From e3ebbf9232296269dd0e012bc8d76cf133a73908 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rin=20Am=C3=A9zquita?= <31933676+rin-amezquita@users.noreply.github.com> Date: Wed, 20 Nov 2019 11:02:34 -0600 Subject: [PATCH 01/13] Allowing tokens starting with -- (#159) --- template/gitlab-runner.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/gitlab-runner.tpl b/template/gitlab-runner.tpl index 45c136dbb..5fa75b0fd 100644 --- a/template/gitlab-runner.tpl +++ b/template/gitlab-runner.tpl @@ -48,7 +48,7 @@ then --form "maximum_timeout=${gitlab_runner_maximum_timeout}" \ --form "access_level=${gitlab_runner_access_level}" \ | jq -r .token) - aws ssm put-parameter --overwrite --type SecureString --name "${secure_parameter_store_runner_token_key}" --value $token --region "${secure_parameter_store_region}" + aws ssm put-parameter --overwrite --type SecureString --name "${secure_parameter_store_runner_token_key}" --value="$token" --region "${secure_parameter_store_region}" fi sed -i.bak s/__REPLACED_BY_USER_DATA__/`echo $token`/g /etc/gitlab-runner/config.toml From 525d44d04856d81d4a54ff82ae2270ae47a35835 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Thu, 21 Nov 2019 22:30:45 +0100 Subject: [PATCH 02/13] Umpdate docs and bump runner version to 12.5 --- README.md | 97 ------------------- _docs/TF_MODULE.md | 97 ------------------- cache/README.md | 20 ---- cache/_docs/TF_MODULE.md | 20 ---- examples/runner-default/README.md | 13 --- examples/runner-default/_docs/TF_MODULE.md | 13 --- examples/runner-docker/README.md | 12 --- examples/runner-docker/_docs/TF_MODULE.md | 12 --- examples/runner-pre-registered/README.md | 13 --- .../runner-pre-registered/_docs/TF_MODULE.md | 13 --- examples/runner-public/README.md | 12 --- examples/runner-public/_docs/TF_MODULE.md | 12 --- variables.tf | 2 +- 13 files changed, 1 insertion(+), 335 deletions(-) diff --git a/README.md b/README.md index 9c393e82b..b71344b6a 100644 --- a/README.md +++ b/README.md @@ -221,100 +221,3 @@ To destroy runner: ``` sh terraform destroy ``` - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| allow\_iam\_service\_linked\_role\_creation | Boolean used to control attaching the policy to a runner instance to create service linked roles. | bool | `"true"` | no | -| ami\_filter | List of maps used to create the AMI filter for the Gitlab runner agent AMI. Currently Amazon Linux 2 `amzn2-ami-hvm-2.0.????????-x86_64-ebs` looks to *not* be working for this configuration. | map(list(string)) | `` | no | -| ami\_owners | The list of owners used to select the AMI of Gitlab runner agent instances. | list(string) | `` | no | -| aws\_region | AWS region. | string | n/a | yes | -| aws\_zone | AWS availability zone (typically 'a', 'b', or 'c'). | string | `"a"` | no | -| cache\_bucket | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared cache. To use the same cache cross multiple runners disable the cration of the cache and provice a policy and bucket name. See the public runner example for more details. | map | `` | no | -| cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | bool | `"true"` | no | -| cache\_bucket\_prefix | Prefix for s3 cache bucket name. | string | `""` | no | -| cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | bool | `"false"` | no | -| cache\_expiration\_days | Number of days before cache objects expires. | number | `"1"` | no | -| cache\_shared | Enables cache sharing between runners, false by default. | bool | `"false"` | no | -| cloudwatch\_logging\_retention\_in\_days | Retention for cloudwatch logs. Defaults to unlimited | number | `"0"` | no | -| docker\_machine\_instance\_type | Instance type used for the instances hosting docker-machine. | string | `"m5a.large"` | no | -| docker\_machine\_options | List of additional options for the docker machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | list(string) | `` | no | -| docker\_machine\_role\_json | Docker machine runner instance override policy, expected to be in JSON format. | string | `""` | no | -| docker\_machine\_spot\_price\_bid | Spot price bid. | string | `"0.06"` | no | -| docker\_machine\_version | Version of docker-machine. | string | `"0.16.2"` | no | -| enable\_cloudwatch\_logging | Boolean used to enable or disable the CloudWatch logging. | bool | `"true"` | no | -| enable\_gitlab\_runner\_ssh\_access | Enables SSH Access to the gitlab runner instance. | bool | `"false"` | no | -| enable\_kms | Let the module manage a KMS key, logs will be encrypted via KMS. Be-aware of the costs of an custom key. | bool | `"false"` | no | -| enable\_manage\_gitlab\_token | Boolean to enable the management of the GitLab token in SSM. If `true` the token will be stored in SSM, which means the SSM property is a terraform managed resource. If `false` the Gitlab token will be stored in the SSM by the user-data script during creation of the the instance. However the SSM parameter is not managed by terraform and will remain in SSM after a `terraform destroy`. | bool | `"true"` | no | -| enable\_runner\_ssm\_access | Add IAM policies to the runner agent instance to connect via the Session Manager. | bool | `"false"` | no | -| enable\_runner\_user\_data\_trace\_log | Enable bash xtrace for the user data script that creates the EC2 instance for the runner agent. Be aware this could log sensitive data such as you GitLab runner token. | bool | `"false"` | no | -| enable\_schedule | Flag used to enable/disable auto scaling group schedule for the runner instance. | bool | `"false"` | no | -| environment | A name that identifies the environment, used as prefix and for tagging. | string | n/a | yes | -| gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | map(string) | `` | no | -| gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the gitlab runner instance. | list(string) | `` | no | -| gitlab\_runner\_version | Version of the GitLab runner. | string | `"12.4.1"` | no | -| instance\_role\_json | Default runner instance override policy, expected to be in JSON format. | string | `""` | no | -| instance\_type | Instance type used for the GitLab runner. | string | `"t3.micro"` | no | -| kms\_deletion\_window\_in\_days | Key rotation window, set to 0 for no rotation. Only used when `enable_kms` is set to `true`. | number | `"7"` | no | -| kms\_key\_id | KMS key id to encrypted the CloudWatch logs. Ensure CloudWatch has access to the provided KMS key. | string | `""` | no | -| overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` ovverrid the `Name` tag spot instances created by the runner agent. | map(string) | `` | no | -| runner\_ami\_filter | List of maps used to create the AMI filter for the Gitlab runner docker-machine AMI. | map(list(string)) | `` | no | -| runner\_ami\_owners | The list of owners used to select the AMI of Gitlab runner docker-machine instances. | list(string) | `` | no | -| runner\_instance\_spot\_price | By setting a spot price bid price the runner agent will be created via a spot request. Be aware that spot instances can be stopped by AWS. | string | `""` | no | -| runner\_root\_block\_device | The EC2 instance root block device configuration. Takes the following keys: `delete_on_termination`, `volume_type`, `volume_size`, `iops` | map(string) | `` | no | -| runners\_additional\_volumes | Additional volumes that will be used in the runner config.toml, e.g Docker socket | list | `` | no | -| runners\_concurrent | Concurrent value for the runners, will be used in the runner config.toml. | number | `"10"` | no | -| runners\_environment\_vars | Environment variables during build execution, e.g. KEY=Value, see runner-public example. Will be used in the runner config.toml | list(string) | `` | no | -| runners\_executor | The executor to use. Currently supports `docker+machine` or `docker`. | string | `"docker+machine"` | no | -| runners\_gitlab\_url | URL of the GitLab instance to connect to. | string | n/a | yes | -| runners\_iam\_instance\_profile\_name | IAM instance profile name of the runners, will be used in the runner config.toml | string | `""` | no | -| runners\_idle\_count | Idle count of the runners, will be used in the runner config.toml. | number | `"0"` | no | -| runners\_idle\_time | Idle time of the runners, will be used in the runner config.toml. | number | `"600"` | no | -| runners\_image | Image to run builds, will be used in the runner config.toml | string | `"docker:18.03.1-ce"` | no | -| runners\_limit | Limit for the runners, will be used in the runner config.toml. | number | `"0"` | no | -| runners\_max\_builds | Max builds for each runner after which it will be removed, will be used in the runner config.toml. By default set to 0, no maxBuilds will be set in the configuration. | number | `"0"` | no | -| runners\_monitoring | Enable detailed cloudwatch monitoring for spot instances. | bool | `"false"` | no | -| runners\_name | Name of the runner, will be used in the runner config.toml. | string | n/a | yes | -| runners\_off\_peak\_idle\_count | Off peak idle count of the runners, will be used in the runner config.toml. | number | `"0"` | no | -| runners\_off\_peak\_idle\_time | Off peak idle time of the runners, will be used in the runner config.toml. | number | `"0"` | no | -| runners\_off\_peak\_periods | Off peak periods of the runners, will be used in the runner config.toml. | string | `""` | no | -| runners\_off\_peak\_timezone | Off peak idle time zone of the runners, will be used in the runner config.toml. | string | `""` | no | -| runners\_output\_limit | Sets the maximum build log size in kilobytes, by default set to 4096 (4MB) | number | `"4096"` | no | -| runners\_post\_build\_script | Commands to be executed on the Runner just after executing the build, but before executing after_script. | string | `""` | no | -| runners\_pre\_build\_script | Script to execute in the pipeline just before the build, will be used in the runner config.toml | string | `""` | no | -| runners\_pre\_clone\_script | Commands to be executed on the Runner before cloning the Git repository. this can be used to adjust the Git client configuration first, for example. | string | `""` | no | -| runners\_privileged | Runners will run in privileged mode, will be used in the runner config.toml | bool | `"true"` | no | -| runners\_pull\_policy | pull_policy for the runners, will be used in the runner config.toml | string | `"always"` | no | -| runners\_request\_concurrency | Limit number of concurrent requests for new jobs from GitLab (default 1) | number | `"1"` | no | -| runners\_request\_spot\_instance | Whether or not to request spot instances via docker-machine | bool | `"true"` | no | -| runners\_root\_size | Runner instance root size in GB. | number | `"16"` | no | -| runners\_services\_volumes\_tmpfs | Mount temporary file systems to service containers. Must consist of pairs of strings e.g. "/var/lib/mysql" = "rw,noexec", see example | list | `` | no | -| runners\_shm\_size | shm_size for the runners, will be used in the runner config.toml | number | `"0"` | no | -| runners\_token | Token for the runner, will be used in the runner config.toml. | string | `"__REPLACED_BY_USER_DATA__"` | no | -| runners\_use\_private\_address | Restrict runners to the use of a private IP address | bool | `"true"` | no | -| runners\_volumes\_tmpfs | Mount temporary file systems to the main containers. Must consist of pairs of strings e.g. "/var/lib/mysql" = "rw,noexec", see example | list | `` | no | -| schedule\_config | Map containing the configuration of the ASG scale-in and scale-up for the runner instance. Will only be used if enable_schedule is set to true. | map | `` | no | -| secure\_parameter\_store\_runner\_token\_key | The key name used store the Gitlab runner token in Secure Parameter Store | string | `"runner-token"` | no | -| ssh\_key\_pair | Set this to use existing AWS key pair | string | `""` | no | -| ssh\_public\_key | Public SSH key used for the GitLab runner EC2 instance. | string | `""` | no | -| subnet\_id\_runners | List of subnets used for hosting the gitlab-runners. | string | n/a | yes | -| subnet\_ids\_gitlab\_runner | Subnet used for hosting the GitLab runner. | list(string) | n/a | yes | -| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | map(string) | `` | no | -| userdata\_post\_install | User-data script snippet to insert after GitLab runner install | string | `""` | no | -| userdata\_pre\_install | User-data script snippet to insert before GitLab runner install | string | `""` | no | -| vpc\_id | The target VPC for the docker-machine and runner instances. | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| runner\_agent\_role\_arn | ARN of the role used for the ec2 instance for the GitLab runner agent. | -| runner\_agent\_role\_name | Name of the role used for the ec2 instance for the GitLab runner agent. | -| runner\_agent\_sg\_id | ID of the security group attached to the GitLab runner agent. | -| runner\_as\_group\_name | Name of the autoscaling group for the gitlab-runner instance | -| runner\_cache\_bucket\_arn | ARN of the S3 for the build cache. | -| runner\_cache\_bucket\_name | Name of the S3 for the build cache. | -| runner\_role\_arn | ARN of the role used for the docker machine runners. | -| runner\_role\_name | Name of the role used for the docker machine runners. | -| runner\_sg\_id | ID of the security group attached to the docker machine runners. | diff --git a/_docs/TF_MODULE.md b/_docs/TF_MODULE.md index 299f40af2..e69de29bb 100644 --- a/_docs/TF_MODULE.md +++ b/_docs/TF_MODULE.md @@ -1,97 +0,0 @@ -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| allow\_iam\_service\_linked\_role\_creation | Boolean used to control attaching the policy to a runner instance to create service linked roles. | bool | `"true"` | no | -| ami\_filter | List of maps used to create the AMI filter for the Gitlab runner agent AMI. Currently Amazon Linux 2 `amzn2-ami-hvm-2.0.????????