terraform-aws-gitlab-runner icon indicating copy to clipboard operation
terraform-aws-gitlab-runner copied to clipboard

Published 20 hours ago verified publisher icon cattle-ops

SSM Session Manager not working

Open justinTM opened this issue 1 year ago • 1 comments
trafficstars

version = "7.2.2"

The IAM role seems to have policies for SSM access but I can't connect. And then SSH key pairs aren't allowed anymore so I can't debug the startup. Anyways the real problem is the runner isn't showing up in the list of runners in GitLab so I need to see which command failed in the instance

terraform config ```terraform 
module "runner" {
  source  = "npalm/gitlab-runner/aws"
  version = "7.2.2"

  environment = "trz-glrunner-${var.stage}"

  vpc_id    = local.backend.vpc_id
  subnet_id = element(local.backend.database_subnet_ids, 0)

  # add certificates and docker.sock to the volumes to support docker-in-docker (dind)
  runner_worker_docker_add_dind_volumes = true

  runner_ami_filter = {
    name = ["amzn2-ami-kernel-5.10-hvm-2.*-arm64-gp2"]
  }

  runner_worker_docker_machine_ami_filter = {
    name                = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-arm64-server-*"]
    virtualization-type = ["hvm"]
  }

  runner_worker_docker_machine_instance = {
    name_prefix     = "trz-glworker-"
    max_growth_rate = 3
    type            = "m6gd.xlarge"
  }

  runner_instance = {
    collect_autoscaling_metrics = ["GroupDesiredCapacity", "GroupInServiceCapacity"]
    name                        = "trz-glrunner-${var.stage}"
    ssm_access                  = true
    type                        = "t4g.micro"
  }

  # runner_networking = {
  #   allow_incoming_ping_security_group_ids = [data.aws_security_group.default.id]
  # }

  runner_gitlab = {
    url = var.gitlab_url
  }

  runner_gitlab_registration_config = {
    registration_token = var.registration_token
    tag_list           = "docker_spot_runner"
    description        = "runner default - auto"
    locked_to_project  = "false"
    run_untagged       = "true"
    maximum_timeout    = "3600"  # seconds
  }

  runner_worker_gitlab_pipeline = {
    # pre_build_script  = <<EOT
    #     '''
    #     echo 'multiline 1'
    #     echo 'multiline 2'
    #     '''
    #     EOT
    # post_build_script = "\"echo 'single line'\""
  }

  runner_worker_docker_options = {
    privileged = "true"
    volumes    = ["/cache", "/certs/client"]
  }

  runner_worker_docker_volumes_tmpfs = [
    {
      volume  = "/var/opt/cache",
      options = "rw,noexec"
    }
  ]

  runner_worker_docker_services_volumes_tmpfs = [
    {
      volume  = "/var/lib/mysql",
      options = "rw,noexec"
    }
  ]

  runner_worker_docker_machine_autoscaling_options = [
    {
      # [second] [minute] [hour] [day of month] [month] [day of week] [year]
      periods    = ["* * * * * * *"]
      idle_count = 0
      idle_time  = 3600
      timezone   = "UTC"
    }
  ]

}

</details>

justinTM avatar Jan 28 '24 10:01 justinTM

Let's see what's going on. Basically the SSM access works. Just connected to my instance, so IAM should be fine.

Have you checked the Cloudwatch log groups? Are there any errors shown?

I noticed that you use a t4g instance. As this requires a different AMI: Any chance to switch to a t4instance and get rid of the AMI filter? Just to make sure that it works.

kayman-mk avatar Feb 15 '24 10:02 kayman-mk

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 15 days.

github-actions[bot] avatar Apr 16 '24 02:04 github-actions[bot]

This issue was closed because it has been stalled for 15 days with no activity.

github-actions[bot] avatar May 01 '24 02:05 github-actions[bot]