Merge branch 'configuration-directory-fix' into 'main'
Update runner installation and attempt to fix storage volume errors See merge request qontainers/pipglr!51
This commit is contained in:
Chris Evich
@@ -44,6 +44,7 @@ build:
|
|||||||
- saas-linux-medium-amd64
|
- saas-linux-medium-amd64
|
||||||
stage: deploy
|
stage: deploy
|
||||||
variables:
|
variables:
|
||||||
|
FF_GITLAB_REGISTRY_HELPER_IMAGE: 0
|
||||||
BUILDAH_FORMAT: docker
|
BUILDAH_FORMAT: docker
|
||||||
BUILDAH_ISOLATION: chroot
|
BUILDAH_ISOLATION: chroot
|
||||||
STORAGE_DRIVER: vfs
|
STORAGE_DRIVER: vfs
|
||||||
|
|||||||
@@ -70,6 +70,7 @@ ARG ENABLE_FIPS=true
|
|||||||
# may be changed if you know what you're doing.
|
# may be changed if you know what you're doing.
|
||||||
LABEL register="podman run -it --rm \
|
LABEL register="podman run -it --rm \
|
||||||
--secret=REGISTRATION_TOKEN,type=env \
|
--secret=REGISTRATION_TOKEN,type=env \
|
||||||
|
--user=root \
|
||||||
-v ./config.toml:/etc/gitlab-runner/config.toml:Z \
|
-v ./config.toml:/etc/gitlab-runner/config.toml:Z \
|
||||||
-e REGISTER_NON_INTERACTIVE=true \
|
-e REGISTER_NON_INTERACTIVE=true \
|
||||||
-e CI_SERVER_URL=${GITLAB_URL} \
|
-e CI_SERVER_URL=${GITLAB_URL} \
|
||||||
@@ -95,6 +96,7 @@ LABEL setupcache="podman volume create --opt o=uid=1000,gid=1001 pipglr-cache"
|
|||||||
|
|
||||||
# Helper to extract the current configuration secret to allow editing.
|
# Helper to extract the current configuration secret to allow editing.
|
||||||
LABEL dumpconfig="podman run -it --rm \
|
LABEL dumpconfig="podman run -it --rm \
|
||||||
|
--user=root \
|
||||||
--secret config.toml --entrypoint=/bin/cat \
|
--secret config.toml --entrypoint=/bin/cat \
|
||||||
\$IMAGE /var/run/secrets/config.toml"
|
\$IMAGE /var/run/secrets/config.toml"
|
||||||
|
|
||||||
@@ -103,6 +105,7 @@ LABEL dumpconfig="podman run -it --rm \
|
|||||||
# Note: The contents of the volumes are not critical, they may be removed
|
# Note: The contents of the volumes are not critical, they may be removed
|
||||||
# and re-created (see above) to quickly free-up disk space.
|
# and re-created (see above) to quickly free-up disk space.
|
||||||
LABEL run="podman run -dt --name pipglr \
|
LABEL run="podman run -dt --name pipglr \
|
||||||
|
--user=root \
|
||||||
--secret config.toml,uid=1001,gid=1001 \
|
--secret config.toml,uid=1001,gid=1001 \
|
||||||
-v pipglr-storage:/home/podman/.local/share/containers \
|
-v pipglr-storage:/home/podman/.local/share/containers \
|
||||||
-v pipglr-cache:/cache \
|
-v pipglr-cache:/cache \
|
||||||
|
|||||||
@@ -51,6 +51,7 @@ function main() {
|
|||||||
setup_service_podman
|
setup_service_podman
|
||||||
setup_service_runner
|
setup_service_runner
|
||||||
setup_gitlab_config
|
setup_gitlab_config
|
||||||
|
setup_volumes
|
||||||
|
|
||||||
finalize_ownership
|
finalize_ownership
|
||||||
}
|
}
|
||||||
@@ -75,14 +76,19 @@ function install_packages() {
|
|||||||
# Gitlab-runner package contains scriptlets which do not function properly inside a
|
# Gitlab-runner package contains scriptlets which do not function properly inside a
|
||||||
# container-build environment where systemd is not active/running.
|
# container-build environment where systemd is not active/running.
|
||||||
if [[ ${ENABLE_FIPS} == true && $(cat /proc/sys/crypto/fips_enabled) == 1 ]]; then
|
if [[ ${ENABLE_FIPS} == true && $(cat /proc/sys/crypto/fips_enabled) == 1 ]]; then
|
||||||
PACKAGE_FILE="gitlab-runner_${TARGETARCH}-fips.rpm"
|
PACKAGE_FILES=(
|
||||||
|
"https://s3.dualstack.us-east-1.amazonaws.com/gitlab-runner-downloads/$RUNNER_VERSION/rpm/gitlab-runner_${TARGETARCH}-fips.rpm"
|
||||||
|
)
|
||||||
else
|
else
|
||||||
PACKAGE_FILE="gitlab-runner_${TARGETARCH}.rpm"
|
PACKAGE_FILES=(
|
||||||
|
"https://s3.dualstack.us-east-1.amazonaws.com/gitlab-runner-downloads/$RUNNER_VERSION/rpm/gitlab-runner_${TARGETARCH}.rpm"
|
||||||
|
"https://s3.dualstack.us-east-1.amazonaws.com/gitlab-runner-downloads/$RUNNER_VERSION/rpm/gitlab-runner-helper-images.rpm"
|
||||||
|
)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
"${dnf[@]}" "${exclude_args[@]}" \
|
"${dnf[@]}" "${exclude_args[@]}" \
|
||||||
--setopt=tsflags=noscripts install \
|
--setopt=tsflags=noscripts install \
|
||||||
"https://gitlab-runner-downloads.s3.amazonaws.com/$RUNNER_VERSION/rpm/${PACKAGE_FILE}"
|
${PACKAGE_FILES[@]}
|
||||||
|
|
||||||
# Also don't start unnecessary or broken
|
# Also don't start unnecessary or broken
|
||||||
# systemd services, like anything kernel related or login gettys.
|
# systemd services, like anything kernel related or login gettys.
|
||||||
@@ -148,9 +154,11 @@ function setup_user() {
|
|||||||
function setup_volumes() {
|
function setup_volumes() {
|
||||||
# Host volume mount necessary for nested-podman to use overlayfs2 for container & volume storage.
|
# Host volume mount necessary for nested-podman to use overlayfs2 for container & volume storage.
|
||||||
mkdir -p /home/podman/.local/share/containers
|
mkdir -p /home/podman/.local/share/containers
|
||||||
|
touch /home/podman/.local/share/containers/.placeholder
|
||||||
|
|
||||||
# Nested-container's local container-cache volume mount, recommended by gitlab-runner docs.
|
# Nested-container's local container-cache volume mount, recommended by gitlab-runner docs.
|
||||||
mkdir -p /cache
|
mkdir -p /cache
|
||||||
|
touch /cache/.placeholder
|
||||||
|
|
||||||
# Both the gitlab-runner and podman need access to the cache directory / volume mount.
|
# Both the gitlab-runner and podman need access to the cache directory / volume mount.
|
||||||
chown podman:runner /cache
|
chown podman:runner /cache
|
||||||
|
|||||||
Reference in New Issue
Block a user