mirror of https://github.com/1okko/openpilot.git
Update GitLab runner scripts and add sudo permissions
The GitLab Runner installation and uninstallation scripts have been refined, including directory management improvements and user handling enhancements. The install script now exports the base directory for subprocess availability and validates script arguments presence. An uninstall script has been added for smoother user experience. Additionally, sudo permissions have been granted to the gitlab-runner user group in both scripts and the .gitlab-ci.yml file, enhancing workflow efficiency.
This commit is contained in:
DevTekVE
parent
741237f6e2
commit
aad8cd295b
|
|
@ -100,6 +100,8 @@ build:
|
|||
- touch ${BUILD_DIR}/prebuilt
|
||||
- mkdir -p ${OUTPUT_DIR}
|
||||
- shopt -s dotglob && mv ${BUILD_DIR}/* ${OUTPUT_DIR}
|
||||
after_script:
|
||||
- sudo chown -R comma:comma ${OUTPUT_DIR}
|
||||
artifacts:
|
||||
paths:
|
||||
- ${OUTPUT_DIR}/
|
||||
|
|
|
|||
|
|
@ -1,80 +1,108 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# We need RW for the install process
|
||||
sudo mount -o remount rw /
|
||||
# Check if script arguments are present, if not exit the script
|
||||
if [ $# -eq 0 ]; then
|
||||
echo "No arguments provided. A GitLab token is required to run this script."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Ensure filesystem is remounted as read-only on script exit
|
||||
trap "sudo mount -o remount ro /" EXIT
|
||||
# Constants
|
||||
GITLAB_RUNNER_DOWNLOAD_URL="https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-arm64"
|
||||
GITLAB_RUNNER_USER_NAME="gitlab-runner"
|
||||
USER_GROUPS="comma,gpu,gpio,sudo"
|
||||
GITLAB_BASE_DIR="/data/gitlab"
|
||||
GITLAB_BIN_DIR="${GITLAB_BASE_DIR}/bin"
|
||||
GITLAB_BUILDS_DIR="${GITLAB_BASE_DIR}/builds"
|
||||
GITLAB_LOGS_DIR="${GITLAB_BASE_DIR}/logs"
|
||||
GITLAB_CACHE_DIR="${GITLAB_BASE_DIR}/cache"
|
||||
GITLAB_OPENPILOT_DIR="${GITLAB_BASE_DIR}/openpilot"
|
||||
SERVICE_NAME="gitlab-runner"
|
||||
|
||||
# Define directories
|
||||
BASE_DIR="/data/gitlab"
|
||||
BIN_DIR="$BASE_DIR/bin"
|
||||
CONFIG_DIR="$BASE_DIR"
|
||||
BUILDS_DIR="$BASE_DIR/builds"
|
||||
OPENPILOT_DIR="$BASE_DIR/openpilot"
|
||||
LOGS_DIR="$BASE_DIR/logs"
|
||||
CACHE_DIR="$BASE_DIR/cache"
|
||||
GITLAB_RUNNER_USERNAME="gitlab-runner"
|
||||
GROUPS_NEEDED="comma,gpu,gpio"
|
||||
create_gitlab_runner_directories() {
|
||||
sudo mkdir -p "$GITLAB_BIN_DIR" "$GITLAB_BUILDS_DIR" "$GITLAB_LOGS_DIR" "$GITLAB_CACHE_DIR" "$GITLAB_OPENPILOT_DIR"
|
||||
if [[ ! -d "/data/openpilot" ]]; then
|
||||
sudo mkdir -p "/data/openpilot"
|
||||
sudo chown -R comma:comma "/data/openpilot"
|
||||
fi
|
||||
}
|
||||
|
||||
# Create necessary directories
|
||||
sudo mkdir -p "$BIN_DIR" "$BUILDS_DIR" "$LOGS_DIR" "$CACHE_DIR" "$OPENPILOT_DIR"
|
||||
download_and_setup_gitlab_runner() {
|
||||
sudo curl -L --output "$GITLAB_BIN_DIR/gitlab-runner" "$GITLAB_RUNNER_DOWNLOAD_URL"
|
||||
sudo chmod +x "$GITLAB_BIN_DIR/gitlab-runner"
|
||||
}
|
||||
|
||||
# Download the GitLab Runner binary
|
||||
sudo curl -L --output "$BIN_DIR/gitlab-runner" "https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-arm64"
|
||||
setup_gitlab_runner_user() {
|
||||
sudo useradd --comment 'GitLab Runner' --create-home --home-dir ${GITLAB_BASE_DIR} ${GITLAB_RUNNER_USER_NAME} --shell /bin/bash -G ${USER_GROUPS} || sudo usermod -aG ${USER_GROUPS} ${GITLAB_RUNNER_USER_NAME}
