diff --git a/CHANGELOG.md b/CHANGELOG.md index a9bb004b9..d15e77446 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,8 +4,14 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). - -## [3.3.0] - 2019-06-06 +## 3.5.0 - 2019-06-19 +- Changed + - Documentation #85: Misleading Variable-Description @ solutionDrive-Alt + - Bugfix #70: docker-machine fails starting runners when `amazonec2-request-spot-instance=false` @philippefuentes + - Bugfix #72: Detect and retry when docker machine installation fails @eliasdorneles + - Changed: Default version of GitLab runner set to 11.11.2 + +## [3.4.0] - 2019-06-06 - Changed: - Update default runner type, GitLab runner version, and versions in examples. - Buffix #75 runner is not reachable when runners_use_private_address = false @@ -126,7 +132,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/). - Update default AMI's to The latest Amazon Linux AMI 2017.09.1 - released on 2018-01-17. - Minor updates in the example -[Unreleased]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/3.4.0...HEAD +[Unreleased]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/3.5.0...HEAD +[3.5.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/3.4.0...3.5.0 [3.4.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/3.3.0...3.4.0 [3.3.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/3.2.0...3.3.0 [3.2.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/3.1.0...3.2.0 diff --git a/README.md b/README.md index eb117c5e7..2be255c26 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,8 @@ # Terraform module for GitLab auto scaling runners on AWS spot instances +> *WIP*: Work in progress, conversion to Terraform 0.12 #73. Feel free to checkout branch [Terraform 0.12](https://github.com/npalm/terraform-aws-gitlab-runner/tree/feature/terraform-0.12). + > *NEW*: The runner will register itself automatically to GitLab. No need to register the runner first, see also the [examples](./examples) This repo contains a Terraform module and examples to run a [GitLab CI multi runner](https://docs.gitlab.com/runner/) on AWS Spot instances. See the blog post at [040code](https://040code.github.io/2017/12/09/runners-on-the-spot/) for a detailed description of the setup. @@ -187,21 +189,22 @@ terraform destroy | aws\_region | AWS region. | string | n/a | yes | | aws\_zone | AWS availability zone (typically 'a', 'b', or 'c'). | string | `"a"` | no | | cache\_bucket\_prefix | Prefix for s3 cache bucket name. | string | `""` | no | +| cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | string | `"false"` | no | | cache\_expiration\_days | Number of days before cache objects expires. | string | `"1"` | no | | cache\_shared | Enables cache sharing between runners, false by default. | string | `"false"` | no | | create\_runners\_iam\_instance\_profile | Boolean to control the creation of the runners IAM instance profile | string | `"true"` | no | -| docker\_machine\_instance\_type | Instance type used for the instances hosting docker-machine. | string | `"m5.large"` | no | +| docker\_machine\_instance\_type | Instance type used for the instances hosting docker-machine. | string | `"m5a.large"` | no | | docker\_machine\_options | List of additional options for the docker machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | list | `` | no | -| docker\_machine\_spot\_price\_bid | Spot price bid. | string | `"0.04"` | no | +| docker\_machine\_spot\_price\_bid | Spot price bid. | string | `"0.06"` | no | | docker\_machine\_user | Username of the user used to create the spot instances that host docker-machine. | string | `"docker-machine"` | no | | docker\_machine\_version | Version of docker-machine. | string | `"0.16.1"` | no | | enable\_cloudwatch\_logging | Boolean used to enable or disable the CloudWatch logging. | string | `"true"` | no | | enable\_gitlab\_runner\_ssh\_access | Enables SSH Access to the gitlab runner instance. | string | `"false"` | no | -| enable\_manage\_gitlab\_token | Boolean to enable the management of the GitLab token in SSM. If `true` the Gitlab token will be managed via terraform state. If `false` the token will still be stored in SSM however, it will not be managed via terraform. | string | `"true"` | no | +| enable\_manage\_gitlab\_token | Boolean to enable the management of the GitLab token in SSM. If `true` the token will be stored in SSM, which means the SSM property is a terraform managed resource. If `false` the Gitlab token will be stored in the SSM by the user-data script during creation of the the instance. However the SSM parameter is not managed by terraform and will remain in SSM after a `terraform destroy`. | string | `"true"` | no | | environment | A name that identifies the environment, used as prefix and for tagging. | string | n/a | yes | | gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | map | `` | no | | gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access from to the gitlab runner instance. | list | `` | no | -| gitlab\_runner\_version | Version of the GitLab runner. | string | `"11.9.2"` | no | +| gitlab\_runner\_version | Version of the GitLab runner. | string | `"11.11.2"` | no | | instance\_role\_json | Docker machine runner instance override policy, expected to be in JSON format. | string | `""` | no | | instance\_role\_runner\_json | Instance role json for the docker machine runners to override the default. | string | `""` | no | | instance\_type | Instance type used for the GitLab runner. | string | `"t3.micro"` | no | diff --git a/_docs/TF_MODULE.md b/_docs/TF_MODULE.md index 1b372623e..d6c140770 100644 --- a/_docs/TF_MODULE.md +++ b/_docs/TF_MODULE.md @@ -8,12 +8,13 @@ | aws\_region | AWS region. | string | n/a | yes | | aws\_zone | AWS availability zone (typically 'a', 'b', or 'c'). | string | `"a"` | no | | cache\_bucket\_prefix | Prefix for s3 cache bucket name. | string | `""` | no | +| cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | string | `"false"` | no | | cache\_expiration\_days | Number of days before cache objects expires. | string | `"1"` | no | | cache\_shared | Enables cache sharing between runners, false by default. | string | `"false"` | no | | create\_runners\_iam\_instance\_profile | Boolean to control the creation of the runners IAM instance profile | string | `"true"` | no | -| docker\_machine\_instance\_type | Instance type used for the instances hosting docker-machine. | string | `"m5.large"` | no | +| docker\_machine\_instance\_type | Instance type used for the instances hosting docker-machine. | string | `"m5a.large"` | no | | docker\_machine\_options | List of additional options for the docker machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | list | `` | no | -| docker\_machine\_spot\_price\_bid | Spot price bid. | string | `"0.04"` | no | +| docker\_machine\_spot\_price\_bid | Spot price bid. | string | `"0.06"` | no | | docker\_machine\_user | Username of the user used to create the spot instances that host docker-machine. | string | `"docker-machine"` | no | | docker\_machine\_version | Version of docker-machine. | string | `"0.16.1"` | no | | enable\_cloudwatch\_logging | Boolean used to enable or disable the CloudWatch logging. | string | `"true"` | no | @@ -22,10 +23,12 @@ | environment | A name that identifies the environment, used as prefix and for tagging. | string | n/a | yes | | gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | map | `` | no | | gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access from to the gitlab runner instance. | list | `` | no | -| gitlab\_runner\_version | Version of the GitLab runner. | string | `"11.9.2"` | no | +| gitlab\_runner\_version | Version of the GitLab runner. | string | `"11.11.2"` | no | | instance\_role\_json | Docker machine runner instance override policy, expected to be in JSON format. | string | `""` | no | | instance\_role\_runner\_json | Instance role json for the docker machine runners to override the default. | string | `""` | no | | instance\_type | Instance type used for the GitLab runner. | string | `"t3.micro"` | no | +| name\_runners\_docker\_machine | | string | `""` | no | +| overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` ovverrid the `Name` tag spot instances created by the runner agent. | map | `` | no | | runner\_instance\_spot\_price | By setting a spot price bid price the runner agent will be created via a spot request. Be aware that spot instances can be stopped by AWS. | string | `""` | no | | runners\_concurrent | Concurrent value for the runners, will be used in the runner config.toml. | string | `"10"` | no | | runners\_environment\_vars | Environment variables during build execution, e.g. KEY=Value, see runner-public example. Will be used in the runner config.toml | list | `` | no | diff --git a/bucket.tf b/bucket.tf index 01dcac7df..3538dbca3 100644 --- a/bucket.tf +++ b/bucket.tf @@ -9,7 +9,7 @@ resource "aws_s3_bucket" "build_cache" { force_destroy = true versioning { - enabled = false + enabled = "${var.cache_bucket_versioning}" } lifecycle_rule { @@ -21,5 +21,9 @@ resource "aws_s3_bucket" "build_cache" { expiration { days = "${var.cache_expiration_days}" } + + noncurrent_version_expiration { + days = "${var.cache_expiration_days}" + } } } diff --git a/template/gitlab-runner.tpl b/template/gitlab-runner.tpl index 23338e964..e71d13c20 100644 --- a/template/gitlab-runner.tpl +++ b/template/gitlab-runner.tpl @@ -21,6 +21,10 @@ curl --fail --retry 6 -L https://github.com/docker/machine/releases/download/v$ cp /tmp/docker-machine /usr/local/bin/docker-machine && \ ln -s /usr/local/bin/docker-machine /usr/bin/docker-machine +# Create a dummy machine so that the cert is generated properly +# See: https://gitlab.com/gitlab-org/gitlab-runner/issues/3676 +docker-machine create --driver none --url localhost dummy-machine + token=$(aws ssm get-parameters --names "${secure_parameter_store_runner_token_key}" --with-decryption --region "${secure_parameter_store_region}" | jq -r ".Parameters | .[0] | .Value") if [[ `echo ${runners_token}` == "__REPLACED_BY_USER_DATA__" && `echo $token` == "null" ]] diff --git a/variables.tf b/variables.tf index 5922bb294..7c997e3cd 100644 --- a/variables.tf +++ b/variables.tf @@ -225,6 +225,12 @@ variable "cache_bucket_prefix" { default = "" } +variable "cache_bucket_versioning" { + description = "Boolean used to enable versioning on the cache bucket, false by default." + type = "string" + default = "false" +} + variable "cache_expiration_days" { description = "Number of days before cache objects expires." default = 1 @@ -324,7 +330,7 @@ variable "secure_parameter_store_runner_token_key" { } variable "enable_manage_gitlab_token" { - description = "Boolean to enable the management of the GitLab token in SSM. If `true` the Gitlab token will be managed via terraform state. If `false` the token will still be stored in SSM however, it will not be managed via terraform." + description = "Boolean to enable the management of the GitLab token in SSM. If `true` the token will be stored in SSM, which means the SSM property is a terraform managed resource. If `false` the Gitlab token will be stored in the SSM by the user-data script during creation of the the instance. However the SSM parameter is not managed by terraform and will remain in SSM after a `terraform destroy`." default = true }