Skip to content

Commit

Permalink
support terraform 0.12 (Fix #73) (#84)
Browse files Browse the repository at this point in the history 
* #73 - Conversion to terraform 0.12, example public converted to 0.12

* #73 - Conversion example runner-default to Terraform 0.12

* #73 - Conversion of examples  to Terraform 0.12

* #73 - Conversion enable CI checks

* #73 - Set correct version of terraform for travis build.

* #73 - Clean up sample runner-public

* Fix missing type

* Add rquired tf version constraint

* #73Sync for PR #89

* #73 - work around for docs generation based on cloudposse buildharnass

* #73 Sync for PR #89

* #73 - Sync PR #86

* #73 - Sync PR #88

* #73 - Sync PR #88 - update docs

* #73 - Sync PR #90

* #73 - update to terraform 0.12.3 and upgrade aws tf provider in examples

* #73 - sync PR #93

* #73 - sync PR #94

* Mount docker socket (#95)

* Adding optional Docker socket mount

* Adding new variables to README, fixing PR template

* Sorting variables in doc

* Adding jq check&install

* Fixing Docker socket mount

* Updating runner-public example to mount Docker socket instead of running in privileged mode

* Fix broken public example

* Use runners_iam_instance_profile_name (#97)

* Add ssh_key_pair override (#98)

* Sync issue #91 / PR #96

* Sync issue #91 / PR #96

* Sync issue #91 / PR #96

* Update names for docker machine security-rules #102

* Change order of validate and check modules in CI

* Add variable docker_machine_ssh_cidr_blocks allowing ssh ingress restriction #101

* Add variable docker_machine_role_json allowing role policy customization #100

* Update docs

* Fix overwriting key pair

* Fix overwriting key pair

* Added IAM outputs, additional volumes mounts into runner, fix ssh var name (#99)

* Mount docker socket (#1)

* Adding optional Docker socket mount

* Adding new variables to README, fixing PR template

* Sorting variables in doc

* Adding jq check&install

* Fixing Docker socket mount

* Use runners_iam_instance_profile_name (#2)

* Added credentials ecr helper

* Adding more useful outputs (#5)

* Feature/terraform 0.12 mounts (#4)

* Additional volumes support

* Fixing output

* Fixed outputs typos and added an example

* Fixed outputs typos and added an example

* move locals to separate file to fix formatting

* format

* Use indented heredoc

* Feature/terraform 0.12 sync develop (#103)

Sync develop branch to tf 0.12 branch

* Fix misleading variable description (#86)

* changed the description for the variable `enable_manage_gitlab_token`, since the second part of the description was misleading

* rewritten the description of the variable `enable_manage_gitlab_token` based on feedback from PR

* update changelog

* ci script update (#90)

* ci/bin/autodocs.sh: exit if dependencies are not installed
(pandoc or terraform-docs)

* ci/bin/verify-examples: make check for examples working
and not print some obscure error messages

* Adding docker pull policy Parameter (#89)

* adding pull policy parameter

* update documentation from master

* runautodocs

* regenerate README

* adding paramter to allow specify docker-machine ami

this allows us to also use the latest ubuntu 18.04
for the docker-machine instances

* adding paramter to allow specify docker-machine ami (#88)

this allows us to also use the latest ubuntu 18.04
for the docker-machine instances

* Update docs

* Release 3.6.0

* fix: availability zone in AWS region (#93)

* fix: availability zone in AWS region

* fix: use data source to determine az

* fix: use a variable to determine timezone (#94)

* fix: use a variable to determine timezone

* fix: update documentation

* Fix broken public example

* Move cache to moudle (#96)

FIx #91

* Release 3.7.0

* Add variable docker_machine_role_json allowing role policy customization (#100)

* Add variable docker_machine_role_json allowing role policy customization

* Update docs

* Add variable docker_machine_ssh_cidr_blocks allowing ssh ingress restriction (#101)

* Update names for docker machine security-rules (#102)

* Fix merge mistake

* Fix merge mistake

* Add types to variables

* Update docs

* Update default runner version to 12.1.0

* Update default runner version to 12.1.0

* Fix formatting

* Update docs

* Update links
  • Loading branch information
@npalm
npalm authored Jul 29, 2019
1 parent c128781 commit 0a5a15b
Show file tree
Hide file tree
Showing 58 changed files with 826 additions and 631 deletions.
6 changes: 3 additions & 3 deletions .github/pull_request_template.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
A few sentences describing the overall goals of the pull request's commits.

## Migrations required
YES | NO - If yes please describe the mirgration.
YES | NO - If yes please describe the migration.

## Verification
Please mentioned the examples you have verified.
Please mention the examples you have verified.

## Documentation
Please ensure you update the README in `_docs/README.md`. The README.md in the root can be update by running the script `ci/bin/autodocs.sh`
Please ensure you update the README in `_docs/README.md`. The README.md in the root can be updated by running the script `ci/bin/autodocs.sh`
18 changes: 18 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,24 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
- Bugfix #72: Detect and retry when docker machine installation fails @eliasdorneles
- Changed: Default version of GitLab runner set to 11.11.2

## 3.7.0 - 2019-07-17
- Changed
- Creation of multiple instances of the runner is now supported. Cache is therefor moved to an internal module. Pleas see the example `runner-public` for a concrete sample. The change should have no effect if you apply the state migration script `migragations/migration-state-3.7.x.sh`.
- Examples are more generic by removing the time zone and AZ zone to variables. @@theBenForce

## 3.6.0 - 2019-07-04
- Changed
- Add option to specify pull policy for docker images by the runner. @roock
- Docker machine AMI image will be by default latest ubuntu 16.06, can be overwritten via variables @roock
- Improved CI docs generation script @roock

## 3.5.0 - 2019-06-19
- Changed
- Documentation #85: Misleading Variable-Description @solutionDrive-Alt
- Bugfix #70: docker-machine fails starting runners when `amazonec2-request-spot-instance=false` @philippefuentes
- Bugfix #72: Detect and retry when docker machine installation fails @eliasdorneles
- Changed: Default version of GitLab runner set to 11.11.2

## [3.4.0] - 2019-06-06
- Changed:
- Update default runner type, GitLab runner version, and versions in examples.
Expand Down
124 changes: 29 additions & 95 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,26 @@

# Terraform module for GitLab auto scaling runners on AWS spot instances

> *WIP*: Work in progress, conversion to Terraform 0.12 \#73. Feel free to checkout branch [Terraform 0.12](https://github.com/npalm/terraform-aws-gitlab-runner/tree/feature/terraform-0.12).
> *NEW*: Terraform 0.12 is supported.
> *NEW*: Multiple instnaces of the runner can be created that share the same cache. See [example](https://github.com/npalm/terraform-aws-gitlab-runner/tree/develop/examples/runner-public) *MIGRATIONS*: Since 3.7 the runner cache is handled by sub module. To avoid re-creation of the bucket while upgrading a state migration is need. Please see the migration script `./migrations/migration-state-3.7.x.sh`
## Terraform versions

### Terraform 0.12

Module is available as Terraform 0.12 module, pin to version 4.x. Please submit pull-requests to the `develop` branch.

Migration from 0.11 to 0.12 is tested for the `runner-default` example. To migrate the runner, execute the following steps.

- Update to Terraform 0.12
- Migrate your Terraform code via Terraform `terraform 0.12upgrade`.
- Update the module from 3.10.0 to 4.0.0, next run `terraform init`
- Run `terraform apply`. This should trigger only a re-creation of the the auto launch configuration and a minor change in the auto-scaling group.

### Terraform 0.11

Module is available as Terraform 0.11 module, pin module to version 3.x. Please submit pull-requests to the `terraform011` branch.

## The module

This [Terraform](https://www.terraform.io/) modules creates a [GitLab CI runner](https://docs.gitlab.com/runner/). A blog post describes the original version of the the runner. See the post at [040code](https://040code.github.io/2017/12/09/runners-on-the-spot/). The original setup of the module is based on the blog post: [Auto scale GitLab CI runners and save 90% on EC2 costs](https://about.gitlab.com/2017/11/23/autoscale-ci-runners/).

Expand Down Expand Up @@ -133,31 +150,30 @@ The base image used to host the GitLab Runner agent is the latest available Amaz
Below a basic examples of usages of the module. The dependencies such as a VPC, and SSH keys have a look at the [default example](https://github.com/npalm/terraform-aws-gitlab-runner/tree/develop/examples/runner-default).

``` hcl
module "runner" {
source = "npalm/gitlab-runner/aws"
version = "3.6.0"
source = "../../"
aws_region = "eu-west-1"
environment = "spot-runners"
ssh_public_key = "${local_file.public_ssh_key.content}"
ssh_public_key = local_file.public_ssh_key.content
vpc_id = "${module.vpc.vpc_id}"
subnet_ids_gitlab_runner = "${module.vpc.private_subnets}"
subnet_id_runners = "${element(module.vpc.private_subnets, 0)}"
vpc_id = module.vpc.vpc_id
subnet_ids_gitlab_runner = module.vpc.private_subnets
subnet_id_runners = element(module.vpc.private_subnets, 0)
runners_name = "aws-spot-instance-runner"
runners_name = "docker-default"
runners_gitlab_url = "https://gitlab.com"
gitlab_runner_registration_config = {
registration_token = "${var.registration_token}"
tag_list = "docker_spot_runner"
description = "runner default - auto"
registration_token = "my-token
tag_list = "docker"
description = "runner default"
locked_to_project = "true"
run_untagged = "false"
maximum_timeout = "3600"
}
}
```

