Add support for Vagrant LXC provider

Author: drybjed

CHANGES.rst

@@ -16,6 +16,12 @@ The current role maintainer_ is drybjed.
 
 .. _debops.gitlab_runner master: https://github.com/debops/ansible-gitlab_runner/compare/v0.2.0...master
 
+Added
+~~~~~
+
+- Add support for `Vagrant LXC <https://github.com/fgrehm/vagrant-lxc>`_
+  provider when LXC is configured on a compatible host. [drybjed_]
+
 Changed
 ~~~~~~~
 

defaults/main.yml

@@ -34,7 +34,9 @@ gitlab_runner__apt_repo: 'deb https://packages.gitlab.com/runner/gitlab-ci-multi
 # .. envvar:: gitlab_runner__base_packages [[[
 #
 # List of APT packages which will be installed by the role.
-gitlab_runner__base_packages: [ 'gitlab-ci-multi-runner' ]
+gitlab_runner__base_packages:
+  - 'gitlab-ci-multi-runner'
+  - '{{ "vagrant-lxc" if gitlab_runner__vagrant_lxc|bool else [] }}'
 
                                                                    # ]]]
 # .. envvar:: gitlab_runner__packages [[[
@@ -304,6 +306,26 @@ gitlab_runner__group_custom_files: []
 gitlab_runner__host_custom_files: []
                                                                    # ]]]
                                                                    # ]]]
+# Shell executor configuration [[[
+# --------------------------------
+
+# These variables control what features are configured on the GitLab Runner
+# host to use by the shell executor.
+
+# .. envvar:: gitlab_runner__vagrant_lxc [[[
+#
+# Enable or disable support for Vagrant LXC plugin (configuration of this
+# support also implies installation of :command:`vagrant` on the GitLab Runner
+# host). Enabling Vagrant LXC will give limited :command:`sudo` access for the
+# GitLab Runner UNIX account to allow access to LXC commands.
+gitlab_runner__vagrant_lxc: '{{ True
+                                if (ansible_local|d() and ansible_local.lxc|d() and
+                                    (ansible_local.lxc.installed|d())|bool and
+                                    (ansible_distribution_release not in
+                                     [ "wheezy", "jessie", "precise", "trusty" ]))
+                                else False }}'
+                                                                   # ]]]
+                                                                   # ]]]
 # SSH key and host management [[[
 # -------------------------------
 

docs/getting-started.rst

@@ -45,6 +45,12 @@ executors - one unprivileged, and one privileged. The executors will have a set
 of tags that identify them, shell executors will have additional tags that
 describe the host's architecture, OS release, etc.
 
+If the ``debops.lxc`` role has been used to configure LXC support on a Debian
+Stretch or Ubuntu Xenial host, the ``debops.gitlab_runner`` will install the
+``vagrant-lxc`` package and configure :command:`sudo` support for it. Using
+a shell executor you cn start and stop Vagrant Boxes using LXC containers and
+execute commands inside them.
+
 The Runner instances can be configured with variables specified as the keys of
 the dictionary that holds the specific Runner configuration. If any required
 keys are not specified, the value of the global variable will be used instead.

tasks/main.yml

@@ -188,6 +188,15 @@
   when: gitlab_runner__ssh_known_hosts and item is defined and item.rc > 0
   failed_when: False
 
+- name: Configure Vagrant LXC sudo access
+  template:
+    src: 'etc/sudoers.d/gitlab-runner-vagrant-lxc.j2'
+    dest: '/etc/sudoers.d/gitlab-runner-vagrant-lxc'
+    owner: 'root'
+    group: 'root'
+    mode: '0440'
+  when: gitlab_runner__vagrant_lxc|bool
+
 - name: Make sure that Ansible fact directory exists
   file:
     path: '/etc/ansible/facts.d'

templates/etc/sudoers.d/gitlab-runner-vagrant-lxc.j2

@@ -0,0 +1,25 @@
+# {{ ansible_managed }}
+
+# lxc
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env lxc-ls
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env lxc-info *
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env lxc-config *
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env lxc-attach *
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env which lxc-*
+
+# vagrant-lxc (startup)
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env cat /var/lib/lxc/*/config
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env lxc-start -d --name *
+
+# vagrant-lxc (create)
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env lxc-create --version
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env lxc-create -B * --template * --name * -- --tarball {{ gitlab_runner__home }}/.vagrant.d/boxes/* --config {{ gitlab_runner__home }}/.vagrant.d/boxes/*
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env tar --numeric-owner -cvzf /tmp/*/rootfs.tar.gz -C /var/lib/lxc/* ./rootfs
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env cp -f /tmp/lxc-config* /var/lib/lxc/*/config
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env chown root\:root /var/lib/lxc/*/config
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env chown *\:* /tmp/*/rootfs.tar.gz
+
+# vagrant-lxc (shutdown & destroy)
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env lxc-shutdown --name *
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env lxc-stop --name *
+{{ gitlab_runner__user }}   ALL=(root) NOPASSWD: /usr/bin/env lxc-destroy --name *

templates/lookup/gitlab_runner__shell_tags.j2

@@ -9,6 +9,13 @@
        (ansible_local.docker.installed|d()) | bool) %}
 {%   set _ = output.append('docker-host') %}
 {% endif %}
+{% if (ansible_local|d() and ansible_local.lxc|d() and
+       (ansible_local.lxc.installed|d()) | bool) %}
+{%   set _ = output.append('lxc-host') %}
+{% endif %}
+{% if gitlab_runner__vagrant_lxc|bool %}
+{%   set _ = output.append('vagrant-lxc') %}
+{% endif %}
 {% set _ = output.append((ansible_local.core.distribution
                           if (ansible_local|d() and ansible_local.core|d() and
                               ansible_local.core.distribution|d())