Maxwell : Gitlab runners for software deployment on Maxwell

Test (without puppetisation yet):

• created a functional account (maxdep01)
• created home dir for that account (via 'su - maxdep01')
• Installed latest (15.5.1) runner on max-infra003
• Disabled the service that came with the RPM

• registered the runner via 

  registration command

  gitlab-runner register -r <Token> -u https://gitlab.desy.de/ --executor shell --name maxdep01-runner -c /etc/gitlab-runner/config-maxdep01.toml

  changed permissions on the resulting config file and config dir to be:

  config-perms

  root@max-infra003 ~]# ls -ltra /etc/gitlab-runner/
  total 24
  drwxr-xr-x. 134 root     root 12288 Nov 16 15:25 ..
  -rw-------    1 root     root    77 Nov 16 15:25 config.toml
  -rw-------    1 maxdep01 root   431 Nov 16 15:42 config-maxdep01.toml
  drwxr-x---    2 root     it    4096 Nov 16 15:42 .
  
  

   We can either have the gitlab-runner run as root and change to the defined user by itself (as it does in the default config), making the configs readable for root only or have the runner run in user mode, controlled by systemd then we nedd the permissions as set here.

• Created a new service file for a per-user service  Note that the user is given via the systemd unit, not as a parameter to the runner!

  /etc/systemd/system/gitlab-runner@.service Expand source

  [Unit]
  Description=GitLab Runner
  ConditionFileIsExecutable=/usr/bin/gitlab-runner
  ConditionPathExists=/etc/gitlab-runner/config-%i.toml
  After=syslog.target network.target
  
  [Service]
  User=%i
  Environment="PATH=/software/git/bin:/software/tools/bin:/usr/local/bin:/usr/bin"
  ExecStartPre=/usr/bin/test -e /home/.icinga_test
  ExecStartPre=/usr/bin/test -e /software/.icinga_test
  StartLimitInterval=5
  StartLimitBurst=10
  ExecStart=/usr/bin/gitlab-runner run --working-directory /home/%i --config /etc/gitlab-runner/config-%i.toml --service gitlab-runner

  The path-setting in the environment is needed to have a sufficiently new git, otherwise the runner doesn't work reliebly.

• started service using 'systemctl restart gitlab-runner@maxdep01' and voila:

  service status Expand source

  [root@max-infra003 ~]# systemctl status gitlab-runner@maxdep01
  ● gitlab-runner@maxdep01.service - GitLab Runner
     Loaded: loaded (/etc/systemd/system/gitlab-runner@.service; disabled; vendor preset: disabled)
     Active: active (running) since Wed 2022-11-16 16:30:27 CET; 7min ago
    Process: 40319 ExecStartPre=/usr/bin/test -e /software/.icinga_test (code=exited, status=0/SUCCESS)
    Process: 40316 ExecStartPre=/usr/bin/test -e /home/.icinga_test (code=exited, status=0/SUCCESS)
   Main PID: 40323 (gitlab-runner)
     CGroup: /system.slice/system-gitlab\x2drunner.slice/gitlab-runner@maxdep01.service
             └─40323 /usr/bin/gitlab-runner run --working-directory /home/maxdep01 --config /etc/gitlab-runner/config-maxdep01.toml --service gitlab-ru...
  
  Nov 16 16:30:27 max-infra003.desy.de systemd[1]: Started GitLab Runner.
  Nov 16 16:30:27 max-infra003.desy.de gitlab-runner[40323]: Runtime platform                                    arch=amd64 os=linux pid=40323 r...=15.5.1
  Nov 16 16:30:27 max-infra003.desy.de gitlab-runner[40323]: Starting multi-runner from /etc/gitlab-runner/config-maxdep01.toml...  builds=0
  Nov 16 16:30:27 max-infra003.desy.de gitlab-runner[40323]: WARNING: Running in user-mode.                    
  Nov 16 16:30:27 max-infra003.desy.de gitlab-runner[40323]: WARNING: Use sudo for system-mode:                
  Nov 16 16:30:27 max-infra003.desy.de gitlab-runner[40323]: WARNING: $ sudo gitlab-runner...                  
  Nov 16 16:30:27 max-infra003.desy.de gitlab-runner[40323]: 
  Nov 16 16:30:27 max-infra003.desy.de gitlab-runner[40323]: Configuration loaded                                builds=0
  Nov 16 16:30:27 max-infra003.desy.de gitlab-runner[40323]: listen_address not defined, metrics & debug endpoints disabled  builds=0
  Nov 16 16:30:27 max-infra003.desy.de gitlab-runner[40323]: [session_server].listen_address not defined, session endpoints disabled  builds=0
  Hint: Some lines were ellipsized, use -l to show in full.
  
  

• And it works, ewmscp is now deployed by the CI/CD as can be seen by the ownership of the deployed files:

  deployed-files Expand source

  root@max-infra003 ~]# ls -ltra /software/tools/bin/ | grep max
  -rwxr-xr-x  1 maxdep01 it    10362 Nov 17 19:14 gpfs-mv
  -rwxr-xr-x  1 maxdep01 it    11982 Nov 17 19:14 ewmsls
  -rwxr-xr-x  1 maxdep01 it     1257 Nov 17 19:14 dCacheFileCheck.bash
  -rwxr-xr-x  1 maxdep01 it    10494 Nov 17 19:14 adler32
  -rwxr-xr-x  1 maxdep01 it  2824504 Nov 17 19:15 fixGpfsAcls
  -rwxr-xr-x  1 maxdep01 it  3415744 Nov 17 19:15 dirCount
  -rwxr-xr-x  1 maxdep01 it  3285648 Nov 17 19:15 escaper
  -rwxr-xr-x  1 maxdep01 it  2955312 Nov 17 19:15 recursiveGpfsImmutable
  -rwxr-xr-x  1 maxdep01 it  4810648 Nov 17 19:15 fileOpsTests
  -rwxr-xr-x  1 maxdep01 it  3174448 Nov 17 19:15 checkGpfsAcls
  -rwxr-xr-x  1 maxdep01 it  4676448 Nov 17 19:15 regex_test
  -rwxr-xr-x  1 maxdep01 it  3550168 Nov 17 19:15 truncate_file
  -rwxr-xr-x  1 maxdep01 it  2472392 Nov 17 19:15 sparseMap
  -rwxr-xr-x  1 maxdep01 it  2778376 Nov 17 19:15 statvfs
  -rwxr-xr-x  1 maxdep01 it  5723288 Nov 17 19:15 inotify_watch
  -rwxr-xr-x  1 maxdep01 it 25014592 Nov 17 19:15 ewmscp
  
  

  The deploy pipeline yml file is not in the public ewmscp repo but in a private ewmscp-deployer repo, which includes the original CI yml for the tests

Also installed on max-infra005 for RHEL9 stuff, uses 

/home/maxdep01/rhel9