tschoonj · August 30, 2020 15:55
diff --git a/daemon.json b/daemon.json
 {
    "storage-opts": [
    	"size=50GB"
    ],
    "data-root": "D:\\DockerCache"
 }
diff --git a/Dockerfile.miniconda b/Dockerfile.miniconda
 # escape=`

 FROM buildtools2019:latest

 # Restore the default Windows shell for correct batch processing.
 SHELL ["cmd", "/S", "/C"]

 # Download the Miniconda installer
 ADD https://repo.anaconda.com/miniconda/Miniconda3-latest-Windows-x86_64.exe C:\TEMP\miniconda.exe

 # Run the installer
 RUN C:\TEMP\miniconda.exe /InstallationType=AllUsers `
    /AddToPath=1 `
    /RegisterPython=1 `
    /S `
    /D=C:\Miniconda

 RUN conda update --all -y
 RUN conda install -y conda-build

 ENTRYPOINT ["C:\\BuildTools\\VC\\Auxiliary\\Build\\vcvars64.bat", "&&", "powershell.exe", "-NoLogo", "-ExecutionPolicy", "Bypass"]
diff --git a/Dockerfile.miniforge b/Dockerfile.miniforge
 # escape=`

 FROM buildtools2019:latest

 # Restore the default Windows shell for correct batch processing.
 SHELL ["cmd", "/S", "/C"]

 # Download the Miniconda installer
 ADD https://repo.anaconda.com/miniconda/Miniconda3-latest-Windows-x86_64.exe C:\TEMP\miniconda.exe

 # Run the installer
 RUN C:\TEMP\miniconda.exe /InstallationType=AllUsers `
    /AddToPath=1 `
    /RegisterPython=1 `
    /S `
    /D=C:\Miniconda

 RUN conda config --prepend channels conda-forge

 RUN conda update --all -y
 RUN conda install -y conda-build

 ENTRYPOINT ["C:\\BuildTools\\VC\\Auxiliary\\Build\\vcvars64.bat", "&&", "powershell.exe", "-NoLogo", "-ExecutionPolicy", "Bypass"]
diff --git a/Dockerfile.vsbuildtools b/Dockerfile.vsbuildtools
 # escape=`

 # Use the latest Windows Server Core image with .NET Framework 4.8.
 FROM mcr.microsoft.com/dotnet/framework/sdk:4.8-windowsservercore-ltsc2019

 # Restore the default Windows shell for correct batch processing.
 SHELL ["cmd", "/S", "/C"]

 # Download the Build Tools bootstrapper.
 ADD https://aka.ms/vs/16/release/vs_buildtools.exe C:\TEMP\vs_buildtools.exe

 # Install Build Tools with the Microsoft.VisualStudio.Workload.AzureBuildTools workload, excluding workloads and components with known issues.
 RUN C:\TEMP\vs_buildtools.exe --quiet --wait --norestart --nocache `
    --installPath C:\BuildTools `
    --add Microsoft.VisualStudio.Workload.VCTools `
    --add Microsoft.VisualStudio.Component.VC.Tools.x86.x64 `
    --add Microsoft.VisualStudio.Component.Windows10SDK.18362 `
    --remove Microsoft.VisualStudio.Component.VC.CMake.Project `
    --remove Microsoft.VisualStudio.Component.VC.Llvm.Clang `
    --remove Microsoft.VisualStudio.Component.VC.Llvm.ClangToolset `
    --remove Microsoft.VisualStudio.ComponentGroup.NativeDesktop.Llvm.Clang `
    --locale en-US `
 || IF "%ERRORLEVEL%"=="3010" EXIT 0

