Skip to content

refactor: move runner configuration into separate module #1240

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 14 commits into
base: main
Choose a base branch
from
Draft

refactor: move runner configuration into separate module #1240

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
5d00f61
move runner config into separate template
kayman-mk Feb 9, 2025
7292070
fix variables
kayman-mk Feb 9, 2025
1a2633e
fix variables
kayman-mk Feb 9, 2025
d4e5cd5
fix variables
kayman-mk Feb 9, 2025
f4ebfd8
Merge branch 'main' into kayma/allow-multi-runners
kayman-mk Feb 20, 2025
529c363
add more variables
kayman-mk Feb 20, 2025
7428bf6
remove runner_worker prefix
kayman-mk Feb 20, 2025
2335e82
match variables
kayman-mk Feb 20, 2025
e5d3971
format code
kayman-mk Feb 20, 2025
71b04a8
move templates
kayman-mk Feb 20, 2025
98e13af
add missing attributes
kayman-mk Feb 20, 2025
6c9ee5d
format code
kayman-mk Feb 20, 2025
fe5f6b0
fix checkov
kayman-mk Feb 20, 2025
820d316
fix kics
kayman-mk Feb 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 0 additions & 38 deletions docker_machine.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,41 +1,3 @@
locals {
template_runner_docker_machine = templatefile("${path.module}/template/runner-docker-machine-config.tftpl",
{
runners_idle_count = var.runner_worker_docker_machine_instance.idle_count
runners_idle_time = var.runner_worker_docker_machine_instance.idle_time
runners_max_builds = local.runners_max_builds_string
docker_machine_name = format("%s-%s", local.runner_tags_merged["Name"], "%s") # %s is always needed
runners_instance_types = var.runner_worker_docker_machine_instance.types
aws_region = data.aws_region.current.name
runners_aws_zone = data.aws_availability_zone.runners.name_suffix
runners_userdata = var.runner_worker_docker_machine_instance.start_script

runners_vpc_id = var.vpc_id
runners_subnet_id = var.subnet_id
runners_subnet_ids = length(var.runner_worker_docker_machine_instance.subnet_ids) > 0 ? var.runner_worker_docker_machine_instance.subnet_ids : [var.subnet_id]
runners_instance_profile = var.runner_worker.type == "docker+machine" ? aws_iam_instance_profile.docker_machine[0].name : ""

runners_use_private_address_only = var.runner_worker_docker_machine_instance.private_address_only
runners_use_private_address = !var.runner_worker_docker_machine_instance.private_address_only
runners_request_spot_instance = var.runner_worker_docker_machine_instance_spot.enable
runners_spot_price_bid = var.runner_worker_docker_machine_instance_spot.max_price == "on-demand-price" || var.runner_worker_docker_machine_instance_spot.max_price == null ? "" : var.runner_worker_docker_machine_instance_spot.max_price
runners_security_group_name = var.runner_worker.type == "docker+machine" ? aws_security_group.docker_machine[0].name : ""

runners_tags = replace(replace(local.runner_tags_string, ",,", ","), "/,$/", "")
runners_ebs_optimized = var.runner_worker_docker_machine_instance.ebs_optimized
runners_monitoring = var.runner_worker_docker_machine_instance.monitoring
runners_iam_instance_profile_name = var.runner_worker_docker_machine_role.profile_name
runners_root_size = var.runner_worker_docker_machine_instance.root_size
runners_volume_type = var.runner_worker_docker_machine_instance.volume_type
runners_ami = var.runner_worker.type == "docker+machine" ? (length(var.runner_worker_docker_machine_ami_id) > 0 ? var.runner_worker_docker_machine_ami_id : data.aws_ami.docker_machine_by_filter[0].id) : ""
use_fleet = var.runner_worker_docker_machine_fleet.enable
launch_template = var.runner_worker_docker_machine_fleet.enable == true ? aws_launch_template.fleet_gitlab_runner[0].name : ""
docker_machine_options = length(local.docker_machine_options_string) == 1 ? "" : local.docker_machine_options_string
runners_max_growth_rate = var.runner_worker_docker_machine_instance.max_growth_rate
runners_volume_kms_key = local.kms_key_arn
})
}

