Merge branch 'release/2.3.0'

CHANGELOG.md

@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+## [2.3.0] - 2019-03-27
+- Bugfix: Added a profile for the docker machine runners. #41
+- Changed: Changed the name of runner instance, added `docker-machine` to the name.
+
 ## [2.2.1] - 2019-03-19
 - Bugfix: Add tags to spot instances #39
 - Changed: Updated terraform providers in examples and default terraform version
@@ -98,7 +102,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 - Update default AMI's to The latest Amazon Linux AMI 2017.09.1 - released on 2018-01-17.
 - Minor updates in the example
 
-[Unreleased]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/2.2.1...HEAD
+[Unreleased]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/2.3.0...HEAD
+[2.3.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/2.2.1...2.3.0
 [2.2.1]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/2.2.0...2.2.1
 [2.2.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/2.1.0...2.2.0
 [2.1.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/2.0.0...2.1.0

main.tf

@@ -111,9 +111,10 @@ data "template_file" "runners" {
     runners_spot_price_bid            = "${var.docker_machine_spot_price_bid}"
     runners_security_group_name       = "${aws_security_group.docker_machine.name}"
     runners_monitoring                = "${var.runners_monitoring}"
+    runners_instance_profile          = "${aws_iam_instance_profile.docker_machine.name}"
     docker_machine_options            = "${length(var.docker_machine_options) == 0 ? "" : local.docker_machine_options_string}"
     runners_name                      = "${var.runners_name}"
-    runners_tags                      = "${local.tags_string}"
+    runners_tags                      = "${local.tags_string},Name,${var.environment}-docker-machine"
     runners_token                     = "${var.runners_token}"
     runners_executor                  = "${var.runners_executor}"
     runners_limit                     = "${var.runners_limit}"
@@ -194,27 +195,27 @@ resource "aws_iam_role" "instance" {
 }
 
 ################################################################################
-### docker machine instance policy
+### Policies for runner agent instance to create docker machines via spot req.
 ################################################################################
-data "template_file" "docker_machine_policy" {
+data "template_file" "instance_docker_machine_policy" {
   template = "${file("${path.module}/policies/instance-docker-machine-policy.json")}"
 }
 
-resource "aws_iam_policy" "docker_machine" {
+resource "aws_iam_policy" "instance_docker_machine_policy" {
   name        = "${var.environment}-docker-machine"
   path        = "/"
   description = "Policy for docker machine."
 
-  policy = "${data.template_file.docker_machine_policy.rendered}"
+  policy = "${data.template_file.instance_docker_machine_policy.rendered}"
 }
 
-resource "aws_iam_role_policy_attachment" "docker_machine" {
+resource "aws_iam_role_policy_attachment" "instance_docker_machine_policy" {
   role       = "${aws_iam_role.instance.name}"
-  policy_arn = "${aws_iam_policy.docker_machine.arn}"
+  policy_arn = "${aws_iam_policy.instance_docker_machine_policy.arn}"
 }
 
 ################################################################################
-### docker machine policy to access the shared cache
+### Policy to access the shared for the runner agent instance
 ################################################################################
 data "template_file" "docker_machine_cache_policy" {
   template = "${file("${path.module}/policies/cache.json")}"
@@ -232,11 +233,28 @@ resource "aws_iam_policy" "docker_machine_cache" {
   policy = "${data.template_file.docker_machine_cache_policy.rendered}"
 }
 
-resource "aws_iam_role_policy_attachment" "docker_machine_cache" {
+resource "aws_iam_role_policy_attachment" "docker_machine_cache_instance" {
   role       = "${aws_iam_role.instance.name}"
   policy_arn = "${aws_iam_policy.docker_machine_cache.arn}"
 }
 
+################################################################################
+### docker machine instance policy
+################################################################################
+data "template_file" "dockermachine_role_trust_policy" {
+  template = "${file("${path.module}/policies/instance-role-trust-policy.json")}"
+}
+
+resource "aws_iam_role" "docker_machine" {
+  name               = "${var.environment}-docker-marchine-role"
+  assume_role_policy = "${data.template_file.dockermachine_role_trust_policy.rendered}"
+}
+
+resource "aws_iam_instance_profile" "docker_machine" {
+  name = "${var.environment}-dockermachine-profile"
+  role = "${aws_iam_role.docker_machine.name}"
+}
+
 ################################################################################
 ### Service linked policy, optional
 ################################################################################

outputs.tf

@@ -12,3 +12,8 @@ output "runner_agent_role" {
   description = "ARN of the rule used for the ec2 instance for the GitLab runner agent."
   value       = "${aws_iam_role.instance.arn}"
 }
+
+output "runner_role" {
+  description = "ARN of the rule used for the docker machine runners."
+  value       = "${aws_iam_role.docker_machine.arn}"
+}

template/runner-config.tpl

@@ -44,6 +44,7 @@ check_interval = 0
       "amazonec2-security-group=${runners_security_group_name}",
       "amazonec2-tags=${runners_tags}",
       "amazonec2-monitoring=${runners_monitoring}",
+      "amazonec2-iam-instance-profile=${runners_instance_profile}",
       "amazonec2-root-size=${runners_root_size}"
       ${docker_machine_options}
     ]