feat: add droneci runner

- ensure /data and docker are available - add droneci runner configuration
2024-08-25 01:11:58 +10:00 · 2024-08-25 01:11:58 +10:00 · d79a5de17b
commit d79a5de17b
parent 2912cbb68b
5 changed files with 70 additions and 2 deletions
--- a/hieradata/roles/infra/droneci.eyaml
+++ b/hieradata/roles/infra/droneci.eyaml
@ -0,0 +1,2 @@
 ---
 droneci_server::rpc_secret: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAF8cEANj72ACYYdilP52Oz4EXVt+stx838tFVV4SFukoCTmN+kJ3GUUEM9x+oDvo17CsZhDzx5dX0JGo7N9MCLHsR4XKx3GSoAKvaSiD73TbzbdTNJgTIE1tRP9HNbJKizwWLo4lo+OUNtwnu0Z5dkMLYRHyvZ1hG24qmdXVn9DI06gVGQw9YXGmNy8AvA0BKnaHvUnE5XoLNVKZ4g1yvc/nkYpK6nLB+X4sZ96PRig7khiuFVvAfpg5c2iWnF13ljIajnG9uY12RyGaAGfH4l/d3UEyuHyQL4zzT8N7gGt8fvg7eNFx51TyEpVRFLyQ7dqq/lzn0moXVT35PQr9K3DBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCGJ+rkxhqmyUUiIQLG7PnggDBPH9gyYAW5/XjDp5xd6GnuSt/WWOwOGxhg+1BoPzbV5o+Xufg5zyMVdYeI1MWD/u8=]
--- a/hieradata/roles/infra/droneci/runner.yaml
+++ b/hieradata/roles/infra/droneci/runner.yaml
@ -1 +1,25 @@
 ---
 hiera_include:
  - profiles::base::datavol
  - docker
  - droneci::runner
 docker::version: latest
 docker::curl_ensure: false
 droneci::runner::ports:
  - 3000:3000
 droneci::runner::volumes:
  - type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock
  - type=bind,source=/data,target=/data
  - type=bind,source=/etc/pki/tls/vault/certificate.crt,target=/etc/pki/tls/vault/certificate.crt,readonly
  - type=bind,source=/etc/pki/tls/vault/private.key,target=/etc/pki/tls/vault/private.key,readonly
  - type=bind,source=/etc/pki/tls/certs/ca-bundle.crt,target=/etc/pki/tls/certs/ca-bundle.crt,readonly
  - type=bind,source=/etc/pki/tls/certs/ca-bundle.crt,target=/etc/ssl/certs/ca-certificates.crt,readonly
 droneci::runner::env_vars:
  DRONE_RPC_PROTO: https
  DRONE_RPC_HOST: droneci.query.consul
  DRONE_RPC_SECRET: "%{hiera('droneci_server::rpc_secret')}"
  DRONE_RUNNER_CAPACITY: 2
  DRONE_RUNNER_NAME: "%{facts.networking.fqdn}"
  DRONE_RUNNER_VOLUMES: /etc/pki/tls/certs/ca-bundle.crt:/etc/ssl/certs/ca-certificates.crt
--- a/hieradata/roles/infra/droneci/server.eyaml
+++ b/hieradata/roles/infra/droneci/server.eyaml
@ -1,7 +1,5 @@
 ---