 # INCLUDE 'C:\Program Files (x86)\Windows Kits\10\Include\10.0.18362.0\ucrt'

 # Define the entry point for the docker container.
 # This entry point starts the developer command prompt and launches the PowerShell shell.
 ENTRYPOINT ["C:\\BuildTools\\Common7\\Tools\\VsDevCmd.bat", "&&", "powershell.exe", "-NoLogo", "-ExecutionPolicy", "Bypass"]
diff --git a/gitlab-runner-get-instance.yml b/gitlab-runner-get-instance.yml
 - name: Create EC2 Windows Server 2019 instance with Gitlab-CI-Runner
  hosts: localhost
  vars:
    flavor: t3.large # check pricing!!!
    key_name: ansible_key
    # this key must be generated in the PEM format: ssh-keygen -P "" -t rsa -b 4096 -m pem -f id_rsa_ec2
    ssh_public_key: "{{ lookup('env', 'HOME') }}/.ssh/id_rsa_ec2.pub"
    ssh_private_key: "{{ lookup('env', 'HOME') }}/.ssh/id_rsa_ec2"
    security_group_name: gitlab-runner-security-group
    aws_access_key: your-access-key
    aws_secret_key: your-secret-key
    region: eu-west-2 # London
  tasks: 
    - name: List available Windows images
      ec2_ami_info:
        aws_access_key: "{{ aws_access_key }}"
        aws_secret_key: "{{ aws_secret_key }}"
        region: "{{ region }}"
        filters:
          name: "*2019*Core*Containers*"
          platform: windows
      register: win_ec2_windows_images
    - name: Print last image
      debug:
        msg: "Image: {{ (win_ec2_windows_images.images | last).name }}"
    - name: Create security group for win ec2 instance(s)
      ec2_group:
        name: '{{ security_group_name }}'
        description: "Rules for gitlab-ci-runner Windows VM"
        aws_access_key: "{{ aws_access_key }}"
        aws_secret_key: "{{ aws_secret_key }}"
        region: "{{ region }}"
        state: present
        rules: 
          - proto: tcp
            from_port: 3389
            to_port: 3389
            cidr_ip: 0.0.0.0/0
          - proto: tcp
            from_port: 5986
            to_port: 5986
            cidr_ip: 0.0.0.0/0
      register: win_ec2_security_group_result
    - name: Import keypair
      ec2_key:
        name: "{{ key_name }}"
        key_material: "{{ lookup('file', ssh_public_key) }}"
        aws_access_key: "{{ aws_access_key }}"
        aws_secret_key: "{{ aws_secret_key }}"
        region: "{{ region }}"
        state: present
    - name: Create win ec2 instance
      ec2:
        instance_type: '{{ flavor }}'
        image: '{{ (win_ec2_windows_images.images | last).image_id }}'
        group_id: '{{ win_ec2_security_group_result.group_id }}'
        key_name: '{{ key_name }}'
        user_data: '{{lookup("file", "win_ec2_user_data")}}'
        exact_count: 1
        count_tag:
          Name: gitlab-ci-runner
        instance_tags:
          Name: gitlab-ci-runner
        wait: yes
        aws_access_key: "{{ aws_access_key }}"
        aws_secret_key: "{{ aws_secret_key }}"
        region: "{{ region }}"
      register: win_ec2_instance
    - name: Print EC2 instance results
      debug:
        msg: "Image results: {{ win_ec2_instance }}"
    - name: Attach EBS 50 GB
      ec2_vol:
        instance: '{{ win_ec2_instance.tagged_instances[0].id }}'
        volume_size: 50
        aws_access_key: "{{ aws_access_key }}"
        aws_secret_key: "{{ aws_secret_key }}"
        region: "{{ region }}"
        device_name: /dev/xvdg
        delete_on_termination: yes
    - name: Wait for instance to listen on winrm https port
      wait_for:
        state: started
        host: '{{ win_ec2_instance.tagged_instances[0].public_ip }}'
        port: 5986
        delay: 5
        timeout: 360
    - name: Obtain initial passwords for win ec2 instance
      ec2_win_password:
        instance_id: '{{ win_ec2_instance.tagged_instances[0].id }}'
        key_file: "{{ ssh_private_key }}"
        wait: yes
        aws_access_key: "{{ aws_access_key }}"
        aws_secret_key: "{{ aws_secret_key }}"
        region: "{{ region }}"
      register: win_ec2_password
    - name: Print admin password
      debug:
        msg: "Admin password: {{ win_ec2_password.win_password }}"

    - name: Store floating ip internally
      add_host:
        name: vm-ip
        ansible_host: '{{ win_ec2_instance.tagged_instances[0].public_ip }}'
        ansible_port: 5986
        ansible_user: Administrator
        ansible_password: '{{ win_ec2_password.win_password }}'
        ansible_winrm_server_cert_validation: ignore
        ansible_connection: 'winrm'

