Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(runner): support Ubuntu 24.04 #4246

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 27 additions & 26 deletions examples/multi-runner/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@ terraform apply -var=module_version=<VERSION>
cd -
```


Before running Terraform, ensure the GitHub app is configured. See the [configuration details](https://philips-labs.github.io/terraform-aws-github-runner/configuration/) for more details.

```bash
Expand All @@ -47,47 +46,49 @@ terraform output -raw webhook_secret
```

<!-- BEGIN_TF_DOCS -->

## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.27 |
| <a name="requirement_local"></a> [local](#requirement\_local) | ~> 2.0 |
| <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3.0 |
| Name | Version |
| ------------------------------------------------------------------------ | -------- |
| <a name="requirement_terraform"></a> [terraform](#requirement_terraform) | >= 1.3.0 |
| <a name="requirement_aws"></a> [aws](#requirement_aws) | ~> 5.27 |
| <a name="requirement_local"></a> [local](#requirement_local) | ~> 2.0 |
| <a name="requirement_random"></a> [random](#requirement_random) | ~> 3.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_random"></a> [random](#provider\_random) | 3.6.0 |
| Name | Version |
| --------------------------------------------------------- | ------- |
| <a name="provider_random"></a> [random](#provider_random) | 3.6.0 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_base"></a> [base](#module\_base) | ../base | n/a |
| <a name="module_runners"></a> [runners](#module\_runners) | ../../modules/multi-runner | n/a |
| <a name="module_webhook_github_app"></a> [webhook\_github\_app](#module\_webhook\_github\_app) | ../../modules/webhook-github-app | n/a |
| Name | Source | Version |
| ----------------------------------------------------------------------------------------- | -------------------------------- | ------- |
| <a name="module_base"></a> [base](#module_base) | ../base | n/a |
| <a name="module_runners"></a> [runners](#module_runners) | ../../modules/multi-runner | n/a |
| <a name="module_webhook_github_app"></a> [webhook_github_app](#module_webhook_github_app) | ../../modules/webhook-github-app | n/a |

## Resources

| Name | Type |
|------|------|
| Name | Type |
| ----------------------------------------------------------------------------------------------------- | -------- |
| [random_id.random](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS region to deploy to | `string` | `"eu-west-1"` | no |
| <a name="input_environment"></a> [environment](#input\_environment) | Environment name, used as prefix | `string` | `null` | no |
| <a name="input_github_app"></a> [github\_app](#input\_github\_app) | GitHub for API usages. | <pre>object({<br/> id = string<br/> key_base64 = string<br/> })</pre> | n/a | yes |
| Name | Description | Type | Default | Required |
| ------------------------------------------------------------------ | -------------------------------- | --------------------------------------------------------------------- | ------------- | :------: |
| <a name="input_aws_region"></a> [aws_region](#input_aws_region) | AWS region to deploy to | `string` | `"eu-west-1"` | no |
| <a name="input_environment"></a> [environment](#input_environment) | Environment name, used as prefix | `string` | `null` | no |
| <a name="input_github_app"></a> [github_app](#input_github_app) | GitHub for API usages. | <pre>object({<br/> id = string<br/> key_base64 = string<br/> })</pre> | n/a | yes |

## Outputs

| Name | Description |
|------|-------------|
| <a name="output_webhook_endpoint"></a> [webhook\_endpoint](#output\_webhook\_endpoint) | n/a |
| <a name="output_webhook_secret"></a> [webhook\_secret](#output\_webhook\_secret) | n/a |
| Name | Description |
| ----------------------------------------------------------------------------------- | ----------- |
| <a name="output_webhook_endpoint"></a> [webhook_endpoint](#output_webhook_endpoint) | n/a |
| <a name="output_webhook_secret"></a> [webhook_secret](#output_webhook_secret) | n/a |

<!-- END_TF_DOCS -->
73 changes: 39 additions & 34 deletions examples/multi-runner/templates/user-data.sh
Original file line number Diff line number Diff line change
Expand Up @@ -15,67 +15,72 @@ set -x
${pre_install}

# Install AWS CLI
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install -y \
awscli \
apt-get -q update
DEBIAN_FRONTEND=noninteractive apt-get install -q -y \
build-essential \
ca-certificates \
curl \
git \
iptables \
jq \
systemd-container \
uidmap \
unzip \
wget

install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" > /etc/apt/sources.list.d/docker.list
apt-get -q update
apt-get -q -y install docker-ce docker-ce-cli containerd.io docker-ce-rootless-extras docker-buildx-plugin docker-compose-plugin
bdellegrazie marked this conversation as resolved.
Show resolved Hide resolved
systemctl disable --now docker.socket docker.service

# avoid /tmp, might be mounted no-exec
curl -fsSL -o "awscliv2.zip" "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"
unzip -q awscliv2.zip
aws/install
rm -rf aws awscliv2.zip

user_name=ubuntu
user_id=$(id -ru $user_name)

# install and configure cloudwatch logging agent
wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
dpkg -i -E ./amazon-cloudwatch-agent.deb
amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c ssm:${ssm_key_cloudwatch_agent_config}
curl -fsSL -o "/tmp/amazon-cloudwatch-agent.deb" https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
dpkg -i -E /tmp/amazon-cloudwatch-agent.deb
rm -f /tmp/amazon-cloudwatch-agent.deb
amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c "ssm:${ssm_key_cloudwatch_agent_config}"

# configure systemd for running service in users accounts
cat >/etc/systemd/user@UID.service <<-EOF

[Unit]
Description=User Manager for UID %i
After=user-runtime-dir@%i.service
Wants=user-runtime-dir@%i.service

[Service]
LimitNOFILE=infinity
LimitNPROC=infinity
User=%i
PAMName=systemd-user
Type=notify

[Install]
WantedBy=default.target

mkdir -p /etc/systemd/system/user-$user_id.slice.d
bdellegrazie marked this conversation as resolved.
Show resolved Hide resolved
cat > /etc/systemd/system/user-$user_id.slice.d/resources.conf <<- EOF
[Slice]
TasksMax=infinity
EOF

echo export XDG_RUNTIME_DIR=/run/user/$user_id >>/home/$user_name/.bashrc
mkdir -p /home/$user_name/.config/systemd/
cat > /home/$user_name/.config/systemd/user.conf <<- EOF
[Manager]
DefaultLimitNOFILE=infinity
DefaultLimitNPROC=infinity
EOF
chown $user_name:$user_name /home/$user_name/.config/systemd/user.conf /home/$user_name/.config/systemd /home/$user_name/.config/

systemctl daemon-reload
systemctl enable user@UID.service
systemctl start user@UID.service

curl -fsSL https://get.docker.com/rootless >>/opt/rootless.sh && chmod 755 /opt/rootless.sh
su -l $user_name -c /opt/rootless.sh
echo export DOCKER_HOST=unix:///run/user/$user_id/docker.sock >>/home/$user_name/.bashrc
echo export PATH=/home/$user_name/bin:$PATH >>/home/$user_name/.bashrc
echo export XDG_RUNTIME_DIR="/run/user/$user_id" >> "/home/$user_name/.bashrc"
npalm marked this conversation as resolved.
Show resolved Hide resolved

# Run docker service by default
loginctl enable-linger $user_name
su -l $user_name -c "systemctl --user enable docker"
machinectl shell "$user_name@.host" /usr/bin/dockerd-rootless-setuptool.sh install
echo export DOCKER_HOST="unix:///run/user/$user_id/docker.sock" >> "/home/$user_name/.bashrc"
echo export PATH="/home/$user_name/bin:$PATH" >> "/home/$user_name/.bashrc"

${install_runner}

# config runner for rootless docker
cd /opt/actions-runner/
echo DOCKER_HOST=unix:///run/user/$user_id/docker.sock >>.env
echo PATH=/home/$user_name/bin:$PATH >>.env
echo DOCKER_HOST="unix:///run/user/$user_id/docker.sock" >> .env
echo PATH="/home/$user_name/bin:$PATH" >> .env

${post_install}

Expand Down
2 changes: 1 addition & 1 deletion modules/runners/templates/install-runner.sh
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ tar xzf ./$file_name
echo "Delete tar file"
rm -rf $file_name

os_id=$(awk -F= '/^ID/{print $2}' /etc/os-release)
os_id=$(awk -F= '/^ID=/{print $2}' /etc/os-release)
echo OS: $os_id

# Install libicu on non-ubuntu
Expand Down