Fix #1: Update documentation after terraform MR 1 changes

terraform project now use destruct provisioner to unregister gitlab
runner too.
terraform!1

.gitignore

@@ -3,3 +3,5 @@
 /.terraform/
 /terraform.tfstate
 /terraform.tfstate.backup
+/id_rsa
+/id_rsa.pub

CHANGES.md

+# 2023-02-13
+
+- !2 Update documentation after terraform MR 1 changes:
+  terraform project now use destruct provisioner to unregister gitlab runner
+  too.
+  https://gitlab.inria.fr/gitlabci_gallery/orchestration/terraform/-/merge_requests/1

README.md

@@ -22,26 +22,9 @@ resources, but only when they are needed.
 
 ## Prerequisites
 
-In addition to the prerequisites listed for the
+This project has the same prerequisites as those listed for the
 [terraform](https://gitlab.inria.fr/gitlabci_gallery/orchestration/terraform)
-project, this project needs a pair of passphrase-less SSH private/public keys
-for the GitLab shared runner to be able to connect to the deployed
-runners to unregister them from GitLab before deletion.
-
-- You can use the following command to create a pair of SSH private/public keys
-  without passphrase in the current directory (files `id_rsa` and `id_rsa.pub`):
-  `ssh-keygen -b 4096 -f id_rsa -N ""`.
-
-- The contents of the private key file `id_rsa` should be added as a variable
-  `SSH_PRIVATE_KEY` of type **File**  in CI/CD settings.
-  See the
-  [intro](https://gitlab.inria.fr/gitlabci_gallery/intro#cicd-variables)
-  project for details on how to set a CI/CD variable.
-
-- The public key file `id_rsa.pub` should be registered on ci.inria.fr portal
-  to allow the dedicated user to connect to the hosted virtual machines
-  ([portal documentation](https://ci.inria.fr/doc/page/slaves_access_tutorial/#register-your-ssh-public-key)).
-  for details on how to register a public key on the portal.
+project.
 
 ## The Terraform configuration file [`main.tf`](main.tf)
 
@@ -50,21 +33,12 @@ configuration file described for the
 [`terraform](https://gitlab.inria.fr/gitlabci_gallery/orchestration/terraform#the-terraform-configuration-file-maintf)
 project.
 
-There is two additional variables: `SSH_PUBLIC_KEY`, of type `string`,
-and `runner_count`, of type `number` .
+There is one additional variable: `runner_count`, of type `number` .
 ```terraform
-variable "SSH_PUBLIC_KEY" {
-  type = string
-}
-
 variable "runner_count" {
   type = number
 }
 ```
-The value of the `SSH_PUBLIC_KEY` variable will be stored in the file
-`~/.ssh/authorized_keys` in virtual machines, so that Terraform can
-connect to the virtual machines with the private key to unregister the
-runners before destroying the machines.
 
 The variable `runner_count` has two purposes:
 - It allows to deploy a virtual machine conditionally.
@@ -85,7 +59,7 @@ resource "cloudstack_instance" "runner" {
   count            = var.runner_count
   name             = "gitlabcigallery-terraform-runner-${count.index}"
   service_offering = "Custom"
-  template         = "ubuntu-20.04-cloudinit"
+  template         = "ubuntu-20.04-lts"
   zone             = "zone-ci"
   details = {
     cpuNumber = 1
@@ -122,20 +96,7 @@ We then use the index of the virtual machine available through `count.index`
 so that each virtual machine is named uniquely, and we pass the `index`
 to the template file so that each runner can be registered with a different
 tag `runner-${index}` by the script
-[`cloudinit.sh.tftpl`](cloudinit.sh.tftpl).
-We pass also the `SSH_PUBLIC_KEY` to the template file to have its
-value written in the `~/.ssh/authorized_keys` file.
-We configure the connection via ssh to the runner: `gter001` is the
-login of the dedicated user on ci.inria.fr, and we will make sure
-in the next section that the private key is written in the file
-`id_rsa`.
-We cannot use a variable for passing the path to this file,
-since the connection is used by a destroy provisioner, that
-cannot refer to variables.
-This destroy provisioner executes `gitlab-runner unregister`
-before the destruction of the virtual machine; failures are ignored
-in case of the `gitlab-runner` command was not yet installed
-when destroying occurs.
+[`cloud-init.sh.tftpl`](cloud-init.sh.tftpl).
 
 ## The pipeline specification file [`.gitlab-ci.yml`](.gitlab-ci.yml)
 

cloud-init.sh.tftpl

 #!/bin/sh
-(
+# Standard output and errors are redirected to /root/log.txt to ease
+# debugging.
+>>/root/log.txt 2>&1 (
+  # To be able to run `sudo gitlab-runner unregister --all-runners` on
+  # VM destruction.
   echo 'ci ALL=(ALL) NOPASSWD:ALL' >/etc/sudoers.d/90-ci
-  mkdir -p -m 700 $HOME/.ssh
+  mkdir -p -m 700 ~/.ssh
   echo ${SSH_PUBLIC_KEY} >>~ci/.ssh/authorized_keys
+  # GitLab needs a recent version of `gitlab-runner` to be compatible with
+  # the instance running on gitlab.inria.fr. The version packaged by default
+  # on Ubuntu is regularly out of date.
   curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh" | sudo bash
-  apt-get update
+  # apt-get update performed by the script above
+  # We install docker.io to be able to register a docker executor
   apt-get install --yes gitlab-runner docker.io
-  gitlab-runner register --non-interactive --tag-list terraform,runner-${index},docker --executor docker --docker-image alpine --url https://gitlab.inria.fr --registration-token ${REGISTRATION_TOKEN}
-) >/root/log.txt 2>&1
+  gitlab-runner register --non-interactive --tag-list terraform,docker \
+    --executor docker --docker-image alpine --url https://gitlab.inria.fr \
+    --registration-token ${REGISTRATION_TOKEN}
+)

main.tf

@@ -32,7 +32,7 @@ resource "cloudstack_instance" "runner" {
   count            = var.runner_count
   name             = "gitlabcigallery-terraform-runner-${count.index}"
   service_offering = "Custom"
-  template         = "ubuntu-20.04-cloudinit"
+  template         = "ubuntu-20.04-lts"
   zone             = "zone-ci"
   details = {
     cpuNumber = 1