 - name: Provision VM
  hosts: vm-ip
  pre_tasks:
    - name: Get disk facts
      win_disk_facts:
    - name: Output disk facts
      debug:
        var: ansible_facts.disks
    - name: Init, partition and format EBS
      block:
        # replace with win_initialize_disk in Ansible 2.10
        - name: Initialize disk
          win_command: powershell.exe -
          args:
            stdin: Initialize-Disk -Number 1
        - name: Partition EBS
          win_partition:
            drive_letter: D
            partition_size: -1
            disk_number: 1
        - name: Format EBS
          win_format:
            drive_letter: D
            file_system: NTFS
            full: no
      when: ansible_facts.disks[1].partition_count == 0
    - name: Create Docker Cache folder
      win_file:
        path: D:\DockerCache
        state: directory
    - name: Install vim
      win_chocolatey:
        name: vim
        state: present
    - name: Copy Docker daemon config file
      win_copy:
        src: daemon.json
        dest: C:\ProgramData\Docker\config\daemon.json
      register: daemon_json_copied
    - name: Restart Docker
      win_service:
        name: docker
        state: restarted
      when: daemon_json_copied.changed
    - name: Create BuildTools folder
      win_file:
        path: C:\BuildTools
        state: directory
    - name: Copy our Dockerfiles
      win_copy:
        src: 'Dockerfile.{{ item }}'
        dest: C:\BuildTools\
      loop:
        - vsbuildtools
        - miniconda
        - miniforge
    - name: Build vsbuildtools Docker image
      win_command: docker build -t buildtools2019:latest -m 2GB -f Dockerfile.vsbuildtools .
      args:
        chdir: C:\BuildTools
    - name: Build miniconda3 Docker image
      win_command: docker build -t miniconda -t miniconda3 -m 2GB -f Dockerfile.miniconda .
      args:
        chdir: C:\BuildTools
    - name: Build miniforge3 Docker image
      win_command: docker build -t miniforge -t miniforge3 -m 2GB -f Dockerfile.miniforge .
      args:
        chdir: C:\BuildTools

  roles:
    - role: riemers.gitlab-runner
      # keep this until https://gitlab.com/gitlab-org/gitlab/-/issues/239013 is fixed
      gitlab_runner_wanted_version: 13.2.2
      gitlab_runner_registration_token: your-registration-token
      gitlab_runner_coordinator_url: https://gitlab.your-domain.com
      gitlab_runner_runners:
        - name: 'GitLab Runner Docker Windows'
          executor: docker-windows
          docker_image: 'miniconda3'
          tags:
            - windows
          docker_volumes:
            - "C:\\cache"
          extra_configs:
            runners.docker:
              memory: 2048m
              pull_policy: never # this ensures only our images may ever be used, change this if necessary
              allowed_images:
                - miniconda
                - miniconda3
                - miniforge
                - miniforge3
                - buildtools2019
diff --git a/win_ec2_user_data b/win_ec2_user_data
 <powershell>
 iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))
 </powershell>
	{
	"storage-opts": [
	"size=50GB"
	],
	"data-root": "D:\\DockerCache"
	}
	# escape=`

	FROM buildtools2019:latest

	# Restore the default Windows shell for correct batch processing.
	SHELL ["cmd", "/S", "/C"]

	# Download the Miniconda installer
	ADD https://repo.anaconda.com/miniconda/Miniconda3-latest-Windows-x86_64.exe C:\TEMP\miniconda.exe

	# Run the installer
	RUN C:\TEMP\miniconda.exe /InstallationType=AllUsers `
	/AddToPath=1 `
	/RegisterPython=1 `
	/S `
	/D=C:\Miniconda

	RUN conda update --all -y
	RUN conda install -y conda-build

	ENTRYPOINT ["C:\\BuildTools\\VC\\Auxiliary\\Build\\vcvars64.bat", "&&", "powershell.exe", "-NoLogo", "-ExecutionPolicy", "Bypass"]
	# escape=`

	# Use the latest Windows Server Core image with .NET Framework 4.8.
	FROM mcr.microsoft.com/dotnet/framework/sdk:4.8-windowsservercore-ltsc2019

