public/pipglr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix maintenance task

Browse Source 
The function was defined but never called, resulting in immediate exit
of the maintenance script.  Fix this, also add a configuration build-arg and
ENV to control the cleaning interval.

Signed-off-by: Chris Evich <chris_gitlab@icuc.me>
This commit is contained in:
Chris Evich
2022-11-23 12:07:01 -05:00
parent 3b72178739
commit 2bda4c3be6
3 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Containerfile
View File

@@ -122,7 +122,10 @@ ARG PRIVILEGED_RUNNER="true"
ARG RUNNER_TAGS="podman-in-podman" ARG RUNNER_TAGS="podman-in-podman"
# Permit running jobs without any tag at all # Permit running jobs without any tag at all
ARG RUNNER_UNTAGGED="true" ARG RUNNER_UNTAGGED="true"
ENV REGISTER_NON_INTERACTIVE="true" \ # Adjust based on usage and storage size to prevent ENOSPACE problems
ARG CLEAN_INTERVAL="24h"
ENV CLEAN_INTERVAL="$CLEAN_INTERVAL" \
REGISTER_NON_INTERACTIVE="true" \
RUNNER_TAG_LIST="$RUNNER_TAGS" \ RUNNER_TAG_LIST="$RUNNER_TAGS" \
REGISTER_RUN_UNTAGGED="$RUNNER_UNTAGGED" \ REGISTER_RUN_UNTAGGED="$RUNNER_UNTAGGED" \
REGISTER_ACCESS_LEVEL="ref_protected" \ REGISTER_ACCESS_LEVEL="ref_protected" \

4
README.md
View File

@@ -154,6 +154,10 @@ Several build arguments are available to control the output image:
exact podman version. Possible values include, `latest`, `vX`, `vX.Y`, exact podman version. Possible values include, `latest`, `vX`, `vX.Y`,
and `vX.Y.Z` (where, `X`, `Y`, and `Z` represent the podman semantic and `vX.Y.Z` (where, `X`, `Y`, and `Z` represent the podman semantic
version numbers). It's also possible to specify an image SHA. version numbers). It's also possible to specify an image SHA.
* `CLEAN_INTERVAL` - A `sleep` (command) compatible time-argument that
determines how often to clean out podman storage of disused containers and
images. Defaults to 24-hours, but should be adjusted based on desired caching-effect
versus available storage space and rate of job execution.
* `EXCLUDE_PACKAGES` - A space-separated list of RPM packages to prevent * `EXCLUDE_PACKAGES` - A space-separated list of RPM packages to prevent
their existence in the final image. This is intended as a security measure their existence in the final image. This is intended as a security measure
to limit the attack-surface should a gitlab-runner process escape it's to limit the attack-surface should a gitlab-runner process escape it's

11
podman-in-podman-maintenance
View File

@@ -4,16 +4,23 @@
# a podman-in-podman gitlab runner container. Any usage # a podman-in-podman gitlab runner container. Any usage
# outside that context is not supported and may cause harm. # outside that context is not supported and may cause harm.
set -e set -eo pipefail
maintain_podman() { maintain_podman() {
# Two days seems to be a good happy-medium beween filling up # Two days seems to be a good happy-medium beween filling up
# about 40gig of storage space from moderate CI activity, # about 40gig of storage space from moderate CI activity,
# and maintaining a useful level of caching. # and maintaining a useful level of caching.
while sleep 2d; do while sleep "$CLEAN_INTERVAL"; do
if [[ -n "$PODMAN_RUNNER_DEBUG" ]]; then if [[ -n "$PODMAN_RUNNER_DEBUG" ]]; then
echo "$(date --iso-8601=second) ${BASH_SOURCE[0] performing podman maintenance}" echo "$(date --iso-8601=second) ${BASH_SOURCE[0] performing podman maintenance}"
fi fi
podman system prune --all --force podman system prune --all --force
done done
} }
if [[ -z "$CLEAN_INTERVAL" ]]; then
echo "ERROR: Empty/unset \$CLEAN_INTERVAL"
exit 1
fi
maintain_podman