(These are just notes for guidance, pending adding my current implementation to GitHub.)
Two issues:
- The gitlab-runner module in Ansible supports only a limited number of options, and most of the (necessary) others have to be set manually in the runner configuration file. The
gitlab-runner register
command now supports the use of configuration templates to merge extra settings, but the module currently does not. - The GitLab API no longer has a method to return runner tokens after registration (for "seh-cyur-reh-teh"). The only place you can find the token after registration is in the runner configuration file. The token for each runner must be retained otherwise they'll be seen as new instances.
Therefore, to be able to register or modify runners in an idempotent way, you must retrieve the tokens for any currently registered tokens from the runner configuration file (/etc/gitlab-runner/config.toml
) before updating it.
- First parse any existing runner config file. As the file is in TOML, and Ansible doesn't currently include a filter for this, you'll need to either import the sivel.toiletwater collection or grab the
toml.py
filter plugin from it to include in your role/playbook.slurp
the file and pass throughb64decode | from_toml
, then save into a variable. - Retrieve the global registration token directly from your GitLab instance using the appropriate
gitlab-rails
command. (May want to cache this locally on the runner, as it takes a minute or more.) - Register your runner(s) using
gitlab-runner
and save the returned values in a registered variable. (Existing runners will not be re-registered providing their name still matches.) - Write out a new config.toml file from a template. For each runner, use either a) the value of the token from the gitlab-runner
runners
response if one exists; or else b) the token from the parsed configuration. (Other settings taken from a dictionary or list variable containing your runner definitions.) - Configuration is normally reloaded automatically by the runner on file update but some changes require a restart, so probably do that anyway.