From 3c906dbefad88269015e34f36ff62abc3574edf3 Mon Sep 17 00:00:00 2001 From: kayma Date: Sun, 19 Jun 2022 20:31:21 +0200 Subject: [PATCH 01/43] add new map as bundle for variables --- locals.tf | 2 ++ main.tf | 1 + template/runner-config.tpl | 10 +--------- variables.tf | 39 ++++++++++++++++++++++++++++++-------- 4 files changed, 35 insertions(+), 17 deletions(-) diff --git a/locals.tf b/locals.tf index fdf5d3997..bf75728c4 100644 --- a/locals.tf +++ b/locals.tf @@ -7,6 +7,8 @@ locals { runners_docker_registry_mirror_option = var.runners_docker_registry_mirror == "" ? [] : ["engine-registry-mirror=${var.runners_docker_registry_mirror}"] + runners_docker_options = "" + // Ensure max builds is optional runners_max_builds_string = var.runners_max_builds == 0 ? "" : format("MaxBuilds = %d", var.runners_max_builds) diff --git a/main.tf b/main.tf index 1111bee65..6d7ee7d9b 100644 --- a/main.tf +++ b/main.tf @@ -126,6 +126,7 @@ locals { runners_request_concurrency = var.runners_request_concurrency runners_output_limit = var.runners_output_limit runners_check_interval = var.runners_check_interval + runners_docker_options = local.runners_docker_options runners_volumes_tmpfs = join("\n", [for v in var.runners_volumes_tmpfs : format("\"%s\" = \"%s\"", v.volume, v.options)]) runners_services_volumes_tmpfs = join("\n", [for v in var.runners_services_volumes_tmpfs : format("\"%s\" = \"%s\"", v.volume, v.options)]) bucket_name = local.bucket_name diff --git a/template/runner-config.tpl b/template/runner-config.tpl index cacb4ae5d..8b1513a4f 100644 --- a/template/runner-config.tpl +++ b/template/runner-config.tpl @@ -17,15 +17,7 @@ listen_address = "${prometheus_listen_address}" output_limit = ${runners_output_limit} limit = ${runners_limit} [runners.docker] - tls_verify = false - image = "${runners_image}" - privileged = ${runners_privileged} - disable_cache = ${runners_disable_cache} - volumes = ["/cache"${runners_additional_volumes}] - shm_size = ${runners_shm_size} - pull_policy = "${runners_pull_policy}" - runtime = "${runners_docker_runtime}" - helper_image = "${runners_helper_image}" + ${runners_docker_options} [runners.docker.tmpfs] ${runners_volumes_tmpfs} [runners.docker.services_tmpfs] diff --git a/variables.tf b/variables.tf index 951aa7606..d18c125a9 100644 --- a/variables.tf +++ b/variables.tf @@ -200,19 +200,19 @@ variable "runners_max_builds" { } variable "runners_image" { - description = "Image to run builds, will be used in the runner config.toml" + description = "(Deprecated, use image in runners_docker_options instead) Image to run builds, will be used in the runner config.toml" type = string default = "docker:18.03.1-ce" } variable "runners_privileged" { - description = "Runners will run in privileged mode, will be used in the runner config.toml" + description = "(Deprecated, use privileged in runners_docker_options instead) Runners will run in privileged mode, will be used in the runner config.toml" type = bool default = true } variable "runners_disable_cache" { - description = "Runners will not use local cache, will be used in the runner config.toml" + description = "(Deprecated, use disable_cache in runners_docker_options instead) Runners will not use local cache, will be used in the runner config.toml" type = bool default = false } @@ -224,35 +224,58 @@ variable "runners_add_dind_volumes" { } variable "runners_additional_volumes" { - description = "Additional volumes that will be used in the runner config.toml, e.g Docker socket" + description = " (Deprecated, use volumes in runners_docker_options instead) Additional volumes that will be used in the runner config.toml, e.g Docker socket" type = list(any) default = [] } variable "runners_shm_size" { - description = "shm_size for the runners, will be used in the runner config.toml" + description = "(Deprecated, use shm_size in runners_docker_options instead) shm_size for the runners, will be used in the runner config.toml" type = number default = 0 } variable "runners_docker_runtime" { - description = "docker runtime for runners, will be used in the runner config.toml" + description = "(Deprecated, use runtime in runners_docker_options instead) docker runtime for runners, will be used in the runner config.toml" type = string default = "" } variable "runners_helper_image" { - description = "Overrides the default helper image used to clone repos and upload artifacts, will be used in the runner config.toml" + description = "(Deprecated, use helper_image in runners_docker_options instead) Overrides the default helper image used to clone repos and upload artifacts, will be used in the runner config.toml" type = string default = "" } variable "runners_pull_policy" { - description = "pull_policy for the runners, will be used in the runner config.toml" + description = "(Deprecated, use pull_policy in runners_docker_options instead) pull_policy for the runners, will be used in the runner config.toml" type = string default = "always" } +variable "enable_docker_options" { + # TODO remove this variable as soon as the above mentioned deprecated variables have been removed + type = boolean + description = "Set to to use the runners_docker_options variable." + default = false +} + +variable "runners_docker_options" { + description = "Options added to the [runners.docker] section of config.toml to configure the Docker container of the Executors. Don't forget to enable the usage via enable_docker_options!" + type = map + default = { + tls_verify = "false" + image = "docker:18.03.1-ce" + privileged = "true" + disable_cache = "false" + volumes = "/cache" + shm_size = 0 + pull_policy = "always" + runtime = "" + helper_image = "" + } +} + variable "runners_monitoring" { description = "Enable detailed cloudwatch monitoring for spot instances." type = bool From f160e93c816ffaada35d671019bacf4340308e48 Mon Sep 17 00:00:00 2001 From: kayma Date: Sun, 19 Jun 2022 20:40:11 +0200 Subject: [PATCH 02/43] choose one of the options --- locals.tf | 14 +++++++++++++- variables.tf | 24 ++++++++++++------------ 2 files changed, 25 insertions(+), 13 deletions(-) diff --git a/locals.tf b/locals.tf index bf75728c4..12f32c496 100644 --- a/locals.tf +++ b/locals.tf @@ -7,7 +7,19 @@ locals { runners_docker_registry_mirror_option = var.runners_docker_registry_mirror == "" ? [] : ["engine-registry-mirror=${var.runners_docker_registry_mirror}"] - runners_docker_options = "" + runners_docker_options = var.runners_enable_docker_options ? local.runners_docker_options_map_string : local.runners_docker_options_single_string + runners_docker_options_map_string = join("\n", [for k, v in var.runners_docker_options : "${k} = ${v}"]) + runners_docker_options_single_string = <<-EOT + tls_verify = false + image = "${runners_image}" + privileged = ${runners_privileged} + disable_cache = ${runners_disable_cache} + volumes = ["/cache"${runners_additional_volumes}] + shm_size = ${runners_shm_size} + pull_policy = "${runners_pull_policy}" + runtime = "${runners_docker_runtime}" + helper_image = "${runners_helper_image}" + EOT // Ensure max builds is optional runners_max_builds_string = var.runners_max_builds == 0 ? "" : format("MaxBuilds = %d", var.runners_max_builds) diff --git a/variables.tf b/variables.tf index d18c125a9..e83c8d31f 100644 --- a/variables.tf +++ b/variables.tf @@ -253,26 +253,26 @@ variable "runners_pull_policy" { default = "always" } -variable "enable_docker_options" { +variable "runners_enable_docker_options" { # TODO remove this variable as soon as the above mentioned deprecated variables have been removed - type = boolean + type = bool description = "Set to to use the runners_docker_options variable." - default = false + default = false } variable "runners_docker_options" { description = "Options added to the [runners.docker] section of config.toml to configure the Docker container of the Executors. Don't forget to enable the usage via enable_docker_options!" - type = map + type = map(any) default = { - tls_verify = "false" - image = "docker:18.03.1-ce" - privileged = "true" + tls_verify = "false" + image = "docker:18.03.1-ce" + privileged = "true" disable_cache = "false" - volumes = "/cache" - shm_size = 0 - pull_policy = "always" - runtime = "" - helper_image = "" + volumes = "/cache" + shm_size = 0 + pull_policy = "always" + runtime = "" + helper_image = "" } } From b8bfc1860d5948b6ff87535bf31275f40a51cd20 Mon Sep 17 00:00:00 2001 From: kayma Date: Sun, 19 Jun 2022 21:01:06 +0200 Subject: [PATCH 03/43] add remark to fix runners_additional_volumes --- locals.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/locals.tf b/locals.tf index 12f32c496..2f0a1668b 100644 --- a/locals.tf +++ b/locals.tf @@ -7,6 +7,7 @@ locals { runners_docker_registry_mirror_option = var.runners_docker_registry_mirror == "" ? [] : ["engine-registry-mirror=${var.runners_docker_registry_mirror}"] + # FIXME what to do with runners_additional_volumes??? runners_docker_options = var.runners_enable_docker_options ? local.runners_docker_options_map_string : local.runners_docker_options_single_string runners_docker_options_map_string = join("\n", [for k, v in var.runners_docker_options : "${k} = ${v}"]) runners_docker_options_single_string = <<-EOT From 64f5ec9a2555930e75bf934b64f3775664c36364 Mon Sep 17 00:00:00 2001 From: Matthias Kay Date: Wed, 22 Jun 2022 23:05:01 +0200 Subject: [PATCH 04/43] add default for volumes --- locals.tf | 3 +-- variables.tf | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/locals.tf b/locals.tf index 2f0a1668b..030201c96 100644 --- a/locals.tf +++ b/locals.tf @@ -7,9 +7,8 @@ locals { runners_docker_registry_mirror_option = var.runners_docker_registry_mirror == "" ? [] : ["engine-registry-mirror=${var.runners_docker_registry_mirror}"] - # FIXME what to do with runners_additional_volumes??? runners_docker_options = var.runners_enable_docker_options ? local.runners_docker_options_map_string : local.runners_docker_options_single_string - runners_docker_options_map_string = join("\n", [for k, v in var.runners_docker_options : "${k} = ${v}"]) + runners_docker_options_map_string = join("\n", [for k, v in var.runners_docker_options : k == "volumes" ? "${k} = \"/cache,${v}\"" : "${k} = \"${v}\""]) runners_docker_options_single_string = <<-EOT tls_verify = false image = "${runners_image}" diff --git a/variables.tf b/variables.tf index e83c8d31f..6f0c46f2c 100644 --- a/variables.tf +++ b/variables.tf @@ -268,7 +268,7 @@ variable "runners_docker_options" { image = "docker:18.03.1-ce" privileged = "true" disable_cache = "false" - volumes = "/cache" + volumes = "" shm_size = 0 pull_policy = "always" runtime = "" From fb00812812237b1865624dd043ccd71864670e6e Mon Sep 17 00:00:00 2001 From: Matthias Kay Date: Wed, 22 Jun 2022 23:47:37 +0200 Subject: [PATCH 05/43] fix settings --- locals.tf | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/locals.tf b/locals.tf index 030201c96..5b8c58f14 100644 --- a/locals.tf +++ b/locals.tf @@ -8,17 +8,18 @@ locals { runners_docker_registry_mirror_option = var.runners_docker_registry_mirror == "" ? [] : ["engine-registry-mirror=${var.runners_docker_registry_mirror}"] runners_docker_options = var.runners_enable_docker_options ? local.runners_docker_options_map_string : local.runners_docker_options_single_string - runners_docker_options_map_string = join("\n", [for k, v in var.runners_docker_options : k == "volumes" ? "${k} = \"/cache,${v}\"" : "${k} = \"${v}\""]) + runners_docker_options_map_string = join("\n", [for k, v in var.runners_docker_options : k == "volumes" ? "${k} = ${v}" : "${k} = \"${v}\""]) + runners_docker_volumes = join(", ", formatlist("\"%s\"", concat(["/cache"], var.runners_additional_volumes))) runners_docker_options_single_string = <<-EOT tls_verify = false - image = "${runners_image}" - privileged = ${runners_privileged} - disable_cache = ${runners_disable_cache} - volumes = ["/cache"${runners_additional_volumes}] - shm_size = ${runners_shm_size} - pull_policy = "${runners_pull_policy}" - runtime = "${runners_docker_runtime}" - helper_image = "${runners_helper_image}" + image = "${var.runners_image}" + privileged = ${var.runners_privileged} + disable_cache = ${var.runners_disable_cache} + volumes = [${local.runners_docker_volumes}] + shm_size = ${var.runners_shm_size} + pull_policy = "${var.runners_pull_policy}" + runtime = "${var.runners_docker_runtime}" + helper_image = "${var.runners_helper_image}" EOT // Ensure max builds is optional From fac5b9a1da04ade1887bfde6e51b092f97e5c4b9 Mon Sep 17 00:00:00 2001 From: Matthias Kay Date: Thu, 23 Jun 2022 11:42:51 +0200 Subject: [PATCH 06/43] switch to block statement. Looks better. --- locals.tf | 13 +++++++-- variables.tf | 77 ++++++++++++++++++++++++++++++++++++++++++---------- 2 files changed, 74 insertions(+), 16 deletions(-) diff --git a/locals.tf b/locals.tf index 5b8c58f14..dee71fbf8 100644 --- a/locals.tf +++ b/locals.tf @@ -7,8 +7,17 @@ locals { runners_docker_registry_mirror_option = var.runners_docker_registry_mirror == "" ? [] : ["engine-registry-mirror=${var.runners_docker_registry_mirror}"] - runners_docker_options = var.runners_enable_docker_options ? local.runners_docker_options_map_string : local.runners_docker_options_single_string - runners_docker_options_map_string = join("\n", [for k, v in var.runners_docker_options : k == "volumes" ? "${k} = ${v}" : "${k} = \"${v}\""]) + runners_docker_options = var.runners_enable_docker_options ? local.runners_docker_options_map_string : local.runners_docker_options_single_string + # TODO add all other variables + runners_docker_options_map_string = <<-EOT + disable_cache = %{if var.runners_docker_options.disable_cache != null} ${var.runners_docker_options.disable_cache} %{else} false %{endif} + image = %{if var.runners_docker_options.image != null} ${var.runners_docker_options.image} %{else} "docker:18.03.1-ce" %{endif} + privileged = %{if var.runners_docker_options.privileged != null} ${var.runners_docker_options.privileged} %{else} true %{endif} + pull_policy = %{if var.runners_docker_options.pull_policy != null} ${var.runners_docker_options.pull_policy} %{else} "always" %{endif} + shm_size = %{if var.runners_docker_options.shm_size != null} ${var.runners_docker_options.shm_size} %{else} 0 %{endif} + tls_verify = %{if var.runners_docker_options.tls_verify != null} ${var.runners_docker_options.tls_verify} %{else} false %{endif} + volumes = %{if var.runners_docker_options.volumes != null} [${local.runners_docker_volumes}] %{else} ["/cache"] %{endif} + EOT runners_docker_volumes = join(", ", formatlist("\"%s\"", concat(["/cache"], var.runners_additional_volumes))) runners_docker_options_single_string = <<-EOT tls_verify = false diff --git a/variables.tf b/variables.tf index 6f0c46f2c..decf8ed32 100644 --- a/variables.tf +++ b/variables.tf @@ -261,21 +261,70 @@ variable "runners_enable_docker_options" { } variable "runners_docker_options" { - description = "Options added to the [runners.docker] section of config.toml to configure the Docker container of the Executors. Don't forget to enable the usage via enable_docker_options!" - type = map(any) - default = { - tls_verify = "false" - image = "docker:18.03.1-ce" - privileged = "true" - disable_cache = "false" - volumes = "" - shm_size = 0 - pull_policy = "always" - runtime = "" - helper_image = "" - } -} + description = < Date: Sat, 25 Jun 2022 10:53:47 +0200 Subject: [PATCH 07/43] remove var.runners_docker_enable_options --- locals.tf | 2 +- variables.tf | 9 --------- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/locals.tf b/locals.tf index dee71fbf8..47524d2a0 100644 --- a/locals.tf +++ b/locals.tf @@ -7,7 +7,7 @@ locals { runners_docker_registry_mirror_option = var.runners_docker_registry_mirror == "" ? [] : ["engine-registry-mirror=${var.runners_docker_registry_mirror}"] - runners_docker_options = var.runners_enable_docker_options ? local.runners_docker_options_map_string : local.runners_docker_options_single_string + runners_docker_options = var.runners_docker_options != null ? local.runners_docker_options_map_string : local.runners_docker_options_single_string # TODO add all other variables runners_docker_options_map_string = <<-EOT disable_cache = %{if var.runners_docker_options.disable_cache != null} ${var.runners_docker_options.disable_cache} %{else} false %{endif} diff --git a/variables.tf b/variables.tf index decf8ed32..4024365bf 100644 --- a/variables.tf +++ b/variables.tf @@ -253,13 +253,6 @@ variable "runners_pull_policy" { default = "always" } -variable "runners_enable_docker_options" { - # TODO remove this variable as soon as the above mentioned deprecated