From d099b39b6f621d16ed1912e49a3e7db4f7dedde2 Mon Sep 17 00:00:00 2001
From: cuqmbr <me@cuqmbr.xyz>
Date: Fri, 10 Jan 2025 20:08:42 +0200
Subject: [PATCH] initial commit

---
 README.md                     | 103 ++++++++++++++++++++++++++++++++++
 defaults/main.yml             |   5 ++
 handlers/main.yml             |   6 ++
 meta/main.yml                 |  11 ++++
 molecule/default/converge.yml |  13 +++++
 molecule/default/molecule.yml |  18 ++++++
 tasks/main.yml                |  75 +++++++++++++++++++++++++
 templates/config.toml.j2      |  32 +++++++++++
 8 files changed, 263 insertions(+)
 create mode 100644 README.md
 create mode 100644 defaults/main.yml
 create mode 100644 handlers/main.yml
 create mode 100644 meta/main.yml
 create mode 100644 molecule/default/converge.yml
 create mode 100644 molecule/default/molecule.yml
 create mode 100644 tasks/main.yml
 create mode 100644 templates/config.toml.j2

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..575fe8d
--- /dev/null
+++ b/README.md
@@ -0,0 +1,103 @@
+Gitlab Runner
+=========
+
+Gitlab Runner installation and registration on Ubuntu 24.04.
+
+Requirements
+------------
+
+Docker engine must be insalled on the host for runner to function properly.
+
+Role Variables
+--------------
+
+Maximum number of concurrent pipelines (default: 1):  
+`gitlab_runner_concurrent: 1`
+
+Name displayed in Gitlab (default: Docker Runner):  
+`gitlab_runner_name: Docker Runner`
+
+Url of Gitlab instance to add runner to (default: https://gitlab.com/):  
+`gitlab_runner_api_url: https://gitlab.domain.tld/`
+
+Project (default: undefined):  
+`gitlab_runner_api_project: my_username/project_name`
+
+Project api token (default: undefined):  
+```
+gitlab_runner_api_token: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  36616663623162396637356631613539346362653630623062313262653532396161616663366166
+  3332663961396266373937653733626565656662346631630a623065313663303264376562346232
+  64316666336365313861633965666536663636633065326236653135363561393566336564373339
+  6438653437333766350a626431356431306536363132303263663537383636353966383934636538
+  62373337383964656338653262633538623235353431613462383664656565323139
+```
+
+Runner registration token (default: undefined):  
+```
+gitlab_runner_registration_token: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  66643138616232313362376635626538363031316430313433363533396237323961353831396534
+  3962333233643630326564626162343636626237643430640a653533383431356134376662643666
+  37666430393935333761386534326539393966616431383263396139613639623438653464313233
+  6333383661636565390a663363613533363363616232616463633530663639316238356462303631
+  38626430613033356466393637623964363638616364376561636465633734666265
+```
+
+Dependencies
+------------
+
+No dependencies.
+
+Example Playbook
+----------------
+
+```
+---
+- hosts: gitlab_ci
+
+  vars:
+    gitlab_runner_concurrent: 1
+    gitlab_runner_name: Docker Runner
+    gitlab_runner_api_url: https://gitlab.domain.tld/
+    gitlab_runner_api_project: my_username/my_name
+    gitlab_runner_api_token: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      36616663623162396637356631613539346362653630623062313262653532396161616663366166
+      3332663961396266373937653733626565656662346631630a623065313663303264376562346232
+      64316666336365313861633965666536663636633065326236653135363561393566336564373339
+      6438653437333766350a626431356431306536363132303263663537383636353966383934636538
+      62373337383964656338653262633538623235353431613462383664656565323139
+    gitlab_runner_registration_token: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      66643138616232313362376635626538363031316430313433363533396237323961353831396534
+      3962333233643630326564626162343636626237643430640a653533383431356134376662643666
+      37666430393935333761386534326539393966616431383263396139613639623438653464313233
+      6333383661636565390a663363613533363363616232616463633530663639316238356462303631
+      38626430613033356466393637623964363638616364376561636465633734666265
+
+  pre_tasks:
+    - name: Update apt cache.
+      ansible.builtin.apt:
+        update_cache: true
+        cache_valid_time: 86400
+
+  roles:
+    - role: cuqmbr.docker
+    - role: cuqmbr.gitlab_runner
+```
+
+TODO
+----------------
+
+Add support for other Linux distrubitions:
+
+- RHEL: Almalinux, RockyLinux 9 and 8
+- Debian: Debian 12 and 11, Ubuntu 24.04 and 22.04
+- Archlinux
+
+Make role more generic:
+
+- Add more runner installation configuration options (executors, settings ...)
