Skip to content

Installation and troubleshooting of the ansible-role-gitlabci-runner Ansible role

Hi there @duck-rh and all,

Great to find these repositories - I am well aware of the Ansible Galaxy community collections, but never heard of the OSCI initiative yet.

I've tried to install the role on a Debian Bookworm machine with the following results.

Here is so far my "role end user" report; upon further findings if any, I will share an update.

Side question: do I need the privileged mode for Podman to run Ansible Molecule Tests in GitLab CI/CD? From the README in this project it sounds so; however, from reading around I get the impression you could do rootless, but there are no details.

Summary

  • Role namespacing is not clearly handable (path fix workaround needeed)
  • Ansible-Doc did not produce output neither error
  • Installation fails on the podman cleanup step

Findings

Installation

ansible-galaxy collection install community.general

ansible-galaxy install git+https://gitlab.com/osci/ansible-role-podman_setup.git,main
ansible-galaxy install git+https://gitlab.com/osci/ansible-role-gitlabci-runner.git,main

yq playbook.yml
ansible-lint playbook.yml

sudo su
ansible-playbook playbook.yml

Quirks with the role namespacing

Your repos' names are "ansible-role-*", but in the code there is a dependency to "podman_setup". I needed to change the folder path of the podman_setup role under /root/.ansible/roles:

mv /root/.ansible/roles/podman_setup/ansible-role-podman_setup/* /root/.ansible/roles/podman_setup/
(next time I'll do ln -s)

Errors

  • Finally, the following error I currently end up with I don't know yet how to address:

TASK [podman_setup : Enable Podman images update and cleanup tasks for container user #0 'gitlab-runner'] *********************************************
task path: /root/.ansible/roles/podman_setup/tasks/main.yml:64
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: root
<127.0.0.1> EXEC /bin/sh -c 'echo ~root && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp `"&& mkdir "` echo /var/tmp/ansible-tmp-1734461644.0090992-184726-15417856256023 `" && echo ansible-tmp-1734461644.0090992-184726-15417856256023="` echo /var/tmp/ansible-tmp-1734461644.0090992-184726-15417856256023 `" ) && sleep 0'
Using module file /opt/pipx/venvs/ansible/lib/python3.11/site-packages/ansible/modules/systemd.py
<127.0.0.1> PUT /root/.ansible/tmp/ansible-local-183627puefv0zh/tmpvtigcmq3 TO /var/tmp/ansible-tmp-1734461644.0090992-184726-15417856256023/AnsiballZ_systemd.py
<127.0.0.1> EXEC /bin/sh -c 'setfacl -m u:gitlab-runner:r-x /var/tmp/ansible-tmp-1734461644.0090992-184726-15417856256023/ /var/tmp/ansible-tmp-1734461644.0090992-184726-15417856256023/AnsiballZ_systemd.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /var/tmp/ansible-tmp-1734461644.0090992-184726-15417856256023/ /var/tmp/ansible-tmp-1734461644.0090992-184726-15417856256023/AnsiballZ_systemd.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'chown gitlab-runner /var/tmp/ansible-tmp-1734461644.0090992-184726-15417856256023/ /var/tmp/ansible-tmp-1734461644.0090992-184726-15417856256023/AnsiballZ_systemd.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'machinectl -q shell  gitlab-runner@ /bin/sh -c '"'"'echo BECOME-SUCCESS-gpwsamrvjkrteiuqyiexdswomgiwlbvr ; /opt/pipx/venvs/ansible/bin/python /var/tmp/ansible-tmp-1734461644.0090992-184726-15417856256023/AnsiballZ_systemd.py'"'"' && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1734461644.0090992-184726-15417856256023/ > /dev/null 2>&1 && sleep 0'
failed: [localhost] (item=podman-auto-update) => {
    "ansible_loop_var": "item",
    "changed": false,
    "item": "podman-auto-update",
    "module_stderr": "",
    "module_stdout": "\n",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 0
}
<127.0.0.1> EXEC /bin/sh -c 'echo ~root && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp `"&& mkdir "` echo /var/tmp/ansible-tmp-1734461644.065485-184726-8490781016951 `" && echo ansible-tmp-1734461644.065485-184726-8490781016951="` echo /var/tmp/ansible-tmp-1734461644.065485-184726-8490781016951 `" ) && sleep 0'
Using module file /opt/pipx/venvs/ansible/lib/python3.11/site-packages/ansible/modules/systemd.py
<127.0.0.1> PUT /root/.ansible/tmp/ansible-local-183627puefv0zh/tmpm5ylz9te TO /var/tmp/ansible-tmp-1734461644.065485-184726-8490781016951/AnsiballZ_systemd.py
<127.0.0.1> EXEC /bin/sh -c 'setfacl -m u:gitlab-runner:r-x /var/tmp/ansible-tmp-1734461644.065485-184726-8490781016951/ /var/tmp/ansible-tmp-1734461644.065485-184726-8490781016951/AnsiballZ_systemd.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /var/tmp/ansible-tmp-1734461644.065485-184726-8490781016951/ /var/tmp/ansible-tmp-1734461644.065485-184726-8490781016951/AnsiballZ_systemd.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'chown gitlab-runner /var/tmp/ansible-tmp-1734461644.065485-184726-8490781016951/ /var/tmp/ansible-tmp-1734461644.065485-184726-8490781016951/AnsiballZ_systemd.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'machinectl -q shell  gitlab-runner@ /bin/sh -c '"'"'echo BECOME-SUCCESS-xkmkyxmgpkzpiwxskrikjvdxxhbuvgme ; /opt/pipx/venvs/ansible/bin/python /var/tmp/ansible-tmp-1734461644.065485-184726-8490781016951/AnsiballZ_systemd.py'"'"' && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1734461644.065485-184726-8490781016951/ > /dev/null 2>&1 && sleep 0'
failed: [localhost] (item=podman-cleanup) => {
    "ansible_loop_var": "item",
    "changed": false,
    "item": "podman-cleanup",
    "module_stderr": "",
    "module_stdout": "\n",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 0
}

Environment

Playbook

I used just a simple playbook to install the role locally:

---
- hosts: localhost
  name: podman
  vars_files:
    - vars.yml
  roles:
    - ansible-role-gitlabci-runner

Versions

  • Python 3.11.2
  • Ansible core 2.15.6
  • Podman installation version from the role: 4.3.1
  • Linux kernel: 6.1.0-28-amd64

Further observations

I've noticed that I was able to execute all but one tasks if setting vars in role's defaults/main.yml for podman_user and podman_user_home, but was not able to define them in the playbook's vars.

Anyway, the last task in podman_setup would still fail:

- name: "Enable Podman images update and cleanup tasks for container user #{{ podman_id }} '{{ podman_user }}'"
  ansible.builtin.systemd:
    scope: user
    name: "{{ item }}.timer"
    enabled: yes
    state: started
  loop:
    - podman-auto-update
    - podman-cleanup
  become: True
  become_user: "{{ podman_user }}"
  become_method: community.general.machinectl
Edited by Tamara