Expand Down Expand Up @@ -194,85 +210,3 @@ To destroy runner:
``` sh
terraform destroy
```

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| allow\_iam\_service\_linked\_role\_creation | Boolean used to control attaching the policy to a runner instance to create service linked roles. | string | `"true"` | no |
| ami\_filter | List of maps used to create the AMI filter for the Gitlab runner agent AMI. Currently Amazon Linux 2 `amzn2-ami-hvm-2.0.????????-x86_64-ebs` looks to *not* be working for this configuration. | list | `<list>` | no |
| ami\_owners | The list of owners used to select the AMI of Gitlab runner agent instances. | list | `<list>` | no |
| aws\_region | AWS region. | string | n/a | yes |
| aws\_zone | AWS availability zone (typically 'a', 'b', or 'c'). | string | `"a"` | no |
| cache\_bucket | Configuration to control the creation of th the cache bucket. By default the bucket will be crated and used as shared cache. To use the same cache cross multiple runners disable the cration of the cache and provice a policy and bucket name. See the public runner example for more details. | map | `<map>` | no |
| cache\_bucket\_prefix | Prefix for s3 cache bucket name. | string | `""` | no |
| cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | string | `"false"` | no |
| cache\_expiration\_days | Number of days before cache objects expires. | string | `"1"` | no |
| cache\_shared | Enables cache sharing between runners, false by default. | string | `"false"` | no |
| create\_runners\_iam\_instance\_profile | Boolean to control the creation of the runners IAM instance profile | string | `"true"` | no |
| docker\_machine\_instance\_type | Instance type used for the instances hosting docker-machine. | string | `"m5a.large"` | no |
| docker\_machine\_options | List of additional options for the docker machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | list | `<list>` | no |
| docker\_machine\_role\_json | Docker machine runner instance override policy, expected to be in JSON format. | string | `""` | no |
| docker\_machine\_spot\_price\_bid | Spot price bid. | string | `"0.06"` | no |
| docker\_machine\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the docker machine runner instance. | list | `<list>` | no |
| docker\_machine\_user | Username of the user used to create the spot instances that host docker-machine. | string | `"docker-machine"` | no |
| docker\_machine\_version | Version of docker-machine. | string | `"0.16.1"` | no |
| enable\_cloudwatch\_logging | Boolean used to enable or disable the CloudWatch logging. | string | `"true"` | no |
| enable\_gitlab\_runner\_ssh\_access | Enables SSH Access to the gitlab runner instance. | string | `"false"` | no |
| enable\_manage\_gitlab\_token | Boolean to enable the management of the GitLab token in SSM. If `true` the token will be stored in SSM, which means the SSM property is a terraform managed resource. If `false` the Gitlab token will be stored in the SSM by the user-data script during creation of the the instance. However the SSM parameter is not managed by terraform and will remain in SSM after a `terraform destroy`. | string | `"true"` | no |
| enable\_runner\_user\_data\_trace\_log | Enable bash xtrace for the user data script that creates the EC2 instance for the runner agent. Be aware this could log sensitive data such as you GitLab runner token. | string | `"false"` | no |
| environment | A name that identifies the environment, used as prefix and for tagging. | string | n/a | yes |
| gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | map | `<map>` | no |
| gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the gitlab runner instance. | list | `<list>` | no |
| gitlab\_runner\_version | Version of the GitLab runner. | string | `"12.1.0"` | no |
| instance\_role\_json | Default runner instance override policy, expected to be in JSON format. | string | `""` | no |
| instance\_type | Instance type used for the GitLab runner. | string | `"t3.micro"` | no |
| name\_runners\_docker\_machine | | string | `""` | no |
| overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` ovverrid the `Name` tag spot instances created by the runner agent. | map | `<map>` | no |
| runner\_ami\_filter | List of maps used to create the AMI filter for the Gitlab runner docker-machine AMI. | list | `<list>` | no |
| runner\_ami\_owners | The list of owners used to select the AMI of Gitlab runner docker-machine instances. | list | `<list>` | no |
| runner\_instance\_spot\_price | By setting a spot price bid price the runner agent will be created via a spot request. Be aware that spot instances can be stopped by AWS. | string | `""` | no |