-x86_64-ebs` looks to *not* be working for this configuration. | map(list(string)) | `` | no | -| ami\_owners | The list of owners used to select the AMI of Gitlab runner agent instances. | list(string) | `` | no | -| aws\_region | AWS region. | string | n/a | yes | -| aws\_zone | AWS availability zone (typically 'a', 'b', or 'c'). | string | `"a"` | no | -| cache\_bucket | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared cache. To use the same cache cross multiple runners disable the cration of the cache and provice a policy and bucket name. See the public runner example for more details. | map | `` | no | -| cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | bool | `"true"` | no | -| cache\_bucket\_prefix | Prefix for s3 cache bucket name. | string | `""` | no | -| cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | bool | `"false"` | no | -| cache\_expiration\_days | Number of days before cache objects expires. | number | `"1"` | no | -| cache\_shared | Enables cache sharing between runners, false by default. | bool | `"false"` | no | -| cloudwatch\_logging\_retention\_in\_days | Retention for cloudwatch logs. Defaults to unlimited | number | `"0"` | no | -| docker\_machine\_instance\_type | Instance type used for the instances hosting docker-machine. | string | `"m5a.large"` | no | -| docker\_machine\_options | List of additional options for the docker machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | list(string) | `` | no | -| docker\_machine\_role\_json | Docker machine runner instance override policy, expected to be in JSON format. | string | `""` | no | -| docker\_machine\_spot\_price\_bid | Spot price bid. | string | `"0.06"` | no | -| docker\_machine\_version | Version of docker-machine. | string | `"0.16.2"` | no | -| enable\_cloudwatch\_logging | Boolean used to enable or disable the CloudWatch logging. | bool | `"true"` | no | -| enable\_gitlab\_runner\_ssh\_access | Enables SSH Access to the gitlab runner instance. | bool | `"false"` | no | -| enable\_kms | Let the module manage a KMS key, logs will be encrypted via KMS. Be-aware of the costs of an custom key. | bool | `"false"` | no | -| enable\_manage\_gitlab\_token | Boolean to enable the management of the GitLab token in SSM. If `true` the token will be stored in SSM, which means the SSM property is a terraform managed resource. If `false` the Gitlab token will be stored in the SSM by the user-data script during creation of the the instance. However the SSM parameter is not managed by terraform and will remain in SSM after a `terraform destroy`. | bool | `"true"` | no | -| enable\_runner\_ssm\_access | Add IAM policies to the runner agent instance to connect via the Session Manager. | bool | `"false"` | no | -| enable\_runner\_user\_data\_trace\_log | Enable bash xtrace for the user data script that creates the EC2 instance for the runner agent. Be aware this could log sensitive data such as you GitLab runner token. | bool | `"false"` | no | -| enable\_schedule | Flag used to enable/disable auto scaling group schedule for the runner instance. | bool | `"false"` | no | -| environment | A name that identifies the environment, used as prefix and for tagging. | string | n/a | yes | -| gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | map(string) | `` | no | -| gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the gitlab runner instance. | list(string) | `` | no | -| gitlab\_runner\_version | Version of the GitLab runner. | string | `"12.4.1"` | no | -| instance\_role\_json | Default runner instance override policy, expected to be in JSON format. | string | `""` | no | -| instance\_type | Instance type used for the GitLab runner. | string | `"t3.micro"` | no | -| kms\_deletion\_window\_in\_days | Key rotation window, set to 0 for no rotation. Only used when `enable_kms` is set to `true`. | number | `"7"` | no | -| kms\_key\_id | KMS key id to encrypted the CloudWatch logs. Ensure CloudWatch has access to the provided KMS key. | string | `""` | no | -| overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` ovverrid the `Name` tag spot instances created by the runner agent. | map(string) | `` | no | -| runner\_ami\_filter | List of maps used to create the AMI filter for the Gitlab runner docker-machine AMI. | map(list(string)) | `` | no | -| runner\_ami\_owners | The list of owners used to select the AMI of Gitlab runner docker-machine instances. | list(string) | `` | no | -| runner\_instance\_spot\_price | By setting a spot price bid price the runner agent will be created via a spot request. Be aware that spot instances can be stopped by AWS. | string | `""` | no | -| runner\_root\_block\_device | The EC2 instance root block device configuration. Takes the following keys: `delete_on_termination`, `volume_type`, `volume_size`, `iops` | map(string) | `` | no | -| runners\_additional\_volumes | Additional volumes that will be used in the runner config.toml, e.g Docker socket | list | `` | no | -| runners\_concurrent | Concurrent value for the runners, will be used in the runner config.toml. | number | `"10"` | no | -| runners\_environment\_vars | Environment variables during build execution, e.g. KEY=Value, see runner-public example. Will be used in the runner config.toml | list(string) | `` | no | -| runners\_executor | The executor to use. Currently supports `docker+machine` or `docker`. | string | `"docker+machine"` | no | -| runners\_gitlab\_url | URL of the GitLab instance to connect to. | string | n/a | yes | -| runners\_iam\_instance\_profile\_name | IAM instance profile name of the runners, will be used in the runner config.toml | string | `""` | no | -| runners\_idle\_count | Idle count of the runners, will be used in the runner config.toml. | number | `"0"` | no | -| runners\_idle\_time | Idle time of the runners, will be used in the runner config.toml. | number | `"600"` | no | -| runners\_image | Image to run builds, will be used in the runner config.toml | string | `"docker:18.03.1-ce"` | no | -| runners\_limit | Limit for the runners, will be used in the runner config.toml. | number | `"0"` | no | -| runners\_max\_builds | Max builds for each runner after which it will be removed, will be used in the runner config.toml. By default set to 0, no maxBuilds will be set in the configuration. | number | `"0"` | no | -| runners\_monitoring | Enable detailed cloudwatch monitoring for spot instances. | bool | `"false"` | no | -| runners\_name | Name of the runner, will be used in the runner config.toml. | string | n/a | yes | -| runners\_off\_peak\_idle\_count | Off peak idle count of the runners, will be used in the runner config.toml. | number | `"0"` | no | -| runners\_off\_peak\_idle\_time | Off peak idle time of the runners, will be used in the runner config.toml. | number | `"0"` | no | -| runners\_off\_peak\_periods | Off peak periods of the runners, will be used in the runner config.toml. | string | `""` | no | -| runners\_off\_peak\_timezone | Off peak idle time zone of the runners, will be used in the runner config.toml. | string | `""` | no | -| runners\_output\_limit | Sets the maximum build log size in kilobytes, by default set to 4096 (4MB) | number | `"4096"` | no | -| runners\_post\_build\_script | Commands to be executed on the Runner just after executing the build, but before executing after_script. | string | `""` | no | -| runners\_pre\_build\_script | Script to execute in the pipeline just before the build, will be used in the runner config.toml | string | `""` | no | -| runners\_pre\_clone\_script | Commands to be executed on the Runner before cloning the Git repository. this can be used to adjust the Git client configuration first, for example. | string | `""` | no | -| runners\_privileged | Runners will run in privileged mode, will be used in the runner config.toml | bool | `"true"` | no | -| runners\_pull\_policy | pull_policy for the runners, will be used in the runner config.toml | string | `"always"` | no | -| runners\_request\_concurrency | Limit number of concurrent requests for new jobs from GitLab (default 1) | number | `"1"` | no | -| runners\_request\_spot\_instance | Whether or not to request spot instances via docker-machine | bool | `"true"` | no | -| runners\_root\_size | Runner instance root size in GB. | number | `"16"` | no | -| runners\_services\_volumes\_tmpfs | Mount temporary file systems to service containers. Must consist of pairs of strings e.g. "/var/lib/mysql" = "rw,noexec", see example | list | `` | no | -| runners\_shm\_size | shm_size for the runners, will be used in the runner config.toml | number | `"0"` | no | -| runners\_token | Token for the runner, will be used in the runner config.toml. | string | `"__REPLACED_BY_USER_DATA__"` | no | -| runners\_use\_private\_address | Restrict runners to the use of a private IP address | bool | `"true"` | no | -| runners\_volumes\_tmpfs | Mount temporary file systems to the main containers. Must consist of pairs of strings e.g. "/var/lib/mysql" = "rw,noexec", see example | list | `` | no | -| schedule\_config | Map containing the configuration of the ASG scale-in and scale-up for the runner instance. Will only be used if enable_schedule is set to true. | map | `` | no | -| secure\_parameter\_store\_runner\_token\_key | The key name used store the Gitlab runner token in Secure Parameter Store | string | `"runner-token"` | no | -| ssh\_key\_pair | Set this to use existing AWS key pair | string | `""` | no | -| ssh\_public\_key | Public SSH key used for the GitLab runner EC2 instance. | string | `""` | no | -| subnet\_id\_runners | List of subnets used for hosting the gitlab-runners. | string | n/a | yes | -| subnet\_ids\_gitlab\_runner | Subnet used for hosting the GitLab runner. | list(string) | n/a | yes | -| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | map(string) | `` | no | -| userdata\_post\_install | User-data script snippet to insert after GitLab runner install | string | `""` | no | -| userdata\_pre\_install | User-data script snippet to insert before GitLab runner install | string | `""` | no | -| vpc\_id | The target VPC for the docker-machine and runner instances. | string | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| runner\_agent\_role\_arn | ARN of the role used for the ec2 instance for the GitLab runner agent. | -| runner\_agent\_role\_name | Name of the role used for the ec2 instance for the GitLab runner agent. | -| runner\_agent\_sg\_id | ID of the security group attached to the GitLab runner agent. | -| runner\_as\_group\_name | Name of the autoscaling group for the gitlab-runner instance | -| runner\_cache\_bucket\_arn | ARN of the S3 for the build cache. | -| runner\_cache\_bucket\_name | Name of the S3 for the build cache. | -| runner\_role\_arn | ARN of the role used for the docker machine runners. | -| runner\_role\_name | Name of the role used for the docker machine runners. | -| runner\_sg\_id | ID of the security group attached to the docker machine runners. | - diff --git a/cache/README.md b/cache/README.md index 182f5a482..85724ac62 100644 --- a/cache/README.md +++ b/cache/README.md @@ -24,23 +24,3 @@ module "runner" { } ``` - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | bool | `"true"` | no | -| cache\_bucket\_prefix | Prefix for s3 cache bucket name. | string | `""` | no | -| cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | string | `"false"` | no | -| cache\_expiration\_days | Number of days before cache objects expires. | number | `"1"` | no | -| create\_cache\_bucket | This module is by default included in the runner module. To disable the creation of the bucket this parameter can be disabled. | bool | `"true"` | no | -| environment | A name that identifies the environment, used as prefix and for tagging. | string | n/a | yes | -| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | map(string) | `` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| arn | The ARN of the created bucket. | -| bucket | Name of the created bucket. | -| policy\_arn | Policy for users of the cache (bucket). | diff --git a/cache/_docs/TF_MODULE.md b/cache/_docs/TF_MODULE.md index 067b6184b..e69de29bb 100644 --- a/cache/_docs/TF_MODULE.md +++ b/cache/_docs/TF_MODULE.md @@ -1,20 +0,0 @@ -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | bool | `"true"` | no | -| cache\_bucket\_prefix | Prefix for s3 cache bucket name. | string | `""` | no | -| cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | string | `"false"` | no | -| cache\_expiration\_days | Number of days before cache objects expires. | number | `"1"` | no | -| create\_cache\_bucket | This module is by default included in the runner module. To disable the creation of the bucket this parameter can be disabled. | bool | `"true"` | no | -| environment | A name that identifies the environment, used as prefix and for tagging. | string | n/a | yes | -| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | map(string) | `` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| arn | The ARN of the created bucket. | -| bucket | Name of the created bucket. | -| policy\_arn | Policy for users of the cache (bucket). | - diff --git a/examples/runner-default/README.md b/examples/runner-default/README.md index eef45930e..c68b98da7 100644 --- a/examples/runner-default/README.md +++ b/examples/runner-default/README.md @@ -14,16 +14,3 @@ This examples shows: ## Prerequisite The Terraform version is managed using [tfenv](https://github.com/Zordrak/tfenv). If you are not using `tfenv` please check `.terraform-version` for the tested version. - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| aws\_region | AWS region. | string | `"eu-west-1"` | no | -| environment | A name that identifies the environment, will used as prefix and for tagging. | string | `"runners-default"` | no | -| gitlab\_url | URL of the gitlab instance to connect to. | string | `"https://gitlab.com"` | no | -| private\_ssh\_key\_filename | | string | `"generated/id_rsa"` | no | -| public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | -| registration\_token | | string | n/a | yes | -| runner\_name | Name of the runner, will be used in the runner config.toml | string | `"default-auto"` | no | -| timezone | Name of the timezone that the runner will be used in. | string | `"Europe/Amsterdam"` | no | diff --git a/examples/runner-default/_docs/TF_MODULE.md b/examples/runner-default/_docs/TF_MODULE.md index 44f5d1709..e69de29bb 100644 --- a/examples/runner-default/_docs/TF_MODULE.md +++ b/examples/runner-default/_docs/TF_MODULE.md @@ -1,13 +0,0 @@ -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| aws\_region | AWS region. | string | `"eu-west-1"` | no | -| environment | A name that identifies the environment, will used as prefix and for tagging. | string | `"runners-default"` | no | -| gitlab\_url | URL of the gitlab instance to connect to. | string | `"https://gitlab.com"` | no | -| private\_ssh\_key\_filename | | string | `"generated/id_rsa"` | no | -| public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | -| registration\_token | | string | n/a | yes | -| runner\_name | Name of the runner, will be used in the runner config.toml | string | `"default-auto"` | no | -| timezone | Name of the timezone that the runner will be used in. | string | `"Europe/Amsterdam"` | no | - diff --git a/examples/runner-docker/README.md b/examples/runner-docker/README.md index 51949f7f0..5307c0514 100644 --- a/examples/runner-docker/README.md +++ b/examples/runner-docker/README.md @@ -20,15 +20,3 @@ In this scenario the docker executor is used to schedule the builds. Builds will ## Prerequisite The terraform version is managed using [tfenv](https://github.com/Zordrak/tfenv). If you are not using `tfenv` please check `.terraform-version` for the tested version. - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| aws\_region | AWS region. | string | `"eu-west-1"` | no | -| environment | A name that identifies the environment, will used as prefix and for tagging. | string | `"runners-docker"` | no | -| gitlab\_url | URL of the gitlab instance to connect to. | string | `"https://www.gitlab.com"` | no | -| private\_ssh\_key\_filename | | string | `"generated/id_rsa"` | no | -| public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | -| registration\_token | | string | n/a | yes | -| runner\_name | Name of the runner, will be used in the runner config.toml | string | `"docker"` | no | diff --git a/examples/runner-docker/_docs/TF_MODULE.md b/examples/runner-docker/_docs/TF_MODULE.md index 00ae47cd1..e69de29bb 100644 --- a/examples/runner-docker/_docs/TF_MODULE.md +++ b/examples/runner-docker/_docs/TF_MODULE.md @@ -1,12 +0,0 @@ -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| aws\_region | AWS region. | string | `"eu-west-1"` | no | -| environment | A name that identifies the environment, will used as prefix and for tagging. | string | `"runners-docker"` | no | -| gitlab\_url | URL of the gitlab instance to connect to. | string | `"https://www.gitlab.com"` | no | -| private\_ssh\_key\_filename | | string | `"generated/id_rsa"` | no | -| public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | -| registration\_token | | string | n/a | yes | -| runner\_name | Name of the runner, will be used in the runner config.toml | string | `"docker"` | no | - diff --git a/examples/runner-pre-registered/README.md b/examples/runner-pre-registered/README.md index b556f19bd..611be28b1 100644 --- a/examples/runner-pre-registered/README.md +++ b/examples/runner-pre-registered/README.md @@ -5,16 +5,3 @@ This is the previous default example. For this example you need to register the ## Prerequisite The terraform version is managed using [tfenv](https://github.com/Zordrak/tfenv). If you are not using `tfenv` please check `.terraform-version` for the tested version. - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| aws\_region | AWS region. | string | `"eu-west-1"` | no | -| environment | A name that identifies the environment, will used as prefix and for tagging. | string | `"ci-runners"` | no | -| gitlab\_url | URL of the gitlab instance to connect to. | string | n/a | yes | -| private\_ssh\_key\_filename | | string | `"generated/id_rsa"` | no | -| public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | -| runner\_name | Name of the runner, will be used in the runner config.toml | string | n/a | yes | -| runner\_token | Token for the runner, will be used in the runner config.toml | string | n/a | yes | -| timezone | Name of the timezone that the runner will be used in. | string | `"Europe/Amsterdam"` | no | diff --git a/examples/runner-pre-registered/_docs/TF_MODULE.md b/examples/runner-pre-registered/_docs/TF_MODULE.md index 4c6e7e323..e69de29bb 100644 --- a/examples/runner-pre-registered/_docs/TF_MODULE.md +++ b/examples/runner-pre-registered/_docs/TF_MODULE.md @@ -1,13 +0,0 @@ -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| aws\_region | AWS region. | string | `"eu-west-1"` | no | -| environment | A name that identifies the environment, will used as prefix and for tagging. | string | `"ci-runners"` | no | -| gitlab\_url | URL of the gitlab instance to connect to. | string | n/a | yes | -| private\_ssh\_key\_filename | | string | `"generated/id_rsa"` | no | -| public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | -| runner\_name | Name of the runner, will be used in the runner config.toml | string | n/a | yes | -| runner\_token | Token for the runner, will be used in the runner config.toml | string | n/a | yes | -| timezone | Name of the timezone that the runner will be used in. | string | `"Europe/Amsterdam"` | no | - diff --git a/examples/runner-public/README.md b/examples/runner-public/README.md index 82f41fbd9..011311ab9 100644 --- a/examples/runner-public/README.md +++ b/examples/runner-public/README.md @@ -16,15 +16,3 @@ This examples shows: ## Prerequisite The Terraform version is managed using [tfenv](https://github.com/Zordrak/tfenv). If you are not using `tfenv` please check `.terraform-version` for the tested version. - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| aws\_region | AWS region. | string | `"eu-west-1"` | no | -| environment | A name that identifies the environment, will used as prefix and for tagging. | string | `"runner-public"` | no | -| gitlab\_url | URL of the gitlab instance to connect to. | string | `"https://gitlab.com"` | no | -| private\_ssh\_key\_filename | | string | `"generated/id_rsa"` | no | -| public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | -| registration\_token | | string | n/a | yes | -| runner\_name | Name of the runner, will be used in the runner config.toml | string | `"public-auto"` | no | diff --git a/examples/runner-public/_docs/TF_MODULE.md b/examples/runner-public/_docs/TF_MODULE.md index cf7f668df..e69de29bb 100644 --- a/examples/runner-public/_docs/TF_MODULE.md +++ b/examples/runner-public/_docs/TF_MODULE.md @@ -1,12 +0,0 @@ -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| aws\_region | AWS region. | string | `"eu-west-1"` | no | -| environment | A name that identifies the environment, will used as prefix and for tagging. | string | `"runner-public"` | no | -| gitlab\_url | URL of the gitlab instance to connect to. | string | `"https://gitlab.com"` | no | -| private\_ssh\_key\_filename | | string | `"generated/id_rsa"` | no | -| public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | -| registration\_token | | string | n/a | yes | -| runner\_name | Name of the runner, will be used in the runner config.toml | string | `"public-auto"` | no | - diff --git a/variables.tf b/variables.tf index 0beb114c3..7cfb37e96 100644 --- a/variables.tf +++ b/variables.tf @@ -288,7 +288,7 @@ variable "cache_shared" { variable "gitlab_runner_version" { description = "Version of the GitLab runner." type = string - default = "12.4.1" + default = "12.5.0" } variable "enable_gitlab_runner_ssh_access" { From 5be1f36dba3f340ef33f524a1062fb9c7e500966 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Thu, 12 Dec 2019 18:44:23 +0100 Subject: [PATCH 03/13] Update docs --- README.md | 97 +++++++++++++++++++ _docs/TF_MODULE.md | 97 +++++++++++++++++++ cache/README.md | 20 ++++ cache/_docs/TF_MODULE.md | 20 ++++ examples/runner-default/README.md | 13 +++ examples/runner-default/_docs/TF_MODULE.md | 13 +++ examples/runner-docker/README.md | 12 +++ examples/runner-docker/_docs/TF_MODULE.md | 12 +++ examples/runner-pre-registered/README.md | 13 +++ .../runner-pre-registered/_docs/TF_MODULE.md | 13 +++ examples/runner-public/README.md | 12 +++ examples/runner-public/_docs/TF_MODULE.md | 12 +++ 12 files changed, 334 insertions(+) diff --git a/README.md b/README.md index b71344b6a..c162d60f5 100644 --- a/README.md +++ b/README.md @@ -221,3 +221,100 @@ To destroy runner: ``` sh terraform destroy ``` + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| allow\_iam\_service\_linked\_role\_creation | Boolean used to control attaching the policy to a runner instance to create service linked roles. | bool | `"true"` | no | +| ami\_filter | List of maps used to create the AMI filter for the Gitlab runner agent AMI. Currently Amazon Linux 2 `amzn2-ami-hvm-2.0.????????