2021-02-26 10:55:00
Just some quick notes I've been making on how to quickly get gitlab-runner up on a Linux box. I still feel very yucky about curl-in a file into sudo bash, so I'll probs grab the file locally instead and make sure it doesn't do anything nasty.
The following example was used on my Ansible host, to install gitlab-runner and to have it run as the local "ansible" user account instead of root. It registers and starts two runners.
curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh" | sudo bash
export GITLAB_RUNNER_DISABLE_SKEL=true; sudo -E yum install -y gitlab-runner
sudo gitlab-runner uninstall
sudo mkdir /etc/systemd/system/gitlab-runner.service.d/
cat > /tmp/exec_start.conf << EOF
[Service]
ExecStart=
ExecStart=/usr/bin/gitlab-runner "run" "--working-directory" "/home/ansible/gitlab" "--config" "/etc/gitlab-runner/config.toml" "--service" "gitlab-runner" "--user" "ansible"
EOF
sudo mv /tmp/exec_start.conf /etc/systemd/system/gitlab-runner.service.d/exec_start.conf
sudo systemctl daemon-reload
sudo systemctl enable gitlab-runner
sudo systemctl start gitlab-runner
sudo cp /tmp/broehaha-cachain.pem /etc/gitlab-runner/cachain.pem
read -p "gitlab reg token: " GITLAB_TOKEN
sudo gitlab-runner register --non-interactive
--tls-ca-file=/etc/gitlab-runner/cachain.pem
--tag-list ansible
--name ansible.corp.broehaha.nl
--registration-token ${GITLAB_TOKEN}
--url https://gitlab.corp.broehaha.nl
--executor shell
--locked=false
sudo gitlab-runner register --non-interactive
--tls-ca-file=/etc/gitlab-runner/cachain.pem
--tag-list ansible
--name ansible.corp.broehaha.nl
--registration-token ${GITLAB_TOKEN}
--url https://gitlab.corp.broehaha.nl
--executor shell
--locked=false
kilala.nl tags:
work,
studies,
View or add comments (curr. 0)