Commit 553a9ae5 authored by Ansgar Burchardt's avatar Ansgar Burchardt

move update commands into a seperate script

This makes it easier to run them from time to time.
parent 451bcf2a
......@@ -64,26 +64,7 @@ Updating gitlab-runner
To update `gitlab-runner` on the VM:
```shell
docker pull gitlab/gitlab-runner:latest
docker stop gitlab-runner
docker rm -v gitlab-runner
docker run -d --name gitlab-runner --restart always \
--stop-signal SIGQUIT \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /srv/gitlab-runner/config:/etc/gitlab-runner \
gitlab/gitlab-runner:latest
```
or, if a HTTP proxy is required,
```shell
docker run -d --name gitlab-runner --restart always \
--stop-signal SIGQUIT \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /srv/gitlab-runner/config:/etc/gitlab-runner \
-e ftp_proxy=${ftp_proxy} -e FTP_PROXY=${FTP_PROXY} \
-e http_proxy=${http_proxy} -e HTTP_PROXY=${HTTP_PROXY} \
-e https_proxy=${https_proxy} -e HTTPS_PROXY=${HTTPS_PROXY} \
-e no_proxy=${no_proxy} -e NO_PROXY=${NO_PROXY} \
gitlab/gitlab-runner:latest
./bin/duneci-runner
```
The current version can be shown by running
......@@ -146,21 +127,10 @@ Please also keep the [security considerations](https://docs.gitlab.com/runner/se
Proxy setup
-----------
Setup network (once):
```shell
docker network create --internal --driver=bridge gitlab-ci-dune
```
Update and start proxy:
Initial setup and updates:
```shell
docker stop dune-proxy
docker rm -v dune-proxy
docker create --name dune-proxy \
--restart always --read-only --security-opt no-new-privileges \
-v /srv/dune-proxy:/srv/squid:ro \
duneci/proxy
docker network connect gitlab-ci-dune dune-proxy
docker start dune-proxy
./bin/duneci-proxy gitlab-ci-dune dune-proxy
./bin/duneci-proxy gitlab-ci-fu fu-proxy
```
In gitlab-runner's `config.toml`:
......@@ -176,3 +146,5 @@ This sets up a container `dune-proxy` which is part of two networks
configured to filter requests. The actual builds are only in the
`gitlab-ci-dune` network and can only access the internet via the
filtering proxy.
See the script [duneci-proxy](bin/duneci-proxy) for details.
#! /bin/bash
set -e
set -u
usage() {
cat >&2 <<-EOT
usage: duneci-proxy <network> <name>
Setup an internal network <network> (if it does not already exist) and a
proxy running in container <name> using /srv/<name>/squid.conf.
If <name> already exists, it is stopped and recreated (for updates).
EOT
exit ${1:-0}
}
if [ $# -ne 2 ]; then
usage
fi
network=${1}
name=${2}
configdir=/srv/${name}
configfile=${configdir}/squid.conf
if [ ! -e ${configfile} ]; then
echo "E: ${configfile} does not exist" >&2
exit 1
fi
if [ -z "$(docker network ls -f name=${network})" ]; then
docker network create --internal --driver=bridge ${network}
fi
# Ignore error on stop, it might not run (yet)
docker stop ${name} || :
docker rm -v ${name} || :
docker create --name ${name} \
--restart always --read-only --security-opt no-new-privileges \
-v /srv/${name}:/srv/squid:ro \
duneci/proxy
docket network connect ${network} ${name}
docker start ${name}
#! /bin/bash
set -e
set -u
options=(
-d --name gitlab-runner --restart always
--stop-signal SIGQUIT
-v /var/run/docker.sock:/var/run/docker.sock
-v /srv/gitlab-runner/config:/etc/gitlab-runner
)
for v in ftp_proxy http_proxy https_proxy no_proxy; do
if [ -v ${v} ]; then
options+=(-e ${v}="${!v}")
fi
done
docker pull gitlab/gitlab-runner:latest
# Ignore errors when stopping, the container might not run (yet)
docker stop gitlab-runner || :
docker rm -v gitlab-runner || :
docker run "${options[@]}" gitlab/gitlab-runner:latest
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment