doc/tutorials/automate_runner_creation/_index.md
This tutorial describes how to automate runner creation and registration.
To automate runner creation and registration:
[!note] The instructions in this tutorial describe runner creation and registration with runner authentication tokens, which have replaced the deprecated registration method that uses registration tokens. For more information, see The new runner registration workflow.
Create an access token so that you can use the REST API to create runners.
You can create:
The access token is only visible once in the GitLab UI. After you leave the page, you no longer have access to the token. You should use a secrets management solution to store the token, like HashiCorp Vault or the Keeper Secrets Manager Terraform plugin.
{{< history >}}
buffered_token_expiration_limit. Disabled by default.{{< /history >}}
[!flag] The availability of the extended maximum allowable lifetime limit is controlled by a feature flag. For more information, see the history.
{{< history >}}
buffered_token_expiration_limit. Disabled by default.{{< /history >}}
[!flag] The availability of the extended maximum allowable lifetime limit is controlled by a feature flag. For more information, see the history.
A project access token gives access to just one project, while a group access token gives access to all projects in the group.
[!warning] Project access tokens are treated as internal users. If an internal user creates a project access token, that token is able to access all projects that have visibility level set to Internal.
To create a project access token:
A runner configuration is where you configure runners to your requirements.
After you create a runner configuration, you receive a runner authentication
to register the runner. One or many runners can be linked to the
same configuration when these runners are registered with the same runner authentication
token. The runner configuration is stored in the config.toml file.
To create a runner configuration, you can use:
gitlab_user_runner Terraform resource.Before you begin, you need:
gitlab.example.com/yourname/yourproject, your GitLab instance URL is
https://gitlab.example.com.Use the access token in the POST /user/runners
REST endpoint to create a runner:
Use curl to invoke the endpoint to create a runner:
{{< tabs >}}
{{< tab title="Project" >}}
curl --silent --request POST --url "https://gitlab.example.com/api/v4/user/runners"
--data "runner_type=project_type"
--data "project_id=<project_id>"
--data "description=<your_runner_description>"
--data "tag_list=<your_comma_separated_job_tags>"
--header "PRIVATE-TOKEN: <project_access_token>"
{{< /tab >}}
{{< tab title="Group" >}}
curl --silent --request POST --url "https://gitlab.example.com/api/v4/user/runners"
--data "runner_type=group_type"
--data "group_id=<group_id>"
--data "description=<your_runner_description>"
--data "tag_list=<your_comma_separated_job_tags>"
--header "PRIVATE-TOKEN: <group_access_token>"
{{< /tab >}}
{{< tab title="Shared" >}}
curl --silent --request POST --url "https://gitlab.example.com/api/v4/user/runners"
--data "runner_type=instance_type"
--data "description=<your_runner_description>"
--data "tag_list=<your_comma_separated_job_tags>"
--header "PRIVATE-TOKEN: <personal_access_token>"
{{< /tab >}}
{{< /tabs >}}
Save the returned token value in a secure location or your secrets management
solution. The token value is returned only once in the API response.
gitlab_user_runner Terraform resourceTo create the runner configuration with Terraform, use the
gitlab_user_runner Terraform resource
from the GitLab Terraform provider.
Here's an example configuration block:
resource "gitlab_user_runner" "example_runner" {
runner_type = "instance_type"
description = "my-runner"
tag_list = ["shell", "docker"]
}
If you host the runner on a virtual machine instance in a public cloud, you can automate runner installation and registration.
After you create a runner and its configuration, you can use the same runner
authentication token to register multiple runners with the same configuration.
For example, you can deploy multiple instance runners with the same executor type
and job tags to the target compute host. Each runner registered with the same runner
authentication token has a unique system_id, which GitLab Runner
generates randomly and stores in your local file system.
Here's an example of an automation workflow you can use to register and deploy your runners to Google Compute Engine:
Use Terraform infrastructure as code to install the runner application to a virtual machine hosted on Google Cloud Platform (GCP).
In the GCP Terraform provider,
use the metadata key to add the runner authentication token to the runner
configuration file on the GCP virtual machine.
To register the runner with the target GitLab instance, use a cloud-init script
populated from the GCP Terraform provider. Here's an example:
#!/bin/bash
apt update
curl --location "https://packages.gitlab.com/install/repositories/runner/
gitlab-runner/script.deb.sh" | bash
GL_NAME=$(curl 169.254.169.254/computeMetadata/v1/instance/name
--header "Metadata-Flavor:Google")
GL_EXECUTOR=$(curl 169.254.169.254/computeMetadata/v1/instance/attributes/
gl_executor --header "Metadata-Flavor:Google")
apt update
apt install -y gitlab-runner
gitlab-runner register --non-interactive --name="$GL_NAME" --url="https://gitlab.com"
--token="$RUNNER_TOKEN" --request-concurrency="12" --executor="$GL_EXECUTOR"
--docker-image="alpine:latest"
systemctl restart gitlab-runner
Now that you've automated your runner creation and registration, you can view the runners that use the same configuration in the GitLab UI.