PTFE-753 attach gcp runners to github (#362)

Author: tcarmet

.trunk/configs/.shellcheckrc

@@ -0,0 +1,7 @@
+enable=all
+source-path=SCRIPTDIR
+disable=SC2154
+
+# If you're having issues with shellcheck following source, disable the errors via:
+# disable=SC1090
+# disable=SC1091

.trunk/trunk.yaml

@@ -20,6 +20,8 @@ lint:
       paths:
         - tests
   enabled:
+    - [email protected]
+    - [email protected]
     - [email protected]
     - [email protected]
     - [email protected]

runner_manager/backend/docker.py

@@ -53,26 +53,12 @@ def _labels(self, runner: Runner) -> Dict[str, str | None]:
         labels.update(self.instance_config.labels)
         return labels
 
-    def _environment(self, runner: Runner) -> Dict[str, str | None]:
-        """Return environment variables for the container."""
-        environment: Dict[str, str | None] = self.instance_config.environment
-        environment.update(
-            {
-                "RUNNER_NAME": runner.name,
-                "RUNNER_LABELS": ", ".join([label.name for label in runner.labels]),
-                "RUNNER_TOKEN": runner.token,
-                "RUNNER_ORG": runner.organization,
-                "RUNNER_GROUP": runner.runner_group_name,
-            }
-        )
-        return environment
-
     def create(self, runner: Runner):
         if self.instance_config.context:
             self._build(self.instance_config.context, self.instance_config.image)
 
         labels = self._labels(runner)
-        environment = self._environment(runner)
+        environment = self.instance_config.runner_env(runner).dict()
         log.info(f"Creating container for runner {runner.name}, labels: {labels}")
         container: Container = self.client.containers.run(
             self.instance_config.image,

runner_manager/bin/__init__.py

@@ -0,0 +1,3 @@
+from pathlib import Path
+
+startup_sh: Path = Path(__file__).parent / "startup.sh"