|
||||
export GITLAB_BASE_DIR # Export it to make it available to sub-processes
|
||||
sudo -u ${GITLAB_RUNNER_USER_NAME} bash -c "truncate -s 0 '${GITLAB_BASE_DIR}/.bash_logout'"
|
||||
}
|
||||
|
||||
# Give it permission to execute
|
||||
sudo chmod +x "$BIN_DIR/gitlab-runner"
|
||||
create_sudoers_entry() {
|
||||
sudo grep -qxF "${GITLAB_RUNNER_USER_NAME} ALL=(ALL) NOPASSWD: ALL" /etc/sudoers || echo "${GITLAB_RUNNER_USER_NAME} ALL=(ALL) NOPASSWD: ALL" | sudo tee -a /etc/sudoers
|
||||
}
|
||||
|
||||
# Create a GitLab Runner user
|
||||
sudo useradd --comment 'GitLab Runner' --create-home --home-dir ${BASE_DIR} ${GITLAB_RUNNER_USERNAME} --shell /bin/bash -G ${GROUPS_NEEDED} || sudo usermod -aG ${GROUPS_NEEDED} gitlab-runner
|
||||
|
||||
# Clean bash_logout as it break gitlab pipelines
|
||||
sudo truncate -s 0 ${BASE_DIR}/.bash_logout
|
||||
|
||||
# Create a configuration file
|
||||
cat <<EOL | sudo tee "$CONFIG_DIR/config.toml"
|
||||
generate_gitlab_config_file() {
|
||||
cat <<EOL | sudo tee "$GITLAB_BASE_DIR/config.toml"
|
||||
[[runners]]
|
||||
name = "tici"
|
||||
url = "https://gitlab.com/"
|
||||
token = "$1"
|
||||
executor = "shell"
|
||||
builds_dir = "$BUILDS_DIR"
|
||||
builds_dir = "$GITLAB_BUILDS_DIR"
|
||||
[runners.custom_build_dir]
|
||||
[runners.docker]
|
||||
volumes = ["$CACHE_DIR:/cache"]
|
||||
volumes = ["$GITLAB_CACHE_DIR:/cache"]
|
||||
[runners.cache]
|
||||
MaxUploadedArchiveSize = 0
|
||||
[runners.custom]
|
||||
config_exec = "$LOGS_DIR"
|
||||
config_exec = "$GITLAB_LOGS_DIR"
|
||||
EOL
|
||||
}
|
||||
|
||||
# Set permissions
|
||||
sudo chown -R ${GITLAB_RUNNER_USERNAME}:comma "$BASE_DIR"
|
||||
sudo chmod g+rwx "$BASE_DIR"
|
||||
sudo chmod g+s "$BASE_DIR"
|
||||
set_gitlab_directory_permissions() {
|
||||
sudo chown -R ${GITLAB_RUNNER_USER_NAME}:comma "$GITLAB_BASE_DIR"
|
||||
sudo chmod g+rwx "$GITLAB_BASE_DIR"
|
||||
sudo chmod g+s "$GITLAB_BASE_DIR"
|
||||
}
|
||||
|
||||
|
||||
# Create a systemd service file for gitlab-runner
|
||||
cat <<EOL | sudo tee /etc/systemd/system/gitlab-runner.service
|
||||
create_gitlab_runner_service() {
|
||||
cat <<EOL | sudo tee /etc/systemd/system/${SERVICE_NAME}.service
|
||||
[Unit]
|
||||
Description=GitLab Runner
|
||||
After=syslog.target network.target
|
||||
ConditionFileIsExecutable=$BIN_DIR/gitlab-runner
|
||||
|
||||
ConditionFileIsExecutable=$GITLAB_BIN_DIR/gitlab-runner
|
||||
[Service]
|
||||
StartLimitInterval=5
|
||||
StartLimitBurst=10
|
||||
ExecStart=/usr/bin/unshare -m -- sh -c 'mount --bind $OPENPILOT_DIR /data/openpilot && exec $BIN_DIR/gitlab-runner "run" "--working-directory" "$BUILDS_DIR" "--config" "$CONFIG_DIR/config.toml" "--service" "gitlab-runner" "--syslog" "--user" "${GITLAB_RUNNER_USERNAME}"'
|
||||
|
||||
ExecStart=/usr/bin/unshare -m -- sh -c 'mount --bind $GITLAB_OPENPILOT_DIR /data/openpilot && exec $GITLAB_BIN_DIR/gitlab-runner "run" "--working-directory" "$GITLAB_BUILDS_DIR" "--config" "$GITLAB_BASE_DIR/config.toml" "--service" "gitlab-runner" "--syslog" "--user" "${GITLAB_RUNNER_USER_NAME}"'
|
||||
Restart=always
|
||||
RestartSec=120
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOL
|
||||
}
|
||||
|
||||
# Reload systemd and start gitlab-runner
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl disable gitlab-runner # Intentionally, making sure the service is NOT enabled on boot.