-x86_64-ebs` looks to *not* be working for this configuration. | map(list(string)) | `` | no | +| ami\_owners | The list of owners used to select the AMI of Gitlab runner agent instances. | list(string) | `` | no | +| aws\_region | AWS region. | string | n/a | yes | +| aws\_zone | AWS availability zone (typically 'a', 'b', or 'c'). | string | `"a"` | no | +| cache\_bucket | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared cache. To use the same cache cross multiple runners disable the cration of the cache and provice a policy and bucket name. See the public runner example for more details. | map | `` | no | +| cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | bool | `"true"` | no | +| cache\_bucket\_prefix | Prefix for s3 cache bucket name. | string | `""` | no | +| cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | bool | `"false"` | no | +| cache\_expiration\_days | Number of days before cache objects expires. | number | `"1"` | no | +| cache\_shared | Enables cache sharing between runners, false by default. | bool | `"false"` | no | +| cloudwatch\_logging\_retention\_in\_days | Retention for cloudwatch logs. Defaults to unlimited | number | `"0"` | no | +| docker\_machine\_instance\_type | Instance type used for the instances hosting docker-machine. | string | `"m5a.large"` | no | +| docker\_machine\_options | List of additional options for the docker machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | list(string) | `` | no | +| docker\_machine\_role\_json | Docker machine runner instance override policy, expected to be in JSON format. | string | `""` | no | +| docker\_machine\_spot\_price\_bid | Spot price bid. | string | `"0.06"` | no | +| docker\_machine\_version | Version of docker-machine. | string | `"0.16.2"` | no | +| enable\_cloudwatch\_logging | Boolean used to enable or disable the CloudWatch logging. | bool | `"true"` | no | +| enable\_gitlab\_runner\_ssh\_access | Enables SSH Access to the gitlab runner instance. | bool | `"false"` | no | +| enable\_kms | Let the module manage a KMS key, logs will be encrypted via KMS. Be-aware of the costs of an custom key. | bool | `"false"` | no | +| enable\_manage\_gitlab\_token | Boolean to enable the management of the GitLab token in SSM. If `true` the token will be stored in SSM, which means the SSM property is a terraform managed resource. If `false` the Gitlab token will be stored in the SSM by the user-data script during creation of the the instance. However the SSM parameter is not managed by terraform and will remain in SSM after a `terraform destroy`. | bool | `"true"` | no | +| enable\_runner\_ssm\_access | Add IAM policies to the runner agent instance to connect via the Session Manager. | bool | `"false"` | no | +| enable\_runner\_user\_data\_trace\_log | Enable bash xtrace for the user data script that creates the EC2 instance for the runner agent. Be aware this could log sensitive data such as you GitLab runner token. | bool | `"false"` | no | +| enable\_schedule | Flag used to enable/disable auto scaling group schedule for the runner instance. | bool | `"false"` | no | +| environment | A name that identifies the environment, used as prefix and for tagging. | string | n/a | yes | +| gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | map(string) | `` | no | +| gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the gitlab runner instance. | list(string) | `` | no | +| gitlab\_runner\_version | Version of the GitLab runner. | string | `"12.5.0"` | no | +| instance\_role\_json | Default runner instance override policy, expected to be in JSON format. | string | `""` | no | +| instance\_type | Instance type used for the GitLab runner. | string | `"t3.micro"` | no | +| kms\_deletion\_window\_in\_days | Key rotation window, set to 0 for no rotation. Only used when `enable_kms` is set to `true`. | number | `"7"` | no | +| kms\_key\_id | KMS key id to encrypted the CloudWatch logs. Ensure CloudWatch has access to the provided KMS key. | string | `""` | no | +| overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` ovverrid the `Name` tag spot instances created by the runner agent. | map(string) | `` | no | +| runner\_ami\_filter | List of maps used to create the AMI filter for the Gitlab runner docker-machine AMI. | map(list(string)) | `` | no | +| runner\_ami\_owners | The list of owners used to select the AMI of Gitlab runner docker-machine instances. | list(string) | `` | no | +| runner\_instance\_spot\_price | By setting a spot price bid price the runner agent will be created via a spot request. Be aware that spot instances can be stopped by AWS. | string | `""` | no | +| runner\_root\_block\_device | The EC2 instance root block device configuration. Takes the following keys: `delete_on_termination`, `volume_type`, `volume_size`, `iops` | map(string) | `` | no | +| runners\_additional\_volumes | Additional volumes that will be used in the runner config.toml, e.g Docker socket | list | `` | no | +| runners\_concurrent | Concurrent value for the runners, will be used in the runner config.toml. | number | `"10"` | no | +| runners\_environment\_vars | Environment variables during build execution, e.g. KEY=Value, see runner-public example. Will be used in the runner config.toml | list(string) | `` | no | +| runners\_executor | The executor to use. Currently supports `docker+machine` or `docker`. | string | `"docker+machine"` | no | +| runners\_gitlab\_url | URL of the GitLab instance to connect to. | string | n/a | yes | +| runners\_iam\_instance\_profile\_name | IAM instance profile name of the runners, will be used in the runner config.toml | string | `""` | no | +| runners\_idle\_count | Idle count of the runners, will be used in the runner config.toml. | number | `"0"` | no | +| runners\_idle\_time | Idle time of the runners, will be used in the runner config.toml. | number | `"600"` | no | +| runners\_image | Image to run builds, will be used in the runner config.toml | string | `"docker:18.03.1-ce"` | no | +| runners\_limit | Limit for the runners, will be used in the runner config.toml. | number | `"0"` | no | +| runners\_max\_builds | Max builds for each runner after which it will be removed, will be used in the runner config.toml. By default set to 0, no maxBuilds will be set in the configuration. | number | `"0"` | no | +| runners\_monitoring | Enable detailed cloudwatch monitoring for spot instances. | bool | `"false"` | no | +| runners\_name | Name of the runner, will be used in the runner config.toml. | string | n/a | yes | +| runners\_off\_peak\_idle\_count | Off peak idle count of the runners, will be used in the runner config.toml. | number | `"0"` | no | +| runners\_off\_peak\_idle\_time | Off peak idle time of the runners, will be used in the runner config.toml. | number | `"0"` | no | +| runners\_off\_peak\_periods | Off peak periods of the runners, will be used in the runner config.toml. | string | `""` | no | +| runners\_off\_peak\_timezone | Off peak idle time zone of the runners, will be used in the runner config.toml. | string | `""` | no | +| runners\_output\_limit | Sets the maximum build log size in kilobytes, by default set to 4096 (4MB) | number | `"4096"` | no | +| runners\_post\_build\_script | Commands to be executed on the Runner just after executing the build, but before executing after_script. | string | `""` | no | +| runners\_pre\_build\_script | Script to execute in the pipeline just before the build, will be used in the runner config.toml | string | `""` | no | +| runners\_pre\_clone\_script | Commands to be executed on the Runner before cloning the Git repository. this can be used to adjust the Git client configuration first, for example. | string | `""` | no | +| runners\_privileged | Runners will run in privileged mode, will be used in the runner config.toml | bool | `"true"` | no | +| runners\_pull\_policy | pull_policy for the runners, will be used in the runner config.toml | string | `"always"` | no | +| runners\_request\_concurrency | Limit number of concurrent requests for new jobs from GitLab (default 1) | number | `"1"` | no | +| runners\_request\_spot\_instance | Whether or not to request spot instances via docker-machine | bool | `"true"` | no | +| runners\_root\_size | Runner instance root size in GB. | number | `"16"` | no | +| runners\_services\_volumes\_tmpfs | Mount temporary file systems to service containers. Must consist of pairs of strings e.g. "/var/lib/mysql" = "rw,noexec", see example | list | `` | no | +| runners\_shm\_size | shm_size for the runners, will be used in the runner config.toml | number | `"0"` | no | +| runners\_token | Token for the runner, will be used in the runner config.toml. | string | `"__REPLACED_BY_USER_DATA__"` | no | +| runners\_use\_private\_address | Restrict runners to the use of a private IP address | bool | `"true"` | no | +| runners\_volumes\_tmpfs | Mount temporary file systems to the main containers. Must consist of pairs of strings e.g. "/var/lib/mysql" = "rw,noexec", see example | list | `` | no | +| schedule\_config | Map containing the configuration of the ASG scale-in and scale-up for the runner instance. Will only be used if enable_schedule is set to true. | map | `` | no | +| secure\_parameter\_store\_runner\_token\_key | The key name used store the Gitlab runner token in Secure Parameter Store | string | `"runner-token"` | no | +| ssh\_key\_pair | Set this to use existing AWS key pair | string | `""` | no | +| ssh\_public\_key | Public SSH key used for the GitLab runner EC2 instance. | string | `""` | no | +| subnet\_id\_runners | List of subnets used for hosting the gitlab-runners. | string | n/a | yes | +| subnet\_ids\_gitlab\_runner | Subnet used for hosting the GitLab runner. | list(string) | n/a | yes | +| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | map(string) | `` | no | +| userdata\_post\_install | User-data script snippet to insert after GitLab runner install | string | `""` | no | +| userdata\_pre\_install | User-data script snippet to insert before GitLab runner install | string | `""` | no | +| vpc\_id | The target VPC for the docker-machine and runner instances. | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| runner\_agent\_role\_arn | ARN of the role used for the ec2 instance for the GitLab runner agent. | +| runner\_agent\_role\_name | Name of the role used for the ec2 instance for the GitLab runner agent. | +| runner\_agent\_sg\_id | ID of the security group attached to the GitLab runner agent. | +| runner\_as\_group\_name | Name of the autoscaling group for the gitlab-runner instance | +| runner\_cache\_bucket\_arn | ARN of the S3 for the build cache. | +| runner\_cache\_bucket\_name | Name of the S3 for the build cache. | +| runner\_role\_arn | ARN of the role used for the docker machine runners. | +| runner\_role\_name | Name of the role used for the docker machine runners. | +| runner\_sg\_id | ID of the security group attached to the docker machine runners. | diff --git a/_docs/TF_MODULE.md b/_docs/TF_MODULE.md index e69de29bb..26d80835c 100644 --- a/_docs/TF_MODULE.md +++ b/_docs/TF_MODULE.md @@ -0,0 +1,97 @@ +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| allow\_iam\_service\_linked\_role\_creation | Boolean used to control attaching the policy to a runner instance to create service linked roles. | bool | `"true"` | no | +| ami\_filter | List of maps used to create the AMI filter for the Gitlab runner agent AMI. Currently Amazon Linux 2 `amzn2-ami-hvm-2.0.????????-x86_64-ebs` looks to *not* be working for this configuration. | map(list(string)) | `` | no | +| ami\_owners | The list of owners used to select the AMI of Gitlab runner agent instances. | list(string) | `` | no | +| aws\_region | AWS region. | string | n/a | yes | +| aws\_zone | AWS availability zone (typically 'a', 'b', or 'c'). | string | `"a"` | no | +| cache\_bucket | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared cache. To use the same cache cross multiple runners disable the cration of the cache and provice a policy and bucket name. See the public runner example for more details. | map | `` | no | +| cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | bool | `"true"` | no | +| cache\_bucket\_prefix | Prefix for s3 cache bucket name. | string | `""` | no | +| cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | bool | `"false"` | no | +| cache\_expiration\_days | Number of days before cache objects expires. | number | `"1"` | no | +| cache\_shared | Enables cache sharing between runners, false by default. | bool | `"false"` | no | +| cloudwatch\_logging\_retention\_in\_days | Retention for cloudwatch logs. Defaults to unlimited | number | `"0"` | no | +| docker\_machine\_instance\_type | Instance type used for the instances hosting docker-machine. | string | `"m5a.large"` | no | +| docker\_machine\_options | List of additional options for the docker machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | list(string) | `` | no | +| docker\_machine\_role\_json | Docker machine runner instance override policy, expected to be in JSON format. | string | `""` | no | +| docker\_machine\_spot\_price\_bid | Spot price bid. | string | `"0.06"` | no | +| docker\_machine\_version | Version of docker-machine. | string | `"0.16.2"` | no | +| enable\_cloudwatch\_logging | Boolean used to enable or disable the CloudWatch logging. | bool | `"true"` | no | +| enable\_gitlab\_runner\_ssh\_access | Enables SSH Access to the gitlab runner instance. | bool | `"false"` | no | +| enable\_kms | Let the module manage a KMS key, logs will be encrypted via KMS. Be-aware of the costs of an custom key. | bool | `"false"` | no | +| enable\_manage\_gitlab\_token | Boolean to enable the management of the GitLab token in SSM. If `true` the token will be stored in SSM, which means the SSM property is a terraform managed resource. If `false` the Gitlab token will be stored in the SSM by the user-data script during creation of the the instance. However the SSM parameter is not managed by terraform and will remain in SSM after a `terraform destroy`. | bool | `"true"` | no | +| enable\_runner\_ssm\_access | Add IAM policies to the runner agent instance to connect via the Session Manager. | bool | `"false"` | no | +| enable\_runner\_user\_data\_trace\_log | Enable bash xtrace for the user data script that creates the EC2 instance for the runner agent. Be aware this could log sensitive data such as you GitLab runner token. | bool | `"false"` | no | +| enable\_schedule | Flag used to enable/disable auto scaling group schedule for the runner instance. | bool | `"false"` | no | +| environment | A name that identifies the environment, used as prefix and for tagging. | string | n/a | yes | +| gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | map(string) | `` | no | +| gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the gitlab runner instance. | list(string) | `` | no | +| gitlab\_runner\_version | Version of the GitLab runner. | string | `"12.5.0"` | no | +| instance\_role\_json | Default runner instance override policy, expected to be in JSON format. | string | `""` | no | +| instance\_type | Instance type used for the GitLab runner. | string | `"t3.micro"` | no | +| kms\_deletion\_window\_in\_days | Key rotation window, set to 0 for no rotation. Only used when `enable_kms` is set to `true`. | number | `"7"` | no | +| kms\_key\_id | KMS key id to encrypted the CloudWatch logs. Ensure CloudWatch has access to the provided KMS key. | string | `""` | no | +| overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` ovverrid the `Name` tag spot instances created by the runner agent. | map(string) | `` | no | +| runner\_ami\_filter | List of maps used to create the AMI filter for the Gitlab runner docker-machine AMI. | map(list(string)) | `` | no | +| runner\_ami\_owners | The list of owners used to select the AMI of Gitlab runner docker-machine instances. | list(string) | `` | no | +| runner\_instance\_spot\_price | By setting a spot price bid price the runner agent will be created via a spot request. Be aware that spot instances can be stopped by AWS. | string | `""` | no | +| runner\_root\_block\_device | The EC2 instance root block device configuration. Takes the following keys: `delete_on_termination`, `volume_type`, `volume_size`, `iops` | map(string) | `` | no | +| runners\_additional\_volumes | Additional volumes that will be used in the runner config.toml, e.g Docker socket | list | `` | no | +| runners\_concurrent | Concurrent value for the runners, will be used in the runner config.toml. | number | `"10"` | no | +| runners\_environment\_vars | Environment variables during build execution, e.g. KEY=Value, see runner-public example. Will be used in the runner config.toml | list(string) | `` | no | +| runners\_executor | The executor to use. Currently supports `docker+machine` or `docker`. | string | `"docker+machine"` | no | +| runners\_gitlab\_url | URL of the GitLab instance to connect to. | string | n/a | yes | +| runners\_iam\_instance\_profile\_name | IAM instance profile name of the runners, will be used in the runner config.toml | string | `""` | no | +| runners\_idle\_count | Idle count of the runners, will be used in the runner config.toml. | number | `"0"` | no | +| runners\_idle\_time | Idle time of the runners, will be used in the runner config.toml. | number | `"600"` | no | +| runners\_image | Image to run builds, will be used in the runner config.toml | string | `"docker:18.03.1-ce"` | no | +| runners\_limit | Limit for the runners, will be used in the runner config.toml. | number | `"0"` | no | +| runners\_max\_builds | Max builds for each runner after which it will be removed, will be used in the runner config.toml. By default set to 0, no maxBuilds will be set in the configuration. | number | `"0"` | no | +| runners\_monitoring | Enable detailed cloudwatch monitoring for spot instances. | bool | `"false"` | no | +| runners\_name | Name of the runner, will be used in the runner config.toml. | string | n/a | yes | +| runners\_off\_peak\_idle\_count | Off peak idle count of the runners, will be used in the runner config.toml. | number | `"0"` | no | +| runners\_off\_peak\_idle\_time | Off peak idle time of the runners, will be used in the runner config.toml. | number | `"0"` | no | +| runners\_off\_peak\_periods | Off peak periods of the runners, will be used in the runner config.toml. | string | `""` | no | +| runners\_off\_peak\_timezone | Off peak idle time zone of the runners, will be used in the runner config.toml. | string | `""` | no | +| runners\_output\_limit | Sets the maximum build log size in kilobytes, by default set to 4096 (4MB) | number | `"4096"` | no | +| runners\_post\_build\_script | Commands to be executed on the Runner just after executing the build, but before executing after_script. | string | `""` | no | +| runners\_pre\_build\_script | Script to execute in the pipeline just before the build, will be used in the runner config.toml | string | `""` | no | +| runners\_pre\_clone\_script | Commands to be executed on the Runner before cloning the Git repository. this can be used to adjust the Git client configuration first, for example. | string | `""` | no | +| runners\_privileged | Runners will run in privileged mode, will be used in the runner config.toml | bool | `"true"` | no | +| runners\_pull\_policy | pull_policy for the runners, will be used in the runner config.toml | string | `"always"` | no | +| runners\_request\_concurrency | Limit number of concurrent requests for new jobs from GitLab (default 1) | number | `"1"` | no | +| runners\_request\_spot\_instance | Whether or not to request spot instances via docker-machine | bool | `"true"` | no | +| runners\_root\_size | Runner instance root size in GB. | number | `"16"` | no | +| runners\_services\_volumes\_tmpfs | Mount temporary file systems to service containers. Must consist of pairs of strings e.g. "/var/lib/mysql" = "rw,noexec", see example | list | `` | no | +| runners\_shm\_size | shm_size for the runners, will be used in the runner config.toml | number | `"0"` | no | +| runners\_token | Token for the runner, will be used in the runner config.toml. | string | `"__REPLACED_BY_USER_DATA__"` | no | +| runners\_use\_private\_address | Restrict runners to the use of a private IP address | bool | `"true"` | no | +| runners\_volumes\_tmpfs | Mount temporary file systems to the main containers. Must consist of pairs of strings e.g. "/var/lib/mysql" = "rw,noexec", see example | list | `` | no | +| schedule\_config | Map containing the configuration of the ASG scale-in and scale-up for the runner instance. Will only be used if enable_schedule is set to true. | map | `` | no | +| secure\_parameter\_store\_runner\_token\_key | The key name used store the Gitlab runner token in Secure Parameter Store | string | `"runner-token"` | no | +| ssh\_key\_pair | Set this to use existing AWS key pair | string | `""` | no | +| ssh\_public\_key | Public SSH key used for the GitLab runner EC2 instance. | string | `""` | no | +| subnet\_id\_runners | List of subnets used for hosting the gitlab-runners. | string | n/a | yes | +| subnet\_ids\_gitlab\_runner | Subnet used for hosting the GitLab runner. | list(string) | n/a | yes | +| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | map(string) | `` | no | +| userdata\_post\_install | User-data script snippet to insert after GitLab runner install | string | `""` | no | +| userdata\_pre\_install | User-data script snippet to insert before GitLab runner install | string | `""` | no | +| vpc\_id | The target VPC for the docker-machine and runner instances. | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| runner\_agent\_role\_arn | ARN of the role used for the ec2 instance for the GitLab runner agent. | +| runner\_agent\_role\_name | Name of the role used for the ec2 instance for the GitLab runner agent. | +| runner\_agent\_sg\_id | ID of the security group attached to the GitLab runner agent. | +| runner\_as\_group\_name | Name of the autoscaling group for the gitlab-runner instance | +| runner\_cache\_bucket\_arn | ARN of the S3 for the build cache. | +| runner\_cache\_bucket\_name | Name of the S3 for the build cache. | +| runner\_role\_arn | ARN of the role used for the docker machine runners. | +| runner\_role\_name | Name of the role used for the docker machine runners. | +| runner\_sg\_id | ID of the security group attached to the docker machine runners. | + diff --git a/cache/README.md b/cache/README.md index 85724ac62..182f5a482 100644 --- a/cache/README.md +++ b/cache/README.md @@ -24,3 +24,23 @@ module "runner" { } ``` + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | bool | `"true"` | no | +| cache\_bucket\_prefix | Prefix for s3 cache bucket name. | string | `""` | no | +| cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | string | `"false"` | no | +| cache\_expiration\_days | Number of days before cache objects expires. | number | `"1"` | no | +| create\_cache\_bucket | This module is by default included in the runner module. To disable the creation of the bucket this parameter can be disabled. | bool | `"true"` | no | +| environment | A name that identifies the environment, used as prefix and for tagging. | string | n/a | yes | +| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | map(string) | `` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| arn | The ARN of the created bucket. | +| bucket | Name of the created bucket. | +| policy\_arn | Policy for users of the cache (bucket). | diff --git a/cache/_docs/TF_MODULE.md b/cache/_docs/TF_MODULE.md index e69de29bb..067b6184b 100644 --- a/cache/_docs/TF_MODULE.md +++ b/cache/_docs/TF_MODULE.md @@ -0,0 +1,20 @@ +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | bool | `"true"` | no | +| cache\_bucket\_prefix | Prefix for s3 cache bucket name. | string | `""` | no | +| cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | string | `"false"` | no | +| cache\_expiration\_days | Number of days before cache objects expires. | number | `"1"` | no | +| create\_cache\_bucket | This module is by default included in the runner module. To disable the creation of the bucket this parameter can be disabled. | bool | `"true"` | no | +| environment | A name that identifies the environment, used as prefix and for tagging. | string | n/a | yes | +| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | map(string) | `` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| arn | The ARN of the created bucket. | +| bucket | Name of the created bucket. | +| policy\_arn | Policy for users of the cache (bucket). | + diff --git a/examples/runner-default/README.md b/examples/runner-default/README.md index c68b98da7..eef45930e 100644 --- a/examples/runner-default/README.md +++ b/examples/runner-default/README.md @@ -14,3 +14,16 @@ This examples shows: ## Prerequisite The Terraform version is managed using [tfenv](https://github.com/Zordrak/tfenv). If you are not using `tfenv` please check `.terraform-version` for the tested version. + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| aws\_region | AWS region. | string | `"eu-west-1"` | no | +| environment | A name that identifies the environment, will used as prefix and for tagging. | string | `"runners-default"` | no | +| gitlab\_url | URL of the gitlab instance to connect to. | string | `"https://gitlab.com"` | no | +| private\_ssh\_key\_filename | | string | `"generated/id_rsa"` | no | +| public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | +| registration\_token | | string | n/a | yes | +| runner\_name | Name of the runner, will be used in the runner config.toml | string | `"default-auto"` | no | +| timezone | Name of the timezone that the runner will be used in. | string | `"Europe/Amsterdam"` | no | diff --git a/examples/runner-default/_docs/TF_MODULE.md b/examples/runner-default/_docs/TF_MODULE.md index e69de29bb..44f5d1709 100644 --- a/examples/runner-default/_docs/TF_MODULE.md +++ b/examples/runner-default/_docs/TF_MODULE.md @@ -0,0 +1,13 @@ +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| aws\_region | AWS region. | string | `"eu-west-1"` | no | +| environment | A name that identifies the environment, will used as prefix and for tagging. | string | `"runners-default"` | no | +| gitlab\_url | URL of the gitlab instance to connect to. | string | `"https://gitlab.com"` | no | +| private\_ssh\_key\_filename | | string | `"generated/id_rsa"` | no | +| public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | +| registration\_token | | string | n/a | yes | +| runner\_name | Name of the runner, will be used in the runner config.toml | string | `"default-auto"` | no | +| timezone | Name of the timezone that the runner will be used in. | string | `"Europe/Amsterdam"` | no | + diff --git a/examples/runner-docker/README.md b/examples/runner-docker/README.md index 5307c0514..51949f7f0 100644 --- a/examples/runner-docker/README.md +++ b/examples/runner-docker/README.md @@ -20,3 +20,15 @@ In this scenario the docker executor is used to schedule the builds. Builds will ## Prerequisite The terraform version is managed using [tfenv](https://github.com/Zordrak/tfenv). If you are not using `tfenv` please check `.terraform-version` for the tested version. + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| aws\_region | AWS region. | string | `"eu-west-1"` | no | +| environment | A name that identifies the environment, will used as prefix and for tagging. | string | `"runners-docker"` | no | +| gitlab\_url | URL of the gitlab instance to connect to. | string | `"https://www.gitlab.com"` | no | +| private\_ssh\_key\_filename | | string | `"generated/id_rsa"` | no | +| public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | +| registration\_token | | string | n/a | yes | +| runner\_name | Name of the runner, will be used in the runner config.toml | string | `"docker"` | no | diff --git a/examples/runner-docker/_docs/TF_MODULE.md b/examples/runner-docker/_docs/TF_MODULE.md index e69de29bb..00ae47cd1 100644 --- a/examples/runner-docker/_docs/TF_MODULE.md +++ b/examples/runner-docker/_docs/TF_MODULE.md @@ -0,0 +1,12 @@ +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| aws\_region | AWS region. | string | `"eu-west-1"` | no | +| environment | A name that identifies the environment, will used as prefix and for tagging. | string | `"runners-docker"` | no | +| gitlab\_url | URL of the gitlab instance to connect to. | string | `"https://www.gitlab.com"` | no | +| private\_ssh\_key\_filename | | string | `"generated/id_rsa"` | no | +| public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | +| registration\_token | | string | n/a | yes | +| runner\_name | Name of the runner, will be used in the runner config.toml | string | `"docker"` | no | + diff --git a/examples/runner-pre-registered/README.md b/examples/runner-pre-registered/README.md index 611be28b1..b556f19bd 100644 --- a/examples/runner-pre-registered/README.md +++ b/examples/runner-pre-registered/README.md @@ -5,3 +5,16 @@ This is the previous default example. For this example you need to register the ## Prerequisite The terraform version is managed using [tfenv](https://github.com/Zordrak/tfenv). If you are not using `tfenv` please check `.terraform-version` for the tested version. + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| aws\_region | AWS region. | string | `"eu-west-1"` | no | +| environment | A name that identifies the environment, will used as prefix and for tagging. | string | `"ci-runners"` | no | +| gitlab\_url | URL of the gitlab instance to connect to. | string | n/a | yes | +| private\_ssh\_key\_filename | | string | `"generated/id_rsa"` | no | +| public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | +| runner\_name | Name of the runner, will be used in the runner config.toml | string | n/a | yes | +| runner\_token | Token for the runner, will be used in the runner config.toml | string | n/a | yes | +| timezone | Name of the timezone that the runner will be used in. | string | `"Europe/Amsterdam"` | no | diff --git a/examples/runner-pre-registered/_docs/TF_MODULE.md b/examples/runner-pre-registered/_docs/TF_MODULE.md index e69de29bb..4c6e7e323 100644 --- a/examples/runner-pre-registered/_docs/TF_MODULE.md +++ b/examples/runner-pre-registered/_docs/TF_MODULE.md @@ -0,0 +1,13 @@ +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| aws\_region | AWS region. | string | `"eu-west-1"` | no | +| environment | A name that identifies the environment, will used as prefix and for tagging. | string | `"ci-runners"` | no | +| gitlab\_url | URL of the gitlab instance to connect to. | string | n/a | yes | +| private\_ssh\_key\_filename | | string | `"generated/id_rsa"` | no | +| public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | +| runner\_name | Name of the runner, will be used in the runner config.toml | string | n/a | yes | +| runner\_token | Token for the runner, will be used in the runner config.toml | string | n/a | yes | +| timezone | Name of the timezone that the runner will be used in. | string | `"Europe/Amsterdam"` | no | + diff --git a/examples/runner-public/README.md b/examples/runner-public/README.md index 011311ab9..82f41fbd9 100644 --- a/examples/runner-public/README.md +++ b/examples/runner-public/README.md @@ -16,3 +16,15 @@ This examples shows: ## Prerequisite The Terraform version is managed using [tfenv](https://github.com/Zordrak/tfenv). If you are not using `tfenv` please check `.terraform-version` for the tested version. + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| aws\_region | AWS region. | string | `"eu-west-1"` | no | +| environment | A name that identifies the environment, will used as prefix and for tagging. | string | `"runner-public"` | no | +| gitlab\_url | URL of the gitlab instance to connect to. | string | `"https://gitlab.com"` | no | +| private\_ssh\_key\_filename | | string | `"generated/id_rsa"` | no | +| public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | +| registration\_token | | string | n/a | yes | +| runner\_name | Name of the runner, will be used in the runner config.toml | string | `"public-auto"` | no | diff --git a/examples/runner-public/_docs/TF_MODULE.md b/examples/runner-public/_docs/TF_MODULE.md index e69de29bb..cf7f668df 100644 --- a/examples/runner-public/_docs/TF_MODULE.md +++ b/examples/runner-public/_docs/TF_MODULE.md @@ -0,0 +1,12 @@ +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| aws\_region | AWS region. | string | `"eu-west-1"` | no | +| environment | A name that identifies the environment, will used as prefix and for tagging. | string | `"runner-public"` | no | +| gitlab\_url | URL of the gitlab instance to connect to. | string | `"https://gitlab.com"` | no | +| private\_ssh\_key\_filename | | string | `"generated/id_rsa"` | no | +| public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | +| registration\_token | | string | n/a | yes | +| runner\_name | Name of the runner, will be used in the runner config.toml | string | `"public-auto"` | no | + From e4e1b6685538f3fdc60c6f14ef1f4f7535caf773 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Thu, 12 Dec 2019 22:36:39 +0100 Subject: [PATCH 04/13] 165 allow eip for runner (#166) * Port EIP assignment from terraform 0.11 branch #165 * Port EIP assignment from terraform 0.11 branch #165 --- README.md | 2 ++ _docs/TF_MODULE.md | 2 ++ examples/runner-default/main.tf | 1 + examples/runner-docker/.terraform-version | 2 +- examples/runner-docker/main.tf | 10 +++--- main.tf | 37 +++++++++++++++++++++++ outputs.tf | 5 +++ policies/instance-eip.json | 13 ++++++++ template/eip.tpl | 4 +++ template/user-data.tpl | 14 ++++----- variables.tf | 6 ++++ 11 files changed, 83 insertions(+), 13 deletions(-) create mode 100644 policies/instance-eip.json create mode 100644 template/eip.tpl diff --git a/README.md b/README.md index c162d60f5..defe24c5c 100644 --- a/README.md +++ b/README.md @@ -244,6 +244,7 @@ terraform destroy | docker\_machine\_spot\_price\_bid | Spot price bid. | string | `"0.06"` | no | | docker\_machine\_version | Version of docker-machine. | string | `"0.16.2"` | no | | enable\_cloudwatch\_logging | Boolean used to enable or disable the CloudWatch logging. | bool | `"true"` | no | +| enable\_eip | Enable the assignment of an EIP to the gitlab runner instance | bool | `"false"` | no | | enable\_gitlab\_runner\_ssh\_access | Enables SSH Access to the gitlab runner instance. | bool | `"false"` | no | | enable\_kms | Let the module manage a KMS key, logs will be encrypted via KMS. Be-aware of the costs of an custom key. | bool | `"false"` | no | | enable\_manage\_gitlab\_token | Boolean to enable the management of the GitLab token in SSM. If `true` the token will be stored in SSM, which means the SSM property is a terraform managed resource. If `false` the Gitlab token will be stored in the SSM by the user-data script during creation of the the instance. However the SSM parameter is not managed by terraform and will remain in SSM after a `terraform destroy`. | bool | `"true"` | no | @@ -315,6 +316,7 @@ terraform destroy | runner\_as\_group\_name | Name of the autoscaling group for the gitlab-runner instance | | runner\_cache\_bucket\_arn | ARN of the S3 for the build cache. | | runner\_cache\_bucket\_name | Name of the S3 for the build cache. | +| runner\_eip | EIP of the Gitlab Runner | | runner\_role\_arn | ARN of the role used for the docker machine runners. | | runner\_role\_name | Name of the role used for the docker machine runners. | | runner\_sg\_id | ID of the security group attached to the docker machine runners. | diff --git a/_docs/TF_MODULE.md b/_docs/TF_MODULE.md index 26d80835c..312b049c9 100644 --- a/_docs/TF_MODULE.md +++ b/_docs/TF_MODULE.md @@ -20,6 +20,7 @@ | docker\_machine\_spot\_price\_bid | Spot price bid. | string | `"0.06"` | no | | docker\_machine\_version | Version of docker-machine. | string | `"0.16.2"` | no | | enable\_cloudwatch\_logging | Boolean used to enable or disable the CloudWatch logging. | bool | `"true"` | no | +| enable\_eip | Enable the assignment of an EIP to the gitlab runner instance | bool | `"false"` | no | | enable\_gitlab\_runner\_ssh\_access | Enables SSH Access to the gitlab runner instance. | bool | `"false"` | no | | enable\_kms | Let the module manage a KMS key, logs will be encrypted via KMS. Be-aware of the costs of an custom key. | bool | `"false"` | no | | enable\_manage\_gitlab\_token | Boolean to enable the management of the GitLab token in SSM. If `true` the token will be stored in SSM, which means the SSM property is a terraform managed resource. If `false` the Gitlab token will be stored in the SSM by the user-data script during creation of the the instance. However the SSM parameter is not managed by terraform and will remain in SSM after a `terraform destroy`. | bool | `"true"` | no | @@ -91,6 +92,7 @@ | runner\_as\_group\_name | Name of the autoscaling group for the gitlab-runner instance | | runner\_cache\_bucket\_arn | ARN of the S3 for the build cache. | | runner\_cache\_bucket\_name | Name of the S3 for the build cache. | +| runner\_eip | EIP of the Gitlab Runner | | runner\_role\_arn | ARN of the role used for the docker machine runners. | | runner\_role\_name | Name of the role used for the docker machine runners. | | runner\_sg\_id | ID of the security group attached to the docker machine runners. | diff --git a/examples/runner-default/main.tf b/examples/runner-default/main.tf index 4c5941bed..af9dc98ed 100644 --- a/examples/runner-default/main.tf +++ b/examples/runner-default/main.tf @@ -35,6 +35,7 @@ module "runner" { runners_name = var.runner_name runners_gitlab_url = var.gitlab_url enable_runner_ssm_access = true + enable_eip = true docker_machine_spot_price_bid = "0.06" diff --git a/examples/runner-docker/.terraform-version b/examples/runner-docker/.terraform-version index 13d57bb72..d1b3a7ea1 100644 --- a/examples/runner-docker/.terraform-version +++ b/examples/runner-docker/.terraform-version @@ -1 +1 @@ -0.12.13 \ No newline at end of file +0.12.18 diff --git a/examples/runner-docker/main.tf b/examples/runner-docker/main.tf index dc98df1f4..7bc448f67 100644 --- a/examples/runner-docker/main.tf +++ b/examples/runner-docker/main.tf @@ -9,9 +9,10 @@ module "vpc" { name = "vpc-${var.environment}" cidr = "10.1.0.0/16" - azs = [data.aws_availability_zones.available.names[0]] - public_subnets = ["10.1.101.0/24"] - enable_s3_endpoint = true + azs = [data.aws_availability_zones.available.names[0]] + public_subnets = ["10.1.101.0/24"] + enable_s3_endpoint = true + map_public_ip_on_launch = false tags = { Environment = var.environment @@ -24,9 +25,8 @@ module "runner" { aws_region = var.aws_region environment = var.environment - ssh_public_key = local_file.public_ssh_key.content - runners_use_private_address = false + enable_eip = true vpc_id = module.vpc.vpc_id subnet_ids_gitlab_runner = module.vpc.public_subnets diff --git a/main.tf b/main.tf index c86b7ab74..9f2fdc5d1 100644 --- a/main.tf +++ b/main.tf @@ -116,12 +116,21 @@ data "template_file" "user_data" { template = file("${path.module}/template/user-data.tpl") vars = { + eip = var.enable_eip ? data.template_file.eip.rendered : "" logging = var.enable_cloudwatch_logging ? data.template_file.logging.rendered : "" gitlab_runner = data.template_file.gitlab_runner.rendered user_data_trace_log = var.enable_runner_user_data_trace_log } } +data "template_file" "eip" { + template = file("${path.module}/template/eip.tpl") + + vars = { + eip = join(",", aws_eip.gitlab_runner.