GitLab CI back

Andrew Bartlett abartlet at samba.org
Thu Feb 20 02:21:44 UTC 2020


On Fri, 2020-02-14 at 18:01 +1300, Andrew Bartlett via samba-technical
wrote:
> G'Day,
> 
> A big thank you to everyone for their patience, the GitLab CI private
> runners are back now.
> 
> There are still things I would like to do:
>  - ensure the alternate configuration for really old Samba versions
> still works (I think that image ID also changed)
>  - decouple the system from the catalyst_samba key and use an
> ephemeral
> key instead
>  - provide a top-to-bottom script that pulls a docker image, installs
> the required software and runs ansible that only needs the
> credentials
> as input

I've done these last two steps.  I don't have time to sort out the old
image id for Ubuntu 14.04, but I'll carve out some time for that in the
near future.

This means anyone with Rackspace access and who knows the ansible vault
password can rebuild the runners with just one command.

Ideas on where to put the 'ansible vault' password most welcome.  The
valut contains the runner tokens, which in turn protects the GitLab
server from a rouge client offering to be a runner (runners are passed
sensitive credentials). 

I would very much appreciate another Samba Team member putting their
hand up for access and giving this a go, so we know others can rebuild
this also.

Andrew Bartlett
-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
https://catalyst.net.nz/services/samba









More information about the samba-technical mailing list