-
Notifications
You must be signed in to change notification settings - Fork 195
Openstack Gitlab Runner Setup
Adam Novak edited this page Sep 6, 2023
·
24 revisions
We're now setting up a set of Gitlab runners for vg on the GI's Openstack local cloud.
- Make sure you have an SSH key set up in Openstack
- Get Openstack YAML file from http://gicloud.prism/dashboard/project/api_access/
- Put at ~/config/openstack/clouds.yaml
- Edit in your Openstack password under
auth
as apassword
key, since it can't remember a cookie or anything. - Install the Openstack CLI:
pip install --user python-openstackclient
- Deploy a runner VM and connect to it:
SSH_KEY_NAME=anovak-swords
SERVER_NAME=anovak-gitlab-runner-3
openstack --os-cloud openstack server create --image ubuntu-22.04-LTS-x86_64 --flavor m1.huge --key-name ${SSH_KEY_NAME} --wait ${SERVER_NAME}
while true ; do
IP_ID=$(openstack --os-cloud openstack floating ip list --long --status DOWN --network ext-net --format value --column ID | head -n1)
while [[ "${IP_ID}" == "" ]] ; do
openstack --os-cloud openstack floating ip create ext-net
IP_ID=$(openstack --os-cloud openstack floating ip list --long --status DOWN --network ext-net --format value --column ID | head -n1)
done
openstack --os-cloud openstack server add floating ip ${SERVER_NAME} ${IP_ID} || continue
break
done
INSTANCE_IP="$(openstack --os-cloud openstack floating ip show ${IP_ID} --column floating_ip_address --format value)"
ssh-keygen -R ${INSTANCE_IP}
sleep 60
ssh ubuntu@${INSTANCE_IP}
- On the VM, become root:
sudo su -
- Set up the machinery to keep Docker images and scratch space on the instance's ephemeral storage that mounts at /mnt (this code is adapted from Toil and might be Apache licensed):
systemctl stop docker.socket || true
systemctl stop docker.service || true
systemctl stop ephemeral-setup.service || true
rm -Rf /var/lib/docker
cat >/etc/systemd/system/ephemeral-setup.service <<'EOF'
[Unit]
Description=bind mounts ephemeral directories
Before=docker.service
Requires=mnt.mount
After=mnt.mount
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=mkdir -p /mnt/ephemeral/var/lib/docker
ExecStart=mkdir -p /var/lib/docker
ExecStart=mount --bind /mnt/ephemeral/var/lib/docker /var/lib/docker
ExecStop=umount /var/lib/docker
[Install]
RequiredBy=docker.service
EOF
systemctl daemon-reload
systemctl enable ephemeral-setup.service
systemctl start docker.socket || true
systemctl start docker.service || true
- Go to https://ucsc-ci.com/groups/vgteam/-/runners/new and make a new runner that is paused and runs untagged jobs. Name it so you can match it up with the VM you made.
- Set the runner token in your environment on the server:
RUNNER_TOKEN=!!!PASTE!TOKEN!HERE!!!
- Set up the Gitlab runner on the server:
TASK_MEMORY=25G
TASKS_PER_NODE=3
CPUS_PER_TASK=4
bash -c "export DEBIAN_FRONTEND=noninteractive; curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh | bash"
DEBIAN_FRONTEND=noninteractive apt update && sudo DEBIAN_FRONTEND=noninteractive apt upgrade -y
DEBIAN_FRONTEND=noninteractive apt install -y docker.io gitlab-runner
gitlab-runner register --non-interactive --url https://ucsc-ci.com --token "${RUNNER_TOKEN}" --limit "${TASKS_PER_NODE}" --executor docker --docker-privileged --docker-memory "${TASK_MEMORY}" --docker-cpus "${CPUS_PER_TASK}" --docker-image docker:dind
sed -i "s/concurrent = 1/concurrent = ${TASKS_PER_NODE}/g" /etc/gitlab-runner/config.toml
gitlab-runner restart
On a runner server with free resources, start a persistent Docker registry proxy:
docker run -d -e REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io -p 5000:5000 --restart always --name registry registry:2
You can view the logs with:
docker logs registry
The --restart always
registers the container in the Docker daemon to be started when the daemon starts.
If this is very broken, you can run the registry under your terminal instead:
docker run --rm -ti -e REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io -p 5000:5000 -p 80:5000 --name registry registry:2
Make sure to set DOCKER_HUB_MIRROR
for the vg CI jobs to http://server-public-ip
so the proxy will be used.