resource "aws_iam_instance_profile" "docker_machine" {
count = var.runner_worker.type == "docker+machine" ? 1 : 0
name = "${local.name_iam_objects}-docker-machine"
Expand Down
39 changes: 0 additions & 39 deletions locals.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,27 +44,6 @@ locals {
)
aws_iam_role_instance_arn = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:role/${local.aws_iam_role_instance_name}"

# Convert list to a string separated and prepend by a comma
docker_machine_options_string = format(
",\"amazonec2-metadata-token=${var.runner_worker_docker_machine_ec2_metadata_options.http_tokens}\", \"amazonec2-metadata-token-response-hop-limit=${var.runner_worker_docker_machine_ec2_metadata_options.http_put_response_hop_limit}\",%s",
join(",", formatlist("%q", concat(var.runner_worker_docker_machine_ec2_options, local.runners_docker_registry_mirror_option))),
)

runners_docker_registry_mirror_option = var.runner_worker_docker_machine_instance.docker_registry_mirror_url == "" ? [] : ["engine-registry-mirror=${var.runner_worker_docker_machine_instance.docker_registry_mirror_url}"]

runners_docker_options_toml = templatefile("${path.module}/template/runners_docker_options.tftpl", {
options = merge({
for key, value in var.runner_worker_docker_options : key => value if value != null && key != "volumes" && key != "pull_policies"
}, {
pull_policy = var.runner_worker_docker_options.pull_policies
volumes = local.runners_volumes
})
}
)

# Ensure max builds is optional
runners_max_builds_string = var.runner_worker_docker_machine_instance.destroy_after_max_builds == 0 ? "" : format("MaxBuilds = %d", var.runner_worker_docker_machine_instance.destroy_after_max_builds)

# Define key for runner token for SSM
secure_parameter_store_runner_token_key = "${var.environment}-${var.runner_gitlab_token_secure_parameter_store}"
secure_parameter_store_runner_sentry_dsn = "${var.environment}-${var.runner_sentry_secure_parameter_store_name}"
Expand All @@ -74,24 +53,6 @@ locals {
name_sg = var.security_group_prefix == "" ? local.tags["Name"] : var.security_group_prefix
name_iam_objects = var.iam_object_prefix == "" ? local.tags["Name"] : var.iam_object_prefix

runners_volumes = concat(var.runner_worker_docker_options.volumes, var.runner_worker_docker_add_dind_volumes ? ["/certs/client", "/builds", "/var/run/docker.sock:/var/run/docker.sock"] : [])

runners_docker_services = templatefile("${path.module}/template/runners_docker_services.tftpl", {
runners_docker_services = var.runner_worker_docker_services
}
)

/* determines if the docker machine executable adds the Name tag automatically (versions >= 0.16.2) */
# make sure to skip pre-release stuff in the semver by ignoring everything after "-"
docker_machine_version_used = split(".", split("-", var.runner_install.docker_machine_version)[0])
docker_machine_version_with_name_tag = split(".", "0.16.2")
docker_machine_version_test = [
for i, j in reverse(range(length(local.docker_machine_version_used)))
: signum(local.docker_machine_version_with_name_tag[i] - local.docker_machine_version_used[i]) * pow(10, j)
]

docker_machine_adds_name_tag = signum(sum(local.docker_machine_version_test)) <= 0

