Skip to content

Adding a new inventory

When adding a new inventory, there need to be one or more GitLab runners installed and configured on one or more hosts within that host farm. Here is the step by step instruction on how to get this done:

Install gitlab-runner as a service

1
dans [INVENTORY] role gitlab-runner --limit=[HOST]

Configure the host for gitlab-runner

SSH into the host, change to sudo su and follow these instructions:

Register the runner

1
gitlab-runner register
  • Please enter the gitlab-ci coordinator URL: https://gitlab.lakedrops.com/
  • Please enter the gitlab-ci token for this runner: get the token from https://gitlab.lakedrops.com/ansible-inventories/[INVENTORY]/-/settings/ci_cd
  • Please enter the gitlab-ci description for this runner: Inventory [inventory] [host]
  • Please enter the gitlab-ci tags for this runner (comma separated): ansible
  • Please enter the executor: docker
  • Please enter the default Docker image (e.g. ruby:2.6): registry.lakedrops.com/ansible-inventories/[inventory]:latest

Then edit the file /etc/gitlab-runner/config.toml and make sure that the runner config looks like this:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
[[runners]]
  name = "Inventory [inventory] [host"
  url = "https://gitlab.lakedrops.com/"
  token = "[token]"
  executor = "docker"
  [runners.custom_build_dir]
  [runners.cache]
    [runners.cache.s3]
    [runners.cache.gcs]
  [runners.docker]
    tls_verify = false
    hostname = "Ansible-[inventory]-[host]"
    image = "registry.lakedrops.com/ansible-inventories/[inventory]:latest"
    privileged = true
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/home/gitlab-runner/.ssh/id_rsa:/root/.ssh/id_rsa","/home/gitlab-runner/.a/variables.yml:/root/.ansible/secrets","/var/log/ansible:/var/log/ansible"]
    pull_policy = "always"
    shm_size = 0

Then restart the runner with gitlab-runner restart.

Login to the registry

The runner will be executed either as user root, gitlab-runner or any of the sudo users. It is recomended, that you create access tokens for each of them by going to https://gitlab.lakedrops.com/profile/personal_access_tokens and creating tokens with the read_registry scope. The call docker login registry.lakedrops.com and use username and token as credentials. They get stored in ~/.docker/config.json for future use.

Create ~/.a/variables.yml

1
ansible_sudo_pass: '[sudo password of gitlab-runner user on all hosts of the farm]'

Create ~/.a/environment

1
ANSIBLE_REMOTE_USER=gitlab-runner