docker_machine_runners = "my-runners-dm" } + + cache_shared = "true" + + cache_bucket = { + create = false + policy = "${module.cache.policy_arn}" + bucket = "${module.cache.bucket}" + } +} + +module "runner2" { + source = "../../" + + aws_region = "${var.aws_region}" + environment = "${var.environment}-2" + + ssh_public_key = "${local_file.public_ssh_key.content}" + runners_use_private_address = false + + vpc_id = "${module.vpc.vpc_id}" + subnet_ids_gitlab_runner = "${module.vpc.public_subnets}" + subnet_id_runners = "${element(module.vpc.public_subnets, 0)}" + + docker_machine_spot_price_bid = "0.1" + + runners_name = "${var.runner_name}" + runners_gitlab_url = "${var.gitlab_url}" + + gitlab_runner_registration_config = { + registration_token = "${var.registration_token}" + tag_list = "docker_spot_runner_2" + description = "runner public - auto" + locked_to_project = "true" + run_untagged = "false" + maximum_timeout = "3600" + } + + cache_shared = "true" + + cache_bucket = { + create = false + policy = "${module.cache.policy_arn}" + bucket = "${module.cache.bucket}" + } } diff --git a/main.tf b/main.tf index 363baa6df..eef112f44 100644 --- a/main.tf +++ b/main.tf @@ -178,7 +178,7 @@ data "template_file" "runners" { runners_pre_clone_script = "${var.runners_pre_clone_script}" runners_request_concurrency = "${var.runners_request_concurrency}" runners_output_limit = "${var.runners_output_limit}" - bucket_name = "${aws_s3_bucket.build_cache.bucket}" + bucket_name = "${local.bucket_name}" shared_cache = "${var.cache_shared}" } } @@ -195,8 +195,8 @@ resource "aws_autoscaling_group" "gitlab_runner_instance" { tags = [ "${concat( - data.null_data_source.tags.*.outputs, - list(map("key", "Name", "value", local.name_runner_instance, "propagate_at_launch", true)))}", + data.null_data_source.tags.*.outputs, + list(map("key", "Name", "value", local.name_runner_instance, "propagate_at_launch", true)))}", ] } @@ -225,13 +225,33 @@ resource "aws_launch_configuration" "gitlab_runner_instance" { spot_price = "${var.runner_instance_spot_price}" iam_instance_profile = "${aws_iam_instance_profile.instance.name}" - associate_public_ip_address = "${!var.runners_use_private_address}" + associate_public_ip_address = "${! var.runners_use_private_address}" lifecycle { create_before_destroy = true } } +################################################################################ +### Create cache bucket +################################################################################ +locals { + bucket_name = "${var.cache_bucket["create"] ? module.cache.bucket : var.cache_bucket["bucket"]}" + bucket_policy = "${var.cache_bucket["create"] ? module.cache.policy_arn : var.cache_bucket["policy"]}" +} + +module "cache" { + source = "cache" + + environment = "${var.environment}" + tags = "${local.tags}" + + create_cache_bucket = "${var.cache_bucket["create"]}" + cache_bucket_prefix = "${var.cache_bucket_prefix}" + cache_bucket_versioning = "${var.cache_bucket_versioning}" + cache_expiration_days = "${var.cache_expiration_days}" +} + ################################################################################ ### Trust policy ################################################################################ @@ -272,25 +292,11 @@ resource "aws_iam_role_policy_attachment" "instance_docker_machine_policy" { ################################################################################ ### Policy for the docker machine instance to access cache ################################################################################ -data "template_file" "docker_machine_cache_policy" { - template = "${file("${path.module}/policies/cache.json")}" - - vars { - s3_cache_arn = "${aws_s3_bucket.build_cache.arn}" - } -} - -resource "aws_iam_policy" "docker_machine_cache" { - name = "${var.environment}-docker-machine-cache" - path = "/" - description = "Policy for docker machine instance to access cache" - - policy = "${data.template_file.docker_machine_cache_policy.rendered}" -} - resource "aws_iam_role_policy_attachment" "docker_machine_cache_instance" { - role = "${aws_iam_role.instance.name}" - policy_arn = "${aws_iam_policy.docker_machine_cache.arn}" + role = "${aws_iam_role.instance.name}" + + # policy_arn = "${aws_iam_policy.docker_machine_cache.arn}" + policy_arn = "${local.bucket_policy}" } ################################################################################ diff --git a/migrations/migration-state-3.7.x.sh b/migrations/migration-state-3.7.x.sh new file mode 100755 index 000000000..f3024196f --- /dev/null +++ b/migrations/migration-state-3.7.x.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +echo --- +echo --- Migration state for updates in Release 3.7.0 +echo --- +terraform state mv module.runner.aws_s3_bucket.build_cache module.runner.module.cache.aws_s3_bucket.build_cache +terraform state mv module.runner.aws_iam_policy.docker_machine_cache module.runner.module.cache.aws_iam_policy.docker_machine_cache diff --git a/outputs.tf b/outputs.tf index 443420035..372211a8f 100644 --- a/outputs.tf +++ b/outputs.tf @@ -5,7 +5,7 @@ output "runner_as_group_name" { output "runner_cache_bucket_arn" { description = "ARN of the S3 for the build cache." - value = "${aws_s3_bucket.build_cache.arn}" + value = "${module.cache.arn}" } output "runner_agent_role" { diff --git a/variables.tf b/variables.tf index 00b89b5c9..939c1d421 100644 --- a/variables.tf +++ b/variables.tf @@ -372,3 +372,14 @@ variable "overrides" { name_docker_machine_runners = "" } } + +variable "cache_bucket" { + description = "Configuration to control the creation of th the cache bucket. By default the bucket will be crated and used as shared cache. To use the same cache cross multiple runners disable the cration of the cache and provice a policy and bucket name. See the public runner example for more details." + type = "map" + + default = { + create = true + policy = "" + bucket = "" + } +} From a0d5c1c88ccbc7e6c2a9b0377b87ddab1ff33283 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Wed, 17 Jul 2019 08:45:48 +0200 Subject: [PATCH 5/5] Release 3.7.0 --- CHANGELOG.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3265c2be4..70a039f59 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). + +## 3.7.0 - 2019-07-17 +- Changed + - Creation of multiple instances of the runner is now supported. Cache is therefor moved to an internal module. Pleas see the example `runner-public` for a concrete sample. The change should have no effect if you apply the state migration script `migragations/migration-state-3.7.x.sh`. + - Examples are more generic by removing the time zone and AZ zone to variables. @@theBenForce + ## 3.6.0 - 2019-07-04 - Changed - Add option to specify pull policy for docker images by the runner. @roock @@ -138,7 +144,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/). - Update default AMI's to The latest Amazon Linux AMI 2017.09.1 - released on 2018-01-17. - Minor updates in the example -[Unreleased]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/3.5.0...HEAD +[Unreleased]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/3.7.0...HEAD +[3.7.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/3.6.0...3.7.0 +[3.6.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/3.5.0...3.6.0 [3.5.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/3.4.0...3.5.0 [3.4.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/3.3.0...3.4.0 [3.3.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/3.2.0...3.3.0