Support for docker services in runner config

Currently,

what I try to achieve is also to configure predinefed services for some runner. This could be done through runner/configuration/advanced-configuration.html#the-runnersdockerservices-section

So currently I don't know how this could be achieved by using this role.

What I did try but without success was the following:

gitlab_runner_coordinator_url: "https://gitlab.example.com"
gitlab_runner_listen_address: "0.0.0.0:9097"
gitlab_runner_runners:
  - name: '{{ ansible_hostname }}'
    state: present
    executor: docker
    docker_image: 'docker:19.03-git'
    tags:
      - docker
      - dind
    env_vars: [
      "DOCKER_AUTH_CONFIG={\"auths\":{\"docker.example.com\":{\"auth\":\"<my-secret>\"}},\"HttpHeaders\":{\"User-Agent\":\"Docker-client/18.09.5 (linux)\"}}",
      "DOCKER_DRIVER=\"overlay2\"",
    ]
    run_untagged: false
    # Docker privileged mode
    docker_privileged: true
    docker_volumes:
      - "/cache"
      - "/etc/docker/certs.d:/etc/docker/certs.d"
      - "/var/lib/docker"
    extra_configs:
      runners.docker:
        wait_for_services_timeout: 15
      runners.docker.services: 
        - name: "docker:19.03-dind"

I hope someone can help me. Thanks in advance.

ping @riemers

This does sound a lot like one of the open issues, where multiple instances are created where it doesn't work with. I believe it is this one https://github.com/riemers/ansible-gitlab-runner/issues/85 which has no fix for it yet. Would take some time to fix too, which i sadly don't have at this time. (new job/kids etc)

@riemers thanks for clarifying this to me 👍 . So I don't need a direct solution for my problem 😏 because I wanted only to clarify that my assumption is correct and I can try to make a pr for this case that others could use this as well.

Thanks for your work on this project it did give me a nice easy smooth start.

I've hit the same problem.

A bit of background:

The way I've been setting up the runners so far was to avoid using gitlab-runner register command entirely, instead doing the process purely in Ansible:

• in case the runner is already registered in coordinator, retrieve its token (here be dragons!) with Runners API
  • otherwise: registration entirely via Runners REST API
• templating out the config.toml

This worked perfectly... until token value was removed from the API entirely. And this is how I stumbled across this excellent role :-)

---

Back to the problem at hand: I also need to use [[runners.docker.services]]. Not sure I'd manage the time to add support for this as I need to put something together fast - but in case I do, would it make more sense to add services as a separate option or under extra_configs?

Services do need to appear as sub-section of runners.docker, however the existing logic seems harder to change this way. Not sure how to approach this - as the service entry is >1 line... :)

This is a longer problem indeed, hence why help is requested. I don't see myself solving this soon though.

I quickly hacked something together to make this work. I say hacked as I'm not too deep into your role and I'm unsure if this is the way to go for adding that feature. However, it's looking quite ok for a midnight development session :)

1. Added my services configuration as docker_services to gitlab_runner_runners

   gitlab_runner_runners:
     - name: "{{ inventory_hostname }}-docker"
       executor: docker
       # ... some other config omitted for readability ...
       docker_services:
         - name: docker:20.10.12-dind
           command: ["--insecure-registry=10.0.0.0/24"]
   

2. Created a template file templates/config.runners.docker.services.j2

   {% for service in gitlab_runner.docker_services %}
       [[runners.docker.services]]
   {% for attr in service %}
         {{ attr }} = {{ service[attr] | to_json }}
   {% endfor %}
   {% endfor %}
   

3. Added the following to tasks/update-config-runner.yml

   # Task named "{{ runn_name_prefix }} Set runner docker network option" comes before
   
   #### [[runners.docker.services]] section ####
   - name:  "{{ runn_name_prefix }} Set additional services"
     blockinfile:
       dest: "{{ temp_runner_config.path }}"
       content: "{{ lookup('template', 'config.runners.docker.services.j2') if gitlab_runner.docker_services is defined }}"
       state: "{{ 'present' if gitlab_runner.docker_services is defined else 'absent' }}"
       marker: "# {mark} runners.docker.services"
       insertafter: EOF
     check_mode: no
     notify:
     - restart_gitlab_runner
     - restart_gitlab_runner_macos
   
   #### [runners.custom_build_dir] section ##### comes next
   

That's it. This looks like so in my GitLab runner configuration and works quite well for my needs.

[[runners]]
  name = "runner-docker"
  executor = "docker"
  # ... some other config omitted for readability ...
  [runners.cache]
  [runners.docker]
    volumes = ["/root/.docker/config.json:/root/.docker/config.json:ro", "/certs/client", "/cache"]
    image = "docker:20.10.12"
    privileged = true
    disable_entrypoint_overwrite = false
    oom_kill_disable = false

# BEGIN runners.docker.services
    [[runners.docker.services]]
      name = "docker:20.10.12-dind"
      command = ["--insecure-registry=10.0.0.1/8"]
# END runners.docker.services

If your happy with the code and tested it, no reason not to make a PR for it. I have reverted PR's in the past because of issues but that is the point of the test and its a community effort :)

Seems this message did not get a lot of love. This does not mean it was not seen but time wise might not have made it to proper attention. This is just the clean up action ;)