runner_manager/bin/startup.sh

@@ -0,0 +1,143 @@
+#!/usr/bin/env bash
+
+RUNNER_NAME=${RUNNER_NAME:-$(hostname)}
+RUNNER_ORG=${RUNNER_ORG:-"org"}
+RUNNER_LABELS=${RUNNER_LABELS:-"runner"}
+RUNNER_TOKEN=${RUNNER_TOKEN:-"token"}
+RUNNER_GROUP=${RUNNER_GROUP:-"default"}
+RUNNER_WORKDIR=${RUNNER_WORKDIR:-"_work"}
+RUNNER_DOWNLOAD_URL=${RUNNER_DOWNLOAD_URL:-"https://github.com/actions/runner/releases/download/v2.308.0/actions-runner-linux-x64-2.308.0.tar.gz"}
+RUNNER_FILE=${RUNNER_FILE:-$(basename "${RUNNER_DOWNLOAD_URL}")}
+LSB_RELEASE_CS=${LSB_RELEASE_CS:-$(lsb_release -cs))}
+
+source /etc/os-release
+LINUX_OS=${ID}
+LINUX_OS_VERSION=$(echo "${VERSION_ID}" | sed -E 's/^([0-9]+)\..*$/\1/')
+DOCKER_SERVICE_START="yes"
+
+SSH_KEYS=${SSH_KEYS:-""}
+
+sudo groupadd -f docker
+sudo useradd -m actions
+sudo usermod -aG docker,root actions
+sudo bash -c "echo 'actions ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers"
+sudo -H -u actions bash -c 'mkdir -p /home/actions/.ssh'
+sudo -H -u actions bash -c 'echo "${SSH_KEYS}" >>  /home/actions/.ssh/authorized_keys'
+
+if [[ ${LINUX_OS} == "ubuntu" ]]; then
+	sudo apt-get -y update
+	sudo DEBIAN_FRONTEND=noninteractive apt-get -y install apt-transport-https \
+		ca-certificates \
+		curl \
+		gnupg \
+		lsb-release
+elif [[ ${LINUX_OS} == "centos" ]] || [[ ${LINUX_OS} == "rocky" ]] || [[ ${LINUX_OS} == "almalinux" ]]; then
+	sudo yum install -y bind-utils yum-utils
+elif [[ ${LINUX_OS} == "rhel" ]]; then
+	sudo bash -c 'cat <<EOF > /etc/systemd/system/redhat_registration.service
+[Unit]
+Description=Redhat registration
+After=network-online.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=true
+TimeoutStartSec=300
+ExecStart=/sbin/subscription-manager register --username={{ redhat_username }} --password={{ redhat_password }} --auto-attach
+TimeoutStopSec=300
+ExecStop=-/sbin/subscription-manager unregister
+
+[Install]
+WantedBy=multi-user.target
+EOF'
+	sudo chmod 600 /etc/systemd/system/redhat_registration.service
+	sudo systemctl daemon-reload
+	sudo systemctl enable redhat_registration.service
+	sudo systemctl start redhat_registration.service
+else
+	echo "OS not managed by the runner-manager"
+	exit 1
+fi
+
+if [[ ! ${RUNNER_LABELS} =~ "no-docker" ]]; then
+
+	if [[ ${LINUX_OS} == "ubuntu" ]]; then
+		sudo apt-get -y update
+		curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /tmp/docker.gpg
+		sudo cat /tmp/docker.gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg || true
+		echo \
+			"deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
+          ${LSB_RELEASE_CS} stable" | sudo tee /etc/apt/sources.list.d/docker.list >/dev/null
+		sudo apt-get update --yes --force-yes
+		sudo apt-get install --yes --force-yes docker-ce docker-ce-cli containerd.io
+	elif [[ ${LINUX_OS} == "centos" ]] || [[ ${LINUX_OS} == "rocky" ]] || [[ ${LINUX_OS} == "almalinux" ]]; then
+		sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+		sudo yum install -y epel-release docker-ce docker-ce-cli containerd.io
+	elif [[ ${LINUX_OS} == "rhel" ]]; then
+		if [[ ${LINUX_OS_VERSION} == "7" ]]; then
+			# Enable repos to install docker
+			sudo mkdir /etc/docker/
+			# TODO: make dns config a setting for the runner
+			sudo bash -c 'cat >  /etc/docker/daemon.json << EOF
+            {
+              "dns": ["10.100.1.1", "10.100.1.2", "10.100.1.3"]
+            }
+            EOF'
+
+			sudo subscription-manager repos --enable=rhel-7-server-extras-rpms --enable=rhel-7-server-optional-rpms
+			sudo yum install -y docker
+		elif [[ ${LINUX_OS_VERSION} == "8" || ${LINUX_OS_VERSION} == "9" ]]; then
+			sudo dnf install -y podman-docker podman
+			DOCKER_SERVICE_START="no"
+		else
+			echo "RHEL version not managed by the runner-manager"
+			exit 1
+		fi
+	fi
+
+	if [[ ${DOCKER_SERVICE_START} == "yes" ]]; then
+		sudo systemctl start docker
+	fi
+fi
+
+# Login as actions user so that all the following commands are executed as actions user
+sudo su - actions
+mkdir -p /home/actions/actions-runner
+cd /home/actions/actions-runner || exit
+# Download the runner package
+curl -L "${RUNNER_DOWNLOAD_URL}" -o "/tmp/${RUNNER_FILE}"
+tar xzf /tmp/"${RUNNER_FILE}"
+# install dependencies
+sudo ./bin/installdependencies.sh
+echo "[Unit]
+Description={{Description}}
+After=network.target
+
+[Service]
+ExecStart=/bin/bash {{RunnerRoot}}/runsvc.sh
+User={{User}}
+WorkingDirectory={{RunnerRoot}}
+KillMode=process
+KillSignal=SIGTERM
+TimeoutStopSec=5min
+
+[Install]
+WantedBy=multi-user.target" >/home/actions/actions-runner/bin/actions.runner.service.template
+
+./config.sh \
+	--url "https://github.com/${RUNNER_ORG}" \
+	--token "${RUNNER_TOKEN}" \
+	--name "${RUNNER_NAME}" \
+	--work "${RUNNER_WORKDIR}" \
+	--labels "${RUNNER_LABELS}" \
+	--runnergroup "${RUNNER_GROUP}" \
+	--replace \
+	--unattended \
+	--ephemeral
+
+if command -v systemctl; then
+	sudo ./svc.sh install
+	sudo ./svc.sh start
+else
+	nohup /home/actions/actions-runner/run.sh 2>/home/actions/actions-runner/logs &
+fi

runner_manager/models/backend.py

@@ -1,9 +1,17 @@
 from enum import Enum
+from pathlib import Path
 from typing import Dict, List, Optional
 
-from google.cloud.compute import AttachedDisk, Instance, NetworkInterface
+from google.cloud.compute import (
+    AttachedDisk,
+    Instance,
+    Items,
+    Metadata,
+    NetworkInterface,
+)
 from pydantic import BaseModel
 
+from runner_manager.bin import startup_sh
 from runner_manager.models.runner import Runner
 
 
@@ -20,9 +28,29 @@ class BackendConfig(BaseModel):
     """Base class for backend configuration."""
 
