Merge branch 'drybjed-role-enhancements'

Author: drybjed

CHANGES.rst

@@ -14,7 +14,24 @@ The current role maintainer_ is drybjed.
 `debops.gitlab_runner master`_ - unreleased
 -------------------------------------------
 
-.. _debops.gitlab_runner master: https://github.com/debops/ansible-gitlab_runner/compare/v0.2.0...master
+.. _debops.gitlab_runner master: https://github.com/debops/ansible-gitlab_runner/compare/v0.3.0...master
+
+
+`debops.gitlab_runner v0.3.0`_ - 2017-10-13
+-------------------------------------------
+
+.. _debops.gitlab_runner v0.3.0: https://github.com/debops/ansible-gitlab_runner/compare/v0.2.0...v0.3.0
+
+Added
+~~~~~
+
+- Add support for `Vagrant LXC <https://github.com/fgrehm/vagrant-lxc>`_
+  provider when LXC is configured on a compatible host. [drybjed_]
+
+Changed
+~~~~~~~
+
+- Switch from GitLab API v1 to GitLab API v4 for Runner management. [drybjed_]
 
 
 `debops.gitlab_runner v0.2.0`_ - 2017-08-16

defaults/main.yml

@@ -34,7 +34,9 @@ gitlab_runner__apt_repo: 'deb https://packages.gitlab.com/runner/gitlab-ci-multi
 # .. envvar:: gitlab_runner__base_packages [[[
 #
 # List of APT packages which will be installed by the role.
-gitlab_runner__base_packages: [ 'gitlab-ci-multi-runner' ]
+gitlab_runner__base_packages:
+  - 'gitlab-ci-multi-runner'
+  - '{{ "vagrant-lxc" if gitlab_runner__vagrant_lxc|bool else [] }}'
 
                                                                    # ]]]
 # .. envvar:: gitlab_runner__packages [[[
@@ -134,9 +136,18 @@ gitlab_runner__api_fqdn: 'code.{{ gitlab_runner__domain }}'
                                                                    # ]]]
 # .. envvar:: gitlab_runner__api_url [[[
 #
-# The HTTP API endpoint of the GitLab CI server to use for Runner registration.
+# The HTTP API endpoint of the GitLab CI server.
 # The role will check if the API server is available before trying to use it.
-gitlab_runner__api_url: 'https://{{ gitlab_runner__api_fqdn }}/ci'
+gitlab_runner__api_url: 'https://{{ gitlab_runner__api_fqdn }}/'
+
+                                                                   # ]]]
+# .. envvar:: gitlab_runner__api_token [[[
+#
+# The personal GitLab API access token used for API operations, for example
+# removal of existing Runners. This is not a Runner registration token. You can
+# generate an access token in GitLab "User Settings", "Access Tokens"
+# configuration page.
+gitlab_runner__api_token: ''
 
                                                                    # ]]]
 # .. envvar:: gitlab_runner__executor [[[
@@ -295,6 +306,26 @@ gitlab_runner__group_custom_files: []
 gitlab_runner__host_custom_files: []
                                                                    # ]]]
                                                                    # ]]]
+# Shell executor configuration [[[
+# --------------------------------
+
+# These variables control what features are configured on the GitLab Runner
+# host to use by the shell executor.
+
+# .. envvar:: gitlab_runner__vagrant_lxc [[[
+#
+# Enable or disable support for Vagrant LXC plugin (configuration of this
+# support also implies installation of :command:`vagrant` on the GitLab Runner
+# host). Enabling Vagrant LXC will give limited :command:`sudo` access for the
+# GitLab Runner UNIX account to allow access to LXC commands.
+gitlab_runner__vagrant_lxc: '{{ True
+                                if (ansible_local|d() and ansible_local.lxc|d() and
+                                    (ansible_local.lxc.installed|d())|bool and
+                                    (ansible_distribution_release not in
+                                     [ "wheezy", "jessie", "precise", "trusty" ]))
+                                else False }}'
+                                                                   # ]]]
+                                                                   # ]]]
 # SSH key and host management [[[
 # -------------------------------
 

docs/getting-started.rst

@@ -45,6 +45,12 @@ executors - one unprivileged, and one privileged. The executors will have a set
 of tags that identify them, shell executors will have additional tags that
 describe the host's architecture, OS release, etc.
 
+If the ``debops.lxc`` role has been used to configure LXC support on a Debian
+Stretch or Ubuntu Xenial host, the ``debops.gitlab_runner`` will install the
+``vagrant-lxc`` package and configure :command:`sudo` support for it. Using
+a shell executor you cn start and stop Vagrant Boxes using LXC containers and
+execute commands inside them.
+
 The Runner instances can be configured with variables specified as the keys of
 the dictionary that holds the specific Runner configuration. If any required
 keys are not specified, the value of the global variable will be used instead.

tasks/main.yml

@@ -96,7 +96,7 @@
 
 - name: Register new GitLab Runners
   uri:
-    url: '{{ (item.api_url | d(gitlab_runner__api_url)) + "/api/v1/runners/register.json" }}'
+    url: '{{ (item.api_url | d(gitlab_runner__api_url)) + "api/v4/runners" }}'
     method: 'POST'
     body: 'token={{ item.token | d(gitlab_runner__token) }}&description={{ item.name | urlencode }}&tag_list={{ ((item.tags|d([]) + (gitlab_runner__shell_tags if (item.executor == "shell") else []) + gitlab_runner__combined_tags) | unique | join(",")) | urlencode }}&run_untagged={{ item.run_untagged | d(gitlab_runner__run_untagged) }}'
     status_code: '200,201'
@@ -125,16 +125,18 @@
 
