add puppet class for action runner
This commit is contained in:
parent
3faa16b1e8
commit
5e87ce3f5f
GPG key ID:
33263D8CFCFEC285
2 changed files with 99 additions and 0 deletions
40
global/overlay/etc/puppet/modules/soc/manifests/runner.pp
Normal file
40
global/overlay/etc/puppet/modules/soc/manifests/runner.pp
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
# Configure a forgejo runner
|
||||
# taken from cdn-ops
|
||||
class cdn::runner(
|
||||
)
|
||||
{
|
||||
$runner_token = lookup({ 'name' => 'runner_token.vuln_management_repo', 'default_value' => undef })
|
||||
|
||||
if $runner_token {
|
||||
|
||||
file { '/opt/forgejo-runner':
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0750',
|
||||
}
|
||||
|
||||
# The owner/group matches 'user' in compose file for runner
|
||||
file { '/opt/forgejo-runner/data':
|
||||
ensure => directory,
|
||||
owner => '1001',
|
||||
group => '1001',
|
||||
mode => '0750',
|
||||
}
|
||||
|
||||
file { '/opt/forgejo-runner/docker_certs':
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
group => '1001',
|
||||
mode => '0750',
|
||||
}
|
||||
|
||||
sunet::docker_compose { 'soc-action-runner':
|
||||
content => template('soc/runner/docker-compose.yml.erb'),
|
||||
service_name => 'soc-runner',
|
||||
compose_dir => '/opt/compose/runner',
|
||||
compose_filename => 'docker-compose.yml',
|
||||
description => 'SUNET SOC forgejo runner',
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,59 @@
|
|||
version: '3.8'
|
||||
|
||||
# Taken from cdn-ops
|
||||
# Based on combination of https://forgejo.org/docs/latest/admin/actions/ and
|
||||
# https://code.forgejo.org/forgejo/runner/src/branch/main/examples/docker-compose/compose-forgejo-and-runner.yml
|
||||
|
||||
services:
|
||||
docker-in-docker:
|
||||
image: docker:dind
|
||||
hostname: docker # Must set hostname as TLS certificates are only valid for docker or localhost
|
||||
privileged: 'true'
|
||||
environment:
|
||||
DOCKER_TLS_CERTDIR: /certs
|
||||
DOCKER_HOST: docker-in-docker
|
||||
volumes:
|
||||
- /opt/forgejo-runner/docker_certs:/certs
|
||||
|
||||
runner-register:
|
||||
image: 'code.forgejo.org/forgejo/runner:3.5.0'
|
||||
depends_on:
|
||||
docker-in-docker:
|
||||
condition: service_started
|
||||
# User without root privileges, but with access to `./data`.
|
||||
user: 1001:1001
|
||||
volumes:
|
||||
- /opt/forgejo-runner/data:/data
|
||||
command: >-
|
||||
bash -ec '
|
||||
while : ; do
|
||||
if [ -f .runner ]; then echo "runner already registered, exiting"; exit; fi
|
||||
forgejo-runner register --no-interactive --name <%= @networking['fqdn'] %> --instance https://platform.sunet.se --token <%= @runner_token %> --labels python:docker://python:3.12-bookworm && break;
|
||||
sleep 1 ;
|
||||
done ;
|
||||
forgejo-runner generate-config > config.yml ;
|
||||
sed -i -e "s|network: .*|network: host|" config.yml ;
|
||||
sed -i -e "s|^ envs:$$| envs:\n DOCKER_HOST: tcp://docker:2376\n DOCKER_TLS_VERIFY: 1\n DOCKER_CERT_PATH: /certs/client|" config.yml ;
|
||||
sed -i -e "s| valid_volumes: \[\]$$| valid_volumes:\n - /certs/client|" config.yml ;
|
||||
'
|
||||
|
||||
runner-daemon:
|
||||
image: code.forgejo.org/forgejo/runner:3.5.0
|
||||
user: 1001:1001
|
||||
links:
|
||||
- docker-in-docker
|
||||
depends_on:
|
||||
runner-register:
|
||||
condition: service_completed_successfully
|
||||
environment:
|
||||
DOCKER_HOST: tcp://docker:2376
|
||||
DOCKER_CERT_PATH: /certs/client
|
||||
DOCKER_TLS_VERIFY: "1"
|
||||
volumes:
|
||||
- /opt/forgejo-runner/data:/data
|
||||
- /opt/forgejo-runner/docker_certs:/certs
|
||||
command:
|
||||
- 'forgejo-runner'
|
||||
- '--config'
|
||||
- 'config.yml'
|
||||
- 'daemon'
|
||||
Loading…
Add table
Reference in a new issue