|
||||
sudo systemctl start gitlab-runner
|
||||
start_gitlab_runner_service() {
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl disable gitlab-runner # Intentionally making sure the service is NOT enabled on boot.
|
||||
sudo systemctl start gitlab-runner
|
||||
}
|
||||
|
||||
# Make the filesystem writable
|
||||
sudo mount -o remount,rw /
|
||||
|
||||
# Ensure filesystem is remounted as read-only on script exit
|
||||
trap "sudo mount -o remount,ro /" EXIT
|
||||
|
||||
# Call functions
|
||||
setup_gitlab_runner_user
|
||||
create_sudoers_entry
|
||||
create_gitlab_runner_directories
|
||||
download_and_setup_gitlab_runner
|
||||
generate_gitlab_config_file "$1"
|
||||
set_gitlab_directory_permissions
|
||||
create_gitlab_runner_service
|
||||
start_gitlab_runner_service
|
||||
|
||||
# End of install script
|
||||
|
|
|
|||
|
|
@ -0,0 +1,58 @@
|
|||
#!/bin/bash
|
||||
# Define directories and user
|
||||
GITLAB_BASE_DIR="/data/gitlab"
|
||||
BIN_DIR="$GITLAB_BASE_DIR/bin"
|
||||
BUILDS_DIR="$GITLAB_BASE_DIR/builds"
|
||||
OPENPILOT_DIR="$GITLAB_BASE_DIR/openpilot"
|
||||
LOGS_DIR="$GITLAB_BASE_DIR/logs"
|
||||
CACHE_DIR="$GITLAB_BASE_DIR/cache"
|
||||
RUNNER_USERNAME="gitlab-runner"
|
||||
# Define the systemd service name
|
||||
SERVICE_NAME="gitlab-runner"
|
||||
USER_GROUPS="comma,gpu,gpio,sudo"
|
||||
|
||||
# Function to stop and disable the systemd service
|
||||
stop_service() {
|
||||
sudo systemctl stop ${SERVICE_NAME}
|
||||
sudo systemctl disable ${SERVICE_NAME}
|
||||
}
|
||||
|
||||
# Function to remove the systemd service file
|
||||
remove_service_file() {
|
||||
sudo rm /etc/systemd/system/${SERVICE_NAME}.service
|
||||
sudo systemctl daemon-reload
|
||||
}
|
||||
|
||||
# Function to delete the GitLab Runner directories
|
||||
delete_directories() {
|
||||
sudo rm -rf "$BIN_DIR/gitlab-runner"
|
||||
sudo rm -rf "$GITLAB_BASE_DIR" "$BIN_DIR" "$BUILDS_DIR" "$LOGS_DIR" "$CACHE_DIR" "$OPENPILOT_DIR"
|
||||
}
|
||||
|
||||
# Function to remove the GitLab Runner user
|
||||
delete_user() {
|
||||
for group in ${USER_GROUPS//,/ }
|
||||
do
|
||||
sudo gpasswd -d ${RUNNER_USERNAME} ${group}
|
||||
done
|
||||
sudo userdel -r ${RUNNER_USERNAME}
|
||||
}
|
||||
|
||||
# Function to remove sudoers entry
|
||||
remove_sudoers_entry() {
|
||||
sudo sed -i.bak "/${RUNNER_USERNAME} ALL=(ALL) NOPASSWD: ALL/d" /etc/sudoers
|
||||
}
|
||||
|
||||
# Make filesystem writable
|
||||
sudo mount -o remount rw /
|
||||
|
||||
# Ensure filesystem is remounted as read-only on script exit
|
||||
trap "sudo mount -o remount ro /" EXIT
|
||||
|
||||
# Call functions
|
||||
stop_service
|
||||
remove_service_file
|
||||
delete_directories
|
||||
delete_user
|
||||
remove_sudoers_entry
|
||||
# End of uninstall script
|
||||
Loading…
Reference in New Issue