 - name: Delete GitLab Runners if requested
   uri:
-    url: '{{ (item.0.api_url | d(gitlab_runner__api_url)) + "/api/v1/runners/delete" }}'
+    url: '{{ (item.0.api_url | d(gitlab_runner__api_url)) + "api/v4/runners/" + item.1.id | string }}'
     method: 'DELETE'
-    body: 'token={{ item.1.token }}'
+    headers:
+      'PRIVATE-TOKEN': '{{ gitlab_runner__api_token }}'
   with_together:
     - '{{ gitlab_runner__default_instances + gitlab_runner__instances + gitlab_runner__group_instances + gitlab_runner__host_instances }}'
     - '{{ ansible_local.gitlab_runner.instance_tokens if (ansible_local|d() and ansible_local.gitlab_runner|d() and ansible_local.gitlab_runner.instance_tokens|d()) else [] }}'
   when: (gitlab_runner__register_api.status|d() and gitlab_runner__register_api.status == 200 and
-         item.0.name|d() and item.1.name|d() and item.0.name == item.1.name and
+         gitlab_runner__api_token and item.0.name|d() and item.1.name|d() and item.0.name == item.1.name and
          (item.0.state|d() and item.0.state == 'absent'))
   failed_when: False
+  no_log: True
 
 - name: Get the SSH key from the remote host
   slurp:
@@ -186,6 +188,15 @@
   when: gitlab_runner__ssh_known_hosts and item is defined and item.rc > 0
   failed_when: False
 
+- name: Configure Vagrant LXC sudo access
+  template:
+    src: 'etc/sudoers.d/gitlab-runner-vagrant-lxc.j2'
+    dest: '/etc/sudoers.d/gitlab-runner-vagrant-lxc'
+    owner: 'root'
+    group: 'root'
+    mode: '0440'
+  when: gitlab_runner__vagrant_lxc|bool
+
 - name: Make sure that Ansible fact directory exists
   file:
     path: '/etc/ansible/facts.d'

templates/etc/gitlab-runner/ansible.json.j2

@@ -2,9 +2,9 @@
 {% set gitlab_runner__tpl_instance_tokens = [] %}
 {% if gitlab_runner__register_new_instances|d() and gitlab_runner__register_new_instances.results %}
 {%   for item in gitlab_runner__register_new_instances.results %}
-{%     if item.item.name|d() and item.json|d() and item.json.token|d() %}
+{%     if item.item.name|d() and item.json|d() and item.json.id|d() and item.json.token|d() %}
 {%       set _ = gitlab_runner__tpl_instances.append(item.item.name) %}
-{%       set _ = gitlab_runner__tpl_instance_tokens.append({ "name": item.item.name, "token": item.json.token }) %}
+{%       set _ = gitlab_runner__tpl_instance_tokens.append({ "id": item.json.id, "name": item.item.name, "token": item.json.token }) %}
 {%     endif %}
 {%   endfor %}
 {% endif %}
@@ -14,7 +14,7 @@
 {%       for element in (gitlab_runner__default_instances + gitlab_runner__instances + gitlab_runner__group_instances + gitlab_runner__host_instances) %}
 {%         if (item.name == element.name and (element.state is undefined or element.state != 'absent')) %}
 {%           set _ = gitlab_runner__tpl_instances.append(item.name) %}
-{%           set _ = gitlab_runner__tpl_instance_tokens.append({ "name": item.name, "token": item.token }) %}
+{%           set _ = gitlab_runner__tpl_instance_tokens.append({ "id": item.id, "name": item.name, "token": item.token }) %}
 {%         endif %}
 {%       endfor %}
 {%     endif %}

templates/etc/sudoers.d/gitlab-runner-vagrant-lxc.j2

@@ -0,0 +1,25 @@
+# {{ ansible_managed }}
+
+# lxc
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env lxc-ls
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env lxc-info *
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env lxc-config *
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env lxc-attach *
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env which lxc-*
+
+# vagrant-lxc (startup)
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env cat /var/lib/lxc/*/config
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env lxc-start -d --name *
+
+# vagrant-lxc (create)
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env lxc-create --version
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env lxc-create -B * --template * --name * -- --tarball {{ gitlab_runner__home }}/.vagrant.d/boxes/* --config {{ gitlab_runner__home }}/.vagrant.d/boxes/*
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env tar --numeric-owner -cvzf /tmp/*/rootfs.tar.gz -C /var/lib/lxc/* ./rootfs
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env cp -f /tmp/lxc-config* /var/lib/lxc/*/config
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env chown root\:root /var/lib/lxc/*/config
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env chown *\:* /tmp/*/rootfs.tar.gz
+
+# vagrant-lxc (shutdown & destroy)
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env lxc-shutdown --name *
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env lxc-stop --name *
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env lxc-destroy --name *

templates/lookup/gitlab_runner__shell_tags.j2

@@ -9,6 +9,13 @@
        (ansible_local.docker.installed|d()) | bool) %}
 {%   set _ = output.append('docker-host') %}
 {% endif %}
+{% if (ansible_local|d() and ansible_local.lxc|d() and
+       (ansible_local.lxc.installed|d()) | bool) %}
+{%   set _ = output.append('lxc-host') %}
+{% endif %}
+{% if gitlab_runner__vagrant_lxc|bool %}
+{%   set _ = output.append('vagrant-lxc') %}
+{% endif %}
 {% set _ = output.append((ansible_local.core.distribution
                           if (ansible_local|d() and ansible_local.core|d() and
                               ansible_local.core.distribution|d())