Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

gregharvey · web-flow · commit 4ea0d3c48378 · 2022-02-10T14:16:22.000Z
* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.
diff --git a/.gitignore b/.gitignore
@@ -9,4 +9,5 @@
 /files
 /ansible.cfg
 *geerlingguy*
-/ce-dev/ansible/vars/*/_aws_credentials.yml
+/ce-dev/ansible/vars/*/_aws_credentials.yml
+/ce-dev/ansible/vars/_common/*_exporter.yml
diff --git a/ce-dev/ansible/plays/gitlab/gitlab.yml b/ce-dev/ansible/plays/gitlab/gitlab.yml
@@ -16,6 +16,24 @@
     - ansible.builtin.import_role:
         name: _init
     - ansible.builtin.import_role:
-        name: _meta/deploy
+        name: user_provision
+    - ansible.builtin.import_role:
+        name: _meta/common_base
+    - ansible.builtin.import_role:
+        name: ce_deploy
+    - ansible.builtin.import_role:
+        name: aws/aws_credentials
+    - ansible.builtin.import_role:
+        name: gitlab
+    - ansible.builtin.import_role:
+        name: gitlab_runner
+    - ansible.builtin.import_role:
+        name: ssh_server
+    - ansible.builtin.import_role:
+        name: sops
+    - ansible.builtin.import_role:
+        name: gpg_key
+    - ansible.builtin.import_role:
+        name: firewall_config
     - ansible.builtin.import_role:
         name: _exit
diff --git a/ce-dev/ansible/vars/gitlab/gpg_key.yml b/ce-dev/ansible/vars/gitlab/gpg_key.yml
@@ -0,0 +1,8 @@
+---
+gpg_key:
+  - username: ce-dev # Must exist already on the server.
+    publish: false # Whether to publish to HKS public servers.
+    key_type: "RSA"
+    key_length: 4096
+    email: sysadm@codeenigma.com
+    expire: 0
diff --git a/roles/gitlab_runner/tasks/main.yml b/roles/gitlab_runner/tasks/main.yml
@@ -77,10 +77,20 @@
     group: "{{ gitlab_runner.username }}"
   become: true
 
-- name: Place the gitlab-runner service def file.
+- name: Ensure the Gitlab runner service override directory exists.
+  ansible.builtin.file:
+    path: /etc/systemd/system/gitlab-runner.service.d
+    state: directory
+    mode: '0755'
+    owner: root
+    group: root
+    force: true
+  become: true
+
+- name: Place the gitlab-runner unit override file. # see https://gitlab.com/gitlab-org/gitlab-runner/-/issues/2422#note_838191146
   ansible.builtin.template:
-    src: gitlab-runner.service.j2
-    dest: /etc/systemd/system/gitlab-runner.service
+    src: override.conf.j2
+    dest: /etc/systemd/system/gitlab-runner.service.d/override.conf
     mode: '0644'
     owner: root
     group: root
diff --git a/roles/gitlab_runner/templates/gitlab-runner.service.j2 b/roles/gitlab_runner/templates/gitlab-runner.service.j2
diff --git a/roles/gitlab_runner/templates/override.conf.j2 b/roles/gitlab_runner/templates/override.conf.j2
@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=/usr/bin/gitlab-runner "run" "--working-directory" "{{ gitlab_runner.runner_workingdir }}" "--config" "{{ gitlab_runner.runner_config }}" "--service" "gitlab-runner" "--user" "{{ gitlab_runner.username }}" 

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+[Service]`
	`2`	`+ExecStart=`
	`3`	`+ExecStart=/usr/bin/gitlab-runner "run" "--working-directory" "{{ gitlab_runner.runner_workingdir }}" "--config" "{{ gitlab_runner.runner_config }}" "--service" "gitlab-runner" "--user" "{{ gitlab_runner.username }}"`