podmanrunner/manifests/runner.pp

# Class for forgeo action runner.
class podmanrunner::runner (
  Integer           $replicas         = 2,
)
{
  $userpostfix='runner'
  $runnerdata = lookup("runners",undef,undef,undef)
  package { 'podman':
    ensure   => installed,
    provider => apt,
  }

  package { 'systemd-container':
    ensure   => installed,
    provider => apt,
  }

  package { 'python3-dotenv':
    ensure   => installed,
    provider => apt,
  }

    file { "/usr/local/bin/podman-compose":
      ensure => file,
      mode   => '0555',
      source => 'puppet:///modules/podmanrunner/podman-compose-1.0.6',
      owner  => "root",
      group  => "root",
    }

  if $aaa {

  $runnerdata.each |$user| {

    user { "${user}${}":
      ensure => present,
      home   => "/opt/${user}${userpostfix}",
      shell  => '/usr/sbin/nologin',
      managehome => true,
    }

    file { "/opt/${user}${userpostfix}/docker-compose.yaml":
      ensure  => file,
      content => template('podmanrunner/docker-compose.yaml.erb'),
      owner   => "${user}${userpostfix}",
      group   => "${user}${userpostfix}",
      mode    => '0400',
    }


    file { "/opt/${user}${userpostfix}/runnerimage":
      ensure => directory,
      mode   => '0700',
      owner  => "${user}${userpostfix}",
      group  => "${user}${userpostfix}",
    }

    file { "/opt/${user}${userpostfix}/runnerimage/Containerfile":
      ensure  => file,
      content => template('podmanrunner/runnerimage-Containerfile.erb'),
      owner   => "${user}${userpostfix}",
      group   => "${user}${userpostfix}",
      mode    => '0400',
    }

    unless find_file("/opt/${user}${userpostfix}/runnerdata") {
      file { "/opt/${user}${userpostfix}/runnerdata":
        ensure => directory,
        mode   => '0700',
        owner   => "${user}${userpostfix}",
        group   => "${user}${userpostfix}",
      }
    }

    file { "/opt/${user}${userpostfix}/runnerdata/config.yml":
      ensure  => file,
      source => 'puppet:///modules/podmanrunner/forgejo-runner-config.yml',
      owner   => "${user}${userpostfix}",
      group   => "${user}${userpostfix}",
      mode    => '0400',
    }

# Make sure the podman user can read the /data dir
    exec { "make-${user}${userpostfix}-own-runnerdata":
      command  => "systemd-run --wait --user --machine=${user}${userpostfix}@ /bin/bash -c 'podman unshare chown 1000:1000 /opt/${user}${userpostfix}/runnerdata'",
      path     => '/usr/bin:/usr/sbin:/bin',
      provider => shell,
      logoutput => false,
      unless   => "systemd-run --wait --user --machine=${user}${userpostfix}@ /bin/bash -c 'podman unshare stat --format %u /opt/${user}${userpostfix}/runnerdata | grep ^1000$ && podman unshare stat --format %g /opt/${user}${userpostfix}/runnerdata | grep ^1000$'",
    }

    exec { "enable-${user}${userpostfix}-linger":
      command  => "loginctl  enable-linger ${user}${userpostfix}",
      path     => '/usr/bin:/usr/sbin:/bin',
      provider => shell,
      logoutput => false,
      unless   => "test -f /var/lib/systemd/linger/${user}${userpostfix}",
    }

    }

    if $runnerdata and $runnerdata["${user}${userpostfix}"] and 'url' in $runnerdata["${user}${userpostfix}"] {
      notify {"runnercontent${userpostfix}":
        message => $runnerdata["${user}${userpostfix}"]
      }
    }