*.public_ip) + } +} + data "template_file" "logging" { template = file("${path.module}/template/logging.tpl") @@ -486,6 +495,10 @@ resource "aws_iam_role_policy_attachment" "service_linked_role" { policy_arn = aws_iam_policy.service_linked_role[0].arn } +resource "aws_eip" "gitlab_runner" { + count = var.enable_eip ? 1 : 0 +} + ################################################################################ ### AWS Systems Manager access to store runner token once registered ################################################################################ @@ -513,3 +526,27 @@ resource "aws_iam_role_policy_attachment" "ssm" { role = aws_iam_role.instance.name policy_arn = aws_iam_policy.ssm[0].arn } + +################################################################################ +### AWS assign EIP +################################################################################ +data "template_file" "eip_policy" { + template = file("${path.module}/policies/instance-eip.json") +} + +resource "aws_iam_policy" "eip" { + count = var.enable_eip ? 1 : 0 + + name = "${var.environment}-eip" + path = "/" + description = "Policy for runner to assign EIP" + + policy = data.template_file.eip_policy.rendered +} + +resource "aws_iam_role_policy_attachment" "eip" { + count = var.enable_eip ? 1 : 0 + + role = aws_iam_role.instance.name + policy_arn = aws_iam_policy.eip[0].arn +} diff --git a/outputs.tf b/outputs.tf index f994c9eee..17f3b23d0 100644 --- a/outputs.tf +++ b/outputs.tf @@ -42,3 +42,8 @@ output "runner_sg_id" { description = "ID of the security group attached to the docker machine runners." value = aws_security_group.docker_machine.id } + +output "runner_eip" { + description = "EIP of the Gitlab Runner" + value = element(concat(aws_eip.gitlab_runner.*.public_ip, [""]), 0) +} diff --git a/policies/instance-eip.json b/policies/instance-eip.json new file mode 100644 index 000000000..062bda806 --- /dev/null +++ b/policies/instance-eip.json @@ -0,0 +1,13 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:AssociateAddress", + "ec2:Describe*" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/template/eip.tpl b/template/eip.tpl new file mode 100644 index 000000000..2da942cb6 --- /dev/null +++ b/template/eip.tpl @@ -0,0 +1,4 @@ +echo 'installing additional software for assigning EIP' +pip install aws-ec2-assign-elastic-ip +export AWS_DEFAULT_REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep region | awk -F\" '{print $4}') +/usr/local/bin/aws-ec2-assign-elastic-ip --valid-ips ${eip} \ No newline at end of file diff --git a/template/user-data.tpl b/template/user-data.tpl index 01f179742..46ded9d13 100644 --- a/template/user-data.tpl +++ b/template/user-data.tpl @@ -1,20 +1,20 @@ #!/bin/bash -e -exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 +exec > >(tee /var/log/user-data.log | logger -t user-data -s 2>/dev/console) 2>&1 -if [[ `echo ${user_data_trace_log}` == false ]] -then +if [[ $(echo ${user_data_trace_log}) == false ]]; then set -x fi # Add current hostname to hosts file tee /etc/hosts < Date: Thu, 12 Dec 2019 22:51:59 +0100 Subject: [PATCH 05/13] Update version (#167) * Port EIP assignment from terraform 0.11 branch #165 * Port EIP assignment from terraform 0.11 branch #165 * Update versions --- examples/runner-default/.terraform-version | 2 +- examples/runner-default/main.tf | 4 ++-- examples/runner-default/providers.tf | 3 +-- examples/runner-docker/main.tf | 2 +- examples/runner-docker/providers.tf | 3 +-- examples/runner-pre-registered/.terraform-version | 2 +- examples/runner-pre-registered/main.tf | 2 +- examples/runner-pre-registered/providers.tf | 3 +-- examples/runner-public/.terraform-version | 2 +- examples/runner-public/main.tf | 2 +- examples/runner-public/providers.tf | 3 +-- 11 files changed, 12 insertions(+), 16 deletions(-) diff --git a/examples/runner-default/.terraform-version b/examples/runner-default/.terraform-version index 32ffda3c9..d1b3a7ea1 100644 --- a/examples/runner-default/.terraform-version +++ b/examples/runner-default/.terraform-version @@ -1 +1 @@ -0.12.13 +0.12.18 diff --git a/examples/runner-default/main.tf b/examples/runner-default/main.tf index af9dc98ed..8cc73dcef 100644 --- a/examples/runner-default/main.tf +++ b/examples/runner-default/main.tf @@ -4,7 +4,7 @@ data "aws_availability_zones" "available" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "2.17" + version = "2.21" name = "vpc-${var.environment}" cidr = "10.0.0.0/16" @@ -77,7 +77,7 @@ resource "null_resource" "cancel_spot_requests" { # Cancel active and open spot requests, terminate instances provisioner "local-exec" { - when = "destroy" + when = destroy command = "../../ci/bin/cancel-spot-instances.sh ${var.environment}" } } diff --git a/examples/runner-default/providers.tf b/examples/runner-default/providers.tf index c9a901037..cf2b1209f 100644 --- a/examples/runner-default/providers.tf +++ b/examples/runner-default/providers.tf @@ -1,6 +1,6 @@ provider "aws" { region = var.aws_region - version = "2.34" + version = "2.41" } provider "template" { @@ -18,4 +18,3 @@ provider "null" { provider "tls" { version = "2.1.1" } - diff --git a/examples/runner-docker/main.tf b/examples/runner-docker/main.tf index 7bc448f67..b3724efcb 100644 --- a/examples/runner-docker/main.tf +++ b/examples/runner-docker/main.tf @@ -4,7 +4,7 @@ data "aws_availability_zones" "available" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "2.17" + version = "2.21" name = "vpc-${var.environment}" cidr = "10.1.0.0/16" diff --git a/examples/runner-docker/providers.tf b/examples/runner-docker/providers.tf index c9a901037..cf2b1209f 100644 --- a/examples/runner-docker/providers.tf +++ b/examples/runner-docker/providers.tf @@ -1,6 +1,6 @@ provider "aws" { region = var.aws_region - version = "2.34" + version = "2.41" } provider "template" { @@ -18,4 +18,3 @@ provider "null" { provider "tls" { version = "2.1.1" } - diff --git a/examples/runner-pre-registered/.terraform-version b/examples/runner-pre-registered/.terraform-version index 13d57bb72..d1b3a7ea1 100644 --- a/examples/runner-pre-registered/.terraform-version +++ b/examples/runner-pre-registered/.terraform-version @@ -1 +1 @@ -0.12.13 \ No newline at end of file +0.12.18 diff --git a/examples/runner-pre-registered/main.tf b/examples/runner-pre-registered/main.tf index 2f9d9d9b0..7490b82b1 100644 --- a/examples/runner-pre-registered/main.tf +++ b/examples/runner-pre-registered/main.tf @@ -4,7 +4,7 @@ data "aws_availability_zones" "available" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "2.17" + version = "2.21" name = "vpc-${var.environment}" cidr = "10.0.0.0/16" diff --git a/examples/runner-pre-registered/providers.tf b/examples/runner-pre-registered/providers.tf index c9a901037..cf2b1209f 100644 --- a/examples/runner-pre-registered/providers.tf +++ b/examples/runner-pre-registered/providers.tf @@ -1,6 +1,6 @@ provider "aws" { region = var.aws_region - version = "2.34" + version = "2.41" } provider "template" { @@ -18,4 +18,3 @@ provider "null" { provider "tls" { version = "2.1.1" } - diff --git a/examples/runner-public/.terraform-version b/examples/runner-public/.terraform-version index 13d57bb72..d1b3a7ea1 100644 --- a/examples/runner-public/.terraform-version +++ b/examples/runner-public/.terraform-version @@ -1 +1 @@ -0.12.13 \ No newline at end of file +0.12.18 diff --git a/examples/runner-public/main.tf b/examples/runner-public/main.tf index d3c5dda31..aa38b6fb0 100644 --- a/examples/runner-public/main.tf +++ b/examples/runner-public/main.tf @@ -4,7 +4,7 @@ data "aws_availability_zones" "available" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "2.17" + version = "2.21" name = "vpc-${var.environment}" cidr = "10.1.0.0/16" diff --git a/examples/runner-public/providers.tf b/examples/runner-public/providers.tf index c9a901037..cf2b1209f 100644 --- a/examples/runner-public/providers.tf +++ b/examples/runner-public/providers.tf @@ -1,6 +1,6 @@ provider "aws" { region = var.aws_region - version = "2.34" + version = "2.41" } provider "template" { @@ -18,4 +18,3 @@ provider "null" { provider "tls" { version = "2.1.1" } - From f466d301ddf8c6dc4a1ee17ccdad52c98d96988f Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Thu, 12 Dec 2019 22:55:11 +0100 Subject: [PATCH 06/13] Encrypt runner root device (#168) * Encryupt root device of the runner * Encryupt root device of the runner --- main.tf | 1 + variables.tf | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 9f2fdc5d1..083a8e8b3 100644 --- a/main.tf +++ b/main.tf @@ -333,6 +333,7 @@ resource "aws_launch_configuration" "gitlab_runner_instance" { delete_on_termination = lookup(root_block_device.value, "delete_on_termination", true) volume_type = lookup(root_block_device.value, "volume_type", "gp2") volume_size = lookup(root_block_device.value, "volume_size", 8) + encrypted = lookup(root_block_device.value, "encrypted", true) iops = lookup(root_block_device.value, "iops", null) } } diff --git a/variables.tf b/variables.tf index 52826fa6b..da76633bf 100644 --- a/variables.tf +++ b/variables.tf @@ -450,7 +450,7 @@ variable "schedule_config" { } variable "runner_root_block_device" { - description = "The EC2 instance root block device configuration. Takes the following keys: `delete_on_termination`, `volume_type`, `volume_size`, `iops`" + description = "The EC2 instance root block device configuration. Takes the following keys: `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops`" type = map(string) default = {} } From 9ee3b9344ec8531695abda7dfca6f74631927bed Mon Sep 17 00:00:00 2001 From: "Riccardo M. Cefala" Date: Sat, 21 Dec 2019 16:04:09 +0100 Subject: [PATCH 07/13] change default for gitlab_url to https://gitlab.com (#170) default value should be without `www` as specified here: https://gitlab.com/gitlab-org/gitlab-runner/issues/4083 --- examples/runner-docker/README.md | 2 +- examples/runner-docker/_docs/TF_MODULE.md | 2 +- examples/runner-docker/variables.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/runner-docker/README.md b/examples/runner-docker/README.md index 51949f7f0..4b71fd908 100644 --- a/examples/runner-docker/README.md +++ b/examples/runner-docker/README.md @@ -27,7 +27,7 @@ The terraform version is managed using [tfenv](https://github.com/Zordrak/tfenv) |------|-------------|:----:|:-----:|:-----:| | aws\_region | AWS region. | string | `"eu-west-1"` | no | | environment | A name that identifies the environment, will used as prefix and for tagging. | string | `"runners-docker"` | no | -| gitlab\_url | URL of the gitlab instance to connect to. | string | `"https://www.gitlab.com"` | no | +| gitlab\_url | URL of the gitlab instance to connect to. | string | `"https://gitlab.com"` | no | | private\_ssh\_key\_filename | | string | `"generated/id_rsa"` | no | | public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | | registration\_token | | string | n/a | yes | diff --git a/examples/runner-docker/_docs/TF_MODULE.md b/examples/runner-docker/_docs/TF_MODULE.md index 00ae47cd1..62de8479b 100644 --- a/examples/runner-docker/_docs/TF_MODULE.md +++ b/examples/runner-docker/_docs/TF_MODULE.md @@ -4,7 +4,7 @@ |------|-------------|:----:|:-----:|:-----:| | aws\_region | AWS region. | string | `"eu-west-1"` | no | | environment | A name that identifies the environment, will used as prefix and for tagging. | string | `"runners-docker"` | no | -| gitlab\_url | URL of the gitlab instance to connect to. | string | `"https://www.gitlab.com"` | no | +| gitlab\_url | URL of the gitlab instance to connect to. | string | `"https://gitlab.com"` | no | | private\_ssh\_key\_filename | | string | `"generated/id_rsa"` | no | | public\_ssh\_key\_filename | | string | `"generated/id_rsa.pub"` | no | | registration\_token | | string | n/a | yes | diff --git a/examples/runner-docker/variables.tf b/examples/runner-docker/variables.tf index b4ce1bea8..24afa8076 100644 --- a/examples/runner-docker/variables.tf +++ b/examples/runner-docker/variables.tf @@ -27,7 +27,7 @@ variable "runner_name" { variable "gitlab_url" { description = "URL of the gitlab instance to connect to." type = string - default = "https://www.gitlab.com" + default = "https://gitlab.com" } variable "registration_token" { From 06e1ed8abbb893ee463769dba63032f0202ec852 Mon Sep 17 00:00:00 2001 From: Giacomo Grangia Date: Sat, 21 Dec 2019 16:04:55 +0100 Subject: [PATCH 08/13] Fixed missing double quotes (#171) Fixed missing double quotes in gitlab_runner_registration_config --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index defe24c5c..50bf75230 100644 --- a/README.md +++ b/README.md @@ -177,7 +177,7 @@ module "runner" { runners_gitlab_url = "https://gitlab.com" gitlab_runner_registration_config = { - registration_token = "my-token + registration_token = "my-token" tag_list = "docker" description = "runner default" locked_to_project = "true" From 0a40b783b66605370bd64c38a1cfcb7448009902 Mon Sep 17 00:00:00 2001 From: Thomas Date: Sun, 22 Dec 2019 04:05:28 +1300 Subject: [PATCH 09/13] Fixed typos cache bucket (#172) * Fixed typos for variable cache_bucket * Fixed typos for variable cache_bucket --- README.md | 2 +- _docs/TF_MODULE.md | 2 +- variables.