 
+class RunnerEnv(BaseModel):
+    """Base class for required runner instance environment variables."""
+
+    RUNNER_NAME: Optional[str] = None
+    RUNNER_LABELS: Optional[str] = None
+    RUNNER_TOKEN: Optional[str] = None
+    RUNNER_ORG: Optional[str] = None
+    RUNNER_GROUP: Optional[str] = None
+
+
 class InstanceConfig(BaseModel):
     """Base class for backend instance configuration."""
 
+    def runner_env(self, runner: Runner) -> RunnerEnv:
+
+        return RunnerEnv(
+            RUNNER_NAME=runner.name,
+            RUNNER_LABELS=", ".join([label.name for label in runner.labels]),
+            RUNNER_TOKEN=runner.token,
+            RUNNER_ORG=runner.organization,
+            RUNNER_GROUP=runner.runner_group_name,
+        )
+
 
 class DockerInstanceConfig(InstanceConfig):
     """Configuration for Docker backend instance."""
@@ -35,13 +63,6 @@ class DockerInstanceConfig(InstanceConfig):
     detach: bool = True
     remove: bool = False
     labels: Dict[str, str] = {}
-    environment: Dict[str, str | None] = {
-        "RUNNER_NAME": None,
-        "RUNNER_LABELS": None,
-        "RUNNER_TOKEN": None,
-        "RUNNER_ORG": None,
-        "RUNNER_GROUP": "default",
-    }
 
 
 class DockerConfig(BackendConfig):
@@ -63,6 +84,7 @@ class GCPInstanceConfig(InstanceConfig):
     image_family: str = "ubuntu-2004-lts"
     image_project: str = "ubuntu-os-cloud"
     machine_type: str = "e2-small"
+    startup_script: str = startup_sh.as_posix()
     network: str = "global/networks/default"
     labels: Optional[Dict[str, str]] = {}
     image: Optional[str] = None
@@ -73,12 +95,24 @@ class GCPInstanceConfig(InstanceConfig):
     class Config:
         arbitrary_types_allowed = True
 
+    def runner_env(self, runner: Runner) -> List[Items]:
+        items: List[Items] = []
+        env: RunnerEnv = super().runner_env(runner)
+        for key, value in env.dict().items():
+            items.append(Items(key=key, value=value))
+        # Adding startup script to install and configure runner
+        startup_script = Path(self.startup_script).read_text()
+        items.append(Items(key="startup-script", value=startup_script))
+        return items
+
     def configure_instance(self, runner: Runner) -> Instance:
         """Configure instance."""
+        items: List[Items] = self.runner_env(runner)
         return Instance(
             name=runner.name,
             disks=self.disks,
             machine_type=self.machine_type,
             network_interfaces=self.network_interfaces,
             labels=self.labels,
+            metadata=Metadata(items=items),
         )

tests/unit/backend/test_gcp.py

@@ -1,10 +1,12 @@
 import os
 from typing import List
 
+from google.cloud.compute import Items
 from pytest import fixture, mark, raises
 from redis_om import NotFoundError
 
 from runner_manager.backend.gcloud import GCPBackend
+from runner_manager.bin import startup_sh
 from runner_manager.models.backend import Backends, GCPConfig, GCPInstanceConfig
 from runner_manager.models.runner import Runner
 from runner_manager.models.runner_group import RunnerGroup
@@ -43,6 +45,17 @@ def gcp_runner(runner: Runner, gcp_group: RunnerGroup) -> Runner:
     return runner
 
 
+def test_gcp_instance(runner: Runner):
+    instance: GCPInstanceConfig = GCPInstanceConfig()
+    items: List[Items] = instance.runner_env(runner)
+    startup: bool = False
+    for item in items:
+        if item.key == "startup-script":
+            startup = True
+            assert item.value == startup_sh.read_text()
+    assert startup is True
+
+
 @mark.skipif(
     not os.getenv("GOOGLE_APPLICATION_CREDENTIALS"), reason="GCP credentials not found"
 )

tests/unit/conftest.py

@@ -10,6 +10,7 @@
 
 from runner_manager import Runner, RunnerGroup
 from runner_manager.clients.github import GitHub
+from runner_manager.models.runner import RunnerLabel
 
 hypothesis_settings.register_profile(
     "unit",
@@ -49,7 +50,7 @@ def runner(settings) -> Runner:
         runner_group_id=1,
         status="online",
         busy=False,
-        labels=[],
+        labels=[RunnerLabel(name="label")],
         manager=settings.name,
     )
     assert runner.Meta.global_key_prefix == settings.name