  }
}
Initial commit actrunner with user creation 2024-01-18 06:52:38 +00:00			`# Class for forgeo action runner.`
Setup replica parameter in puppet class 2024-01-18 08:19:55 +00:00			`class podmanrunner::runner (`
			`Integer $replicas = 2,`
			`)`
Initial commit actrunner with user creation 2024-01-18 06:52:38 +00:00			`{`
Test of user object 2024-02-06 10:03:33 +00:00			`$userpostfix='runner'`
Lookup runner secrets 2024-01-25 20:23:17 +00:00			`$runnerdata = lookup("runners",undef,undef,undef)`
Install podman and create dummy docker-compose.yaml 2024-01-18 14:39:26 +00:00			`package { 'podman':`
			`ensure => installed,`
			`provider => apt,`
			`}`
Add podman-compose version 1.0.6 and package systemd-container 2024-01-18 21:25:44 +00:00
			`package { 'systemd-container':`
			`ensure => installed,`
			`provider => apt,`
			`}`

Add python3-dotenv dependency required by podman-compose 2024-01-24 14:20:10 +00:00			`package { 'python3-dotenv':`
			`ensure => installed,`
			`provider => apt,`
			`}`

Move podman-compose from bin in users homedir to /usr/local/bin 2024-01-24 14:27:53 +00:00			`file { "/usr/local/bin/podman-compose":`
			`ensure => file,`
			`mode => '0555',`
Test to execute commands inside systemd container with puppet 2024-01-24 15:25:22 +00:00			`source => 'puppet:///modules/podmanrunner/podman-compose-1.0.6',`
Move podman-compose from bin in users homedir to /usr/local/bin 2024-01-24 14:27:53 +00:00			`owner => "root",`
			`group => "root",`
			`}`

Test of user object 2024-02-06 10:03:33 +00:00			`if $aaa {`
Move podman-compose from bin in users homedir to /usr/local/bin 2024-01-24 14:27:53 +00:00
Test of user object 2024-02-06 10:03:33 +00:00			`$runnerdata.each \|$user\| {`
Move podman-compose from bin in users homedir to /usr/local/bin 2024-01-24 14:27:53 +00:00
Test of user object 2024-02-06 10:03:33 +00:00			`user { "${user}${}":`
Create a new user for each rootless runner container 2024-01-19 08:33:10 +00:00			`ensure => present,`
Test of user object 2024-02-06 10:03:33 +00:00			`home => "/opt/${user}${userpostfix}",`
Create a new user for each rootless runner container 2024-01-19 08:33:10 +00:00			`shell => '/usr/sbin/nologin',`
			`managehome => true,`
			`}`

Test of user object 2024-02-06 10:03:33 +00:00			`file { "/opt/${user}${userpostfix}/docker-compose.yaml":`
Create a new user for each rootless runner container 2024-01-19 08:33:10 +00:00			`ensure => file,`
			`content => template('podmanrunner/docker-compose.yaml.erb'),`
Test of user object 2024-02-06 10:03:33 +00:00			`owner => "${user}${userpostfix}",`
			`group => "${user}${userpostfix}",`
Prepare runner image build 2024-01-23 21:03:05 +00:00			`mode => '0400',`
Create a new user for each rootless runner container 2024-01-19 08:33:10 +00:00			`}`

Prepare runner image build 2024-01-23 21:03:05 +00:00
Test of user object 2024-02-06 10:03:33 +00:00			`file { "/opt/${user}${userpostfix}/runnerimage":`
Prepare runner image build 2024-01-23 21:03:05 +00:00			`ensure => directory,`
			`mode => '0700',`
Test of user object 2024-02-06 10:03:33 +00:00			`owner => "${user}${userpostfix}",`
			`group => "${user}${userpostfix}",`
Prepare runner image build 2024-01-23 21:03:05 +00:00			`}`

Test of user object 2024-02-06 10:03:33 +00:00			`file { "/opt/${user}${userpostfix}/runnerimage/Containerfile":`
Prepare runner image build 2024-01-23 21:03:05 +00:00			`ensure => file,`
			`content => template('podmanrunner/runnerimage-Containerfile.erb'),`
Test of user object 2024-02-06 10:03:33 +00:00			`owner => "${user}${userpostfix}",`
			`group => "${user}${userpostfix}",`
Prepare runner image build 2024-01-23 21:03:05 +00:00			`mode => '0400',`
			`}`