 droneci_server::gitea_client_secret: ENC[PKCS7,MIIBqQYJKoZIhvcNAQcDoIIBmjCCAZYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAYpW+TtZOKW7ZLuprdAeulVDV80rbmoWQoLZgo19UqXKHQzNoxPyY0ra4w8/fzXy1MUiMgtQkSBWe3MpqYK9F/6UOw6Q7GZCHZtVlwU/97YZ8oqeuI1x9wkyerfb9xYO2ywpEvjmpfRV01y4Cs3fUZ/lnvrwvsFJT96tgljANf9RDE+sh/FJvojQW1EAejgBrSfWBLaCQyody46rv6lP/mZY2XADYmDC3kklGHw78YK87CuTPcXD7up9EOdJ3mtgvwlkMYwbH8IeLUyA2IKYtPiB9wZPYX+YLNfkhQkIA+EeX6UlDxzJueWRPaaDFD1J5P0T8HTR18Pnt3erkiPAmWTBsBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBB6ALrwgc4UyI5r4Xz2rpXYgECF2jGUym4hS4nYlpmc+u3CD8kvjTLZUu1rI2NlvB7i03nUhIExPJvfVGVcam+z4b8ulOxdXjju1Rx6MOcmC+K9]
 droneci_server::rpc_secret: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAF8cEANj72ACYYdilP52Oz4EXVt+stx838tFVV4SFukoCTmN+kJ3GUUEM9x+oDvo17CsZhDzx5dX0JGo7N9MCLHsR4XKx3GSoAKvaSiD73TbzbdTNJgTIE1tRP9HNbJKizwWLo4lo+OUNtwnu0Z5dkMLYRHyvZ1hG24qmdXVn9DI06gVGQw9YXGmNy8AvA0BKnaHvUnE5XoLNVKZ4g1yvc/nkYpK6nLB+X4sZ96PRig7khiuFVvAfpg5c2iWnF13ljIajnG9uY12RyGaAGfH4l/d3UEyuHyQL4zzT8N7gGt8fvg7eNFx51TyEpVRFLyQ7dqq/lzn0moXVT35PQr9K3DBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCGJ+rkxhqmyUUiIQLG7PnggDBPH9gyYAW5/XjDp5xd6GnuSt/WWOwOGxhg+1BoPzbV5o+Xufg5zyMVdYeI1MWD/u8=]
 droneci_server::cookie_secret: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAKTWrB7Cca8RgFEeP46puzhVWOAiI6nB+m5+/sgz1qNnn6VgNh9Q6D26p9HISrMp4k60KVuGXrIbZYpkvKZmv4zHgK2et+50sr/F1anhDRX4rsmGWVV9n8VhaIJFAyQkW4de9YxV9LAgk0tWs1BgfXv4cV4+sDBv0OSVIFJDst3LUWpBR6lsiV9IifvNNUrdOHkdt5XjuL4JVmc0nkjetAg9HSvJ9VHYLIQagFHnTQp0FWluE1/ibGNc2kz7D4K7cPz2bBxRJWomckSUwgQK0NrGID4D13haZXhKXAO/8QpQOwPra8vD9FYrFenMeFLwdw43NzSr2g/W1ss5PekbWGjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBASshs2UwkGqK4ShFfXni7cgDCDCnEiqcfxIz4X/Bq71IpRKan3uQbHOewFqjNGqoR+1oWupjRxzNL39H9YF1a6i6s=]
 droneci_server::database_secret: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEASu4C45TYWZKgIoyqC3YdwYYXn+T+ruP6oIvhYFJ5dxeZ+6HtWbRMViErvpPuWYfgs5qt6Zj9eLz2hqimFCvKiAvzANeZ9hkhw/jkpmvG8iXpDFw6x8QKcPJteRo896KSLiGiVlZfRbgQCGAqiEMw6y6M9CvfCLzE/mZ9gOKjSJVKiioAnXU2fyq0Y0M6g0iLRw0VXl2BVc4ORCnVECARQPo48T3U+TT39q0ar4mRO1AFO0VA5iDJ6/EMPBcH3ekKO/1dB1UbV6VkD3s9BAHGyL5a5Wr6ztg/5Yl6VBCXmECZqpCx8jx8KDUoaj1R/+I83YQxbw9ch76j79haIK6+jzBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAh6MmfbUELaWbSNZ9/Dev2gDD/E3G/uYJGXNGl1+PIVwGmi0z2BTXNqg7ax/b/uF5Xc9ZtBSPiSxR6BPRXN3GleNo=]
 droneci_server::postgres_password: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEANpDnrpratpuYheXFrN4nwRTauPm9rZz2ubDyJlcxmah+kOWqsWIeEkv5GuATlymfAx5UuHPOv3dJPCSK+YuyQY+kGW/8uEFM68QrNi38NdRqEpdXuPBe5+AmWxcjYK3mdJ4maEwsbbxtYJmD8TF6kskS2P/KhnIzYR5PPHZTaYbEf/W5Da3l+J5WnFYpStuLq+86yZokBAygFPI+y/Ic+zJIdhpzVdLyGuqxGLXZq7nNMrjuNyFPKkCj1BBpuJTMCS4oPKCUTlm5hIIeeC2pFREI0CMTV5siZB8NphobPNn/ZbJrcs9q75LtIa47pkFYRbmV4WPctCwZXg6jtMleuzBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDHJaChyidZq/5FN5n+ASJWgDCqUcR/DG9e8AD7fRmTb5BZM8XQ77a1hUJoaCycnMQ/5UyKmqU/7fLPrsxCf2vZU1M=]
--- a/modules/droneci/manifests/runner.pp
+++ b/modules/droneci/manifests/runner.pp
@ -0,0 +1,24 @@
 class droneci::runner (
  Hash $env_vars = {},
  String $docker_image = 'drone/drone-runner-docker:1',
  Array[String] $ports = [],
  Array[String] $volumes = [],
  Stdlib::Absolutepath $env_file = '/etc/sysconfig/droneci_runner',
 ) {
  # Create the environment file from a template
  file { $env_file:
    ensure  => file,
    content => template('droneci/droneci_env.erb'),
    mode    => '0644',
  }
  # Define the systemd service for Drone CI runner
  systemd::unit_file { 'droneci-runner.service':
    ensure    => present,
    content   => template('droneci/droneci_runner_service.erb'),
    enable    => true,
    active    => true,
    subscribe => File[$env_file],
  }
 }
--- a/modules/droneci/templates/droneci_runner_service.erb
+++ b/modules/droneci/templates/droneci_runner_service.erb
@ -0,0 +1,20 @@
 [Unit]
 Description=Drone CI Runner
 After=docker.service
 Requires=docker.service
 [Service]
 ExecStart=/usr/bin/docker run --rm \
  --name=drone-runner \
 <% @ports.each do |port| -%>
  -p <%= port %> \
 <% end -%>
 <% @volumes.each do |volume| -%>
  --mount <%= volume %> \
 <% end -%>
  --env-file <%= @env_file %> \
  <%= @docker_image %>
 Restart=always
 [Install]
 WantedBy=multi-user.target
		`@ -0,0 +1,2 @@`
							`---`
							droneci_server::rpc_secret: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAF8cEANj72ACYYdilP52Oz4EXVt+stx838tFVV4SFukoCTmN+kJ3GUUEM9x+oDvo17CsZhDzx5dX0JGo7N9MCLHsR4XKx3GSoAKvaSiD73TbzbdTNJgTIE1tRP9HNbJKizwWLo4lo+OUNtwnu0Z5dkMLYRHyvZ1hG24qmdXVn9DI06gVGQw9YXGmNy8AvA0BKnaHvUnE5XoLNVKZ4g1yvc/nkYpK6nLB+X4sZ96PRig7khiuFVvAfpg5c2iWnF13ljIajnG9uY12RyGaAGfH4l/d3UEyuHyQL4zzT8N7gGt8fvg7eNFx51TyEpVRFLyQ7dqq/lzn0moXVT35PQr9K3DBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCGJ+rkxhqmyUUiIQLG7PnggDBPH9gyYAW5/XjDp5xd6GnuSt/WWOwOGxhg+1BoPzbV5o+Xufg5zyMVdYeI1MWD/u8=]