variables have been removed - type = bool - description = "Set to to use the runners_docker_options variable." - default = false -} - variable "runners_docker_options" { description = < Date: Sat, 25 Jun 2022 11:16:08 +0200 Subject: [PATCH 08/43] move docker options to separate template file --- locals.tf | 20 ++++++++++---------- template/runners_docker_options.tpl | 7 +++++++ 2 files changed, 17 insertions(+), 10 deletions(-) create mode 100644 template/runners_docker_options.tpl diff --git a/locals.tf b/locals.tf index 47524d2a0..beb17624d 100644 --- a/locals.tf +++ b/locals.tf @@ -7,17 +7,17 @@ locals { runners_docker_registry_mirror_option = var.runners_docker_registry_mirror == "" ? [] : ["engine-registry-mirror=${var.runners_docker_registry_mirror}"] - runners_docker_options = var.runners_docker_options != null ? local.runners_docker_options_map_string : local.runners_docker_options_single_string + runners_docker_options = var.runners_docker_options != null ? local.template_runners_docker_options : local.runners_docker_options_single_string # TODO add all other variables - runners_docker_options_map_string = <<-EOT - disable_cache = %{if var.runners_docker_options.disable_cache != null} ${var.runners_docker_options.disable_cache} %{else} false %{endif} - image = %{if var.runners_docker_options.image != null} ${var.runners_docker_options.image} %{else} "docker:18.03.1-ce" %{endif} - privileged = %{if var.runners_docker_options.privileged != null} ${var.runners_docker_options.privileged} %{else} true %{endif} - pull_policy = %{if var.runners_docker_options.pull_policy != null} ${var.runners_docker_options.pull_policy} %{else} "always" %{endif} - shm_size = %{if var.runners_docker_options.shm_size != null} ${var.runners_docker_options.shm_size} %{else} 0 %{endif} - tls_verify = %{if var.runners_docker_options.tls_verify != null} ${var.runners_docker_options.tls_verify} %{else} false %{endif} - volumes = %{if var.runners_docker_options.volumes != null} [${local.runners_docker_volumes}] %{else} ["/cache"] %{endif} - EOT + template_runners_docker_options = var.runners_docker_options == null ? "" : templatefile("${path.module}/template/runners_docker_options.tpl", { + disable_cache = var.runners_docker_options.disable_cache + image = var.runners_docker_options.image + privileged = var.runners_docker_options.privileged + pull_policy = var.runners_docker_options.pull_policy + shm_size = var.runners_docker_options.shm_size + tls_verify = var.runners_docker_options.tls_verify + volumes = local.runners_docker_volumes + }) runners_docker_volumes = join(", ", formatlist("\"%s\"", concat(["/cache"], var.runners_additional_volumes))) runners_docker_options_single_string = <<-EOT tls_verify = false diff --git a/template/runners_docker_options.tpl b/template/runners_docker_options.tpl new file mode 100644 index 000000000..bba657ee5 --- /dev/null +++ b/template/runners_docker_options.tpl @@ -0,0 +1,7 @@ +disable_cache = %{if disable_cache != null} ${disable_cache} %{else} false %{endif} +image = %{if image != null} ${image} %{else} "docker:18.03.1-ce" %{endif} +privileged = %{if privileged != null} ${privileged} %{else} true %{endif} +pull_policy = %{if pull_policy != null} ${pull_policy} %{else} "always" %{endif} +shm_size = %{if shm_size != null} ${shm_size} %{else} 0 %{endif} +tls_verify = %{if tls_verify != null} ${tls_verify} %{else} false %{endif} +volumes = %{if volumes != null} [${volumes}] %{else} ["/cache"] %{endif} \ No newline at end of file From 3ee93b8c003faf6b857da68de6c7db4285de21d5 Mon Sep 17 00:00:00 2001 From: Matthias Kay Date: Sat, 25 Jun 2022 11:35:03 +0200 Subject: [PATCH 09/43] add more parameters --- locals.tf | 22 ++++++++++++++++ template/runners_docker_options.tpl | 39 ++++++++++++++++++++++++++++- 2 files changed, 60 insertions(+), 1 deletion(-) diff --git a/locals.tf b/locals.tf index beb17624d..11eb51be5 100644 --- a/locals.tf +++ b/locals.tf @@ -17,6 +17,28 @@ locals { shm_size = var.runners_docker_options.shm_size tls_verify = var.runners_docker_options.tls_verify volumes = local.runners_docker_volumes + + cache_dir = var.runners_docker_options.cache_dir + cpuset_cpus = var.runners_docker_options.cpuset_cpus + cpu_shares = var.runners_docker_options.cpu_shares + cpus = var.runners_docker_options.cpus + disable_entrypoint_overwrite = var.runners_docker_options.disable_entrypoint_overwrite + gpus = var.runners_docker_options.gpus + helper_image = var.runners_docker_options.helper_image + helper_image_flavor = var.runners_docker_options.helper_image_flavor + host = var.runners_docker_options.host + hostname = var.runners_docker_options.hostname + memory = var.runners_docker_options.memory + memory_reservation = var.runners_docker_options.memory_reservation + memory_swap = var.runners_docker_options.memory_swap + network_mode = var.runners_docker_options.network_mode + oom_kill_disable = var.runners_docker_options.oom_kill_disable + oom_score_adjust = var.runners_docker_options.oom_score_adjust + runtime = var.runners_docker_options.runtime + tls_cert_path = var.runners_docker_options.tls_cert_path + userns_mode = var.runners_docker_options.userns_mode + volume_driver = var.runners_docker_options.volume_driver + wait_for_services_timeout = var.runners_docker_options.wait_for_services_timeout }) runners_docker_volumes = join(", ", formatlist("\"%s\"", concat(["/cache"], var.runners_additional_volumes))) runners_docker_options_single_string = <<-EOT diff --git a/template/runners_docker_options.tpl b/template/runners_docker_options.tpl index bba657ee5..66c39c43a 100644 --- a/template/runners_docker_options.tpl +++ b/template/runners_docker_options.tpl @@ -4,4 +4,41 @@ privileged = %{if privileged != null} ${privileged} %{else} true %{endif} pull_policy = %{if pull_policy != null} ${pull_policy} %{else} "always" %{endif} shm_size = %{if shm_size != null} ${shm_size} %{else} 0 %{endif} tls_verify = %{if tls_verify != null} ${tls_verify} %{else} false %{endif} -volumes = %{if volumes != null} [${volumes}] %{else} ["/cache"] %{endif} \ No newline at end of file +volumes = %{if volumes != null} [${volumes}] %{else} ["/cache"] %{endif} + +allowed_images = list(string) +allowed_pull_policies = list(string) +allowed_services = list(string) +%{ if cache_dir != null } cache_dir = "${cache_dir}" %{endif} +cap_add = list(string) +cap_drop = list(string) +container_labels = list(string) +%{ if cpuset_cpus != null } cpuset_cpus = "${cpuset_cpus}" %{endif} +%{ if cpu_shares != null } cpu_shares = ${cpu_shares} %{endif} +%{ if cpus != null } cpus = ${cpus} %{endif} +devices = list(string) +device_cgroup_rules = list(string) +%{ if disable_entrypoint_overwrite != null } disable_entrypoint_overwrite = ${disable_entrypoint_overwrite} %{endif} +dns = list(string) +dns_search = list(string) +extra_hosts = list(string) +%{ if gpus != null } gpus = "${gpus}" %{endif} +%{ if helper_image != null } helper_image = "${helper_image}" %{endif} +%{ if helper_image_flavor != null } helper_image_flavor = "${helper_image_flavor}" %{endif} +%{ if host != null } host = "${host}" %{endif} +%{ if hostname != null } hostname = "${hostname}" %{endif} +links = list(string) +%{ if memory != null } memory = "${memory}" %{endif} +%{ if memory_reservation != null } memory_reservation = "${memory_reservation}" %{endif} +%{ if memory_swap != null } memory_swap = "${memory_swap}" %{endif} +%{ if network_mode != null } network_mode = "${network_mode}" %{endif} +%{ if oom_kill_disable != null } oom_kill_disable = ${oom_kill_disable} %{endif} +%{ if oom_score_adjust != null } oom_score_adjust = ${oom_score_adjust} %{endif} +%{ if runtime != null } runtime = "${runtime} %{endif}" +security_opt = list(string) +sysctls = list(string) +%{ if tls_cert_path != null } tls_cert_path = "${tls_cert_path}" %{endif} +%{ if userns_mode != null } userns_mode = "${userns_mode}" %{endif} +volumes_from = list(string) +%{ if volume_driver != null } volume_driver = "${volume_driver}" %{endif} +%{ if wait_for_services_timeout != null } wait_for_services_timeout = ${wait_for_services_timeout} %{endif} \ No newline at end of file From 64b31be7fc72217feea964d66353981c1d5d72b4 Mon Sep 17 00:00:00 2001 From: Matthias Kay Date: Sat, 25 Jun 2022 12:00:52 +0200 Subject: [PATCH 10/43] add all other parameters --- locals.tf | 17 +++++++++++++++- template/runners_docker_options.tpl | 30 ++++++++++++++--------------- 2 files changed, 31 insertions(+), 16 deletions(-) diff --git a/locals.tf b/locals.tf index 11eb51be5..57cfd776f 100644 --- a/locals.tf +++ b/locals.tf @@ -18,16 +18,28 @@ locals { tls_verify = var.runners_docker_options.tls_verify volumes = local.runners_docker_volumes + allowed_images = var.runners_docker_options.allowed_images == null ? null : join(", ", [for s in var.runners_docker_options.allowed_images : format("\"%s\"", s)]) + allowed_pull_policies = var.runners_docker_options.allowed_pull_policies == null ? null : join(", ", [for s in var.runners_docker_options.allowed_pull_policies : format("\"%s\"", s)]) + allowed_services = var.runners_docker_options.allowed_services == null ? null : join(", ", [for s in var.runners_docker_options.allowed_services : format("\"%s\"", s)]) cache_dir = var.runners_docker_options.cache_dir + cap_add = var.runners_docker_options.cap_add == null ? null : join(", ", [for s in var.runners_docker_options.cap_add : format("\"%s\"", s)]) + cap_drop = var.runners_docker_options.cap_drop == null ? null : join(", ", [for s in var.runners_docker_options.cap_drop : format("\"%s\"", s)]) + container_labels = var.runners_docker_options.container_labels == null ? null : join(", ", [for s in var.runners_docker_options.container_labels : format("\"%s\"", s)]) cpuset_cpus = var.runners_docker_options.cpuset_cpus cpu_shares = var.runners_docker_options.cpu_shares cpus = var.runners_docker_options.cpus + devices = var.runners_docker_options.devices == null ? null : join(", ", [for s in var.runners_docker_options.devices : format("\"%s\"", s)]) + device_cgroup_rules = var.runners_docker_options.device_cgroup_rules == null ? null : join(", ", [for s in var.runners_docker_options.device_cgroup_rules : format("\"%s\"", s)]) disable_entrypoint_overwrite = var.runners_docker_options.disable_entrypoint_overwrite + dns = var.runners_docker_options.dns == null ? null : join(", ", [for s in var.runners_docker_options.dns : format("\"%s\"", s)]) + dns_search = var.runners_docker_options.dns_search == null ? null : join(", ", [for s in var.runners_docker_options.dns_search : format("\"%s\"", s)]) + extra_hosts = var.runners_docker_options.extra_hosts == null ? null : join(", ", [for s in var.runners_docker_options.extra_hosts : format("\"%s\"", s)]) gpus = var.runners_docker_options.gpus helper_image = var.runners_docker_options.helper_image helper_image_flavor = var.runners_docker_options.helper_image_flavor host = var.runners_docker_options.host hostname = var.runners_docker_options.hostname + links = var.runners_docker_options.links == null ? null : join(", ", [for s in var.runners_docker_options.links : format("\"%s\"", s)]) memory = var.runners_docker_options.memory memory_reservation = var.runners_docker_options.memory_reservation memory_swap = var.runners_docker_options.memory_swap @@ -35,9 +47,12 @@ locals { oom_kill_disable = var.runners_docker_options.oom_kill_disable oom_score_adjust = var.runners_docker_options.oom_score_adjust runtime = var.runners_docker_options.runtime + security_opt = var.runners_docker_options.security_opt == null ? null : join(", ", [for s in var.runners_docker_options.security_opt : format("\"%s\"", s)]) + sysctls = var.runners_docker_options.sysctls == null ? null : join(", ", [for s in var.runners_docker_options.sysctls : format("\"%s\"", s)]) tls_cert_path = var.runners_docker_options.tls_cert_path userns_mode = var.runners_docker_options.userns_mode volume_driver = var.runners_docker_options.volume_driver + volumes_from = var.runners_docker_options.volumes_from == null ? null : join(", ", [for s in var.runners_docker_options.volumes_from : format("\"%s\"", s)]) wait_for_services_timeout = var.runners_docker_options.wait_for_services_timeout }) runners_docker_volumes = join(", ", formatlist("\"%s\"", concat(["/cache"], var.runners_additional_volumes))) @@ -72,4 +87,4 @@ locals { runners_machine_autoscaling = var.runners_machine_autoscaling } ) -} +} \ No newline at end of file diff --git a/template/runners_docker_options.tpl b/template/runners_docker_options.tpl index 66c39c43a..4ade6996a 100644 --- a/template/runners_docker_options.tpl +++ b/template/runners_docker_options.tpl @@ -6,28 +6,28 @@ shm_size = %{if shm_size != null} ${shm_size} %{else} 0 %{endif} tls_verify = %{if tls_verify != null} ${tls_verify} %{else} false %{endif} volumes = %{if volumes != null} [${volumes}] %{else} ["/cache"] %{endif} -allowed_images = list(string) -allowed_pull_policies = list(string) -allowed_services = list(string) +%{ if allowed_images != null } allowed_images = [${allowed_images}] %{endif} +%{ if allowed_pull_policies != null } allowed_pull_policies = [${allowed_pull_policies}] %{endif} +%{ if allowed_services != null } allowed_services = [${allowed_services}] %{endif} %{ if cache_dir != null } cache_dir = "${cache_dir}" %{endif} -cap_add = list(string) -cap_drop = list(string) -container_labels = list(string) +%{ if cap_add != null } cap_add = [${cap_add}] %{endif} +%{ if cap_drop != null } cap_drop = [${cap_drop}] %{endif} +%{ if container_labels != null } container_labels = [${container_labels}] %{endif} %{ if cpuset_cpus != null } cpuset_cpus = "${cpuset_cpus}" %{endif} %{ if cpu_shares != null } cpu_shares = ${cpu_shares} %{endif} %{ if cpus != null } cpus = ${cpus} %{endif} -devices = list(string) -device_cgroup_rules = list(string) +%{ if devices != null } devices = [${devices}] %{endif} +%{ if devices_cgroup_rules != null } device_cgroup_rules = [${device_cgroup_rules}] %{endif} %{ if disable_entrypoint_overwrite != null } disable_entrypoint_overwrite = ${disable_entrypoint_overwrite} %{endif} -dns = list(string) -dns_search = list(string) -extra_hosts = list(string) +%{ if dns != null } dns = [${dns}] %{endif} +%{ if dns_search != null } dns_search = [${dns_search}] %{endif} +%{ if extra_hosts != null } extra_hosts = [${extra_hosts}] %{endif} %{ if gpus != null } gpus = "${gpus}" %{endif} %{ if helper_image != null } helper_image = "${helper_image}" %{endif} %{ if helper_image_flavor != null } helper_image_flavor = "${helper_image_flavor}" %{endif} %{ if host != null } host = "${host}" %{endif} %{ if hostname != null } hostname = "${hostname}" %{endif} -links = list(string) +%{ if links != null } links = [${links}] %{endif} %{ if memory != null } memory = "${memory}" %{endif} %{ if memory_reservation != null } memory_reservation = "${memory_reservation}" %{endif} %{ if memory_swap != null } memory_swap = "${memory_swap}" %{endif} @@ -35,10 +35,10 @@ links = list(string) %{ if oom_kill_disable != null } oom_kill_disable = ${oom_kill_disable} %{endif} %{ if oom_score_adjust != null } oom_score_adjust = ${oom_score_adjust} %{endif} %{ if runtime != null } runtime = "${runtime} %{endif}" -security_opt = list(string) -sysctls = list(string) +%{ if security_opt != null } security_opt = [${security_opt}] %{endif} +%{ if sysctls != null } sysctls = [${sysctls}] %{endif} %{ if tls_cert_path != null } tls_cert_path = "${tls_cert_path}" %{endif} %{ if userns_mode != null } userns_mode = "${userns_mode}" %{endif} -volumes_from = list(string) +%{ if volumes_from != null } volumes_from = [${volumes_from}] %{endif} %{ if volume_driver != null } volume_driver = "${volume_driver}" %{endif} %{ if wait_for_services_timeout != null } wait_for_services_timeout = ${wait_for_services_timeout} %{endif} \ No newline at end of file From 5b5a4066827fdcbbb35a62d8156b90bb96e1ee1e Mon Sep 17 00:00:00 2001 From: Matthias Kay Date: Sun, 26 Jun 2022 19:48:49 +0200 Subject: [PATCH 11/43] test optional block variables --- examples/runner-default/main.tf | 46 +++++++++++++++++++++++++++++ template/runners_docker_options.tpl | 2 +- variables.tf | 2 +- versions.tf | 2 ++ 4 files changed, 50 insertions(+), 2 deletions(-) diff --git a/examples/runner-default/main.tf b/examples/runner-default/main.tf index 3f08e6bcf..b7c80dcd6 100644 --- a/examples/runner-default/main.tf +++ b/examples/runner-default/main.tf @@ -94,6 +94,52 @@ module "runner" { EOT runners_post_build_script = "\"echo 'single line'\"" + + runners_docker_options = { + allowed_images = ["abc:stable"] + allowed_pull_policies = null + allowed_services = null + cache_dir = null + cap_add = null + cap_drop = null + container_labels = null + cpuset_cpus = null + cpu_shares = null + cpus = null + devices = null + device_cgroup_rules = null + disable_cache = null + disable_entrypoint_overwrite = null + dns = null + dns_search = null + extra_hosts = null + gpus = null + helper_image = null + helper_image_flavor = null + host = null + hostname = null + image = null + links = null + memory = null + memory_swap = null + memory_reservation = null + network_mode = null + oom_kill_disable = null + oom_score_adjust = null + privileged = null + pull_policy = null + runtime = null + security_opt = null + shm_size = null + sysctls = null + tls_cert_path = null + tls_verify = null + userns_mode = null + volumes = null + volumes_from = null + volume_driver = null + wait_for_services_timeout = null + } } resource "null_resource" "cancel_spot_requests" { diff --git a/template/runners_docker_options.tpl b/template/runners_docker_options.tpl index 4ade6996a..dd3f66267 100644 --- a/template/runners_docker_options.tpl +++ b/template/runners_docker_options.tpl @@ -17,7 +17,7 @@ volumes = %{if volumes != null} [${volumes}] %{else} ["/cache"] %{endif} %{ if cpu_shares != null } cpu_shares = ${cpu_shares} %{endif} %{ if cpus != null } cpus = ${cpus} %{endif} %{ if devices != null } devices = [${devices}] %{endif} -%{ if devices_cgroup_rules != null } device_cgroup_rules = [${device_cgroup_rules}] %{endif} +%{ if device_cgroup_rules != null } device_cgroup_rules = [${device_cgroup_rules}] %{endif} %{ if disable_entrypoint_overwrite != null } disable_entrypoint_overwrite = ${disable_entrypoint_overwrite} %{endif} %{ if dns != null } dns = [${dns}] %{endif} %{ if dns_search != null } dns_search = [${dns_search}] %{endif} diff --git a/variables.tf b/variables.tf index 4024365bf..0668ecb1d 100644 --- a/variables.tf +++ b/variables.tf @@ -269,7 +269,7 @@ variable "runners_docker_options" { EOT type = object({ - allowed_images = list(string) + allowed_images = optional(list(string)) allowed_pull_policies = list(string) allowed_services = list(string) cache_dir = string diff --git a/versions.tf b/versions.tf index 299cf53ef..dc7297fbc 100644 --- a/versions.tf +++ b/versions.tf @@ -1,6 +1,8 @@ terraform { required_version = ">= 1" + experiments = [module_variable_optional_attrs] + required_providers { aws = { version = "~> 4" From 40eb89733e50cbde0151ac10c270967dcfe75831 Mon Sep 17 00:00:00 2001 From: Matthias Kay Date: Sun, 26 Jun 2022 19:52:38 +0200 Subject: [PATCH 12/43] make all variables optional --- variables.tf | 86 ++++++++++++++++++++++++++-------------------------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/variables.tf b/variables.tf index 0668ecb1d..84e523837 100644 --- a/variables.tf +++ b/variables.tf @@ -258,7 +258,7 @@ variable "runners_docker_options" { Options added to the [runners.docker] section of config.toml to configure the Docker container of the Executors. For details check https://docs.gitlab.com/runner/configuration/advanced-configuration.html - Default values if the variable is not set: + Default values if the whole block is not used: disable_cache = "false" image = "docker:18.03.1-ce" privileged = "true" @@ -270,48 +270,48 @@ variable "runners_docker_options" { type = object({ allowed_images = optional(list(string)) - allowed_pull_policies = list(string) - allowed_services = list(string) - cache_dir = string - cap_add = list(string) - cap_drop = list(string) - container_labels = list(string) - cpuset_cpus = string - cpu_shares = number - cpus = number - devices = list(string) - device_cgroup_rules = list(string) - disable_cache = bool - disable_entrypoint_overwrite = bool - dns = list(string) - dns_search = list(string) - extra_hosts = list(string) - gpus = string - helper_image = string - helper_image_flavor = string - host = string - hostname = string - image = string - links = list(string) - memory = string - memory_swap = string - memory_reservation = string - network_mode = string - oom_kill_disable = bool - oom_score_adjust = bool - privileged = bool - pull_policy = string - runtime = string - security_opt = list(string) - shm_size = number - sysctls = list(string) - tls_cert_path = string - tls_verify = bool - userns_mode = string - volumes = list(string) - volumes_from = list(string) - volume_driver = string - wait_for_services_timeout = number + allowed_pull_policies = optional(list(string)) + allowed_services = optional(list(string)) + cache_dir = optional(string) + cap_add = optional(list(string)) + cap_drop = optional(list(string)) + container_labels = optional(list(string)) + cpuset_cpus = optional(string) + cpu_shares = optional(number) + cpus = optional(number) + devices = optional(list(string)) + device_cgroup_rules = optional(list(string)) + disable_cache = optional(bool) + disable_entrypoint_overwrite = optional(bool) + dns = optional(list(string)) + dns_search = optional(list(string)) + extra_hosts = optional(list(string)) + gpus = optional(string) + helper_image = optional(string) + helper_image_flavor = optional(string) + host = optional(string) + hostname = optional(string) + image = optional(string) + links = optional(list(string)) + memory = optional(string) + memory_swap = optional(string) + memory_reservation = optional(string) + network_mode = optional(string) + oom_kill_disable = optional(bool) + oom_score_adjust = optional(bool) + privileged = optional(bool) + pull_policy = optional(string) + runtime = optional(string) + security_opt = optional(list(string)) + shm_size = optional(number) + sysctls = optional(list(string)) + tls_cert_path = optional(string) + tls_verify = optional(bool) + userns_mode = optional(string) + volumes = optional(list(string)) + volumes_from = optional(list(string)) + volume_driver = optional(string) + wait_for_services_timeout = optional(number) }) default = null From 7e7f1ada49e7a337cbae52eb9f60f333ae4fbd10 Mon Sep 17 00:00:00 2001 From: Matthias Kay Date: Sun, 26 Jun 2022 19:53:09 +0200 Subject: [PATCH 13/43] revert example --- examples/runner-default/main.tf | 46 --------------------------------- 1 file changed, 46 deletions(-) diff --git a/examples/runner-default/main.tf b/examples/runner-default/main.tf index b7c80dcd6..3f08e6bcf 100644 --- a/examples/runner-default/main.tf +++ b/examples/runner-default/main.tf @@ -94,52 +94,6 @@ module "runner" { EOT runners_post_build_script = "\"echo 'single line'\"" - - runners_docker_options = { - allowed_images = ["abc:stable"] - allowed_pull_policies = null - allowed_services = null - cache_dir = null - cap_add = null - cap_drop = null - container_labels = null - cpuset_cpus = null - cpu_shares = null - cpus = null - devices = null - device_cgroup_rules = null - disable_cache = null - disable_entrypoint_overwrite = null - dns = null - dns_search = null - extra_hosts = null - gpus = null - helper_image = null - helper_image_flavor = null - host = null - hostname = null - image = null - links = null - memory = null - memory_swap = null - memory_reservation = null - network_mode = null - oom_kill_disable = null - oom_score_adjust = null - privileged = null - pull_policy = null - runtime = null - security_opt = null - shm_size = null - sysctls = null - tls_cert_path = null - tls_verify = null - userns_mode = null - volumes = null - volumes_from = null - volume_driver = null - wait_for_services_timeout = null - } } resource "null_resource" "cancel_spot_requests" { From e963d54b3400b7b14712c035db8b900316db35db Mon Sep 17 00:00:00 2001 From: Matthias Kay Date: Mon, 27 Jun 2022 20:03:15 +0200 Subject: [PATCH 14/43] test combined template --- locals.tf | 3 +++ template/runners_docker_options.tpl | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/locals.tf b/locals.tf index 57cfd776f..4de6630c5 100644 --- a/locals.tf +++ b/locals.tf @@ -54,6 +54,9 @@ locals { volume_driver = var.runners_docker_options.volume_driver volumes_from = var.runners_docker_options.volumes_from == null ? null : join(", ", [for s in var.runners_docker_options.volumes_from : format("\"%s\"", s)]) wait_for_services_timeout = var.runners_docker_options.wait_for_services_timeout + + deprecated_use_new_block = var.runners_docker_options + deprecated_runners_image = var.runners_image }) runners_docker_volumes = join(", ", formatlist("\"%s\"", concat(["/cache"], var.runners_additional_volumes))) runners_docker_options_single_string = <<-EOT diff --git a/template/runners_docker_options.tpl b/template/runners_docker_options.tpl index dd3f66267..7bf8c1243 100644 --- a/template/runners_docker_options.tpl +++ b/template/runners_docker_options.tpl @@ -1,5 +1,5 @@ disable_cache = %{if disable_cache != null} ${disable_cache} %{else} false %{endif} -image = %{if image != null} ${image} %{else} "docker:18.03.1-ce" %{endif} +image = %{ if deprecated_use_new_block != null} %{if image != null} ${image} %{else} "docker:18.03.1-ce" %{endif} %{else} ${deprecated_runners_image} %{endif} privileged = %{if privileged != null} ${privileged} %{else} true %{endif} pull_policy = %{if pull_policy != null} ${pull_policy} %{else} "always" %{endif} shm_size = %{if shm_size != null} ${shm_size} %{else} 0 %{endif} From 137ebe91679a5a6d73663d071c979f947fae5274 Mon Sep 17 00:00:00 2001 From: Matthias Kay Date: Mon, 27 Jun 2022 20:16:53 +0200 Subject: [PATCH 15/43] one template for docker options only --- locals.tf | 22 +++++++++------------- template/runners_docker_options.tpl | 26 +++++++++++++++++++------- 2 files changed, 28 insertions(+), 20 deletions(-) diff --git a/locals.tf b/locals.tf index 4de6630c5..48937d08f 100644 --- a/locals.tf +++ b/locals.tf @@ -56,20 +56,16 @@ locals { wait_for_services_timeout = var.runners_docker_options.wait_for_services_timeout deprecated_use_new_block = var.runners_docker_options - deprecated_runners_image = var.runners_image + deprecated_disable_cache = var.runners_disable_cache + deprecated_helper_image = var.runners_helper_image + deprecated_image = var.runners_image + deprecated_privileged = var.runners_privileged + deprecated_pull_policy = var.runners_pull_policy + deprecated_runtime = var.runners_docker_runtime + deprecated_shm_size = var.runners_shm_size + deprecated_volumes = local.runners_docker_volumes }) - runners_docker_volumes = join(", ", formatlist("\"%s\"", concat(["/cache"], var.runners_additional_volumes))) - runners_docker_options_single_string = <<-EOT - tls_verify = false - image = "${var.runners_image}" - privileged = ${var.runners_privileged} - disable_cache = ${var.runners_disable_cache} - volumes = [${local.runners_docker_volumes}] - shm_size = ${var.runners_shm_size} - pull_policy = "${var.runners_pull_policy}" - runtime = "${var.runners_docker_runtime}" - helper_image = "${var.runners_helper_image}" - EOT + runners_docker_volumes = join(", ", formatlist("\"%s\"", concat(["/cache"], var.runners_additional_volumes))) // Ensure max builds is optional runners_max_builds_string = var.runners_max_builds == 0 ? "" : format("MaxBuilds = %d", var.runners_max_builds) diff --git a/template/runners_docker_options.tpl b/template/runners_docker_options.tpl index 7bf8c1243..8f38e9c0d 100644 --- a/template/runners_docker_options.tpl +++ b/template/runners_docker_options.tpl @@ -1,10 +1,22 @@ -disable_cache = %{if disable_cache != null} ${disable_cache} %{else} false %{endif} -image = %{ if deprecated_use_new_block != null} %{if image != null} ${image} %{else} "docker:18.03.1-ce" %{endif} %{else} ${deprecated_runners_image} %{endif} -privileged = %{if privileged != null} ${privileged} %{else} true %{endif} -pull_policy = %{if pull_policy != null} ${pull_policy} %{else} "always" %{endif} -shm_size = %{if shm_size != null} ${shm_size} %{else} 0 %{endif} -tls_verify = %{if tls_verify != null} ${tls_verify} %{else} false %{endif} -volumes = %{if volumes != null} [${volumes}] %{else} ["/cache"] %{endif} +%{if deprecated_use_new_block} + disable_cache = %{if disable_cache != null} ${disable_cache} %{else} false %{endif} + image = %{if image != null} "${image}" %{else} "docker:18.03.1-ce" %{endif} + privileged = %{if privileged != null} ${privileged} %{else} true %{endif} + pull_policy = %{if pull_policy != null} ${pull_policy} %{else} "always" %{endif} + shm_size = %{if shm_size != null} ${shm_size} %{else} 0 %{endif} + tls_verify = %{if tls_verify != null} ${tls_verify} %{else} false %{endif} + volumes = %{if volumes != null} [${volumes}] %{else} ["/cache"] %{endif} +%{else} + disable_cache = ${deprecated_disable_cache} + helper_image = "${deprecated_helper_image}" + image = "${deprecated_image}" + privileged = ${deprecated_privileged} + pull_policy = "${deprecated_pull_policy}" + runtime = "${deprecated_runtime}" + shm_size = ${deprecated_shm_size} + tls_verify = false + volumes = [${deprecated_volumes}] +%{endif} %{ if allowed_images != null } allowed_images = [${allowed_images}] %{endif} %{ if allowed_pull_policies != null } allowed_pull_policies = [${allowed_pull_policies}] %{endif} From ed98e314bbbe751b635d48304d77b3e0960a1558 Mon Sep 17 00:00:00 2001 From: Matthias Kay Date: Mon, 27 Jun 2022 20:19:19 +0200 Subject: [PATCH 16/43] use the template directly --- locals.tf | 2 -- main.tf | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/locals.tf b/locals.tf index 48937d08f..662d6cc5b 100644 --- a/locals.tf +++ b/locals.tf @@ -7,8 +7,6 @@ locals { runners_docker_registry_mirror_option = var.runners_docker_registry_mirror == "" ? [] : ["engine-registry-mirror=${var.runners_docker_registry_mirror}"] - runners_docker_options = var.runners_docker_options != null ? local.template_runners_docker_options : local.runners_docker_options_single_string - # TODO add all other variables template_runners_docker_options = var.runners_docker_options == null ? "" : templatefile("${path.module}/template/runners_docker_options.tpl", { disable_cache = var.runners_docker_options.disable_cache image = var.runners_docker_options.image diff --git a/main.tf b/main.tf index 6d7ee7d9b..bd644c229 100644 --- a/main.tf +++ b/main.tf @@ -126,7 +126,7 @@ locals { runners_request_concurrency = var.runners_request_concurrency runners_output_limit = var.runners_output_limit runners_check_interval = var.runners_check_interval - runners_docker_options = local.runners_docker_options + runners_docker_options = local.template_runners_docker_options runners_volumes_tmpfs = join("\n", [for v in var.runners_volumes_tmpfs : format("\"%s\" = \"%s\"", v.volume, v.options)]) runners_services_volumes_tmpfs = join("\n", [for v in var.runners_services_volumes_tmpfs : format("\"%s\" = \"%s\"", v.volume, v.options)]) bucket_name = local.bucket_name From 11c25635f1236b5abe985f8bb8d79e5b1ae1bca2 Mon Sep 17 00:00:00 2001 From: Matthias Kay Date: Mon, 27 Jun 2022 21:46:49 +0200 Subject: [PATCH 17/43] fixes for tests --- locals.tf | 24 ++++++++++++++---------- main.tf | 2 +- template/runners_docker_options.tpl | 28 ++++++++-------------------- variables.tf | 4 ++-- 4 files changed, 25 insertions(+), 33 deletions(-) diff --git a/locals.tf b/locals.tf index 662d6cc5b..c113e6577 100644 --- a/locals.tf +++ b/locals.tf @@ -7,6 +7,8 @@ locals { runners_docker_registry_mirror_option = var.runners_docker_registry_mirror == "" ? [] : ["engine-registry-mirror=${var.runners_docker_registry_mirror}"] + runners_docker_options = var.runners_docker_options != null ? local.template_runners_docker_options : local.runners_docker_options_single_string + template_runners_docker_options = var.runners_docker_options == null ? "" : templatefile("${path.module}/template/runners_docker_options.tpl", { disable_cache = var.runners_docker_options.disable_cache image = var.runners_docker_options.image @@ -52,17 +54,19 @@ locals { volume_driver = var.runners_docker_options.volume_driver volumes_from = var.runners_docker_options.volumes_from == null ? null : join(", ", [for s in var.runners_docker_options.volumes_from : format("\"%s\"", s)]) wait_for_services_timeout = var.runners_docker_options.wait_for_services_timeout - - deprecated_use_new_block = var.runners_docker_options - deprecated_disable_cache = var.runners_disable_cache - deprecated_helper_image = var.runners_helper_image - deprecated_image = var.runners_image - deprecated_privileged = var.runners_privileged - deprecated_pull_policy = var.runners_pull_policy - deprecated_runtime = var.runners_docker_runtime - deprecated_shm_size = var.runners_shm_size - deprecated_volumes = local.runners_docker_volumes }) + runners_docker_options_single_string = <<-EOT + tls_verify = false + image = "${var.runners_image}" + privileged = ${var.runners_privileged} + disable_cache = ${var.runners_disable_cache} + volumes = [${local.runners_docker_volumes}] + shm_size = ${var.runners_shm_size} + pull_policy = "${var.runners_pull_policy}" + runtime = "${var.runners_docker_runtime}" + helper_image = "${var.runners_helper_image}" + EOT + runners_docker_volumes = join(", ", formatlist("\"%s\"", concat(["/cache"], var.runners_additional_volumes))) // Ensure max builds is optional diff --git a/main.tf b/main.tf index bd644c229..6d7ee7d9b 100644 --- a/main.tf +++ b/main.tf @@ -126,7 +126,7 @@ locals { runners_request_concurrency = var.runners_request_concurrency runners_output_limit = var.runners_output_limit runners_check_interval = var.runners_check_interval - runners_docker_options = local.template_runners_docker_options + runners_docker_options = local.runners_docker_options runners_volumes_tmpfs = join("\n", [for v in var.runners_volumes_tmpfs : format("\"%s\" = \"%s\"", v.volume, v.options)]) runners_services_volumes_tmpfs = join("\n", [for v in var.runners_services_volumes_tmpfs : format("\"%s\" = \"%s\"", v.volume, v.options)]) bucket_name = local.bucket_name diff --git a/template/runners_docker_options.tpl b/template/runners_docker_options.tpl index 8f38e9c0d..bd7356408 100644 --- a/template/runners_docker_options.tpl +++ b/template/runners_docker_options.tpl @@ -1,22 +1,10 @@ -%{if deprecated_use_new_block} - disable_cache = %{if disable_cache != null} ${disable_cache} %{else} false %{endif} - image = %{if image != null} "${image}" %{else} "docker:18.03.1-ce" %{endif} - privileged = %{if privileged != null} ${privileged} %{else} true %{endif} - pull_policy = %{if pull_policy != null} ${pull_policy} %{else} "always" %{endif} - shm_size = %{if shm_size != null} ${shm_size} %{else} 0 %{endif} - tls_verify = %{if tls_verify != null} ${tls_verify} %{else} false %{endif} - volumes = %{if volumes != null} [${volumes}] %{else} ["/cache"] %{endif} -%{else} - disable_cache = ${deprecated_disable_cache} - helper_image = "${deprecated_helper_image}" - image = "${deprecated_image}" - privileged = ${deprecated_privileged} - pull_policy = "${deprecated_pull_policy}" - runtime = "${deprecated_runtime}" - shm_size = ${deprecated_shm_size} - tls_verify = false - volumes = [${deprecated_volumes}] -%{endif} +disable_cache = %{if disable_cache != null} ${disable_cache} %{else} false %{endif} +image = %{if image != null} "${image}" %{else} "docker:18.03.1-ce" %{endif} +privileged = %{if privileged != null} ${privileged} %{else} true %{endif} +pull_policy = %{if pull_policy != null} "${pull_policy}" %{else} "always" %{endif} +shm_size = %{if shm_size != null} ${shm_size} %{else} 0 %{endif} +tls_verify = %{if tls_verify != null} ${tls_verify} %{else} false %{endif} +volumes = %{if volumes != null} [${volumes}] %{else} ["/cache"] %{endif} %{ if allowed_images != null } allowed_images = [${allowed_images}] %{endif} %{ if allowed_pull_policies != null } allowed_pull_policies = [${allowed_pull_policies}] %{endif} @@ -27,7 +15,7 @@ %{ if container_labels != null } container_labels = [${container_labels}] %{endif} %{ if cpuset_cpus != null } cpuset_cpus = "${cpuset_cpus}" %{endif} %{ if cpu_shares != null } cpu_shares = ${cpu_shares} %{endif} -%{ if cpus != null } cpus = ${cpus} %{endif} +%{ if cpus != null } cpus = "${cpus}" %{endif} %{ if devices != null } devices = [${devices}] %{endif} %{ if device_cgroup_rules != null } device_cgroup_rules = [${device_cgroup_rules}] %{endif} %{ if disable_entrypoint_overwrite != null } disable_entrypoint_overwrite = ${disable_entrypoint_overwrite} %{endif} diff --git a/variables.tf b/variables.tf index 84e523837..86a505daa 100644 --- a/variables.tf +++ b/variables.tf @@ -278,7 +278,7 @@ variable "runners_docker_options" { container_labels = optional(list(string)) cpuset_cpus = optional(string) cpu_shares = optional(number) - cpus = optional(number) + cpus = optional(string) devices = optional(list(string)) device_cgroup_rules = optional(list(string)) disable_cache = optional(bool) @@ -298,7 +298,7 @@ variable "runners_docker_options" { memory_reservation = optional(string) network_mode = optional(string) oom_kill_disable = optional(bool) - oom_score_adjust = optional(bool) + oom_score_adjust = optional(number) privileged = optional(bool) pull_policy = optional(string) runtime = optional(string) From 8e0b27a3374ede1b70eb1538e7018fe9e226844a Mon Sep 17 00:00:00 2001 From: Matthias Kay Date: Sat, 2 Jul 2022 09:11:06 +0200 Subject: [PATCH 18/43] fix `config.toml` --- template/runners_docker_options.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/runners_docker_options.tpl b/template/runners_docker_options.tpl index bd7356408..47d139855 100644 --- a/template/runners_docker_options.tpl +++ b/template/runners_docker_options.tpl @@ -34,7 +34,7 @@ volumes = %{if volumes != null} [${volumes}] %{else} ["/cache"] %{endif} %{ if network_mode != null } network_mode = "${network_mode}" %{endif} %{ if oom_kill_disable != null } oom_kill_disable = ${oom_kill_disable} %{endif} %{ if oom_score_adjust != null } oom_score_adjust = ${oom_score_adjust} %{endif} -%{ if runtime != null } runtime = "${runtime} %{endif}" +%{ if runtime != null } runtime = "${runtime}" %{endif} %{ if security_opt != null } security_opt = [${security_opt}] %{endif} %{ if sysctls != null } sysctls = [${sysctls}] %{endif} %{ if tls_cert_path != null } tls_cert_path = "${tls_cert_path}" %{endif} From d12016e5f664048e78e6b3c1dd98d1e4d0a9e211 Mon Sep 17 00:00:00 2001 From: kayma Date: Wed, 12 Oct 2022 20:27:55 +0200 Subject: [PATCH 19/43] bump Terraform to >= 1.3 --- .github/workflows/ci.yml | 6 +++--- variables.tf | 14 +++++++------- versions.tf | 4 +--- 3 files changed, 11 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 08bbfb1c7..48ebd7074 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,7 +11,7 @@ jobs: name: Verify module strategy: matrix: - terraform: [1.1.9] + terraform: [1.3.0] runs-on: ubuntu-latest container: image: hashicorp/terraform:${{ matrix.terraform }} @@ -25,7 +25,7 @@ jobs: strategy: fail-fast: false matrix: - terraform: [1.0.11, latest] + terraform: [1.3.0, latest] example: [ "runner-default", @@ -43,7 +43,7 @@ jobs: steps: - uses: actions/checkout@v3 - run: terraform init -get -backend=false -input=false - - if: contains(matrix.terraform, '1.0.') + - if: contains(matrix.terraform, '1.3.') run: terraform fmt -recursive -check=true -write=false - run: terraform validate diff --git a/variables.tf b/variables.tf index 1e11fb92f..67eaa0570 100644 --- a/variables.tf +++ b/variables.tf @@ -277,7 +277,7 @@ variable "runners_docker_options" { cpus = optional(string) devices = optional(list(string)) device_cgroup_rules = optional(list(string)) - disable_cache = optional(bool) + disable_cache = optional(bool, false) disable_entrypoint_overwrite = optional(bool) dns = optional(list(string)) dns_search = optional(list(string)) @@ -287,7 +287,7 @@ variable "runners_docker_options" { helper_image_flavor = optional(string) host = optional(string) hostname = optional(string) - image = optional(string) + image = optional(string, "docker:18.03.1-ce") links = optional(list(string)) memory = optional(string) memory_swap = optional(string) @@ -295,16 +295,16 @@ variable "runners_docker_options" { network_mode = optional(string) oom_kill_disable = optional(bool) oom_score_adjust = optional(number) - privileged = optional(bool) - pull_policy = optional(string) + privileged = optional(bool, true) + pull_policy = optional(string, always) runtime = optional(string) security_opt = optional(list(string)) - shm_size = optional(number) + shm_size = optional(number, 0) sysctls = optional(list(string)) tls_cert_path = optional(string) - tls_verify = optional(bool) + tls_verify = optional(bool, false) userns_mode = optional(string) - volumes = optional(list(string)) + volumes = optional(list(string), ["/cache"]) volumes_from = optional(list(string)) volume_driver = optional(string) wait_for_services_timeout = optional(number) diff --git a/versions.tf b/versions.tf index ec609e0d9..e0ea05f72 100644 --- a/versions.tf +++ b/versions.tf @@ -1,7 +1,5 @@ terraform { - required_version = ">= 1" - - experiments = [module_variable_optional_attrs] + required_version = ">= 1.3" required_providers { aws = { From cd6444c917e245f26042748341cd1355f6aca2e3 Mon Sep 17 00:00:00 2001 From: kayma Date: Wed, 12 Oct 2022 20:29:27 +0200 Subject: [PATCH 20/43] make default value for `pull_policy` a string --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 67eaa0570..413b4ec9f 100644 --- a/variables.tf +++ b/variables.tf @@ -296,7 +296,7 @@ variable "runners_docker_options" { oom_kill_disable = optional(bool) oom_score_adjust = optional(number) privileged = optional(bool, true) - pull_policy = optional(string, always) + pull_policy = optional(string, "always") runtime = optional(string) security_opt = optional(list(string)) shm_size = optional(number, 0) From 4cca90cf57f14eee7e2ab0abe17a86e2aca5662b Mon Sep 17 00:00:00 2001 From: kayma Date: Thu, 2 Mar 2023 08:20:39 +0100 Subject: [PATCH 21/43] set default values via Terraform variable only --- template/runners_docker_options.tpl | 15 +++++++-------- variables.tf | 10 +++++----- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/template/runners_docker_options.tpl b/template/runners_docker_options.tpl index faf2694e6..e0bc7d8c1 100644 --- a/template/runners_docker_options.tpl +++ b/template/runners_docker_options.tpl @@ -1,11 +1,3 @@ -disable_cache = %{if disable_cache != null} ${disable_cache} %{else} false %{endif} -image = %{if image != null} "${image}" %{else} "docker:18.03.1-ce" %{endif} -privileged = %{if privileged != null} ${privileged} %{else} true %{endif} -pull_policy = %{if pull_policy != null} "${pull_policy}" %{else} "always" %{endif} -shm_size = %{if shm_size != null} ${shm_size} %{else} 0 %{endif} -tls_verify = %{if tls_verify != null} ${tls_verify} %{else} false %{endif} -volumes = %{if volumes != null} [${volumes}] %{else} ["/cache"${runners_additional_volumes}] %{endif} - %{ if allowed_images != null } allowed_images = [${allowed_images}] %{endif} %{ if allowed_pull_policies != null } allowed_pull_policies = [${allowed_pull_policies}] %{endif} %{ if allowed_services != null } allowed_services = [${allowed_services}] %{endif} @@ -18,6 +10,7 @@ volumes = %{if volumes != null} [${volumes}] %{else} ["/cache"${runners_ad %{ if cpus != null } cpus = "${cpus}" %{endif} %{ if devices != null } devices = [${devices}] %{endif} %{ if device_cgroup_rules != null } device_cgroup_rules = [${device_cgroup_rules}] %{endif} +%{ if disable_cache != null} disable_cache = ${disable_cache} %{endif} %{ if disable_entrypoint_overwrite != null } disable_entrypoint_overwrite = ${disable_entrypoint_overwrite} %{endif} %{ if dns != null } dns = [${dns}] %{endif} %{ if dns_search != null } dns_search = [${dns_search}] %{endif} @@ -27,6 +20,7 @@ volumes = %{if volumes != null} [${volumes}] %{else} ["/cache"${runners_ad %{ if helper_image_flavor != null } helper_image_flavor = "${helper_image_flavor}" %{endif} %{ if host != null } host = "${host}" %{endif} %{ if hostname != null } hostname = "${hostname}" %{endif} +%{ if image != null} iamge = "${image}" %{endif} %{ if links != null } links = [${links}] %{endif} %{ if memory != null } memory = "${memory}" %{endif} %{ if memory_reservation != null } memory_reservation = "${memory_reservation}" %{endif} @@ -34,11 +28,16 @@ volumes = %{if volumes != null} [${volumes}] %{else} ["/cache"${runners_ad %{ if network_mode != null } network_mode = "${network_mode}" %{endif} %{ if oom_kill_disable != null } oom_kill_disable = ${oom_kill_disable} %{endif} %{ if oom_score_adjust != null } oom_score_adjust = ${oom_score_adjust} %{endif} +%{ if privileged != null} privileged = ${privileged} %{endif} +%{ if pull_policy != null} pull_policy = "${pull_policy}" %{endif} %{ if runtime != null } runtime = "${runtime}" %{endif} %{ if security_opt != null } security_opt = [${security_opt}] %{endif} +%{ if shm_size != null} shm_size = ${shm_size} %{endif} %{ if sysctls != null } sysctls = [${sysctls}] %{endif} %{ if tls_cert_path != null } tls_cert_path = "${tls_cert_path}" %{endif} +%{ if tls_verify != null} tls_verify = ${tls_verify} %{endif} %{ if userns_mode != null } userns_mode = "${userns_mode}" %{endif} +%{ if volumes != null} volumes = [${volumes}] %{endif} %{ if volumes_from != null } volumes_from = [${volumes_from}] %{endif} %{ if volume_driver != null } volume_driver = "${volume_driver}" %{endif} %{ if wait_for_services_timeout != null } wait_for_services_timeout = ${wait_for_services_timeout} %{endif} diff --git a/variables.tf b/variables.tf index 779d594fa..ac9862720 100644 --- a/variables.tf +++ b/variables.tf @@ -260,7 +260,7 @@ variable "runners_docker_options" { Options added to the [runners.docker] section of config.toml to configure the Docker container of the Executors. For details check https://docs.gitlab.com/runner/configuration/advanced-configuration.html - Default values if the whole block is not used: + Default values if the option is not given: disable_cache = "false" image = "docker:18.03.1-ce" privileged = "true" @@ -674,10 +674,10 @@ variable "enable_manage_gitlab_token" { variable "overrides" { description = <<-EOT - This map provides the possibility to override some defaults. - The following attributes are supported: - * `name_sg` set the name prefix and overwrite the `Name` tag for all security groups created by this module. - * `name_runner_agent_instance` set the name prefix and override the `Name` tag for the EC2 gitlab runner instances defined in the auto launch configuration. + This map provides the possibility to override some defaults. + The following attributes are supported: + * `name_sg` set the name prefix and overwrite the `Name` tag for all security groups created by this module. + * `name_runner_agent_instance` set the name prefix and override the `Name` tag for the EC2 gitlab runner instances defined in the auto launch configuration. * `name_docker_machine_runners` override the `Name` tag of EC2 instances created by the runner agent (used as name prefix for `docker_machine_version` >= 0.16.2). * `name_iam_objects` set the name prefix of all AWS IAM resources created by this module. EOT From 293fa108bbc6391f66b65c0fde931b2fa41c9817 Mon Sep 17 00:00:00 2001 From: kayma Date: Thu, 2 Mar 2023 08:58:07 +0100 Subject: [PATCH 22/43] remove deprecated variables --- locals.tf | 37 +++++--------------- main.tf | 10 +----- migrations/migrate-to-7-0-0.sh | 5 +++ variables.tf | 62 +--------------------------------- 4 files changed, 15 insertions(+), 99 deletions(-) create mode 100755 migrations/migrate-to-7-0-0.sh diff --git a/locals.tf b/locals.tf index 41bc79e4d..e2b8a1fe2 100644 --- a/locals.tf +++ b/locals.tf @@ -14,17 +14,7 @@ locals { runners_docker_registry_mirror_option = var.runners_docker_registry_mirror == "" ? [] : ["engine-registry-mirror=${var.runners_docker_registry_mirror}"] - runners_docker_options = var.runners_docker_options != null ? local.template_runners_docker_options : local.runners_docker_options_single_string - template_runners_docker_options = var.runners_docker_options == null ? "" : templatefile("${path.module}/template/runners_docker_options.tpl", { - disable_cache = var.runners_docker_options.disable_cache - image = var.runners_docker_options.image - privileged = var.runners_docker_options.privileged - pull_policy = var.runners_docker_options.pull_policy - shm_size = var.runners_docker_options.shm_size - tls_verify = var.runners_docker_options.tls_verify - volumes = local.runners_docker_volumes - allowed_images = var.runners_docker_options.allowed_images == null ? null : join(", ", [for s in var.runners_docker_options.allowed_images : format("\"%s\"", s)]) allowed_pull_policies = var.runners_docker_options.allowed_pull_policies == null ? null : join(", ", [for s in var.runners_docker_options.allowed_pull_policies : format("\"%s\"", s)]) allowed_services = var.runners_docker_options.allowed_services == null ? null : join(", ", [for s in var.runners_docker_options.allowed_services : format("\"%s\"", s)]) @@ -37,6 +27,7 @@ locals { cpus = var.runners_docker_options.cpus devices = var.runners_docker_options.devices == null ? null : join(", ", [for s in var.runners_docker_options.devices : format("\"%s\"", s)]) device_cgroup_rules = var.runners_docker_options.device_cgroup_rules == null ? null : join(", ", [for s in var.runners_docker_options.device_cgroup_rules : format("\"%s\"", s)]) + disable_cache = var.runners_docker_options.disable_cache disable_entrypoint_overwrite = var.runners_docker_options.disable_entrypoint_overwrite dns = var.runners_docker_options.dns == null ? null : join(", ", [for s in var.runners_docker_options.dns : format("\"%s\"", s)]) dns_search = var.runners_docker_options.dns_search == null ? null : join(", ", [for s in var.runners_docker_options.dns_search : format("\"%s\"", s)]) @@ -46,6 +37,7 @@ locals { helper_image_flavor = var.runners_docker_options.helper_image_flavor host = var.runners_docker_options.host hostname = var.runners_docker_options.hostname + image = var.runners_docker_options.image links = var.runners_docker_options.links == null ? null : join(", ", [for s in var.runners_docker_options.links : format("\"%s\"", s)]) memory = var.runners_docker_options.memory memory_reservation = var.runners_docker_options.memory_reservation @@ -53,28 +45,20 @@ locals { network_mode = var.runners_docker_options.network_mode oom_kill_disable = var.runners_docker_options.oom_kill_disable oom_score_adjust = var.runners_docker_options.oom_score_adjust + privileged = var.runners_docker_options.privileged + pull_policies = join(", ", [for s in var.runners_docker_options.pull_policy : format("\"%s\"", s)]) runtime = var.runners_docker_options.runtime security_opt = var.runners_docker_options.security_opt == null ? null : join(", ", [for s in var.runners_docker_options.security_opt : format("\"%s\"", s)]) + shm_size = var.runners_docker_options.shm_size sysctls = var.runners_docker_options.sysctls == null ? null : join(", ", [for s in var.runners_docker_options.sysctls : format("\"%s\"", s)]) tls_cert_path = var.runners_docker_options.tls_cert_path + tls_verify = var.runners_docker_options.tls_verify userns_mode = var.runners_docker_options.userns_mode + volumes = concat(var.runners_add_dind_volumes ? ["/certs/client", "/builds", "/var/run/docker.sock:/var/run/docker.sock"] : [], var.runners_docker_options.volumes) volume_driver = var.runners_docker_options.volume_driver volumes_from = var.runners_docker_options.volumes_from == null ? null : join(", ", [for s in var.runners_docker_options.volumes_from : format("\"%s\"", s)]) wait_for_services_timeout = var.runners_docker_options.wait_for_services_timeout }) - runners_docker_options_single_string = <<-EOT - tls_verify = false - image = "${var.runners_image}" - privileged = ${var.runners_privileged} - disable_cache = ${var.runners_disable_cache} - volumes = [${local.runners_docker_volumes}] - shm_size = ${var.runners_shm_size} - pull_policy = "${var.runners_pull_policy}" - runtime = "${var.runners_docker_runtime}" - helper_image = "${var.runners_helper_image}" - EOT - - runners_docker_volumes = join(", ", formatlist("\"%s\"", concat(["/cache"], var.runners_additional_volumes))) # Ensure max builds is optional runners_max_builds_string = var.runners_max_builds == 0 ? "" : format("MaxBuilds = %d", var.runners_max_builds) @@ -87,9 +71,6 @@ locals { name_runner_agent_instance = var.overrides["name_runner_agent_instance"] == "" ? local.tags["Name"] : var.overrides["name_runner_agent_instance"] name_sg = var.overrides["name_sg"] == "" ? local.tags["Name"] : var.overrides["name_sg"] name_iam_objects = lookup(var.overrides, "name_iam_objects", "") == "" ? local.tags["Name"] : var.overrides["name_iam_objects"] - runners_additional_volumes = <<-EOT - %{~if var.runners_add_dind_volumes~},"/certs/client", "/builds", "/var/run/docker.sock:/var/run/docker.sock"%{endif~}%{~for volume in var.runners_additional_volumes~},"${volume}"%{endfor~} - EOT runners_machine_autoscaling = templatefile("${path.module}/template/runners_machine_autoscaling.tpl", { runners_machine_autoscaling = var.runners_machine_autoscaling @@ -101,8 +82,6 @@ locals { } ) - runners_pull_policies = var.runners_pull_policy != "" ? "[\"${var.runners_pull_policy}\"]" : "[\"${join("\",\"", var.runners_pull_policies)}\"]" - /* determines if the docker machine executable adds the Name tag automatically (versions >= 0.16.2) */ # make sure to skip pre-release stuff in the semver by ignoring everything after "-" docker_machine_version_used = split(".", split("-", var.docker_machine_version)[0]) @@ -113,4 +92,4 @@ locals { ] docker_machine_adds_name_tag = signum(sum(local.docker_machine_version_test)) <= 0 -} \ No newline at end of file +} diff --git a/main.tf b/main.tf index 0bbabb51c..c7793a9f3 100644 --- a/main.tf +++ b/main.tf @@ -82,7 +82,6 @@ locals { aws_region = var.aws_region gitlab_url = var.runners_gitlab_url gitlab_clone_url = var.runners_clone_url - runners_extra_hosts = var.runners_extra_hosts runners_vpc_id = var.vpc_id runners_subnet_id = length(var.subnet_id) > 0 ? var.subnet_id : var.subnet_id_runners runners_aws_zone = data.aws_availability_zone.runners.name_suffix @@ -103,13 +102,6 @@ locals { runners_executor = var.runners_executor runners_limit = var.runners_limit runners_concurrent = var.runners_concurrent - runners_image = var.runners_image - runners_privileged = var.runners_privileged - runners_disable_cache = var.runners_disable_cache - runners_docker_runtime = var.runners_docker_runtime - runners_helper_image = var.runners_helper_image - runners_shm_size = var.runners_shm_size - runners_pull_policies = local.runners_pull_policies runners_idle_count = var.runners_idle_count runners_idle_time = var.runners_idle_time runners_max_builds = local.runners_max_builds_string @@ -127,7 +119,7 @@ locals { runners_request_concurrency = var.runners_request_concurrency runners_output_limit = var.runners_output_limit runners_check_interval = var.runners_check_interval - runners_docker_options = local.runners_docker_options + runners_docker_options = local.template_runners_docker_options runners_volumes_tmpfs = join("\n", [for v in var.runners_volumes_tmpfs : format("\"%s\" = \"%s\"", v.volume, v.options)]) runners_services_volumes_tmpfs = join("\n", [for v in var.runners_services_volumes_tmpfs : format("\"%s\" = \"%s\"", v.volume, v.options)]) runners_docker_services = local.runners_docker_services diff --git a/migrations/migrate-to-7-0-0.sh b/migrations/migrate-to-7-0-0.sh new file mode 100755 index 000000000..42c10d851 --- /dev/null +++ b/migrations/migrate-to-7-0-0.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +set -euo pipefail + +# runners_additions_volumes: add manually to `volumes` diff --git a/variables.tf b/variables.tf index 1d4bd16fc..1d2abc311 100644 --- a/variables.tf +++ b/variables.tf @@ -194,72 +194,12 @@ variable "runners_max_builds" { default = 0 } -variable "runners_image" { - description = "(Deprecated, use image in runners_docker_options instead) Image to run builds, will be used in the runner config.toml" - type = string - default = "docker:18.03.1-ce" -} - -variable "runners_privileged" { - description = "(Deprecated, use privileged in runners_docker_options instead) Runners will run in privileged mode, will be used in the runner config.toml" - type = bool - default = true -} - -variable "runners_disable_cache" { - description = "(Deprecated, use disable_cache in runners_docker_options instead) Runners will not use local cache, will be used in the runner config.toml" - type = bool - default = false -} - variable "runners_add_dind_volumes" { description = "Add certificates and docker.sock to the volumes to support docker-in-docker (dind)" type = bool default = false } -variable "runners_additional_volumes" { - description = " (Deprecated, use volumes in runners_docker_options instead) Additional volumes that will be used in the runner config.toml, e.g Docker socket" - type = list(any) - default = [] -} - -variable "runners_extra_hosts" { - description = "Extra hosts that will be used in the runner config.toml, e.g other-host:127.0.0.1" - type = list(any) - default = [] -} - -variable "runners_shm_size" { - description = "(Deprecated, use shm_size in runners_docker_options instead) shm_size for the runners, will be used in the runner config.toml" - type = number - default = 0 -} - -variable "runners_docker_runtime" { - description = "(Deprecated, use runtime in runners_docker_options instead) docker runtime for runners, will be used in the runner config.toml" - type = string - default = "" -} - -variable "runners_helper_image" { - description = "(Deprecated, use helper_image in runners_docker_options instead) Overrides the default helper image used to clone repos and upload artifacts, will be used in the runner config.toml" - type = string - default = "" -} - -variable "runners_pull_policy" { - description = "(Deprecated, use pull_policy in runners_docker_options instead) pull_policy for the runners, will be used in the runner config.toml" - type = string - default = "" -} - -variable "runners_pull_policies" { - description = "pull policies for the runners, will be used in the runner config.toml, for Gitlab Runner >= 13.8, see https://docs.gitlab.com/runner/executors/docker.html#using-multiple-pull-policies " - type = list(string) - default = ["always"] -} - variable "runners_docker_options" { description = < Date: Thu, 2 Mar 2023 09:20:44 +0100 Subject: [PATCH 23/43] fix variable names --- locals.tf | 14 +++++++------- main.tf | 1 - template/runners_docker_options.tpl | 6 +++--- variables.tf | 1 + 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/locals.tf b/locals.tf index e2b8a1fe2..0fd03e0d5 100644 --- a/locals.tf +++ b/locals.tf @@ -27,7 +27,7 @@ locals { cpus = var.runners_docker_options.cpus devices = var.runners_docker_options.devices == null ? null : join(", ", [for s in var.runners_docker_options.devices : format("\"%s\"", s)]) device_cgroup_rules = var.runners_docker_options.device_cgroup_rules == null ? null : join(", ", [for s in var.runners_docker_options.device_cgroup_rules : format("\"%s\"", s)]) - disable_cache = var.runners_docker_options.disable_cache + disable_cache = var.runners_docker_options.disable_cache disable_entrypoint_overwrite = var.runners_docker_options.disable_entrypoint_overwrite dns = var.runners_docker_options.dns == null ? null : join(", ", [for s in var.runners_docker_options.dns : format("\"%s\"", s)]) dns_search = var.runners_docker_options.dns_search == null ? null : join(", ", [for s in var.runners_docker_options.dns_search : format("\"%s\"", s)]) @@ -37,7 +37,7 @@ locals { helper_image_flavor = var.runners_docker_options.helper_image_flavor host = var.runners_docker_options.host hostname = var.runners_docker_options.hostname - image = var.runners_docker_options.image + image = var.runners_docker_options.image links = var.runners_docker_options.links == null ? null : join(", ", [for s in var.runners_docker_options.links : format("\"%s\"", s)]) memory = var.runners_docker_options.memory memory_reservation = var.runners_docker_options.memory_reservation @@ -45,16 +45,16 @@ locals { network_mode = var.runners_docker_options.network_mode oom_kill_disable = var.runners_docker_options.oom_kill_disable oom_score_adjust = var.runners_docker_options.oom_score_adjust - privileged = var.runners_docker_options.privileged - pull_policies = join(", ", [for s in var.runners_docker_options.pull_policy : format("\"%s\"", s)]) + privileged = var.runners_docker_options.privileged + pull_policies = jsonencode(var.runners_docker_options.pull_policies) runtime = var.runners_docker_options.runtime security_opt = var.runners_docker_options.security_opt == null ? null : join(", ", [for s in var.runners_docker_options.security_opt : format("\"%s\"", s)]) - shm_size = var.runners_docker_options.shm_size + shm_size = var.runners_docker_options.shm_size sysctls = var.runners_docker_options.sysctls == null ? null : join(", ", [for s in var.runners_docker_options.sysctls : format("\"%s\"", s)]) tls_cert_path = var.runners_docker_options.tls_cert_path - tls_verify = var.runners_docker_options.tls_verify + tls_verify = var.runners_docker_options.tls_verify userns_mode = var.runners_docker_options.userns_mode - volumes = concat(var.runners_add_dind_volumes ? ["/certs/client", "/builds", "/var/run/docker.sock:/var/run/docker.sock"] : [], var.runners_docker_options.volumes) + volumes = jsonencode(concat(var.runners_add_dind_volumes ? ["/certs/client", "/builds", "/var/run/docker.sock:/var/run/docker.sock"] : [], var.runners_docker_options.volumes)) volume_driver = var.runners_docker_options.volume_driver volumes_from = var.runners_docker_options.volumes_from == null ? null : join(", ", [for s in var.runners_docker_options.volumes_from : format("\"%s\"", s)]) wait_for_services_timeout = var.runners_docker_options.wait_for_services_timeout diff --git a/main.tf b/main.tf index c7793a9f3..de840424d 100644 --- a/main.tf +++ b/main.tf @@ -92,7 +92,6 @@ locals { runners_monitoring = var.runners_monitoring runners_ebs_optimized = var.runners_ebs_optimized runners_instance_profile = var.runners_executor == "docker+machine" ? aws_iam_instance_profile.docker_machine[0].name : "" - runners_additional_volumes = local.runners_additional_volumes docker_machine_options = length(local.docker_machine_options_string) == 1 ? "" : local.docker_machine_options_string docker_machine_name = format("%s-%s", local.runner_tags_merged["Name"], "%s") # %s is always needed runners_name = var.runners_name diff --git a/template/runners_docker_options.tpl b/template/runners_docker_options.tpl index e0bc7d8c1..f82738bc4 100644 --- a/template/runners_docker_options.tpl +++ b/template/runners_docker_options.tpl @@ -20,7 +20,7 @@ %{ if helper_image_flavor != null } helper_image_flavor = "${helper_image_flavor}" %{endif} %{ if host != null } host = "${host}" %{endif} %{ if hostname != null } hostname = "${hostname}" %{endif} -%{ if image != null} iamge = "${image}" %{endif} +%{ if image != null} image = "${image}" %{endif} %{ if links != null } links = [${links}] %{endif} %{ if memory != null } memory = "${memory}" %{endif} %{ if memory_reservation != null } memory_reservation = "${memory_reservation}" %{endif} @@ -29,7 +29,7 @@ %{ if oom_kill_disable != null } oom_kill_disable = ${oom_kill_disable} %{endif} %{ if oom_score_adjust != null } oom_score_adjust = ${oom_score_adjust} %{endif} %{ if privileged != null} privileged = ${privileged} %{endif} -%{ if pull_policy != null} pull_policy = "${pull_policy}" %{endif} +%{ if pull_policies != null} pull_policy = ${pull_policies} %{endif} %{ if runtime != null } runtime = "${runtime}" %{endif} %{ if security_opt != null } security_opt = [${security_opt}] %{endif} %{ if shm_size != null} shm_size = ${shm_size} %{endif} @@ -37,7 +37,7 @@ %{ if tls_cert_path != null } tls_cert_path = "${tls_cert_path}" %{endif} %{ if tls_verify != null} tls_verify = ${tls_verify} %{endif} %{ if userns_mode != null } userns_mode = "${userns_mode}" %{endif} -%{ if volumes != null} volumes = [${volumes}] %{endif} +%{ if volumes != null} volumes = ${volumes} %{endif} %{ if volumes_from != null } volumes_from = [${volumes_from}] %{endif} %{ if volume_driver != null } volume_driver = "${volume_driver}" %{endif} %{ if wait_for_services_timeout != null } wait_for_services_timeout = ${wait_for_services_timeout} %{endif} diff --git a/variables.tf b/variables.tf index 1d2abc311..27b88b652 100644 --- a/variables.tf +++ b/variables.tf @@ -263,6 +263,7 @@ variable "runners_docker_options" { default = null } + variable "runners_monitoring" { description = "Enable detailed cloudwatch monitoring for spot instances." type = bool From 235e81fbc7314f9b2551f7c5fcdc2f4bc4b417f3 Mon Sep 17 00:00:00 2001 From: Tyrone Meijn Date: Thu, 2 Mar 2023 09:25:58 +0100 Subject: [PATCH 24/43] fix!: remove deprecated pull policy variable (#710) ## Description Removes the earlier deprecated `runners_pull_policy` variable. Since were making a Major release I thought this one was nice to catch. ## Migrations required YES. Replace the `runners_pull_policy` by `runners_pull_policies`. --- README.md | 1 - locals.tf | 2 +- variables.tf | 6 ------ 3 files changed, 1 insertion(+), 8 deletions(-) diff --git a/README.md b/README.md index ba4016373..1d338a77e 100644 --- a/README.md +++ b/README.md @@ -545,7 +545,6 @@ Made with [contributors-img](https://contrib.rocks). | [runners\_pre\_clone\_script](#input\_runners\_pre\_clone\_script) | Commands to be executed on the Runner before cloning the Git repository. this can be used to adjust the Git client configuration first, for example. | `string` | `"\"\""` | no | | [runners\_privileged](#input\_runners\_privileged) | Runners will run in privileged mode, will be used in the runner config.toml | `bool` | `true` | no | | [runners\_pull\_policies](#input\_runners\_pull\_policies) | pull policies for the runners, will be used in the runner config.toml, for Gitlab Runner >= 13.8, see https://docs.gitlab.com/runner/executors/docker.html#using-multiple-pull-policies | `list(string)` | 