Test of user object 2024-02-06 10:03:33 +00:00			`unless find_file("/opt/${user}${userpostfix}/runnerdata") {`
			`file { "/opt/${user}${userpostfix}/runnerdata":`
Only let puppet manage runnerdata resource if it does not exist 2024-01-24 16:17:28 +00:00			`ensure => directory,`
			`mode => '0700',`
Test of user object 2024-02-06 10:03:33 +00:00			`owner => "${user}${userpostfix}",`
			`group => "${user}${userpostfix}",`
Only let puppet manage runnerdata resource if it does not exist 2024-01-24 16:17:28 +00:00			`}`
Test to execute commands inside systemd container with puppet 2024-01-24 15:25:22 +00:00			`}`

Test of user object 2024-02-06 10:03:33 +00:00			`file { "/opt/${user}${userpostfix}/runnerdata/config.yml":`
Test to execute commands inside systemd container with puppet 2024-01-24 15:25:22 +00:00			`ensure => file,`
			`source => 'puppet:///modules/podmanrunner/forgejo-runner-config.yml',`
Test of user object 2024-02-06 10:03:33 +00:00			`owner => "${user}${userpostfix}",`
			`group => "${user}${userpostfix}",`
Test to execute commands inside systemd container with puppet 2024-01-24 15:25:22 +00:00			`mode => '0400',`
			`}`

			`# Make sure the podman user can read the /data dir`
Test of user object 2024-02-06 10:03:33 +00:00			`exec { "make-${user}${userpostfix}-own-runnerdata":`
			`command => "systemd-run --wait --user --machine=${user}${userpostfix}@ /bin/bash -c 'podman unshare chown 1000:1000 /opt/${user}${userpostfix}/runnerdata'",`
Test to execute commands inside systemd container with puppet 2024-01-24 15:25:22 +00:00			`path => '/usr/bin:/usr/sbin:/bin',`
			`provider => shell,`
			`logoutput => false,`
Test of user object 2024-02-06 10:03:33 +00:00			`unless => "systemd-run --wait --user --machine=${user}${userpostfix}@ /bin/bash -c 'podman unshare stat --format %u /opt/${user}${userpostfix}/runnerdata \| grep ^1000$ && podman unshare stat --format %g /opt/${user}${userpostfix}/runnerdata \| grep ^1000$'",`
Test to execute commands inside systemd container with puppet 2024-01-24 15:25:22 +00:00			`}`

Test of user object 2024-02-06 10:03:33 +00:00			`exec { "enable-${user}${userpostfix}-linger":`
			`command => "loginctl enable-linger ${user}${userpostfix}",`
Enable user session linger for runner users. 2024-01-19 09:50:39 +00:00			`path => '/usr/bin:/usr/sbin:/bin',`
			`provider => shell,`
			`logoutput => false,`
Test of user object 2024-02-06 10:03:33 +00:00			`unless => "test -f /var/lib/systemd/linger/${user}${userpostfix}",`
			`}`

Enable user session linger for runner users. 2024-01-19 09:50:39 +00:00			`}`
Check what we get 2024-01-25 20:30:09 +00:00
Test of user object 2024-02-06 10:03:33 +00:00			`if $runnerdata and $runnerdata["${user}${userpostfix}"] and 'url' in $runnerdata["${user}${userpostfix}"] {`
			`notify {"runnercontent${userpostfix}":`
			`message => $runnerdata["${user}${userpostfix}"]`
Check what we get 2024-01-25 20:30:09 +00:00			`}`
			`}`

Test of file function 2024-01-18 15:27:32 +00:00			`}`
Initial commit actrunner with user creation 2024-01-18 06:52:38 +00:00			`}`