runner_worker_graceful_terminate_heartbeat_timeout = (var.runner_terminate_ec2_lifecycle_timeout_duration == null
? min(7200, tonumber(coalesce(var.runner_gitlab_registration_config.maximum_timeout, 0)) + 300)
: var.runner_terminate_ec2_lifecycle_timeout_duration)
Expand Down
108 changes: 53 additions & 55 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
# Parameter value is managed by the user-data script of the gitlab runner instance
resource "aws_ssm_parameter" "runner_registration_token" {
# checkov:skip=CKV_AWS_337:KMS key can be enabled by the user
name = local.secure_parameter_store_runner_token_key
type = "SecureString"
value = "null"
Expand All @@ -14,6 +15,7 @@ resource "aws_ssm_parameter" "runner_registration_token" {
}

resource "aws_ssm_parameter" "runner_sentry_dsn" {
# checkov:skip=CKV_AWS_337:KMS key can be enabled by the user
name = local.secure_parameter_store_runner_sentry_dsn
type = "SecureString"
value = "null"
Expand Down Expand Up @@ -85,67 +87,63 @@ locals {
fleeting_plugin_version = var.runner_worker_docker_autoscaler.fleeting_plugin_version
})

template_runner_docker_autoscaler = templatefile("${path.module}/template/runner-docker-autoscaler-config.tftpl",
template_runner_config = templatefile("${path.module}/template/runner-agent.tftpl",
{
docker_autoscaling_name = var.runner_worker.type == "docker-autoscaler" ? aws_autoscaling_group.autoscaler[0].name : ""
connector_config_user = var.runner_worker_docker_autoscaler.connector_config_user
runners_capacity_per_instance = var.runner_worker_docker_autoscaler.capacity_per_instance
runners_max_use_count = var.runner_worker_docker_autoscaler.max_use_count
runners_max_instances = var.runner_worker.max_jobs
prometheus_listen_address = var.runner_manager.prometheus_listen_address
runners_check_interval = var.runner_manager.gitlab_check_interval
runners_concurrent = var.runner_manager.maximum_concurrent_jobs
sentry_dsn = var.runner_manager.sentry_dsn

runners_update_interval = var.runner_worker_docker_autoscaler.update_interval
runners_update_interval_when_expecting = var.runner_worker_docker_autoscaler.update_interval_when_expecting

runners_instance_ready_command = var.runner_worker_docker_autoscaler.instance_ready_command

use_private_key = var.runner_worker.use_private_key && var.runner_worker.type == "docker-autoscaler"

runners_autoscaling = [for config in var.runner_worker_docker_autoscaler_autoscaling_options : {
for key, value in config :
# Convert key from snake_case to PascalCase which is the casing for this section.
key => jsonencode(value) if value != null
}]
})

template_runner_config = templatefile("${path.module}/template/runner-config.tftpl",
{
aws_region = data.aws_region.current.name
gitlab_url = var.runner_gitlab.url
gitlab_clone_url = var.runner_gitlab.url_clone
tls_ca_file = length(var.runner_gitlab.certificate) > 0 ? "tls-ca-file=\"/etc/gitlab-runner/certs/gitlab.crt\"" : ""
runners_machine_autoscaling = [for config in var.runner_worker_docker_machine_autoscaling_options : {
for key, value in config :
# Convert key from snake_case to PascalCase which is the casing for this section.
join("", [for subkey in split("_", key) : title(subkey)]) => jsonencode(value) if value != null
}]