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 50bf75230..f03570635 100644 --- a/README.md +++ b/README.md @@ -231,7 +231,7 @@ terraform destroy | ami\_owners | The list of owners used to select the AMI of Gitlab runner agent instances. | list(string) | `` | no | | aws\_region | AWS region. | string | n/a | yes | | aws\_zone | AWS availability zone (typically 'a', 'b', or 'c'). | string | `"a"` | no | -| cache\_bucket | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared cache. To use the same cache cross multiple runners disable the cration of the cache and provice a policy and bucket name. See the public runner example for more details. | map | `` | no | +| cache\_bucket | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared cache. To use the same cache across multiple runners disable the creation of the cache and provide a policy and bucket name. See the public runner example for more details. | map | `` | no | | cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | bool | `"true"` | no | | cache\_bucket\_prefix | Prefix for s3 cache bucket name. | string | `""` | no | | cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | bool | `"false"` | no | diff --git a/_docs/TF_MODULE.md b/_docs/TF_MODULE.md index 312b049c9..58b214c2e 100644 --- a/_docs/TF_MODULE.md +++ b/_docs/TF_MODULE.md @@ -7,7 +7,7 @@ | ami\_owners | The list of owners used to select the AMI of Gitlab runner agent instances. | list(string) | `` | no | | aws\_region | AWS region. | string | n/a | yes | | aws\_zone | AWS availability zone (typically 'a', 'b', or 'c'). | string | `"a"` | no | -| cache\_bucket | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared cache. To use the same cache cross multiple runners disable the cration of the cache and provice a policy and bucket name. See the public runner example for more details. | map | `` | no | +| cache\_bucket | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared cache. To use the same cache across multiple runners disable the creation of the cache and provide a policy and bucket name. See the public runner example for more details. | map | `` | no | | cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | bool | `"true"` | no | | cache\_bucket\_prefix | Prefix for s3 cache bucket name. | string | `""` | no | | cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | bool | `"false"` | no | diff --git a/variables.tf b/variables.tf index da76633bf..f0afab86d 100644 --- a/variables.tf +++ b/variables.tf @@ -416,7 +416,7 @@ variable "overrides" { } variable "cache_bucket" { - description = "Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared cache. To use the same cache cross multiple runners disable the cration of the cache and provice a policy and bucket name. See the public runner example for more details." + description = "Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared cache. To use the same cache across multiple runners disable the creation of the cache and provide a policy and bucket name. See the public runner example for more details." type = map default = { From 64eaa1d376eee885fcf2ea92f85210b7ced3ce0e Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Mon, 23 Dec 2019 21:50:38 +0100 Subject: [PATCH 10/13] Fix: External references from destroy provisioners are deprecated --- examples/runner-default/main.tf | 7 ++++--- examples/runner-public/main.tf | 7 +++++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/examples/runner-default/main.tf b/examples/runner-default/main.tf index 8cc73dcef..f1f4eac81 100644 --- a/examples/runner-default/main.tf +++ b/examples/runner-default/main.tf @@ -71,13 +71,14 @@ module "runner" { runners_off_peak_periods = "[\"* * 0-9,17-23 * * mon-fri *\", \"* * * * * sat,sun *\"]" } - - resource "null_resource" "cancel_spot_requests" { # Cancel active and open spot requests, terminate instances + triggers = { + environment = var.environment + } provisioner "local-exec" { when = destroy - command = "../../ci/bin/cancel-spot-instances.sh ${var.environment}" + command = "../../ci/bin/cancel-spot-instances.sh ${self.triggers.environment}" } } diff --git a/examples/runner-public/main.tf b/examples/runner-public/main.tf index aa38b6fb0..3f3cfa559 100644 --- a/examples/runner-public/main.tf +++ b/examples/runner-public/main.tf @@ -109,9 +109,12 @@ module "runner2" { resource "null_resource" "cancel_spot_requests" { # Cancel active and open spot requests, terminate instances + triggers = { + environment = var.environment + } provisioner "local-exec" { - when = "destroy" - command = "../../ci/bin/cancel-spot-instances.sh ${var.environment}" + when = destroy + command = "../../ci/bin/cancel-spot-instances.sh ${self.triggers.environment}" } } From 0162b759df523e270a64c1fc1b1ee2ce2629aa1f Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Mon, 23 Dec 2019 22:33:24 +0100 Subject: [PATCH 11/13] Update default version of the runner to 12.6.0 --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index f0afab86d..8da4c3895 100644 --- a/variables.tf +++ b/variables.tf @@ -288,7 +288,7 @@ variable "cache_shared" { variable "gitlab_runner_version" { description = "Version of the GitLab runner." type = string - default = "12.5.0" + default = "12.6.0" } variable "enable_gitlab_runner_ssh_access" { From 0d2edd8d125c25c71f169de854e2cdbf77190a7f Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Tue, 24 Dec 2019 00:27:45 +0100 Subject: [PATCH 12/13] Update changelog --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 497597a39..eb469c600 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## Unreleased +- Change: default version of the runner to 12.6.0 +- Fix: External references from destroy provisioners are deprecated (examples) +- Fix: typos cache bucket (#172) @@thorec +- Fix: missing double quotes (#171) ggrangia +- Change: default for gitlab_url to https://gitlab.com (#170) @riccardomc +- Change: Encrypt runner root device by default (#168) … +- Added: allow eip for runner (#166) ## 4.9.0 - 2019-11-14 - Make use of on-demand instances in docker-machine #158 @skorfmann From b6c6817b630d407060101ffdad523b36bda21449 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Tue, 24 Dec 2019 11:51:03 +0100 Subject: [PATCH 13/13] Update docs --- README.md | 6 +++--- _docs/TF_MODULE.md | 4 ++-- examples/runner-pre-registered/main.tf | 1 - 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index f03570635..7542ac613 100644 --- a/README.md +++ b/README.md @@ -177,7 +177,7 @@ module "runner" { runners_gitlab_url = "https://gitlab.com" gitlab_runner_registration_config = { - registration_token = "my-token" + registration_token = "my-token tag_list = "docker" description = "runner default" locked_to_project = "true" @@ -254,7 +254,7 @@ terraform destroy | environment | A name that identifies the environment, used as prefix and for tagging. | string | n/a | yes | | gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | map(string) | `` | no | | gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the gitlab runner instance. | list(string) | `` | no | -| gitlab\_runner\_version | Version of the GitLab runner. | string | `"12.5.0"` | no | +| gitlab\_runner\_version | Version of the GitLab runner. | string | `"12.6.0"` | no | | instance\_role\_json | Default runner instance override policy, expected to be in JSON format. | string | `""` | no | | instance\_type | Instance type used for the GitLab runner. | string | `"t3.micro"` | no | | kms\_deletion\_window\_in\_days | Key rotation window, set to 0 for no rotation. Only used when `enable_kms` is set to `true`. | number | `"7"` | no | @@ -263,7 +263,7 @@ terraform destroy | runner\_ami\_filter | List of maps used to create the AMI filter for the Gitlab runner docker-machine AMI. | map(list(string)) | `` | no | | runner\_ami\_owners | The list of owners used to select the AMI of Gitlab runner docker-machine instances. | list(string) | `` | no | | runner\_instance\_spot\_price | By setting a spot price bid price the runner agent will be created via a spot request. Be aware that spot instances can be stopped by AWS. | string | `""` | no | -| runner\_root\_block\_device | The EC2 instance root block device configuration. Takes the following keys: `delete_on_termination`, `volume_type`, `volume_size`, `iops` | map(string) | `` | no | +| runner\_root\_block\_device | The EC2 instance root block device configuration. Takes the following keys: `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops` | map(string) | `` | no | | runners\_additional\_volumes | Additional volumes that will be used in the runner config.toml, e.g Docker socket | list | `` | no | | runners\_concurrent | Concurrent value for the runners, will be used in the runner config.toml. | number | `"10"` | no | | runners\_environment\_vars | Environment variables during build execution, e.g. KEY=Value, see runner-public example. Will be used in the runner config.toml | list(string) | `` | no | diff --git a/_docs/TF_MODULE.md b/_docs/TF_MODULE.md index 58b214c2e..577d76cc4 100644 --- a/_docs/TF_MODULE.md +++ b/_docs/TF_MODULE.md @@ -30,7 +30,7 @@ | environment | A name that identifies the environment, used as prefix and for tagging. | string | n/a | yes | | gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | map(string) | `` | no | | gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the gitlab runner instance. | list(string) | `` | no | -| gitlab\_runner\_version | Version of the GitLab runner. | string | `"12.5.0"` | no | +| gitlab\_runner\_version | Version of the GitLab runner. | string | `"12.6.0"` | no | | instance\_role\_json | Default runner instance override policy, expected to be in JSON format. | string | `""` | no | | instance\_type | Instance type used for the GitLab runner. | string | `"t3.micro"` | no | | kms\_deletion\_window\_in\_days | Key rotation window, set to 0 for no rotation. Only used when `enable_kms` is set to `true`. | number | `"7"` | no | @@ -39,7 +39,7 @@ | runner\_ami\_filter | List of maps used to create the AMI filter for the Gitlab runner docker-machine AMI. | map(list(string)) | `` | no | | runner\_ami\_owners | The list of owners used to select the AMI of Gitlab runner docker-machine instances. | list(string) | `` | no | | runner\_instance\_spot\_price | By setting a spot price bid price the runner agent will be created via a spot request. Be aware that spot instances can be stopped by AWS. | string | `""` | no | -| runner\_root\_block\_device | The EC2 instance root block device configuration. Takes the following keys: `delete_on_termination`, `volume_type`, `volume_size`, `iops` | map(string) | `` | no | +| runner\_root\_block\_device | The EC2 instance root block device configuration. Takes the following keys: `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops` | map(string) | `` | no | | runners\_additional\_volumes | Additional volumes that will be used in the runner config.toml, e.g Docker socket | list | `` | no | | runners\_concurrent | Concurrent value for the runners, will be used in the runner config.toml. | number | `"10"` | no | | runners\_environment\_vars | Environment variables during build execution, e.g. KEY=Value, see runner-public example. Will be used in the runner config.toml | list(string) | `` | no | diff --git a/examples/runner-pre-registered/main.tf b/examples/runner-pre-registered/main.tf index 7490b82b1..b5d5f25d5 100644 --- a/examples/runner-pre-registered/main.tf +++ b/examples/runner-pre-registered/main.tf @@ -46,4 +46,3 @@ module "runner" { # working 9 to 5 :) runners_off_peak_periods = "[\"* * 0-9,17-23 * * mon-fri *\", \"* * * * * sat,sun *\"]" } -