Skip to content

Preparing the GitLab-CI server

As GitLab-CI is part of GitLab core, there is no extra software that needs to be installed. However, a few configuration steps are required:

  • Create and configure runners
  • Located in /etc/gitlab-runner
  • Documentation
  • Install and configure Ansible
  • Prepare configuration for user gitlab-runner
    • Create ~/.ansible/vault.pwd
    • Create ~/.ansible/secrets with ansible_sudo_pass and potentially other variables
  • Install Ansible in /opt/ansible and run setup-local
  • Run /opt/ansible/ as gitlab-runner

Preparing remote hosts for Ansible deployment

To allow the gitlab-runner to access your remote hosts when deploying code through Ansible, you have to prepare those remote hosts with these steps:

  • Create a user called gitlab-runner
  • Install the public key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJDzOYp01MZTZxj6jY+S+Pv9uvpDlEQLl9uH0llmHUw5FsDgZ//ObYQtKvyMftykkejckWzSvAYsulV20h5+oDjQAcdaC5joZETAOP/5rCgYlV3Rd4lbKLNBSpWHFl4hmOD1cBqMrNtTZqIkfSayMBRn+tMK/6FseXEROjlose11JF+4WcjIzo41qKDQ/Y3GT7BG2kgAgfO0sWj2bxWSW4pdOuYIabQvS+EuC+g8OQsRUseSTsOJNgDTzh/loIjlKV3ZP8zRAqYq2XUPz2GvQ8qILUkaZvTU3CAdIzxY4rLF/iEgofNCi1EgscEzdHDfujRbG8BiMiH/3wt6UPK/Ql gitlab-runner@pdevop for that user as an authorized key
  • Add gitlab-runner to the sudo group
  • Set the password given by the system administrator for gitlab-runner

Preparing a gitlab project

These steps need to be taken by the system administrator on the gitlab server:

  • Assign at least one runner to the project
  • Add the GitLab user Ansible Deployment as a member to the project with the developer role
  • Add the public key of the user gitlab-runner at the remote host to the GitLab user's Ansible Deployment profile
  • If the project wants to use Ansible for deployment, do this in addition:
  • Find out CI_PROJECT_ID
  • Create a file ansible-inventories/paragon/raw/master/files/gitlab-runner/[CI_PROJECT_ID].yml and define the necessary variables
  • Test SSH access to the remote host

CI variable configuration

To limit the Ansible scope of what the GitLab-CI process can actually perform, define the project configuration file with these values:

playbook: deploy
company: customer
host: web01
  var1: value 1
  var2: value 2
tags: deploy

All the variables in extras (optional) will be forwarded to Ansible as --extra-vars and also the optional tags, which should be a comma separated list of strings if multiple values are required.

Last update: January 12, 2021 18:06:10