zealot128/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Quick Terraform script to deploy Gitlab runner with docker onto Hetzner Cloud (Hcloud)


Create other terraform stuff


tf-backend,
creds.auto.tfvars with hcloud_token
ssh key: mkdir keys; ssh-keygen -f id_rsa


modify cloudinit.yml:


change gitlab url
ADD_YOUR_REGISTRY_TOKEN -> Set to the Gitlab Runner Registration Token
Add more allowed images/services, if using gitlab registry, like that: registry.myinstance.com/administrators/docker-images/*, change base image etc.


terraform init
terraform plan; terraform apply

cx21 = 4GB, 2 core, 5 EUR / Monat,

  
## cloudinit.yml
#cloud-config                                                                                                                                                                                                [40/92]
groups:
- docker
users:
- name: gitlab-runner
  groups: docker
apt:
  sources:
    docker.list:
      source: 'deb [arch=amd64] https://download.docker.com/linux/ubuntu $RELEASE stable'
      keyid: 0EBFCD88
    gitlab.list:
      source: 'deb https://packages.gitlab.com/runner/gitlab-runner/ubuntu/ $RELEASE main'
      keyid: F27EAB47 # key seems to be valid till 08/2019

package_upgrade: true
package_update: true

packages:
- debian-archive-keyring
- apt-transport-https
- ca-certificates
- software-properties-common
- htop
- docker-ce
- golang-go
- gitlab-runner
- fail2ban
- vim

write_files:
  - owner: root:root
    path: /etc/cron.d/your_cronjob
    content: "* 5 * * * root (/usr/bin/docker ps --filter status=dead --filter status=exited -aq   |  /usr/bin/xargs /usr/bin/docker rm -v 2> /dev/null) || true"
  - owner: root:root
    path: /root/register.sh
    content: |
      gitlab-runner register --executor docker  \
        -u https://git.MYCOMPANY.com/ \
        --run-untagged
        --tag-list ruby \
        --locked=false \
        --non-interactive \
        -r ADD_YOUR_REGISTRY_TOKEN \
        --docker-privileged=true \
        --docker-pull-policy=if-not-present \
        --docker-shm-size=268435456 \
        --docker-volumes='/cache' \
        --docker-image="ruby:2.5" \
        --docker-allowed-images '*' \
        --docker-allowed-images '*/*' \
        --docker-allowed-images '*/*/*' \
        --docker-allowed-services 'redis:*' \
        --docker-allowed-services 'postgres:*' \
        --docker-allowed-services 'mysql:*'
runcmd:
  - [/bin/bash, /root/register.sh]

power_state:
  delay: "now"
  mode: reboot
  message: First reboot
  condition: True

## worker.tf
variable "hcloud_token" {}

provider "hcloud" {
  token = "${var.hcloud_token}"
}

resource "hcloud_ssh_key" "default" {
  name = "Terraform Key"
  public_key = "${file("keys/id_rsa.pub")}"
}

data "local_file" "cloudinit" {
  filename = "cloudinit.yml"
}

resource "hcloud_server" "worker" {
  count = 2
  name = "hcworker-${count.index}"
  image = "ubuntu-18.04"
  server_type = "cx21"
  location = "fsn1"
  ssh_keys = ["${hcloud_ssh_key.default.id}"]
  user_data = "${data.local_file.cloudinit.content}"
}


output "ssh_ips" {
  value = "ssh -i keys/id_rsa root@${join(" ", hcloud_server.worker.*.ipv4_address)}"
}
	#cloud-config [40/92]
	groups:
	- docker
	users:
	- name: gitlab-runner
	groups: docker
	apt:
	sources:
	docker.list:
	source: 'deb [arch=amd64] https://download.docker.com/linux/ubuntu $RELEASE stable'
	keyid: 0EBFCD88
	gitlab.list:
	source: 'deb https://packages.gitlab.com/runner/gitlab-runner/ubuntu/ $RELEASE main'
	keyid: F27EAB47 # key seems to be valid till 08/2019

	package_upgrade: true
	package_update: true

	packages:
	- debian-archive-keyring
	- apt-transport-https
	- ca-certificates
	- software-properties-common
	- htop
	- docker-ce
	- golang-go
	- gitlab-runner
	- fail2ban
	- vim

	write_files:
	- owner: root:root
	path: /etc/cron.d/your_cronjob
	content: "* 5 * * * root (/usr/bin/docker ps --filter status=dead --filter status=exited -aq \| /usr/bin/xargs /usr/bin/docker rm -v 2> /dev/null) \|\| true"
	- owner: root:root
	path: /root/register.sh
	content: \|
	gitlab-runner register --executor docker \
	-u https://git.MYCOMPANY.com/ \
	--run-untagged
	--tag-list ruby \
	--locked=false \
	--non-interactive \
	-r ADD_YOUR_REGISTRY_TOKEN \
	--docker-privileged=true \
	--docker-pull-policy=if-not-present \
	--docker-shm-size=268435456 \
	--docker-volumes='/cache' \
	--docker-image="ruby:2.5" \
	--docker-allowed-images '*' \
	--docker-allowed-images '/' \
	--docker-allowed-images '//*' \
	--docker-allowed-services 'redis:*' \
	--docker-allowed-services 'postgres:*' \
	--docker-allowed-services 'mysql:*'
	runcmd:
	- [/bin/bash, /root/register.sh]

	power_state:
	delay: "now"
	mode: reboot
	message: First reboot
	condition: True
	variable "hcloud_token" {}

	provider "hcloud" {
	token = "${var.hcloud_token}"
	}

	resource "hcloud_ssh_key" "default" {
	name = "Terraform Key"
	public_key = "${file("keys/id_rsa.pub")}"
	}

	data "local_file" "cloudinit" {
	filename = "cloudinit.yml"
	}

	resource "hcloud_server" "worker" {
	count = 2
	name = "hcworker-${count.index}"
	image = "ubuntu-18.04"
	server_type = "cx21"
	location = "fsn1"
	ssh_keys = ["${hcloud_ssh_key.default.id}"]
	user_data = "${data.local_file.cloudinit.content}"
	}


	output "ssh_ips" {
	value = "ssh -i keys/id_rsa root@${join(" ", hcloud_server.worker.*.ipv4_address)}"
	}