| runners\_concurrent | Concurrent value for the runners, will be used in the runner config.toml. | string | `"10"` | no |
| runners\_environment\_vars | Environment variables during build execution, e.g. KEY=Value, see runner-public example. Will be used in the runner config.toml | list | `<list>` | no |
| runners\_executor | The executor to use. Currently supports `docker+machine` or `docker`. | string | `"docker+machine"` | no |
| runners\_gitlab\_url | URL of the GitLab instance to connect to. | string | n/a | yes |
| runners\_iam\_instance\_profile\_name | IAM instance profile name of the runners, will be used in the runner config.toml | string | `""` | no |
| runners\_idle\_count | Idle count of the runners, will be used in the runner config.toml. | string | `"0"` | no |
| runners\_idle\_time | Idle time of the runners, will be used in the runner config.toml. | string | `"600"` | no |
| runners\_image | Image to run builds, will be used in the runner config.toml | string | `"docker:18.03.1-ce"` | no |
| runners\_limit | Limit for the runners, will be used in the runner config.toml. | string | `"0"` | no |
| runners\_monitoring | Enable detailed cloudwatch monitoring for spot instances. | string | `"false"` | no |
| runners\_name | Name of the runner, will be used in the runner config.toml. | string | n/a | yes |
| runners\_off\_peak\_idle\_count | Off peak idle count of the runners, will be used in the runner config.toml. | string | `"0"` | no |
| runners\_off\_peak\_idle\_time | Off peak idle time of the runners, will be used in the runner config.toml. | string | `"0"` | no |
| runners\_off\_peak\_periods | Off peak periods of the runners, will be used in the runner config.toml. | string | `""` | no |
| runners\_off\_peak\_timezone | Off peak idle time zone of the runners, will be used in the runner config.toml. | string | `""` | no |
| runners\_output\_limit | Sets the maximum build log size in kilobytes, by default set to 4096 (4MB) | string | `"4096"` | no |
| runners\_post\_build\_script | Commands to be executed on the Runner just after executing the build, but before executing after_script. | string | `""` | no |
| runners\_pre\_build\_script | Script to execute in the pipeline just before the build, will be used in the runner config.toml | string | `""` | no |
| runners\_pre\_clone\_script | Commands to be executed on the Runner before cloning the Git repository. this can be used to adjust the Git client configuration first, for example. | string | `""` | no |
| runners\_privileged | Runners will run in privileged mode, will be used in the runner config.toml | string | `"true"` | no |
| runners\_pull\_policy | pull_policy for the runners. will be used in the runner config.toml | string | `"always"` | no |
| runners\_request\_concurrency | Limit number of concurrent requests for new jobs from GitLab (default 1) | string | `"1"` | no |
| runners\_root\_size | Runner instance root size in GB. | string | `"16"` | no |
| runners\_shm\_size | shm_size for the runners. will be used in the runner config.toml | string | `"0"` | no |
| runners\_token | Token for the runner, will be used in the runner config.toml. | string | `"__REPLACED_BY_USER_DATA__"` | no |
| runners\_use\_private\_address | Restrict runners to the use of a private IP address | string | `"true"` | no |
| runners\_volumes | Specify additional volumes that should be mounted (same syntax as Docker’s -v flag) | list | `<list>` | no |
| secure\_parameter\_store\_runner\_token\_key | The key name used store the Gitlab runner token in Secure Parameter Store | string | `"runner-token"` | no |
| ssh\_public\_key | Public SSH key used for the GitLab runner EC2 instance. | string | n/a | yes |
| subnet\_id\_runners | List of subnets used for hosting the gitlab-runners. | string | n/a | yes |
| subnet\_ids\_gitlab\_runner | Subnet used for hosting the GitLab runner. | list | n/a | yes |
| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | map | `<map>` | no |
| userdata\_post\_install | User-data script snippet to insert after GitLab runner install | string | `""` | no |
| userdata\_pre\_install | User-data script snippet to insert before GitLab runner install | string | `""` | no |
| vpc\_id | The target VPC for the docker-machine and runner instances. | string | n/a | yes |

## Outputs

| Name | Description |
|------|-------------|
| runner\_agent\_role | ARN of the rule used for the ec2 instance for the GitLab runner agent. |
| runner\_as\_group\_name | Name of the autoscaling group for the gitlab-runner instance |
| runner\_cache\_bucket\_arn | ARN of the S3 for the build cache. |
| runner\_role | ARN of the rule used for the docker machine runners. |
Loading

0 comments on commit 0a5a15b

Please sign in to comment.