Compare commits
No commits in common. "testing" and "main" have entirely different histories.
|
@ -3,7 +3,7 @@ class podmanrunner::runner (
|
||||||
Integer $replicas = 2,
|
Integer $replicas = 2,
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
$userpostfix='runner'
|
$username='runneruser'
|
||||||
$runnerdata = lookup("runners",undef,undef,undef)
|
$runnerdata = lookup("runners",undef,undef,undef)
|
||||||
package { 'podman':
|
package { 'podman':
|
||||||
ensure => installed,
|
ensure => installed,
|
||||||
|
@ -28,107 +28,81 @@ class podmanrunner::runner (
|
||||||
group => "root",
|
group => "root",
|
||||||
}
|
}
|
||||||
|
|
||||||
$runnerdata.each |$user,$userdata| {
|
|
||||||
|
|
||||||
$sdrun = "systemd-run --wait --user --machine=${user}${userpostfix}@"
|
|
||||||
user { "${user}${userpostfix}":
|
range(1,$replicas).each |$x| {
|
||||||
|
|
||||||
|
user { "${username}${x}":
|
||||||
ensure => present,
|
ensure => present,
|
||||||
home => "/opt/${user}${userpostfix}",
|
home => "/opt/${username}${x}",
|
||||||
shell => '/usr/sbin/nologin',
|
shell => '/usr/sbin/nologin',
|
||||||
|
uid => "${ $x + 1001}",
|
||||||
managehome => true,
|
managehome => true,
|
||||||
}
|
}
|
||||||
|
|
||||||
file { "/opt/${user}${userpostfix}/docker-compose.yaml":
|
file { "/opt/${username}${x}/docker-compose.yaml":
|
||||||
ensure => file,
|
ensure => file,
|
||||||
content => template('podmanrunner/docker-compose.yaml.erb'),
|
content => template('podmanrunner/docker-compose.yaml.erb'),
|
||||||
owner => "${user}${userpostfix}",
|
owner => "${username}${x}",
|
||||||
group => "${user}${userpostfix}",
|
group => "${username}${x}",
|
||||||
mode => '0400',
|
mode => '0400',
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
file { "/opt/${user}${userpostfix}/runnerimage":
|
file { "/opt/${username}${x}/runnerimage":
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
mode => '0700',
|
mode => '0700',
|
||||||
owner => "${user}${userpostfix}",
|
owner => "${username}${x}",
|
||||||
group => "${user}${userpostfix}",
|
group => "${username}${x}",
|
||||||
}
|
}
|
||||||
|
|
||||||
file { "/opt/${user}${userpostfix}/runnerimage/Containerfile":
|
file { "/opt/${username}${x}/runnerimage/Containerfile":
|
||||||
ensure => file,
|
ensure => file,
|
||||||
content => template('podmanrunner/runnerimage-Containerfile.erb'),
|
content => template('podmanrunner/runnerimage-Containerfile.erb'),
|
||||||
owner => "${user}${userpostfix}",
|
owner => "${username}${x}",
|
||||||
group => "${user}${userpostfix}",
|
group => "${username}${x}",
|
||||||
mode => '0400',
|
mode => '0400',
|
||||||
}
|
}
|
||||||
|
|
||||||
unless find_file("/opt/${user}${userpostfix}/runnerdata") {
|
unless find_file("/opt/${username}${x}/runnerdata") {
|
||||||
file { "/opt/${user}${userpostfix}/runnerdata":
|
file { "/opt/${username}${x}/runnerdata":
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
mode => '0700',
|
mode => '0700',
|
||||||
owner => "${user}${userpostfix}",
|
owner => "${username}${x}",
|
||||||
group => "${user}${userpostfix}",
|
group => "${username}${x}",
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
unless find_file("/opt/${user}${userpostfix}/runnerdata/config.yml") {
|
file { "/opt/${username}${x}/runnerdata/config.yml":
|
||||||
file { "/opt/${user}${userpostfix}/runnerdata/config.yml":
|
|
||||||
ensure => file,
|
ensure => file,
|
||||||
source => 'puppet:///modules/podmanrunner/forgejo-runner-config.yml',
|
source => 'puppet:///modules/podmanrunner/forgejo-runner-config.yml',
|
||||||
owner => "${user}${userpostfix}",
|
owner => "${username}${x}",
|
||||||
group => "${user}${userpostfix}",
|
group => "${username}${x}",
|
||||||
mode => '0400',
|
mode => '0400',
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
# Make sure the podman user can read the /data dir
|
# Make sure the podman user can read the /data dir
|
||||||
exec { "make-${user}${userpostfix}-own-runnerdata":
|
exec { "make-${username}${x}-own-runnerdata":
|
||||||
command => "${sdrun} /bin/bash -c 'podman unshare chown 1000:1000 /opt/${user}${userpostfix}/runnerdata'",
