Merge branch 'NXCALS-7722-create-role-to-provision-gitlab-runner' into 'develop'

NXCALS-7722 Add gitlab runner role and playbook Closes NXCALS-7722 See merge request !2027 Changelog: added

Merge branch 'NXCALS-7722-create-role-to-provision-gitlab-runner' into 'develop'
NXCALS-7722 Add gitlab runner role and playbook Closes NXCALS-7722 See merge request !2027 Changelog: added
aabda630 · Rafal Mucha · f046a2e1 · 5868fb3c · aabda630 · aabda630
Commit aabda630 authored 7 months ago by Rafal Mucha
--- a/ansible/gitlab-runner-install.yml
+++ b/ansible/gitlab-runner-install.yml
+# After provisioning node, it must be registered. To do so, you need to start process on gitlab
+# Then register node with docker: gitlab-runner register --url https://gitlab.cern.ch
+# Final step is fine-tuning configuration in /etc/gitlab-runner/config.toml
+# Required options:
+# [[runners]]
+# environment = ["SPARK_DRIVER_HOST=nxcals-gitlab-runner-1.cern.ch"]
+# [runners.docker]
+# ulimit = "host"
+# network_mode = "host"
+# disable_cache = true
+# And configure docker socket by:
+# systemctl --user status podman.socket | grep Listen
+# ln -s /run/user/0/podman/podman.sock /var/run/docker.sock
+# Final step is adding node to TN (if needed)
+# More details: https://confluence.cern.ch/pages/viewpage.action?pageId=414047432
+- hosts: gitlab-runner
+  strategy: free
+  vars:
+    http_proxy: '{{proxy}}'
+    https_proxy: '{{proxy}}'
+  vars_files:
+    - '{{inventory_dir}}/group_vars/vault-encrypted'
+    - '{{inventory_dir}}/group_vars/all.yml'
+  roles:
+    - { role: openstack, openstack_yum_extra_packages: ["git", "iptables-services", "curl", "podman"], user: "acclog", user_pub_key: "./files/acclog-id_rsa.pub", user_priv_key: "acclog-id_rsa-encrypted", become: true }
+    - { role: sudoers, users: '{{nxcals_developers}}', become: true }
+    - { role: gitlab-runner, become: true }
--- a/ansible/group_vars/all/all.yml
+++ b/ansible/group_vars/all/all.yml
@@ -16,7 +16,7 @@ ingestion_allowed_external_hosts: ['cs-ccr-nxdev1.cern.ch', 'cs-ccr-nxdev2.cern.
 jenkins_hosts: ['nxcals-jenkins-master.cern.ch',
                'nxcals-jenkins-slave1.cern.ch','nxcals-jenkins-slave2.cern.ch', 'nxcals-jenkins-slave3.cern.ch',
                'nxcals-jenkins-slave-1.cern.ch', 'nxcals-jenkins-slave-2.cern.ch', 'nxcals-jenkins-slave-3.cern.ch',
-                'nxcals-gitlab-runner-1.cern.ch']
+                'nxcals-gitlab-runner-1.cern.ch', 'nxcals-gitlab-runner-2.cern.ch']
 nxcals_ds_cmw_hosts: []
 #The maximum record size. For future use, currently it is not referenced anywhere as we have some
@@ -961,5 +961,3 @@ ignore_eos_errors: false
 #Certificate
 #################################################################################
 valid_days_threshold_for_cert_renewal: 180
-rhel9: true
--- a/ansible/inventory/openstack/group_vars/all.yml
+++ b/ansible/inventory/openstack/group_vars/all.yml
@@ -4,3 +4,4 @@ sonar_version: "7.9.1"
 sonar_db_url: "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=cerndbu-s.cern.ch)(PORT=10121))(LOAD_BALANCE=on)(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=cerndbu_s.cern.ch)(FAILOVER_MODE=(TYPE=SELECT)(METHOD=BASIC))))"
 sonar_db_user: nxcals_sonar
 sonar_db_user_password: '{{vault_sonar_db_user_password}}'
+nxcals_namespace: "openstack"
--- a/ansible/inventory/openstack/hosts.yml
+++ b/ansible/inventory/openstack/hosts.yml
@@ -5,6 +5,7 @@ nxcals-migration[1:10].cern.ch
 nxcals-jenkins-master.cern.ch
 nxcals-jenkins-slave[1:2].cern.ch
 photons-resources.cern.ch
+nxcals-gitlab-runner-[1:2].cern.ch
 [websources]
 photons-resources.cern.ch
@@ -20,3 +21,6 @@ nxcals-migration[1:10].cern.ch
 [sonar]
 nxcals-jenkins-master.cern.ch
+[gitlab-runner]
+nxcals-gitlab-runner-[1:2].cern.ch
\ No newline at end of file
--- a/ansible/openstack-install-with-sudo.yml
+++ b/ansible/openstack-install-with-sudo.yml
@@ -4,7 +4,7 @@
    - '{{inventory_dir}}/group_vars/vault-encrypted'
    - '{{inventory_dir}}/group_vars/all.yml'
  roles:
-    - { role: openstack, rhel9: true, openstack_yum_extra_packages: ["git", "iptables-services"], user: "acclog", user_pub_key: "./files/acclog-id_rsa.pub", user_priv_key: "acclog-id_rsa-encrypted", become: true }
+    - { role: openstack, openstack_yum_extra_packages: ["git", "iptables-services"], user: "acclog", user_pub_key: "./files/acclog-id_rsa.pub", user_priv_key: "acclog-id_rsa-encrypted", become: true }
    - { role: sudoers, users: '{{nxcals_developers}}', become: true }
    - { role: dnsmasq, become: true }
    - { role: jdk-copy, jdk_target_dir: /usr/java, become: true }

--- a/ansible/roles/gitlab-runner/tasks/install-gitlab-runner.yml
+++ b/ansible/roles/gitlab-runner/tasks/install-gitlab-runner.yml
+- name: add gitlab yum repo
+  shell: curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh" | sudo bash
+  become: true
+- name: install gitlab-runner
+  become: true
+  yum:
+    name: gitlab-runner
+    state: present
+    update_cache: true
\ No newline at end of file
--- a/ansible/roles/gitlab-runner/tasks/main.yml
+++ b/ansible/roles/gitlab-runner/tasks/main.yml
+- import_tasks: install-gitlab-runner.yml
--- a/gradle.properties
+++ b/gradle.properties
@@ -11,7 +11,7 @@ systemProp.https.nonProxyHosts=*.cern.ch|localhost
 org.gradle.jvmargs=-Xmx4g
 #Hadoop config
 baseHadoopConfigUrl=http://hadoop-config.web.cern.ch/files/hadoop/conf/etc
-ansibleCommonVersion=1.0.13
+ansibleCommonVersion=1.0.14
 cernJapcVersion=7.8.6
 #Hadoop versions ;
 hadoopVersion=3.3.6