+- Add support for registering without registration token
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..cc676e0
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+
+gitlab_runner_concurrent: 1
+gitlab_runner_name: Docker Runner
+gitlab_runner_api_url: https://gitlab.com/
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..3138d11
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Restart gitlab-runner service
+  ansible.builtin.service:
+    name: gitlab-runner
+    state: restarted
diff --git a/meta/main.yml b/meta/main.yml
new file mode 100644
index 0000000..ca15d8a
--- /dev/null
+++ b/meta/main.yml
@@ -0,0 +1,11 @@
+---
+galaxy_info:
+  role_name: gitlab_runner
+  author: cuqmbr
+  description: Gitlab Runner installation for Ubuntu 24.04
+  # issue_tracker_url: http://example.com/issue/tracker
+  license: MIT
+  min_ansible_version: "2.1"
+  galaxy_tags: []
+
+dependencies: []
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
new file mode 100644
index 0000000..384a6fb
--- /dev/null
+++ b/molecule/default/converge.yml
@@ -0,0 +1,13 @@
+---
+- name: Converge
+  hosts: all
+
+  pre_tasks:
+    - name: Update apt cache.
+      ansible.builtin.apt:
+        update_cache: true
+        cache_valid_time: 86400
+
+  roles:
+    - role: cuqmbr.docker
+    - role: cuqmbr.gitlab_runner
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
new file mode 100644
index 0000000..07deb62
--- /dev/null
+++ b/molecule/default/molecule.yml
@@ -0,0 +1,18 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: ubuntu-docker
+    pre_build_image: true
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
+    privileged: true
+provisioner:
+  name: ansible
+verifier:
+  name: ansible
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..f198162
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,75 @@
+---
+
+- name: Create apt keys installation directory.
+  ansible.builtin.file:
+    path: "/etc/apt/keyrings"
+    state: directory
+    mode: "0755"
+
+- name: Install dependencies.
+  ansible.builtin.apt:
+    name:
+      - debian-archive-keyring
+      - apt-transport-https
+    state: present
+
+# Key and Repository links are taken from official installation script
+# https://docs.gitlab.com/ee/topics/build_your_application.html
+# https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh
+
+- name: Add Gitlab Runner apt key.
+  ansible.builtin.get_url:
+    url: "https://packages.gitlab.com/runner/gitlab-runner/gpgkey"
+    dest: "/etc/apt/keyrings/runner_gitlab-runner-archive-keyring.asc"
+    mode: "0444"
+
+- name: Add Gitlab Runner apt repository.
+  ansible.builtin.apt_repository:
+    repo: "deb [signed-by=/etc/apt/keyrings/\
+           runner_gitlab-runner-archive-keyring.asc] \
+           https://packages.gitlab.com/runner/gitlab-runner/ubuntu \
+           noble main"
+    filename: runner_gitlab-runner
+    state: present
+    update_cache: true
+
+- name: Install Gitlab Runner apt package.
+  ansible.builtin.apt:
+    name: gitlab-runner
+    state: present
+
+- name: Install pythong dependencies for community.general.gitlab_runner module.
+  ansible.builtin.pip:
+    name: python-gitlab
+    state: present
+
+# Using deprecated method of regestiring runners
+# (with registration token) because I had issues with
+# api returning "403 Insufficient permissions" response.
+
+- name: Create runner in Gitlab project.
+  community.general.gitlab_runner:
+    api_url: "{{ gitlab_runner_api_url }}"
+    project: "{{ gitlab_runner_api_project }}"
+    api_token: "{{ gitlab_runner_api_token }}"
+    registration_token: "{{ gitlab_runner_registration_token }}"
+    description: "{{ gitlab_runner_name }}"
+    state: present
+    active: true
+    locked: true
+  register: runner
+
+- name: Install Gitlab Runner configuration file.
+  ansible.builtin.template:
+    src: templates/config.toml.j2
+    dest: /etc/gitlab-runner/config.toml
+    owner: root
+    group: root
+    mode: '0600'
+  notify:
+    - Restart gitlab-runner service
+
+- name: Enable gitlab-runner service.
+  ansible.builtin.service:
+    name: gitlab-runner
+    enabled: true
diff --git a/templates/config.toml.j2 b/templates/config.toml.j2
new file mode 100644
index 0000000..73a5eb3
--- /dev/null
+++ b/templates/config.toml.j2
@@ -0,0 +1,32 @@
+concurrent = {{ gitlab_runner_concurrent }}
+check_interval = 0
+connection_max_age = "15m0s"
+shutdown_timeout = 0
+
+[session_server]
+  session_timeout = 1800
+
+[[runners]]
+  name = "{{ gitlab_runner_name }}"
+  url = "{{ gitlab_runner_api_url }}"
+  id = {{ runner.runner.id }}
+  token = "{{ runner.runner.token }}"
+  token_obtained_at = {{ now(utc=true,fmt='%Y-%m-%dT%H:%M:%SZ') }}
+  token_expires_at = 0001-01-01T00:00:00Z
+  executor = "docker"
+  [runners.custom_build_dir]
+  [runners.cache]
+    MaxUploadedArchiveSize = 0
+    [runners.cache.s3]
+    [runners.cache.gcs]
+    [runners.cache.azure]
+  [runners.docker]
+    tls_verify = false
+    image = "debian:12"
+    privileged = false
+    disable_entrypoint_overwrite = false
+    oom_kill_disable = false
+    disable_cache = false
+    volumes = ["/cache"]
+    shm_size = 0
+    network_mtu = 0