|
command => "systemd-run --wait --user --machine=${username}${x}@ /bin/bash -c 'podman unshare chown 1000:1000 /opt/${username}${x}/runnerdata'",
|
||||||
path => '/usr/bin:/usr/sbin:/bin',
|
path => '/usr/bin:/usr/sbin:/bin',
|
||||||
provider => shell,
|
provider => shell,
|
||||||
logoutput => false,
|
logoutput => false,
|
||||||
unless => "${sdrun} /bin/bash -c 'podman unshare stat --format %u /opt/${user}${userpostfix}/runnerdata | \
|
unless => "systemd-run --wait --user --machine=${username}${x}@ /bin/bash -c 'podman unshare stat --format %u /opt/${username}${x}/runnerdata | grep ^1000$ && podman unshare stat --format %g /opt/${username}${x}/runnerdata | grep ^1000$'",
|
||||||
grep ^1000$ && podman unshare stat --format %g /opt/${user}${userpostfix}/runnerdata | grep ^1000$'",
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Make sure the podman user can read the /data/config.yml file
|
exec { "enable-${username}${x}-linger":
|
||||||
exec { "podman-${user}${userpostfix}-own-runner-config":
|
command => "loginctl enable-linger ${username}${x}",
|
||||||
command => "${sdrun} /bin/bash -c 'podman unshare chown 1000:1000 /opt/${user}${userpostfix}/runnerdata/config.yml'",
|
|
||||||
path => '/usr/bin:/usr/sbin:/bin',
|
path => '/usr/bin:/usr/sbin:/bin',
|
||||||
provider => shell,
|
provider => shell,
|
||||||
logoutput => false,
|
logoutput => false,
|
||||||
unless => "${sdrun} /bin/bash -c 'podman unshare stat --format %u /opt/${user}${userpostfix}/runnerdata/config.yml | \
|
unless => "test -f /var/lib/systemd/linger/${username}${x}",
|
||||||
grep ^1000$ && podman unshare stat --format %g /opt/${user}${userpostfix}/runnerdata/config.yml | grep ^1000$'",
|
|
||||||
}
|
}
|
||||||
|
|
||||||
exec { "enable-${user}${userpostfix}-linger":
|
if $runnerdata and $runnerdata["${username}${x}"] and 'url' in $runnerdata["${username}${x}"] {
|
||||||
command => "loginctl enable-linger ${user}${userpostfix}",
|
notify {"runnercontent${x}":
|
||||||
path => '/usr/bin:/usr/sbin:/bin',
|
message => $runnerdata["${username}${x}"]
|
||||||
provider => shell,
|
}
|
||||||
logoutput => false,
|
|
||||||
unless => "test -f /var/lib/systemd/linger/${user}${userpostfix}",
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# If required, build runner image by podman-compose
|
|
||||||
exec { "${user}${userpostfix}-build-runner-image":
|
|
||||||
command => "${sdrun} /bin/bash -c 'podman-compose build'",
|
|
||||||
path => '/usr/bin:/usr/sbin:/bin',
|
|
||||||
provider => shell,
|
|
||||||
logoutput => false,
|
|
||||||
unless => "${sdrun} /bin/bash -c \"podman image ls | grep '^localhost/podmanrunner\s\s*3\.[0-9]\.[0-9]'\"",
|
|
||||||
}
|
|
||||||
|
|
||||||
# If not already done, register runner with forgejo instance.
|
|
||||||
if $userdata and $userdata["token"] and $userdata["url"] {
|
|
||||||
exec { "${user}${userpostfix}-register-runner":
|
|
||||||
command => "${sdrun} /bin/bash -c 'podman run -it --rm -u podman -v ./runnerdata:/data:Z localhost/podmanrunner:3.3.0 /bin/bash -c \
|
|
||||||
\"date >> /data/register.log && forgejo-runner --config /data/config.yml register --no-interactive \
|
|
||||||
--token ${userdata["token"]} --name runner1 --labels self-hosted --instance ${userdata["url"]} 1>>/data/register.log 2>&1\"'",
|
|
||||||
path => '/usr/bin:/usr/sbin:/bin',
|
|
||||||
provider => shell,
|
|
||||||
logoutput => false,
|
|
||||||
unless => "test -f /opt/${user}${userpostfix}/runnerdata/.runner",
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,17 +0,0 @@
|
||||||
version: "3"
|
|
||||||
services:
|
|
||||||
actionrunner:
|
|
||||||
name: actionrunner
|
|
||||||
image: podmanrunner:3.3.0
|
|
||||||
build:
|
|
||||||
context: ./runnerimage
|
|
||||||
volumes:
|
|
||||||
- runnerdata:/data:Z
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
runnerdata:
|
|
||||||
driver: local
|
|
||||||
driver_opts:
|
|
||||||
device: /opt/runneruser1runner/runnerdata
|
|
||||||
o: bind
|
|
||||||
type: none
|
|
Loading…
Reference in a new issue