From 540c397596e5aab8f62ce20494a0397ee18ddeb2 Mon Sep 17 00:00:00 2001
From: Karel van Klink <karel.vanklink@geant.org>
Date: Mon, 13 Feb 2023 18:20:14 +0100
Subject: [PATCH] Add playbook for installing and setting up gitlab-runner

---
 .gitignore                                    |  1 +
 README.md                                     | 13 +++++++
 group_vars/ci-runners.yml.example             |  7 ++++
 inventory.yml                                 |  5 +++
 playbook.yml                                  |  5 +++
 .../files/pin-gitlab-runner.pref              |  4 +++
 roles/gitlab-runner/tasks/main.yml            | 34 +++++++++++++++++++
 7 files changed, 69 insertions(+)
 create mode 100644 README.md
 create mode 100644 group_vars/ci-runners.yml.example
 create mode 100644 inventory.yml
 create mode 100644 playbook.yml
 create mode 100644 roles/gitlab-runner/files/pin-gitlab-runner.pref
 create mode 100644 roles/gitlab-runner/tasks/main.yml

diff --git a/.gitignore b/.gitignore
index 5420a22..631f491 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 *.idea/
+group_vars/ci-runners.yml
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..3dc023e
--- /dev/null
+++ b/README.md
@@ -0,0 +1,13 @@
+# Ansible playbook for deploying a GAP GitLab CI runner
+
+This playbook is used to install the gitlab-runner package on a VM.
+
+To run this playbook:
+
+ 1. Provision a 'nat_ci' VM in Puppet
+ 2. Get the ip address of the new VM, and configure your ssh environment
+ 3. Create & activate a python virtual environment and install ansible
+ 4. Update inventory.yml so that your VM is defined in the "gitlab-runner" group
+ 5. Update group_vars/ci-runners.yml with your gitlab.geant.net username and personal access token
+ 6. Install the `community.general` collection from Ansible galaxy with the following command: `ansible-galaxy collection install community.general`
+ 7. Run the following command to execute the playbook: `ansible-playbook -i inventory.yml playbook.yml`
diff --git a/group_vars/ci-runners.yml.example b/group_vars/ci-runners.yml.example
new file mode 100644
index 0000000..438e6ea
--- /dev/null
+++ b/group_vars/ci-runners.yml.example
@@ -0,0 +1,7 @@
+runner:
+  gitlab_url: 'https://gitlab.geant.org/'
+  access_token: xxx
+  registration_token: xxx
+  runner_tags:
+    - gap
+    - nat
diff --git a/inventory.yml b/inventory.yml
new file mode 100644
index 0000000..164ce38
--- /dev/null
+++ b/inventory.yml
@@ -0,0 +1,5 @@
+ci-runners:
+  hosts:
+    test-nat-ci01:
+      ansible_host:
+        test-nat-ci01
diff --git a/playbook.yml b/playbook.yml
new file mode 100644
index 0000000..ffe8d2e
--- /dev/null
+++ b/playbook.yml
@@ -0,0 +1,5 @@
+- name: Install and set up a GitLab CI runner
+  hosts: ci-runners
+  become: true
+  roles:
+    - gitlab-runner
diff --git a/roles/gitlab-runner/files/pin-gitlab-runner.pref b/roles/gitlab-runner/files/pin-gitlab-runner.pref
new file mode 100644
index 0000000..9998a89
--- /dev/null
+++ b/roles/gitlab-runner/files/pin-gitlab-runner.pref
@@ -0,0 +1,4 @@
+Explanation: Prefer GitLab provided packages over the Debian native ones
+Package: gitlab-runner
+Pin: origin packages.gitlab.com
+Pin-Priority: 1001
diff --git a/roles/gitlab-runner/tasks/main.yml b/roles/gitlab-runner/tasks/main.yml
new file mode 100644
index 0000000..097aa00
--- /dev/null
+++ b/roles/gitlab-runner/tasks/main.yml
@@ -0,0 +1,34 @@
+- name: Add GitLab runner APT repository
+  ansible.builtin.shell:
+    cmd: curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh | bash
+  become: true
+
+- name: Pin GitLab runner package to correct repository
+  ansible.builtin.copy:
+    src: pin-gitlab-runner.pref
+    dest: /etc/apt/preferences.d/pin-gitlab-runner.pref
+
+- name: Install GitLab runner package
+  ansible.builtin.apt:
+    update_cache: true
+    pkg:
+      - gitlab-runner
+
+- name: Install gitlab Python package
+  ansible.builtin.pip:
+    name: python-gitlab
+
+- name: Register runner
+  no_log: true
+  community.general.gitlab_runner:
+    api_url: '{{ runner.gitlab_url }}'
+    api_token: '{{ runner.access_token }}'
+    registration_token: '{{ runner.registration_token }}'
+    description: '{{ inventory_hostname_short }}'
+    project: 'nat/gap'
+    state: present
+    tag_list: '{{ runner.runner_tags + [inventory_hostname_short] }}'
+    run_untagged: false
+    locked: true
+    access_level_on_creation: true
+    access_level: 'not_protected'
-- 
GitLab