	# Restore the default Windows shell for correct batch processing.
	SHELL ["cmd", "/S", "/C"]

	# Download the Build Tools bootstrapper.
	ADD https://aka.ms/vs/16/release/vs_buildtools.exe C:\TEMP\vs_buildtools.exe

	# Install Build Tools with the Microsoft.VisualStudio.Workload.AzureBuildTools workload, excluding workloads and components with known issues.
	RUN C:\TEMP\vs_buildtools.exe --quiet --wait --norestart --nocache `
	--installPath C:\BuildTools `
	--add Microsoft.VisualStudio.Workload.VCTools `
	--add Microsoft.VisualStudio.Component.VC.Tools.x86.x64 `
	--add Microsoft.VisualStudio.Component.Windows10SDK.18362 `
	--remove Microsoft.VisualStudio.Component.VC.CMake.Project `
	--remove Microsoft.VisualStudio.Component.VC.Llvm.Clang `
	--remove Microsoft.VisualStudio.Component.VC.Llvm.ClangToolset `
	--remove Microsoft.VisualStudio.ComponentGroup.NativeDesktop.Llvm.Clang `
	--locale en-US `
	\|\| IF "%ERRORLEVEL%"=="3010" EXIT 0

	# INCLUDE 'C:\Program Files (x86)\Windows Kits\10\Include\10.0.18362.0\ucrt'

	# Define the entry point for the docker container.
	# This entry point starts the developer command prompt and launches the PowerShell shell.
	ENTRYPOINT ["C:\\BuildTools\\Common7\\Tools\\VsDevCmd.bat", "&&", "powershell.exe", "-NoLogo", "-ExecutionPolicy", "Bypass"]
	- name: Create EC2 Windows Server 2019 instance with Gitlab-CI-Runner
	hosts: localhost
	vars:
	flavor: t3.large # check pricing!!!
	key_name: ansible_key
	# this key must be generated in the PEM format: ssh-keygen -P "" -t rsa -b 4096 -m pem -f id_rsa_ec2
	ssh_public_key: "{{ lookup('env', 'HOME') }}/.ssh/id_rsa_ec2.pub"
	ssh_private_key: "{{ lookup('env', 'HOME') }}/.ssh/id_rsa_ec2"
	security_group_name: gitlab-runner-security-group
	aws_access_key: your-access-key
	aws_secret_key: your-secret-key
	region: eu-west-2 # London
	tasks:
	- name: List available Windows images
	ec2_ami_info:
	aws_access_key: "{{ aws_access_key }}"
	aws_secret_key: "{{ aws_secret_key }}"
	region: "{{ region }}"
	filters:
	name: "2019CoreContainers"
	platform: windows
	register: win_ec2_windows_images
	- name: Print last image
	debug:
	msg: "Image: {{ (win_ec2_windows_images.images \| last).name }}"
	- name: Create security group for win ec2 instance(s)
	ec2_group:
	name: '{{ security_group_name }}'
	description: "Rules for gitlab-ci-runner Windows VM"
	aws_access_key: "{{ aws_access_key }}"
	aws_secret_key: "{{ aws_secret_key }}"
	region: "{{ region }}"
	state: present
	rules:
	- proto: tcp
	from_port: 3389
	to_port: 3389
	cidr_ip: 0.0.0.0/0
	- proto: tcp
	from_port: 5986
	to_port: 5986
	cidr_ip: 0.0.0.0/0
	register: win_ec2_security_group_result
	- name: Import keypair
	ec2_key:
	name: "{{ key_name }}"
	key_material: "{{ lookup('file', ssh_public_key) }}"
	aws_access_key: "{{ aws_access_key }}"
	aws_secret_key: "{{ aws_secret_key }}"
	region: "{{ region }}"
	state: present
	- name: Create win ec2 instance
	ec2:
	instance_type: '{{ flavor }}'
	image: '{{ (win_ec2_windows_images.images \| last).image_id }}'
	group_id: '{{ win_ec2_security_group_result.group_id }}'
	key_name: '{{ key_name }}'
	user_data: '{{lookup("file", "win_ec2_user_data")}}'
	exact_count: 1
	count_tag:
	Name: gitlab-ci-runner
	instance_tags:
	Name: gitlab-ci-runner
	wait: yes
	aws_access_key: "{{ aws_access_key }}"
	aws_secret_key: "{{ aws_secret_key }}"
	region: "{{ region }}"
	register: win_ec2_instance
	- name: Print EC2 instance results
	debug:
	msg: "Image results: {{ win_ec2_instance }}"
	- name: Attach EBS 50 GB
	ec2_vol:
	instance: '{{ win_ec2_instance.tagged_instances[0].id }}'
	volume_size: 50
	aws_access_key: "{{ aws_access_key }}"
	aws_secret_key: "{{ aws_secret_key }}"
	region: "{{ region }}"
	device_name: /dev/xvdg
	delete_on_termination: yes
	- name: Wait for instance to listen on winrm https port
	wait_for:
	state: started
	host: '{{ win_ec2_instance.tagged_instances[0].public_ip }}'
	port: 5986
	delay: 5
	timeout: 360
	- name: Obtain initial passwords for win ec2 instance
	ec2_win_password:
	instance_id: '{{ win_ec2_instance.tagged_instances[0].id }}'
	key_file: "{{ ssh_private_key }}"
	wait: yes
	aws_access_key: "{{ aws_access_key }}"
	aws_secret_key: "{{ aws_secret_key }}"
	region: "{{ region }}"
	register: win_ec2_password
	- name: Print admin password
	debug:
	msg: "Admin password: {{ win_ec2_password.win_password }}"