[
  "always"
]
| no | -| [runners\_pull\_policy](#input\_runners\_pull\_policy) | Deprecated! Use runners\_pull\_policies instead. pull\_policy for the runners, will be used in the runner config.toml | `string` | `""` | no | | [runners\_request\_concurrency](#input\_runners\_request\_concurrency) | Limit number of concurrent requests for new jobs from GitLab (default 1). | `number` | `1` | no | | [runners\_request\_spot\_instance](#input\_runners\_request\_spot\_instance) | Whether or not to request spot instances via docker-machine | `bool` | `true` | no | | [runners\_root\_size](#input\_runners\_root\_size) | Runner instance root size in GB. | `number` | `16` | no | diff --git a/locals.tf b/locals.tf index 4cbe4d18b..e4419e988 100644 --- a/locals.tf +++ b/locals.tf @@ -39,7 +39,7 @@ locals { } ) - runners_pull_policies = var.runners_pull_policy != "" ? "[\"${var.runners_pull_policy}\"]" : "[\"${join("\",\"", var.runners_pull_policies)}\"]" + runners_pull_policies = "[\"${join("\",\"", var.runners_pull_policies)}\"]" /* determines if the docker machine executable adds the Name tag automatically (versions >= 0.16.2) */ # make sure to skip pre-release stuff in the semver by ignoring everything after "-" diff --git a/variables.tf b/variables.tf index ddda76203..3c6381a95 100644 --- a/variables.tf +++ b/variables.tf @@ -248,12 +248,6 @@ variable "runners_helper_image" { default = "" } -variable "runners_pull_policy" { - description = "Deprecated! Use runners_pull_policies instead. pull_policy for the runners, will be used in the runner config.toml" - type = string - default = "" -} - variable "runners_pull_policies" { description = "pull policies for the runners, will be used in the runner config.toml, for Gitlab Runner >= 13.8, see https://docs.gitlab.com/runner/executors/docker.html#using-multiple-pull-policies " type = list(string) From 0e90a251a81160432e618bd681c53f14efc6818c Mon Sep 17 00:00:00 2001 From: kayma Date: Thu, 2 Mar 2023 09:34:50 +0100 Subject: [PATCH 25/43] fix examples --- examples/runner-default/main.tf | 10 ++++++---- examples/runner-multi-region/main.tf | 12 ++++++++---- examples/runner-public/main.tf | 6 ++++-- 3 files changed, 18 insertions(+), 10 deletions(-) diff --git a/examples/runner-default/main.tf b/examples/runner-default/main.tf index 447fbb56b..825fd718a 100644 --- a/examples/runner-default/main.tf +++ b/examples/runner-default/main.tf @@ -76,9 +76,6 @@ module "runner" { "tf-aws-gitlab-runner:instancelifecycle" = "spot:yes" } - runners_privileged = "true" - runners_additional_volumes = ["/certs/client"] - runners_volumes_tmpfs = [ { volume = "/var/opt/cache", @@ -103,6 +100,11 @@ module "runner" { } ] + runners_docker_options = { + privileged = "true" + volumes = ["/cache", "/certs/client"] + } + runners_pre_build_script = < Date: Thu, 2 Mar 2023 09:37:03 +0100 Subject: [PATCH 26/43] format code --- examples/runner-default/main.tf | 4 ++-- examples/runner-multi-region/main.tf | 8 ++++---- examples/runner-public/main.tf | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/examples/runner-default/main.tf b/examples/runner-default/main.tf index 825fd718a..e56869461 100644 --- a/examples/runner-default/main.tf +++ b/examples/runner-default/main.tf @@ -101,8 +101,8 @@ module "runner" { ] runners_docker_options = { - privileged = "true" - volumes = ["/cache", "/certs/client"] + privileged = "true" + volumes = ["/cache", "/certs/client"] } runners_pre_build_script = < Date: Thu, 2 Mar 2023 10:45:25 +0100 Subject: [PATCH 27/43] add script to do the breaking changes --- migrations/migrate-to-7-0-0.sh | 61 +++++++++++++++++++++++++++++++++- 1 file changed, 60 insertions(+), 1 deletion(-) diff --git a/migrations/migrate-to-7-0-0.sh b/migrations/migrate-to-7-0-0.sh index 42c10d851..912a20930 100755 --- a/migrations/migrate-to-7-0-0.sh +++ b/migrations/migrate-to-7-0-0.sh @@ -2,4 +2,63 @@ set -euo pipefail -# runners_additions_volumes: add manually to `volumes` +# +# Precondition: The module call has been extracted to a separate file given in "$1". The code is well-formatted. +# +# $1: file name containing the module call to be converted +# + +converted_file="$1.new" + +cp "$1" "$converted_file" + +# +# PR #710 chore!: remove old variable `runners_pull_policy` +# +sed -i '/runners_pull_policy/d' "$converted_file" + +# +# PR #511 feat!: allow to set all docker options for the Executor +# +extracted_variables=$(grep -E '(runners_docker_runtime|runners_helper_image|runners_shm_size|runners_shm_size|runners_extra_hosts|runners_disable_cache|runners_image|runners_privileged)' "$converted_file") + +sed -i '/runners_image/d' "$converted_file" +sed -i '/runners_privileged/d' "$converted_file" +sed -i '/runners_disable_cache/d' "$converted_file" +sed -i '/runners_extra_hosts/d' "$converted_file" +sed -i '/runners_shm_size/d' "$converted_file" +sed -i '/runners_docker_runtime/d' "$converted_file" +sed -i '/runners_helper_image/d' "$converted_file" + +# content to be added to `volumes` +volumes=$(grep "runners_additional_volumes" "$converted_file" | cut -d '=' -f 2 | tr -d '[]') + +if [ -n "$volumes" ]; then + extracted_variables="$extracted_variables + volumes = [\"/cache\", $volumes]" +fi + +sed -i '/runners_additional_volumes/d' "$converted_file" + + +# rename the variables +extracted_variables=$(echo "$extracted_variables" | \ + sed 's/runners_image/image/g' | \ + sed 's/runners_privileged/privileged/g' | \ + sed 's/runners_disable_cache/disable_cache/g' | \ + sed 's/runners_extra_hosts/extra_hosts/g' | \ + sed 's/runners_shm_size/shm_size/g' | \ + sed 's/runners_docker_runtime/runtime/g' | \ + sed 's/runners_helper_image/helper_image/g' + ) + +# add new block runners_docker_options at the end +echo "$(head -n -1 "$converted_file") +runners_docker_options { + $extracted_variables +} +}" > x + +mv x "$converted_file" + +echo "Module call converted. Output: $converted_file" From a511dd6ff6efc1ce7696ffbb0d62932d9cb9b4ea Mon Sep 17 00:00:00 2001 From: kayma Date: Thu, 2 Mar 2023 10:54:07 +0100 Subject: [PATCH 28/43] remove unwanted \n characters --- template/runners_docker_options.tpl | 86 ++++++++++++++--------------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/template/runners_docker_options.tpl b/template/runners_docker_options.tpl index f82738bc4..e75f7ca05 100644 --- a/template/runners_docker_options.tpl +++ b/template/runners_docker_options.tpl @@ -1,43 +1,43 @@ -%{ if allowed_images != null } allowed_images = [${allowed_images}] %{endif} -%{ if allowed_pull_policies != null } allowed_pull_policies = [${allowed_pull_policies}] %{endif} -%{ if allowed_services != null } allowed_services = [${allowed_services}] %{endif} -%{ if cache_dir != null } cache_dir = "${cache_dir}" %{endif} -%{ if cap_add != null } cap_add = [${cap_add}] %{endif} -%{ if cap_drop != null } cap_drop = [${cap_drop}] %{endif} -%{ if container_labels != null } container_labels = [${container_labels}] %{endif} -%{ if cpuset_cpus != null } cpuset_cpus = "${cpuset_cpus}" %{endif} -%{ if cpu_shares != null } cpu_shares = ${cpu_shares} %{endif} -%{ if cpus != null } cpus = "${cpus}" %{endif} -%{ if devices != null } devices = [${devices}] %{endif} -%{ if device_cgroup_rules != null } device_cgroup_rules = [${device_cgroup_rules}] %{endif} -%{ if disable_cache != null} disable_cache = ${disable_cache} %{endif} -%{ if disable_entrypoint_overwrite != null } disable_entrypoint_overwrite = ${disable_entrypoint_overwrite} %{endif} -%{ if dns != null } dns = [${dns}] %{endif} -%{ if dns_search != null } dns_search = [${dns_search}] %{endif} -%{ if extra_hosts != null } extra_hosts = [${extra_hosts}] %{endif} -%{ if gpus != null } gpus = "${gpus}" %{endif} -%{ if helper_image != null } helper_image = "${helper_image}" %{endif} -%{ if helper_image_flavor != null } helper_image_flavor = "${helper_image_flavor}" %{endif} -%{ if host != null } host = "${host}" %{endif} -%{ if hostname != null } hostname = "${hostname}" %{endif} -%{ if image != null} image = "${image}" %{endif} -%{ if links != null } links = [${links}] %{endif} -%{ if memory != null } memory = "${memory}" %{endif} -%{ if memory_reservation != null } memory_reservation = "${memory_reservation}" %{endif} -%{ if memory_swap != null } memory_swap = "${memory_swap}" %{endif} -%{ if network_mode != null } network_mode = "${network_mode}" %{endif} -%{ if oom_kill_disable != null } oom_kill_disable = ${oom_kill_disable} %{endif} -%{ if oom_score_adjust != null } oom_score_adjust = ${oom_score_adjust} %{endif} -%{ if privileged != null} privileged = ${privileged} %{endif} -%{ if pull_policies != null} pull_policy = ${pull_policies} %{endif} -%{ if runtime != null } runtime = "${runtime}" %{endif} -%{ if security_opt != null } security_opt = [${security_opt}] %{endif} -%{ if shm_size != null} shm_size = ${shm_size} %{endif} -%{ if sysctls != null } sysctls = [${sysctls}] %{endif} -%{ if tls_cert_path != null } tls_cert_path = "${tls_cert_path}" %{endif} -%{ if tls_verify != null} tls_verify = ${tls_verify} %{endif} -%{ if userns_mode != null } userns_mode = "${userns_mode}" %{endif} -%{ if volumes != null} volumes = ${volumes} %{endif} -%{ if volumes_from != null } volumes_from = [${volumes_from}] %{endif} -%{ if volume_driver != null } volume_driver = "${volume_driver}" %{endif} -%{ if wait_for_services_timeout != null } wait_for_services_timeout = ${wait_for_services_timeout} %{endif} +%{ if allowed_images != null } allowed_images = [${allowed_images}] %{endif ~} +%{ if allowed_pull_policies != null } allowed_pull_policies = [${allowed_pull_policies}] %{endif ~} +%{ if allowed_services != null } allowed_services = [${allowed_services}] %{endif ~} +%{ if cache_dir != null } cache_dir = "${cache_dir}" %{endif ~} +%{ if cap_add != null } cap_add = [${cap_add}] %{endif ~} +%{ if cap_drop != null } cap_drop = [${cap_drop}] %{endif ~} +%{ if container_labels != null } container_labels = [${container_labels}] %{endif ~} +%{ if cpuset_cpus != null } cpuset_cpus = "${cpuset_cpus}" %{endif ~} +%{ if cpu_shares != null } cpu_shares = ${cpu_shares} %{endif ~} +%{ if cpus != null } cpus = "${cpus}" %{endif ~} +%{ if devices != null } devices = [${devices}] %{endif ~} +%{ if device_cgroup_rules != null } device_cgroup_rules = [${device_cgroup_rules}] %{endif ~} +%{ if disable_cache != null} disable_cache = ${disable_cache} %{endif ~} +%{ if disable_entrypoint_overwrite != null } disable_entrypoint_overwrite = ${disable_entrypoint_overwrite} %{endif ~} +%{ if dns != null } dns = [${dns}] %{endif ~} +%{ if dns_search != null } dns_search = [${dns_search}] %{endif ~} +%{ if extra_hosts != null } extra_hosts = [${extra_hosts}] %{endif ~} +%{ if gpus != null } gpus = "${gpus}" %{endif ~} +%{ if helper_image != null } helper_image = "${helper_image}" %{endif ~} +%{ if helper_image_flavor != null } helper_image_flavor = "${helper_image_flavor}" %{endif ~} +%{ if host != null } host = "${host}" %{endif ~} +%{ if hostname != null } hostname = "${hostname}" %{endif ~} +%{ if image != null} image = "${image}" %{endif ~} +%{ if links != null } links = [${links}] %{endif ~} +%{ if memory != null } memory = "${memory}" %{endif ~} +%{ if memory_reservation != null } memory_reservation = "${memory_reservation}" %{endif ~} +%{ if memory_swap != null } memory_swap = "${memory_swap}" %{endif ~} +%{ if network_mode != null } network_mode = "${network_mode}" %{endif ~} +%{ if oom_kill_disable != null } oom_kill_disable = ${oom_kill_disable} %{endif ~} +%{ if oom_score_adjust != null } oom_score_adjust = ${oom_score_adjust} %{endif ~} +%{ if privileged != null} privileged = ${privileged} %{endif ~} +%{ if pull_policies != null} pull_policy = ${pull_policies} %{endif ~} +%{ if runtime != null } runtime = "${runtime}" %{endif ~} +%{ if security_opt != null } security_opt = [${security_opt}] %{endif ~} +%{ if shm_size != null} shm_size = ${shm_size} %{endif ~} +%{ if sysctls != null } sysctls = [${sysctls}] %{endif ~} +%{ if tls_cert_path != null } tls_cert_path = "${tls_cert_path}" %{endif ~} +%{ if tls_verify != null} tls_verify = ${tls_verify} %{endif ~} +%{ if userns_mode != null } userns_mode = "${userns_mode}" %{endif ~} +%{ if volumes != null} volumes = ${volumes} %{endif ~} +%{ if volumes_from != null } volumes_from = [${volumes_from}] %{endif ~} +%{ if volume_driver != null } volume_driver = "${volume_driver}" %{endif ~} +%{ if wait_for_services_timeout != null } wait_for_services_timeout = ${wait_for_services_timeout} %{endif ~} From 5a150de5aace3fa1d72be620c3e6c4a7731ddd94 Mon Sep 17 00:00:00 2001 From: kayma Date: Thu, 2 Mar 2023 11:08:11 +0100 Subject: [PATCH 29/43] remove new lines --- locals.tf | 2 +- template/runners_docker_options.tftpl | 86 +++++++++++++++++++++++++++ template/runners_docker_options.tpl | 43 -------------- 3 files changed, 87 insertions(+), 44 deletions(-) create mode 100644 template/runners_docker_options.tftpl delete mode 100644 template/runners_docker_options.tpl diff --git a/locals.tf b/locals.tf index 0fd03e0d5..579b1b282 100644 --- a/locals.tf +++ b/locals.tf @@ -14,7 +14,7 @@ locals { runners_docker_registry_mirror_option = var.runners_docker_registry_mirror == "" ? [] : ["engine-registry-mirror=${var.runners_docker_registry_mirror}"] - template_runners_docker_options = var.runners_docker_options == null ? "" : templatefile("${path.module}/template/runners_docker_options.tpl", { + template_runners_docker_options = var.runners_docker_options == null ? "" : templatefile("${path.module}/template/runners_docker_options.tftpl", { allowed_images = var.runners_docker_options.allowed_images == null ? null : join(", ", [for s in var.runners_docker_options.allowed_images : format("\"%s\"", s)]) allowed_pull_policies = var.runners_docker_options.allowed_pull_policies == null ? null : join(", ", [for s in var.runners_docker_options.allowed_pull_policies : format("\"%s\"", s)]) allowed_services = var.runners_docker_options.allowed_services == null ? null : join(", ", [for s in var.runners_docker_options.allowed_services : format("\"%s\"", s)]) diff --git a/template/runners_docker_options.tftpl b/template/runners_docker_options.tftpl new file mode 100644 index 000000000..2ca04dd36 --- /dev/null +++ b/template/runners_docker_options.tftpl @@ -0,0 +1,86 @@ +%{ if allowed_images != null } allowed_images = [${allowed_images}] +%{endif ~} +%{ if allowed_pull_policies != null } allowed_pull_policies = [${allowed_pull_policies}] +%{endif ~} +%{ if allowed_services != null } allowed_services = [${allowed_services}] +%{endif ~} +%{ if cache_dir != null } cache_dir = "${cache_dir}" +%{endif ~} +%{ if cap_add != null } cap_add = [${cap_add}] +%{endif ~} +%{ if cap_drop != null } cap_drop = [${cap_drop}] +%{endif ~} +%{ if container_labels != null } container_labels = [${container_labels}] +%{endif ~} +%{ if cpuset_cpus != null } cpuset_cpus = "${cpuset_cpus}" +%{endif ~} +%{ if cpu_shares != null } cpu_shares = ${cpu_shares} +%{endif ~} +%{ if cpus != null } cpus = "${cpus}" +%{endif ~} +%{ if devices != null } devices = [${devices}] +%{endif ~} +%{ if device_cgroup_rules != null } device_cgroup_rules = [${device_cgroup_rules}] +%{endif ~} +%{ if disable_cache != null} disable_cache = ${disable_cache} +%{endif ~} +%{ if disable_entrypoint_overwrite != null } disable_entrypoint_overwrite = ${disable_entrypoint_overwrite} +%{endif ~} +%{ if dns != null } dns = [${dns}] +%{endif ~} +%{ if dns_search != null } dns_search = [${dns_search}] +%{endif ~} +%{ if extra_hosts != null } extra_hosts = [${extra_hosts}] +%{endif ~} +%{ if gpus != null } gpus = "${gpus}" +%{endif ~} +%{ if helper_image != null } helper_image = "${helper_image}" +%{endif ~} +%{ if helper_image_flavor != null } helper_image_flavor = "${helper_image_flavor}" +%{endif ~} +%{ if host != null } host = "${host}" +%{endif ~} +%{ if hostname != null } hostname = "${hostname}" +%{endif ~} +%{ if image != null} image = "${image}" +%{endif ~} +%{ if links != null } links = [${links}] +%{endif ~} +%{ if memory != null } memory = "${memory}" +%{endif ~} +%{ if memory_reservation != null } memory_reservation = "${memory_reservation}" +%{endif ~} +%{ if memory_swap != null } memory_swap = "${memory_swap}" +%{endif ~} +%{ if network_mode != null } network_mode = "${network_mode}" +%{endif ~} +%{ if oom_kill_disable != null } oom_kill_disable = ${oom_kill_disable} +%{endif ~} +%{ if oom_score_adjust != null } oom_score_adjust = ${oom_score_adjust} +%{endif ~} +%{ if privileged != null} privileged = ${privileged} +%{endif ~} +%{ if pull_policies != null} pull_policy = ${pull_policies} +%{endif ~} +%{ if runtime != null } runtime = "${runtime}" +%{endif ~} +%{ if security_opt != null } security_opt = [${security_opt}] +%{endif ~} +%{ if shm_size != null} shm_size = ${shm_size} +%{endif ~} +%{ if sysctls != null } sysctls = [${sysctls}] +%{endif ~} +%{ if tls_cert_path != null } tls_cert_path = "${tls_cert_path}" +%{endif ~} +%{ if tls_verify != null} tls_verify = ${tls_verify} +%{endif ~} +%{ if userns_mode != null } userns_mode = "${userns_mode}" +%{endif ~} +%{ if volumes != null} volumes = ${volumes} +%{endif ~} +%{ if volumes_from != null } volumes_from = [${volumes_from}] +%{endif ~} +%{ if volume_driver != null } volume_driver = "${volume_driver}" +%{endif ~} +%{ if wait_for_services_timeout != null } wait_for_services_timeout = ${wait_for_services_timeout} +%{endif ~} diff --git a/template/runners_docker_options.tpl b/template/runners_docker_options.tpl deleted file mode 100644 index e75f7ca05..000000000 --- a/template/runners_docker_options.tpl +++ /dev/null @@ -1,43 +0,0 @@ -%{ if allowed_images != null } allowed_images = [${allowed_images}] %{endif ~} -%{ if allowed_pull_policies != null } allowed_pull_policies = [${allowed_pull_policies}] %{endif ~} -%{ if allowed_services != null } allowed_services = [${allowed_services}] %{endif ~} -%{ if cache_dir != null } cache_dir = "${cache_dir}" %{endif ~} -%{ if cap_add != null } cap_add = [${cap_add}] %{endif ~} -%{ if cap_drop != null } cap_drop = [${cap_drop}] %{endif ~} -%{ if container_labels != null } container_labels = [${container_labels}] %{endif ~} -%{ if cpuset_cpus != null } cpuset_cpus = "${cpuset_cpus}" %{endif ~} -%{ if cpu_shares != null } cpu_shares = ${cpu_shares} %{endif ~} -%{ if cpus != null } cpus = "${cpus}" %{endif ~} -%{ if devices != null } devices = [${devices}] %{endif ~} -%{ if device_cgroup_rules != null } device_cgroup_rules = [${device_cgroup_rules}] %{endif ~} -%{ if disable_cache != null} disable_cache = ${disable_cache} %{endif ~} -%{ if disable_entrypoint_overwrite != null } disable_entrypoint_overwrite = ${disable_entrypoint_overwrite} %{endif ~} -%{ if dns != null } dns = [${dns}] %{endif ~} -%{ if dns_search != null } dns_search = [${dns_search}] %{endif ~} -%{ if extra_hosts != null } extra_hosts = [${extra_hosts}] %{endif ~} -%{ if gpus != null } gpus = "${gpus}" %{endif ~} -%{ if helper_image != null } helper_image = "${helper_image}" %{endif ~} -%{ if helper_image_flavor != null } helper_image_flavor = "${helper_image_flavor}" %{endif ~} -%{ if host != null } host = "${host}" %{endif ~} -%{ if hostname != null } hostname = "${hostname}" %{endif ~} -%{ if image != null} image = "${image}" %{endif ~} -%{ if links != null } links = [${links}] %{endif ~} -%{ if memory != null } memory = "${memory}" %{endif ~} -%{ if memory_reservation != null } memory_reservation = "${memory_reservation}" %{endif ~} -%{ if memory_swap != null } memory_swap = "${memory_swap}" %{endif ~} -%{ if network_mode != null } network_mode = "${network_mode}" %{endif ~} -%{ if oom_kill_disable != null } oom_kill_disable = ${oom_kill_disable} %{endif ~} -%{ if oom_score_adjust != null } oom_score_adjust = ${oom_score_adjust} %{endif ~} -%{ if privileged != null} privileged = ${privileged} %{endif ~} -%{ if pull_policies != null} pull_policy = ${pull_policies} %{endif ~} -%{ if runtime != null } runtime = "${runtime}" %{endif ~} -%{ if security_opt != null } security_opt = [${security_opt}] %{endif ~} -%{ if shm_size != null} shm_size = ${shm_size} %{endif ~} -%{ if sysctls != null } sysctls = [${sysctls}] %{endif ~} -%{ if tls_cert_path != null } tls_cert_path = "${tls_cert_path}" %{endif ~} -%{ if tls_verify != null} tls_verify = ${tls_verify} %{endif ~} -%{ if userns_mode != null } userns_mode = "${userns_mode}" %{endif ~} -%{ if volumes != null} volumes = ${volumes} %{endif ~} -%{ if volumes_from != null } volumes_from = [${volumes_from}] %{endif ~} -%{ if volume_driver != null } volume_driver = "${volume_driver}" %{endif ~} -%{ if wait_for_services_timeout != null } wait_for_services_timeout = ${wait_for_services_timeout} %{endif ~} From 86bea27920c75776d55ef8d607a3e9dd82ca8e53 Mon Sep 17 00:00:00 2001 From: kayma Date: Thu, 2 Mar 2023 11:17:52 +0100 Subject: [PATCH 30/43] add missing options --- locals.tf | 3 +++ template/runners_docker_options.tftpl | 6 ++++++ variables.tf | 3 +++ 3 files changed, 12 insertions(+) diff --git a/locals.tf b/locals.tf index 579b1b282..00fcb920c 100644 --- a/locals.tf +++ b/locals.tf @@ -38,7 +38,9 @@ locals { host = var.runners_docker_options.host hostname = var.runners_docker_options.hostname image = var.runners_docker_options.image + isolation = var.runners_docker_options.isolation links = var.runners_docker_options.links == null ? null : join(", ", [for s in var.runners_docker_options.links : format("\"%s\"", s)]) + mac_address = var.runners_docker_options.mac_address memory = var.runners_docker_options.memory memory_reservation = var.runners_docker_options.memory_reservation memory_swap = var.runners_docker_options.memory_swap @@ -53,6 +55,7 @@ locals { sysctls = var.runners_docker_options.sysctls == null ? null : join(", ", [for s in var.runners_docker_options.sysctls : format("\"%s\"", s)]) tls_cert_path = var.runners_docker_options.tls_cert_path tls_verify = var.runners_docker_options.tls_verify + user = var.runners_docker_options.user userns_mode = var.runners_docker_options.userns_mode volumes = jsonencode(concat(var.runners_add_dind_volumes ? ["/certs/client", "/builds", "/var/run/docker.sock:/var/run/docker.sock"] : [], var.runners_docker_options.volumes)) volume_driver = var.runners_docker_options.volume_driver diff --git a/template/runners_docker_options.tftpl b/template/runners_docker_options.tftpl index 2ca04dd36..7c6049d83 100644 --- a/template/runners_docker_options.tftpl +++ b/template/runners_docker_options.tftpl @@ -44,8 +44,12 @@ %{endif ~} %{ if image != null} image = "${image}" %{endif ~} +%{ if isolation != null} isolation = "${isolation}" +%{endif ~} %{ if links != null } links = [${links}] %{endif ~} +%{ if mac_address != null } mac_address = "${mac_address}" +%{endif ~} %{ if memory != null } memory = "${memory}" %{endif ~} %{ if memory_reservation != null } memory_reservation = "${memory_reservation}" @@ -74,6 +78,8 @@ %{endif ~} %{ if tls_verify != null} tls_verify = ${tls_verify} %{endif ~} +%{ if user != null} user = "${user}" +%{endif ~} %{ if userns_mode != null } userns_mode = "${userns_mode}" %{endif ~} %{ if volumes != null} volumes = ${volumes} diff --git a/variables.tf b/variables.tf index 27b88b652..ee1d04ef7 100644 --- a/variables.tf +++ b/variables.tf @@ -239,7 +239,9 @@ variable "runners_docker_options" { host = optional(string) hostname = optional(string) image = optional(string, "docker:18.03.1-ce") + isolation = optional(string) links = optional(list(string)) + mac_address = optional(string) memory = optional(string) memory_swap = optional(string) memory_reservation = optional(string) @@ -254,6 +256,7 @@ variable "runners_docker_options" { sysctls = optional(list(string)) tls_cert_path = optional(string) tls_verify = optional(bool, false) + user = optional(string) userns_mode = optional(string) volumes = optional(list(string), ["/cache"]) volumes_from = optional(list(string)) From 1bbbea3a57157c156ca74de9fe6fccd3b274d47e Mon Sep 17 00:00:00 2001 From: Tyrone Meijn Date: Thu, 2 Mar 2023 09:25:58 +0100 Subject: [PATCH 31/43] fix!: remove deprecated pull policy variable (#710) ## Description Removes the earlier deprecated `runners_pull_policy` variable. Since were making a Major release I thought this one was nice to catch. ## Migrations required YES. Replace the `runners_pull_policy` by `runners_pull_policies`. --- README.md | 1 - locals.tf | 2 +- variables.tf | 6 ------ 3 files changed, 1 insertion(+), 8 deletions(-) diff --git a/README.md b/README.md index ba4016373..1d338a77e 100644 --- a/README.md +++ b/README.md @@ -545,7 +545,6 @@ Made with [contributors-img](https://contrib.rocks). | [runners\_pre\_clone\_script](#input\_runners\_pre\_clone\_script) | Commands to be executed on the Runner before cloning the Git repository. this can be used to adjust the Git client configuration first, for example. | `string` | `"\"\""` | no | | [runners\_privileged](#input\_runners\_privileged) | Runners will run in privileged mode, will be used in the runner config.toml | `bool` | `true` | no | | [runners\_pull\_policies](#input\_runners\_pull\_policies) | pull policies for the runners, will be used in the runner config.toml, for Gitlab Runner >= 13.8, see https://docs.gitlab.com/runner/executors/docker.html#using-multiple-pull-policies | `list(string)` | 
[
  "always"
]
| no | -| [runners\_pull\_policy](#input\_runners\_pull\_policy) | Deprecated! Use runners\_pull\_policies instead. pull\_policy for the runners, will be used in the runner config.toml | `string` | `""` | no | | [runners\_request\_concurrency](#input\_runners\_request\_concurrency) | Limit number of concurrent requests for new jobs from GitLab (default 1). | `number` | `1` | no | | [runners\_request\_spot\_instance](#input\_runners\_request\_spot\_instance) | Whether or not to request spot instances via docker-machine | `bool` | `true` | no | | [runners\_root\_size](#input\_runners\_root\_size) | Runner instance root size in GB. | `number` | `16` | no | diff --git a/locals.tf b/locals.tf index 4cbe4d18b..e4419e988 100644 --- a/locals.tf +++ b/locals.tf @@ -39,7 +39,7 @@ locals { } ) - runners_pull_policies = var.runners_pull_policy != "" ? "[\"${var.runners_pull_policy}\"]" : "[\"${join("\",\"", var.runners_pull_policies)}\"]" + runners_pull_policies = "[\"${join("\",\"", var.runners_pull_policies)}\"]" /* determines if the docker machine executable adds the Name tag automatically (versions >= 0.16.2) */ # make sure to skip pre-release stuff in the semver by ignoring everything after "-" diff --git a/variables.tf b/variables.tf index ddda76203..3c6381a95 100644 --- a/variables.tf +++ b/variables.tf @@ -248,12 +248,6 @@ variable "runners_helper_image" { default = "" } -variable "runners_pull_policy" { - description = "Deprecated! Use runners_pull_policies instead. pull_policy for the runners, will be used in the runner config.toml" - type = string - default = "" -} - variable "runners_pull_policies" { description = "pull policies for the runners, will be used in the runner config.toml, for Gitlab Runner >= 13.8, see https://docs.gitlab.com/runner/executors/docker.html#using-multiple-pull-policies " type = list(string) From c60ce4dae27f730f4cf63678e158425718372458 Mon Sep 17 00:00:00 2001 From: kayma Date: Sat, 11 Mar 2023 20:24:06 +0100 Subject: [PATCH 32/43] remove `pipefail` --- migrations/migrate-to-7-0-0.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/migrations/migrate-to-7-0-0.sh b/migrations/migrate-to-7-0-0.sh index 912a20930..4699e3487 100755 --- a/migrations/migrate-to-7-0-0.sh +++ b/migrations/migrate-to-7-0-0.sh @@ -1,6 +1,6 @@ #!/bin/sh -set -euo pipefail +set -eu # # Precondition: The module call has been extracted to a separate file given in "$1". The code is well-formatted. From b2da7eb8eb6bca4c2a7c3aaac3468ad3a51d200d Mon Sep 17 00:00:00 2001 From: kayma Date: Mon, 13 Mar 2023 20:02:49 +0100 Subject: [PATCH 33/43] use for loop in template --- locals.tf | 50 +------------- template/runner-config.tpl | 3 +- template/runners_docker_options.tftpl | 96 ++------------------------- 3 files changed, 8 insertions(+), 141 deletions(-) diff --git a/locals.tf b/locals.tf index 00fcb920c..42fffa630 100644 --- a/locals.tf +++ b/locals.tf @@ -14,55 +14,11 @@ locals { runners_docker_registry_mirror_option = var.runners_docker_registry_mirror == "" ? [] : ["engine-registry-mirror=${var.runners_docker_registry_mirror}"] - template_runners_docker_options = var.runners_docker_options == null ? "" : templatefile("${path.module}/template/runners_docker_options.tftpl", { - allowed_images = var.runners_docker_options.allowed_images == null ? null : join(", ", [for s in var.runners_docker_options.allowed_images : format("\"%s\"", s)]) - allowed_pull_policies = var.runners_docker_options.allowed_pull_policies == null ? null : join(", ", [for s in var.runners_docker_options.allowed_pull_policies : format("\"%s\"", s)]) - allowed_services = var.runners_docker_options.allowed_services == null ? null : join(", ", [for s in var.runners_docker_options.allowed_services : format("\"%s\"", s)]) - cache_dir = var.runners_docker_options.cache_dir - cap_add = var.runners_docker_options.cap_add == null ? null : join(", ", [for s in var.runners_docker_options.cap_add : format("\"%s\"", s)]) - cap_drop = var.runners_docker_options.cap_drop == null ? null : join(", ", [for s in var.runners_docker_options.cap_drop : format("\"%s\"", s)]) - container_labels = var.runners_docker_options.container_labels == null ? null : join(", ", [for s in var.runners_docker_options.container_labels : format("\"%s\"", s)]) - cpuset_cpus = var.runners_docker_options.cpuset_cpus - cpu_shares = var.runners_docker_options.cpu_shares - cpus = var.runners_docker_options.cpus - devices = var.runners_docker_options.devices == null ? null : join(", ", [for s in var.runners_docker_options.devices : format("\"%s\"", s)]) - device_cgroup_rules = var.runners_docker_options.device_cgroup_rules == null ? null : join(", ", [for s in var.runners_docker_options.device_cgroup_rules : format("\"%s\"", s)]) - disable_cache = var.runners_docker_options.disable_cache - disable_entrypoint_overwrite = var.runners_docker_options.disable_entrypoint_overwrite - dns = var.runners_docker_options.dns == null ? null : join(", ", [for s in var.runners_docker_options.dns : format("\"%s\"", s)]) - dns_search = var.runners_docker_options.dns_search == null ? null : join(", ", [for s in var.runners_docker_options.dns_search : format("\"%s\"", s)]) - extra_hosts = var.runners_docker_options.extra_hosts == null ? null : join(", ", [for s in var.runners_docker_options.extra_hosts : format("\"%s\"", s)]) - gpus = var.runners_docker_options.gpus - helper_image = var.runners_docker_options.helper_image - helper_image_flavor = var.runners_docker_options.helper_image_flavor - host = var.runners_docker_options.host - hostname = var.runners_docker_options.hostname - image = var.runners_docker_options.image - isolation = var.runners_docker_options.isolation - links = var.runners_docker_options.links == null ? null : join(", ", [for s in var.runners_docker_options.links : format("\"%s\"", s)]) - mac_address = var.runners_docker_options.mac_address - memory = var.runners_docker_options.memory - memory_reservation = var.runners_docker_options.memory_reservation - memory_swap = var.runners_docker_options.memory_swap - network_mode = var.runners_docker_options.network_mode - oom_kill_disable = var.runners_docker_options.oom_kill_disable - oom_score_adjust = var.runners_docker_options.oom_score_adjust - privileged = var.runners_docker_options.privileged - pull_policies = jsonencode(var.runners_docker_options.pull_policies) - runtime = var.runners_docker_options.runtime - security_opt = var.runners_docker_options.security_opt == null ? null : join(", ", [for s in var.runners_docker_options.security_opt : format("\"%s\"", s)]) - shm_size = var.runners_docker_options.shm_size - sysctls = var.runners_docker_options.sysctls == null ? null : join(", ", [for s in var.runners_docker_options.sysctls : format("\"%s\"", s)]) - tls_cert_path = var.runners_docker_options.tls_cert_path - tls_verify = var.runners_docker_options.tls_verify - user = var.runners_docker_options.user - userns_mode = var.runners_docker_options.userns_mode - volumes = jsonencode(concat(var.runners_add_dind_volumes ? ["/certs/client", "/builds", "/var/run/docker.sock:/var/run/docker.sock"] : [], var.runners_docker_options.volumes)) - volume_driver = var.runners_docker_options.volume_driver - volumes_from = var.runners_docker_options.volumes_from == null ? null : join(", ", [for s in var.runners_docker_options.volumes_from : format("\"%s\"", s)]) - wait_for_services_timeout = var.runners_docker_options.wait_for_services_timeout + runners_docker_options_toml = templatefile("${path.module}/template/runners_docker_options.tftpl", { + options = var.runners_docker_options }) + # Ensure max builds is optional runners_max_builds_string = var.runners_max_builds == 0 ? "" : format("MaxBuilds = %d", var.runners_max_builds) diff --git a/template/runner-config.tpl b/template/runner-config.tpl index 7c137b183..4399a8fad 100644 --- a/template/runner-config.tpl +++ b/template/runner-config.tpl @@ -18,8 +18,7 @@ listen_address = "${prometheus_listen_address}" output_limit = ${runners_output_limit} limit = ${runners_limit} - [runners.docker] - ${runners_docker_options} + ${runners_docker_options} ${runners_docker_services} diff --git a/template/runners_docker_options.tftpl b/template/runners_docker_options.tftpl index 7c6049d83..3cd1719a6 100644 --- a/template/runners_docker_options.tftpl +++ b/template/runners_docker_options.tftpl @@ -1,92 +1,4 @@ -%{ if allowed_images != null } allowed_images = [${allowed_images}] -%{endif ~} -%{ if allowed_pull_policies != null } allowed_pull_policies = [${allowed_pull_policies}] -%{endif ~} -%{ if allowed_services != null } allowed_services = [${allowed_services}] -%{endif ~} -%{ if cache_dir != null } cache_dir = "${cache_dir}" -%{endif ~} -%{ if cap_add != null } cap_add = [${cap_add}] -%{endif ~} -%{ if cap_drop != null } cap_drop = [${cap_drop}] -%{endif ~} -%{ if container_labels != null } container_labels = [${container_labels}] -%{endif ~} -%{ if cpuset_cpus != null } cpuset_cpus = "${cpuset_cpus}" -%{endif ~} -%{ if cpu_shares != null } cpu_shares = ${cpu_shares} -%{endif ~} -%{ if cpus != null } cpus = "${cpus}" -%{endif ~} -%{ if devices != null } devices = [${devices}] -%{endif ~} -%{ if device_cgroup_rules != null } device_cgroup_rules = [${device_cgroup_rules}] -%{endif ~} -%{ if disable_cache != null} disable_cache = ${disable_cache} -%{endif ~} -%{ if disable_entrypoint_overwrite != null } disable_entrypoint_overwrite = ${disable_entrypoint_overwrite} -%{endif ~} -%{ if dns != null } dns = [${dns}] -%{endif ~} -%{ if dns_search != null } dns_search = [${dns_search}] -%{endif ~} -%{ if extra_hosts != null } extra_hosts = [${extra_hosts}] -%{endif ~} -%{ if gpus != null } gpus = "${gpus}" -%{endif ~} -%{ if helper_image != null } helper_image = "${helper_image}" -%{endif ~} -%{ if helper_image_flavor != null } helper_image_flavor = "${helper_image_flavor}" -%{endif ~} -%{ if host != null } host = "${host}" -%{endif ~} -%{ if hostname != null } hostname = "${hostname}" -%{endif ~} -%{ if image != null} image = "${image}" -%{endif ~} -%{ if isolation != null} isolation = "${isolation}" -%{endif ~} -%{ if links != null } links = [${links}] -%{endif ~} -%{ if mac_address != null } mac_address = "${mac_address}" -%{endif ~} -%{ if memory != null } memory = "${memory}" -%{endif ~} -%{ if memory_reservation != null } memory_reservation = "${memory_reservation}" -%{endif ~} -%{ if memory_swap != null } memory_swap = "${memory_swap}" -%{endif ~} -%{ if network_mode != null } network_mode = "${network_mode}" -%{endif ~} -%{ if oom_kill_disable != null } oom_kill_disable = ${oom_kill_disable} -%{endif ~} -%{ if oom_score_adjust != null } oom_score_adjust = ${oom_score_adjust} -%{endif ~} -%{ if privileged != null} privileged = ${privileged} -%{endif ~} -%{ if pull_policies != null} pull_policy = ${pull_policies} -%{endif ~} -%{ if runtime != null } runtime = "${runtime}" -%{endif ~} -%{ if security_opt != null } security_opt = [${security_opt}] -%{endif ~} -%{ if shm_size != null} shm_size = ${shm_size} -%{endif ~} -%{ if sysctls != null } sysctls = [${sysctls}] -%{endif ~} -%{ if tls_cert_path != null } tls_cert_path = "${tls_cert_path}" -%{endif ~} -%{ if tls_verify != null} tls_verify = ${tls_verify} -%{endif ~} -%{ if user != null} user = "${user}" -%{endif ~} -%{ if userns_mode != null } userns_mode = "${userns_mode}" -%{endif ~} -%{ if volumes != null} volumes = ${volumes} -%{endif ~} -%{ if volumes_from != null } volumes_from = [${volumes_from}] -%{endif ~} -%{ if volume_driver != null } volume_driver = "${volume_driver}" -%{endif ~} -%{ if wait_for_services_timeout != null } wait_for_services_timeout = ${wait_for_services_timeout} -%{endif ~} +[runners.docker] +%{ for key, value in options ~} + ${key} = ${jsonencode(value)} +%{ endfor ~} From 96ca6befc17a8b6e2792ca4291967aa2cbdde961 Mon Sep 17 00:00:00 2001 From: kayma Date: Mon, 13 Mar 2023 20:05:01 +0100 Subject: [PATCH 34/43] fix syntax error --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index de840424d..a31747c0e 100644 --- a/main.tf +++ b/main.tf @@ -118,7 +118,7 @@ locals { runners_request_concurrency = var.runners_request_concurrency runners_output_limit = var.runners_output_limit runners_check_interval = var.runners_check_interval - runners_docker_options = local.template_runners_docker_options + runners_docker_options = local.runners_docker_options_toml runners_volumes_tmpfs = join("\n", [for v in var.runners_volumes_tmpfs : format("\"%s\" = \"%s\"", v.volume, v.options)]) runners_services_volumes_tmpfs = join("\n", [for v in var.runners_services_volumes_tmpfs : format("\"%s\" = \"%s\"", v.volume, v.options)]) runners_docker_services = local.runners_docker_services From 6602488f40e825f55412b97d5f118998365efea8 Mon Sep 17 00:00:00 2001 From: kayma Date: Mon, 13 Mar 2023 20:17:12 +0100 Subject: [PATCH 35/43] fix template --- locals.tf | 4 +++- template/runners_docker_options.tftpl | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/locals.tf b/locals.tf index 42fffa630..aabdbcbba 100644 --- a/locals.tf +++ b/locals.tf @@ -15,7 +15,9 @@ locals { runners_docker_registry_mirror_option = var.runners_docker_registry_mirror == "" ? [] : ["engine-registry-mirror=${var.runners_docker_registry_mirror}"] runners_docker_options_toml = templatefile("${path.module}/template/runners_docker_options.tftpl", { - options = var.runners_docker_options + options = { + for key, value in var.runners_docker_options: key => value if value != null + } }) diff --git a/template/runners_docker_options.tftpl b/template/runners_docker_options.tftpl index 3cd1719a6..2a4dcac4a 100644 --- a/template/runners_docker_options.tftpl +++ b/template/runners_docker_options.tftpl @@ -1,4 +1,4 @@ -[runners.docker] + [runners.docker] %{ for key, value in options ~} - ${key} = ${jsonencode(value)} + ${key} = ${jsonencode(value)} %{ endfor ~} From 017cb7f29a1fe36e30a8cadf350d4f16db92f174 Mon Sep 17 00:00:00 2001 From: kayma Date: Mon, 13 Mar 2023 20:20:42 +0100 Subject: [PATCH 36/43] format code --- locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locals.tf b/locals.tf index aabdbcbba..6e6b809b5 100644 --- a/locals.tf +++ b/locals.tf @@ -16,7 +16,7 @@ locals { runners_docker_options_toml = templatefile("${path.module}/template/runners_docker_options.tftpl", { options = { - for key, value in var.runners_docker_options: key => value if value != null + for key, value in var.runners_docker_options : key => value if value != null } }) From 3cde0f1c6eb401c424a2b65bbbfce3eb40f89615 Mon Sep 17 00:00:00 2001 From: Tyrone Meijn Date: Thu, 2 Mar 2023 09:25:58 +0100 Subject: [PATCH 37/43] fix!: remove deprecated pull policy variable (#710) ## Description Removes the earlier deprecated `runners_pull_policy` variable. Since were making a Major release I thought this one was nice to catch. ## Migrations required YES. Replace the `runners_pull_policy` by `runners_pull_policies`. --- README.md | 1 - locals.tf | 2 +- variables.tf | 6 ------ 3 files changed, 1 insertion(+), 8 deletions(-) diff --git a/README.md b/README.md index 735a29a0f..db1dd9f21 100644 --- a/README.md +++ b/README.md @@ -610,7 +610,6 @@ Made with [contributors-img](https://contrib.rocks). | [runners\_pre\_clone\_script](#input\_runners\_pre\_clone\_script) | Commands to be executed on the Runner before cloning the Git repository. this can be used to adjust the Git client configuration first, for example. | `string` | `"\"\""` | no | | [runners\_privileged](#input\_runners\_privileged) | Runners will run in privileged mode, will be used in the runner config.toml | `bool` | `true` | no | | [runners\_pull\_policies](#input\_runners\_pull\_policies) | pull policies for the runners, will be used in the runner config.toml, for Gitlab Runner >= 13.8, see https://docs.gitlab.com/runner/executors/docker.html#using-multiple-pull-policies | `list(string)` | 
[
  "always"
]
| no | -| [runners\_pull\_policy](#input\_runners\_pull\_policy) | Deprecated! Use runners\_pull\_policies instead. pull\_policy for the runners, will be used in the runner config.toml | `string` | `""` | no | | [runners\_request\_concurrency](#input\_runners\_request\_concurrency) | Limit number of concurrent requests for new jobs from GitLab (default 1). | `number` | `1` | no | | [runners\_request\_spot\_instance](#input\_runners\_request\_spot\_instance) | Whether or not to request spot instances via docker-machine | `bool` | `true` | no | | [runners\_root\_size](#input\_runners\_root\_size) | Runner instance root size in GB. | `number` | `16` | no | diff --git a/locals.tf b/locals.tf index 3b15a286c..4c11cdd62 100644 --- a/locals.tf +++ b/locals.tf @@ -78,7 +78,7 @@ locals { } ) - runners_pull_policies = var.runners_pull_policy != "" ? "[\"${var.runners_pull_policy}\"]" : "[\"${join("\",\"", var.runners_pull_policies)}\"]" + runners_pull_policies = "[\"${join("\",\"", var.runners_pull_policies)}\"]" /* determines if the docker machine executable adds the Name tag automatically (versions >= 0.16.2) */ # make sure to skip pre-release stuff in the semver by ignoring everything after "-" diff --git a/variables.tf b/variables.tf index a63159f31..61d84f9e3 100644 --- a/variables.tf +++ b/variables.tf @@ -248,12 +248,6 @@ variable "runners_helper_image" { default = "" } -variable "runners_pull_policy" { - description = "Deprecated! Use runners_pull_policies instead. pull_policy for the runners, will be used in the runner config.toml" - type = string - default = "" -} - variable "runners_pull_policies" { description = "pull policies for the runners, will be used in the runner config.toml, for Gitlab Runner >= 13.8, see https://docs.gitlab.com/runner/executors/docker.html#using-multiple-pull-policies " type = list(string) From 0078748a1aa17a9e308e56a98e0e7d562f09bc3d Mon Sep 17 00:00:00 2001 From: kayma Date: Thu, 16 Mar 2023 20:20:51 +0100 Subject: [PATCH 38/43] do not use Terraform < 1.3. No longer supported --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 405afb1c0..8f5c237ca 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,7 +31,7 @@ jobs: strategy: fail-fast: false matrix: - terraform: [ 1.0.11, 1.3.9, latest ] + terraform: [ 1.3.9, latest ] example: [ "runner-default", From 19de0a89681cfec19426a8db02e05314225f336b Mon Sep 17 00:00:00 2001 From: kayma Date: Thu, 16 Mar 2023 20:26:13 +0100 Subject: [PATCH 39/43] add additional volumes again --- locals.tf | 4 ++++ variables.tf | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/locals.tf b/locals.tf index 8e9099c3d..db3cdb21f 100644 --- a/locals.tf +++ b/locals.tf @@ -71,6 +71,10 @@ locals { name_sg = var.overrides["name_sg"] == "" ? local.tags["Name"] : var.overrides["name_sg"] name_iam_objects = lookup(var.overrides, "name_iam_objects", "") == "" ? local.tags["Name"] : var.overrides["name_iam_objects"] + runners_additional_volumes = <<-EOT + %{~if var.runners_add_dind_volumes~},"/certs/client", "/builds", "/var/run/docker.sock:/var/run/docker.sock"%{endif~}%{~for volume in var.runners_additional_volumes~},"${volume}"%{endfor~} + EOT + runners_machine_autoscaling = templatefile("${path.module}/template/runners_machine_autoscaling.tftpl", { runners_machine_autoscaling = var.runners_machine_autoscaling } diff --git a/variables.tf b/variables.tf index c7bd0ffb7..950db67fa 100644 --- a/variables.tf +++ b/variables.tf @@ -200,6 +200,12 @@ variable "runners_add_dind_volumes" { default = false } +variable "runners_additional_volumes" { + description = "Additional volumes that will be used in the runner config.toml, e.g Docker socket" + type = list(any) + default = [] +} + variable "runners_docker_options" { description = < Date: Thu, 16 Mar 2023 20:48:31 +0100 Subject: [PATCH 40/43] add dind volumes --- locals.tf | 13 +++++++------ variables.tf | 6 ------ 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/locals.tf b/locals.tf index db3cdb21f..3be3173a5 100644 --- a/locals.tf +++ b/locals.tf @@ -53,10 +53,13 @@ locals { runners_docker_registry_mirror_option = var.runners_docker_registry_mirror == "" ? [] : ["engine-registry-mirror=${var.runners_docker_registry_mirror}"] runners_docker_options_toml = templatefile("${path.module}/template/runners_docker_options.tftpl", { - options = { - for key, value in var.runners_docker_options : key => value if value != null + options = merge({ + for key, value in var.runners_docker_options : key => value if value != null && key != "volumes" + }, { + volumes = local.runners_volumes + }) } - }) + ) # Ensure max builds is optional @@ -71,9 +74,7 @@ locals { name_sg = var.overrides["name_sg"] == "" ? local.tags["Name"] : var.overrides["name_sg"] name_iam_objects = lookup(var.overrides, "name_iam_objects", "") == "" ? local.tags["Name"] : var.overrides["name_iam_objects"] - runners_additional_volumes = <<-EOT - %{~if var.runners_add_dind_volumes~},"/certs/client", "/builds", "/var/run/docker.sock:/var/run/docker.sock"%{endif~}%{~for volume in var.runners_additional_volumes~},"${volume}"%{endfor~} - EOT + runners_volumes = concat(var.docker_machine_options.volumes, var.runners_add_dind_volumes ? ["/certs/client", "/builds", "/var/run/docker.sock:/var/run/docker.sock"] : []) runners_machine_autoscaling = templatefile("${path.module}/template/runners_machine_autoscaling.tftpl", { runners_machine_autoscaling = var.runners_machine_autoscaling diff --git a/variables.tf b/variables.tf index 950db67fa..c7bd0ffb7 100644 --- a/variables.tf +++ b/variables.tf @@ -200,12 +200,6 @@ variable "runners_add_dind_volumes" { default = false } -variable "runners_additional_volumes" { - description = "Additional volumes that will be used in the runner config.toml, e.g Docker socket" - type = list(any) - default = [] -} - variable "runners_docker_options" { description = < Date: Thu, 16 Mar 2023 20:58:01 +0100 Subject: [PATCH 41/43] NETWORK-MODE --- locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locals.tf b/locals.tf index 3be3173a5..82aa94faa 100644 --- a/locals.tf +++ b/locals.tf @@ -74,7 +74,7 @@ locals { name_sg = var.overrides["name_sg"] == "" ? local.tags["Name"] : var.overrides["name_sg"] name_iam_objects = lookup(var.overrides, "name_iam_objects", "") == "" ? local.tags["Name"] : var.overrides["name_iam_objects"] - runners_volumes = concat(var.docker_machine_options.volumes, var.runners_add_dind_volumes ? ["/certs/client", "/builds", "/var/run/docker.sock:/var/run/docker.sock"] : []) + runners_volumes = concat(var.runners_docker_options.volumes, var.runners_add_dind_volumes ? ["/certs/client", "/builds", "/var/run/docker.sock:/var/run/docker.sock"] : []) runners_machine_autoscaling = templatefile("${path.module}/template/runners_machine_autoscaling.tftpl", { runners_machine_autoscaling = var.runners_machine_autoscaling From 9aaa0dd1dc2a5d6b44f5c649c314d77eedd1df69 Mon Sep 17 00:00:00 2001 From: kayma Date: Thu, 16 Mar 2023 21:02:00 +0100 Subject: [PATCH 42/43] NETWORK-MODE --- examples/runner-certificates/main.tf | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/examples/runner-certificates/main.tf b/examples/runner-certificates/main.tf index d652c1328..30ac52eb2 100644 --- a/examples/runner-certificates/main.tf +++ b/examples/runner-certificates/main.tf @@ -49,8 +49,13 @@ module "runner" { # cp /etc/gitlab-runner/certs/* /usr/local/share/ca-certificates/ # update-ca-certificates # Or similar OS-dependent commands. The above are an example for Ubuntu. - runners_additional_volumes = ["/etc/gitlab-runner/certs/:/etc/gitlab-runner/certs:ro"] - + runners_docker_options = { + volumes = [ + "/cache", + "/etc/gitlab-runner/certs/:/etc/gitlab-runner/certs:ro" + ] + } + ############################################### # Registration ############################################### @@ -70,4 +75,4 @@ module "runner" { vpc_id = module.vpc.vpc_id subnet_id = element(module.vpc.public_subnets, 0) -} \ No newline at end of file +} From be336e61aab7711f06a7704a964c84bc40417411 Mon Sep 17 00:00:00 2001 From: kayma Date: Thu, 16 Mar 2023 21:02:14 +0100 Subject: [PATCH 43/43] format code --- examples/runner-certificates/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/runner-certificates/main.tf b/examples/runner-certificates/main.tf index 30ac52eb2..9fb13c537 100644 --- a/examples/runner-certificates/main.tf +++ b/examples/runner-certificates/main.tf @@ -51,11 +51,11 @@ module "runner" { # Or similar OS-dependent commands. The above are an example for Ubuntu. runners_docker_options = { volumes = [ - "/cache", + "/cache", "/etc/gitlab-runner/certs/:/etc/gitlab-runner/certs:ro" ] } - + ############################################### # Registration ###############################################