runners_name = var.runner_instance.name
runners_token = var.runner_gitlab.registration_token
runners_executor = var.runner_worker.type
runners_limit = var.runner_worker.max_jobs
runners_concurrent = var.runner_manager.maximum_concurrent_jobs
runners_environment_vars = jsonencode(var.runner_worker.environment_variables)
runners_pre_build_script = var.runner_worker_gitlab_pipeline.pre_build_script
runners_post_build_script = var.runner_worker_gitlab_pipeline.post_build_script
runners_pre_clone_script = var.runner_worker_gitlab_pipeline.pre_clone_script
runners_request_concurrency = var.runner_worker.request_concurrency
runners_output_limit = var.runner_worker.output_limit
runners_check_interval = var.runner_manager.gitlab_check_interval
runners_volumes_tmpfs = join("\n", [for v in var.runner_worker_docker_volumes_tmpfs : format("\"%s\" = \"%s\"", v.volume, v.options)])
runners_services_volumes_tmpfs = join("\n", [for v in var.runner_worker_docker_services_volumes_tmpfs : format("\"%s\" = \"%s\"", v.volume, v.options)])
runners_docker_services = local.runners_docker_services
runners_docker_options = local.runners_docker_options_toml
bucket_name = local.bucket_name
shared_cache = var.runner_worker_cache.shared
sentry_dsn = var.runner_manager.sentry_dsn
prometheus_listen_address = var.runner_manager.prometheus_listen_address
auth_type = var.runner_worker_cache.authentication_type
runners_docker_autoscaler = var.runner_worker.type == "docker-autoscaler" ? local.template_runner_docker_autoscaler : ""
runners_docker_machine = var.runner_worker.type == "docker+machine" ? local.template_runner_docker_machine : ""
runners = [module.runner.runner_config]
}
)
}

module "runner" {
source = "./modules/runner-config"

vpc_id = var.vpc_id
subnet_id = var.subnet_id

suppressed_tags = var.suppressed_tags
kms_key_arn = local.kms_key_arn

runner_instance = var.runner_instance
runner_worker = var.runner_worker
runner_install = var.runner_install
runner_gitlab = var.runner_gitlab

cache = var.runner_worker_cache
cache_bucket_name = local.bucket_name

gitlab_pipeline = var.runner_worker_gitlab_pipeline

docker_autoscaler = var.runner_worker_docker_autoscaler
docker_autoscaler_asg_name = var.runner_worker.type == "docker-autoscaler" ? aws_autoscaling_group.autoscaler[0].name : ""
docker_autoscaler_autoscaling_options = var.runner_worker_docker_autoscaler_autoscaling_options

docker_machine_runner_name = local.runner_tags_merged["Name"]
docker_machine_availability_zone_name = data.aws_availability_zone.runners.name_suffix
docker_machine_instance_profile_name = var.runner_worker.type == "docker+machine" ? aws_iam_instance_profile.docker_machine[0].name : ""
docker_machine_security_group_name = var.runner_worker.type == "docker+machine" ? aws_security_group.docker_machine[0].name : ""
docker_machine_ami_id = data.aws_ami.docker_machine_by_filter[0].id
docker_machine_fleet_launch_template_name = var.runner_worker_docker_machine_fleet.enable == true ? aws_launch_template.fleet_gitlab_runner[0].name : ""
docker_machine_tags = local.runner_tags_merged
docker_machine_instance = var.runner_worker_docker_machine_instance
docker_machine_ec2_options = var.runner_worker_docker_machine_ec2_options
docker_machine_ec2_metadata_options = var.runner_worker_docker_machine_ec2_metadata_options
docker_machine_fleet = var.runner_worker_docker_machine_fleet
docker_machine_role = var.runner_worker_docker_machine_role
docker_machine_instance_spot = var.runner_worker_docker_machine_instance_spot
docker_machine_autoscaling_options = var.runner_worker_docker_machine_autoscaling_options

docker_add_dind_volumes = var.runner_worker_docker_add_dind_volumes
docker_options = var.runner_worker_docker_options
docker_services = var.runner_worker_docker_services
docker_services_volumes_tmpfs = var.runner_worker_docker_services_volumes_tmpfs
docker_volumes_tmpfs = var.runner_worker_docker_volumes_tmpfs
}

# ignores: Autoscaling Groups Supply Tags --> we use a "dynamic" block to create the tags
# ignores: Auto Scaling Group With No Associated ELB --> that's simply not true, as the EC2 instance contacts GitLab. So no ELB needed here.
# kics-scan ignore-line
Expand Down
Loading