diff --git a/CHANGELOG.md b/CHANGELOG.md index a572d6da9..f25effedf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] +## [2.3.0] - 2019-03-27 +- Bugfix: Added a profile for the docker machine runners. #41 +- Changed: Changed the name of runner instance, added `docker-machine` to the name. + ## [2.2.1] - 2019-03-19 - Bugfix: Add tags to spot instances #39 - Changed: Updated terraform providers in examples and default terraform version @@ -98,7 +102,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/). - Update default AMI's to The latest Amazon Linux AMI 2017.09.1 - released on 2018-01-17. - Minor updates in the example -[Unreleased]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/2.2.1...HEAD +[Unreleased]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/2.3.0...HEAD +[2.3.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/2.2.1...2.3.0 [2.2.1]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/2.2.0...2.2.1 [2.2.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/2.1.0...2.2.0 [2.1.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/2.0.0...2.1.0 diff --git a/main.tf b/main.tf index 8675d74a0..74703525a 100644 --- a/main.tf +++ b/main.tf @@ -111,9 +111,10 @@ data "template_file" "runners" { runners_spot_price_bid = "${var.docker_machine_spot_price_bid}" runners_security_group_name = "${aws_security_group.docker_machine.name}" runners_monitoring = "${var.runners_monitoring}" + runners_instance_profile = "${aws_iam_instance_profile.docker_machine.name}" docker_machine_options = "${length(var.docker_machine_options) == 0 ? "" : local.docker_machine_options_string}" runners_name = "${var.runners_name}" - runners_tags = "${local.tags_string}" + runners_tags = "${local.tags_string},Name,${var.environment}-docker-machine" runners_token = "${var.runners_token}" runners_executor = "${var.runners_executor}" runners_limit = "${var.runners_limit}" @@ -194,27 +195,27 @@ resource "aws_iam_role" "instance" { } ################################################################################ -### docker machine instance policy +### Policies for runner agent instance to create docker machines via spot req. ################################################################################ -data "template_file" "docker_machine_policy" { +data "template_file" "instance_docker_machine_policy" { template = "${file("${path.module}/policies/instance-docker-machine-policy.json")}" } -resource "aws_iam_policy" "docker_machine" { +resource "aws_iam_policy" "instance_docker_machine_policy" { name = "${var.environment}-docker-machine" path = "/" description = "Policy for docker machine." - policy = "${data.template_file.docker_machine_policy.rendered}" + policy = "${data.template_file.instance_docker_machine_policy.rendered}" } -resource "aws_iam_role_policy_attachment" "docker_machine" { +resource "aws_iam_role_policy_attachment" "instance_docker_machine_policy" { role = "${aws_iam_role.instance.name}" - policy_arn = "${aws_iam_policy.docker_machine.arn}" + policy_arn = "${aws_iam_policy.instance_docker_machine_policy.arn}" } ################################################################################ -### docker machine policy to access the shared cache +### Policy to access the shared for the runner agent instance ################################################################################ data "template_file" "docker_machine_cache_policy" { template = "${file("${path.module}/policies/cache.json")}" @@ -232,11 +233,28 @@ resource "aws_iam_policy" "docker_machine_cache" { policy = "${data.template_file.docker_machine_cache_policy.rendered}" } -resource "aws_iam_role_policy_attachment" "docker_machine_cache" { +resource "aws_iam_role_policy_attachment" "docker_machine_cache_instance" { role = "${aws_iam_role.instance.name}" policy_arn = "${aws_iam_policy.docker_machine_cache.arn}" } +################################################################################ +### docker machine instance policy +################################################################################ +data "template_file" "dockermachine_role_trust_policy" { + template = "${file("${path.module}/policies/instance-role-trust-policy.json")}" +} + +resource "aws_iam_role" "docker_machine" { + name = "${var.environment}-docker-marchine-role" + assume_role_policy = "${data.template_file.dockermachine_role_trust_policy.rendered}" +} + +resource "aws_iam_instance_profile" "docker_machine" { + name = "${var.environment}-dockermachine-profile" + role = "${aws_iam_role.docker_machine.name}" +} + ################################################################################ ### Service linked policy, optional ################################################################################ diff --git a/outputs.tf b/outputs.tf index 10d5fef4e..443420035 100644 --- a/outputs.tf +++ b/outputs.tf @@ -12,3 +12,8 @@ output "runner_agent_role" { description = "ARN of the rule used for the ec2 instance for the GitLab runner agent." value = "${aws_iam_role.instance.arn}" } + +output "runner_role" { + description = "ARN of the rule used for the docker machine runners." + value = "${aws_iam_role.docker_machine.arn}" +} diff --git a/template/runner-config.tpl b/template/runner-config.tpl index 7ac0fdc3c..3680d2b7d 100644 --- a/template/runner-config.tpl +++ b/template/runner-config.tpl @@ -44,6 +44,7 @@ check_interval = 0 "amazonec2-security-group=${runners_security_group_name}", "amazonec2-tags=${runners_tags}", "amazonec2-monitoring=${runners_monitoring}", + "amazonec2-iam-instance-profile=${runners_instance_profile}", "amazonec2-root-size=${runners_root_size}" ${docker_machine_options} ]