Skip to content

Instantly share code, notes, and snippets.

@zealot128

zealot128/README.md

Last active July 25, 2023 19:54
Show Gist options
  • Star 11 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save zealot128/b52d96db5908c5373a2cf02bf4ce4ef8 to your computer and use it in GitHub Desktop.
Save zealot128/b52d96db5908c5373a2cf02bf4ce4ef8 to your computer and use it in GitHub Desktop.
Download ZIP
Gitlab runner with docker by cloud init on Hetzner Cloud
Raw
README.md

Quick Terraform script to deploy Gitlab runner with docker onto Hetzner Cloud (Hcloud)

  1. Create other terraform stuff
  • tf-backend,
  • creds.auto.tfvars with hcloud_token
  • ssh key: mkdir keys; ssh-keygen -f id_rsa
  1. modify cloudinit.yml:
  • change gitlab url
  • ADD_YOUR_REGISTRY_TOKEN -> Set to the Gitlab Runner Registration Token
  • Add more allowed images/services, if using gitlab registry, like that: registry.myinstance.com/administrators/docker-images/*, change base image etc.
  1. terraform init
  2. terraform plan; terraform apply

cx21 = 4GB, 2 core, 5 EUR / Monat,

Raw
cloudinit.yml
#cloud-config [40/92]
groups:
- docker
users:
- name: gitlab-runner
groups: docker
apt:
sources:
docker.list:
source: 'deb [arch=amd64] https://download.docker.com/linux/ubuntu $RELEASE stable'
keyid: 0EBFCD88
gitlab.list:
source: 'deb https://packages.gitlab.com/runner/gitlab-runner/ubuntu/ $RELEASE main'
keyid: F27EAB47 # key seems to be valid till 08/2019
package_upgrade: true
package_update: true
packages:
- debian-archive-keyring
- apt-transport-https
- ca-certificates
- software-properties-common
- htop
- docker-ce
- golang-go
- gitlab-runner
- fail2ban
- vim
write_files:
- owner: root:root
path: /etc/cron.d/your_cronjob
content: "* 5 * * * root (/usr/bin/docker ps --filter status=dead --filter status=exited -aq | /usr/bin/xargs /usr/bin/docker rm -v 2> /dev/null) || true"
- owner: root:root
path: /root/register.sh
content: |
gitlab-runner register --executor docker \
-u https://git.MYCOMPANY.com/ \
--run-untagged
--tag-list ruby \
--locked=false \
--non-interactive \
-r ADD_YOUR_REGISTRY_TOKEN \
--docker-privileged=true \
--docker-pull-policy=if-not-present \
--docker-shm-size=268435456 \
--docker-volumes='/cache' \
--docker-image="ruby:2.5" \
--docker-allowed-images '*' \
--docker-allowed-images '*/*' \
--docker-allowed-images '*/*/*' \
--docker-allowed-services 'redis:*' \
--docker-allowed-services 'postgres:*' \
--docker-allowed-services 'mysql:*'
runcmd:
- [/bin/bash, /root/register.sh]
power_state:
delay: "now"
mode: reboot
message: First reboot
condition: True
Raw
worker.tf
variable "hcloud_token" {}
provider "hcloud" {
token = "${var.hcloud_token}"
}
resource "hcloud_ssh_key" "default" {
name = "Terraform Key"
public_key = "${file("keys/id_rsa.pub")}"
}
data "local_file" "cloudinit" {
filename = "cloudinit.yml"
}
resource "hcloud_server" "worker" {
count = 2
name = "hcworker-${count.index}"
image = "ubuntu-18.04"
server_type = "cx21"
location = "fsn1"
ssh_keys = ["${hcloud_ssh_key.default.id}"]
user_data = "${data.local_file.cloudinit.content}"
}
output "ssh_ips" {
value = "ssh -i keys/id_rsa root@${join(" ", hcloud_server.worker.*.ipv4_address)}"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment