Skip to content

Instantly share code, notes, and snippets.

@peter-mw

peter-mw/README.md

Forked from zealot128/README.md
Created May 20, 2022 21:11
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save peter-mw/a416b1c66a570e18971523abfb0eddbf to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save peter-mw/a416b1c66a570e18971523abfb0eddbf to your computer and use it in GitHub Desktop.
Download ZIP
Gitlab runner with docker by cloud init on Hetzner Cloud
Raw
README.md

Quick Terraform script to deploy Gitlab runner with docker onto Hetzner Cloud (Hcloud)

  1. Create other terraform stuff
  • tf-backend,
  • creds.auto.tfvars with hcloud_token
  • ssh key: mkdir keys; ssh-keygen -f id_rsa
  1. modify cloudinit.yml:
  • change gitlab url
  • ADD_YOUR_REGISTRY_TOKEN -> Set to the Gitlab Runner Registration Token
  • Add more allowed images/services, if using gitlab registry, like that: registry.myinstance.com/administrators/docker-images/*, change base image etc.
  1. terraform init
  2. terraform plan; terraform apply

cx21 = 4GB, 2 core, 5 EUR / Monat,

Raw
cloudinit.yml
#cloud-config [40/92]
groups:
- docker
users:
- name: gitlab-runner
groups: docker
apt:
sources:
docker.list:
source: 'deb [arch=amd64] https://download.docker.com/linux/ubuntu $RELEASE stable'
keyid: 0EBFCD88
gitlab.list:
source: 'deb https://packages.gitlab.com/runner/gitlab-runner/ubuntu/ $RELEASE main'
keyid: F27EAB47 # key seems to be valid till 08/2019
package_upgrade: true
package_update: true
packages:
- debian-archive-keyring
- apt-transport-https
- ca-certificates
- software-properties-common
- htop
- docker-ce
- golang-go
- gitlab-runner
- fail2ban
- vim
write_files:
- owner: root:root
path: /etc/cron.d/your_cronjob
content: "* 5 * * * root (/usr/bin/docker ps --filter status=dead --filter status=exited -aq | /usr/bin/xargs /usr/bin/docker rm -v 2> /dev/null) || true"
- owner: root:root
path: /root/register.sh
content: |
gitlab-runner register --executor docker \
-u https://git.MYCOMPANY.com/ \
--run-untagged
--tag-list ruby \
--locked=false \
--non-interactive \
-r ADD_YOUR_REGISTRY_TOKEN \
--docker-privileged=true \
--docker-pull-policy=if-not-present \
--docker-shm-size=268435456 \
--docker-volumes='/cache' \
--docker-image="ruby:2.5" \
--docker-allowed-images '*' \
--docker-allowed-images '*/*' \
--docker-allowed-images '*/*/*' \
--docker-allowed-services 'redis:*' \
--docker-allowed-services 'postgres:*' \
--docker-allowed-services 'mysql:*'
runcmd:
- [/bin/bash, /root/register.sh]
power_state:
delay: "now"
mode: reboot
message: First reboot
condition: True
Raw
worker.tf
variable "hcloud_token" {}
provider "hcloud" {
token = "${var.hcloud_token}"
}
resource "hcloud_ssh_key" "default" {
name = "Terraform Key"
public_key = "${file("keys/id_rsa.pub")}"
}
data "local_file" "cloudinit" {
filename = "cloudinit.yml"
}
resource "hcloud_server" "worker" {
count = 2
name = "hcworker-${count.index}"
image = "ubuntu-18.04"
server_type = "cx21"
location = "fsn1"
ssh_keys = ["${hcloud_ssh_key.default.id}"]
user_data = "${data.local_file.cloudinit.content}"
}
output "ssh_ips" {
value = "ssh -i keys/id_rsa root@${join(" ", hcloud_server.worker.*.ipv4_address)}"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment