Add gitlab-runner-docker-mtls/register-runner.sh

2025-08-09 18:22:11 +08:00 · 2025-08-09 18:22:11 +08:00 · e52ad4491f
commit e52ad4491f
parent 19a4815b6a
1 changed files with 87 additions and 0 deletions
--- a/gitlab-runner-docker-mtls/register-runner.sh
+++ b/gitlab-runner-docker-mtls/register-runner.sh
@ -0,0 +1,87 @@
+#!/bin/sh
+
+CONFIG_FILE="/etc/gitlab-runner/config.toml"
+
+# Проверка обязательных переменных
+if [ -z "$CI_SERVER_URL" ] || [ -z "$REGISTRATION_TOKEN" ]; then
+  echo "ERROR: CI_SERVER_URL and REGISTRATION_TOKEN must be set"
+  exit 1
+fi
+
+# Параметры со значениями по умолчанию
+EXECUTOR=${EXECUTOR:-"docker"}
+DESCRIPTION=${DESCRIPTION:-"GitLab Runner with mTLS"}
+DOCKER_IMAGE=${DOCKER_IMAGE:-"docker:27.3.1"}
+CONCURRENT=${CONCURRENT:-"10"}
+DISABLE_CACHE=${DISABLE_CACHE:-"false"}
+
+# mTLS параметры
+DOCKER_HOST=${DOCKER_HOST:-""}
+DOCKER_TLS_VERIFY=${DOCKER_TLS_VERIFY:-"true"}
+CERT_PATH=${CERT_PATH:-"/certs"}
+
+# Проверка mTLS
+if [ "$DOCKER_TLS_VERIFY" = "true" ] && [ -z "$DOCKER_HOST" ]; then
+  echo "ERROR: DOCKER_HOST is required when DOCKER_TLS_VERIFY=true"
+  exit 1
+fi
+
+# Регистрация, если config.toml ещё не существует
+if [ ! -f "$CONFIG_FILE" ]; then
+  echo "Registering GitLab Runner with mTLS-enabled Docker executor..."
+
+  # Подготавливаем флаги
+  TLS_FLAG=""
+  if [ "$DOCKER_TLS_VERIFY" = "true" ]; then
+    TLS_FLAG="--docker-tlsverify"
+  fi
+
+  CACHE_FLAG=""
+  if [ "$DISABLE_CACHE" = "true" ]; then
+    CACHE_FLAG="--docker-disable-cache"
+  fi
+
+# Проверка наличия обязательных сертификатов
+if [ "$DOCKER_TLS_VERIFY" = "true" ]; then
+  if [ ! -f "$CERT_PATH/ca.pem" ]; then
+    echo "ERROR: ca.pem not found in $CERT_PATH"
+    exit 1
+  fi
+  if [ ! -f "$CERT_PATH/cert.pem" ]; then
+    echo "ERROR: cert.pem not found in $CERT_PATH"
+    exit 1
+  fi
+  if [ ! -f "$CERT_PATH/key.pem" ]; then
+    echo "ERROR: key.pem not found in $CERT_PATH"
+    exit 1
+  fi
+fi
+
+
+  # Основная команда регистрации
+  gitlab-runner register \
+    --non-interactive \
+    --url "$CI_SERVER_URL" \
+    --token "$REGISTRATION_TOKEN" \
+    --executor "$EXECUTOR" \
+    --description "$DESCRIPTION" \
+    --docker-image "$DOCKER_IMAGE" \
+    --docker-host "$DOCKER_HOST" \
+    $TLS_FLAG \
+    --docker-cert-path "$CERT_PATH" \
+    $CACHE_FLAG
+
+  # Устанавливаем concurrent
+  if grep -q "^concurrent = " "$CONFIG_FILE"; then
+    sed -i "s/^concurrent = .*/concurrent = $CONCURRENT/" "$CONFIG_FILE"
+  else
+    sed -i "1iconcurrent = $CONCURRENT" "$CONFIG_FILE"
+  fi
+
+else
+  echo "GitLab Runner is already registered. Skipping registration."
+fi
+
+# Запускаем runner
+echo "Starting GitLab Runner..."
+exec gitlab-runner run