	- name: Store floating ip internally
	add_host:
	name: vm-ip
	ansible_host: '{{ win_ec2_instance.tagged_instances[0].public_ip }}'
	ansible_port: 5986
	ansible_user: Administrator
	ansible_password: '{{ win_ec2_password.win_password }}'
	ansible_winrm_server_cert_validation: ignore
	ansible_connection: 'winrm'

	- name: Provision VM
	hosts: vm-ip
	pre_tasks:
	- name: Get disk facts
	win_disk_facts:
	- name: Output disk facts
	debug:
	var: ansible_facts.disks
	- name: Init, partition and format EBS
	block:
	# replace with win_initialize_disk in Ansible 2.10
	- name: Initialize disk
	win_command: powershell.exe -
	args:
	stdin: Initialize-Disk -Number 1
	- name: Partition EBS
	win_partition:
	drive_letter: D
	partition_size: -1
	disk_number: 1
	- name: Format EBS
	win_format:
	drive_letter: D
	file_system: NTFS
	full: no
	when: ansible_facts.disks[1].partition_count == 0
	- name: Create Docker Cache folder
	win_file:
	path: D:\DockerCache
	state: directory
	- name: Install vim
	win_chocolatey:
	name: vim
	state: present
	- name: Copy Docker daemon config file
	win_copy:
	src: daemon.json
	dest: C:\ProgramData\Docker\config\daemon.json
	register: daemon_json_copied
	- name: Restart Docker
	win_service:
	name: docker
	state: restarted
	when: daemon_json_copied.changed
	- name: Create BuildTools folder
	win_file:
	path: C:\BuildTools
	state: directory
	- name: Copy our Dockerfiles
	win_copy:
	src: 'Dockerfile.{{ item }}'
	dest: C:\BuildTools\
	loop:
	- vsbuildtools
	- miniconda
	- miniforge
	- name: Build vsbuildtools Docker image
	win_command: docker build -t buildtools2019:latest -m 2GB -f Dockerfile.vsbuildtools .
	args:
	chdir: C:\BuildTools
	- name: Build miniconda3 Docker image
	win_command: docker build -t miniconda -t miniconda3 -m 2GB -f Dockerfile.miniconda .
	args:
	chdir: C:\BuildTools
	- name: Build miniforge3 Docker image
	win_command: docker build -t miniforge -t miniforge3 -m 2GB -f Dockerfile.miniforge .
	args:
	chdir: C:\BuildTools

	roles:
	- role: riemers.gitlab-runner
	# keep this until https://gitlab.com/gitlab-org/gitlab/-/issues/239013 is fixed
	gitlab_runner_wanted_version: 13.2.2
	gitlab_runner_registration_token: your-registration-token
	gitlab_runner_coordinator_url: https://gitlab.your-domain.com
	gitlab_runner_runners:
	- name: 'GitLab Runner Docker Windows'
	executor: docker-windows
	docker_image: 'miniconda3'
	tags:
	- windows
	docker_volumes:
	- "C:\\cache"
	extra_configs:
	runners.docker:
	memory: 2048m
	pull_policy: never # this ensures only our images may ever be used, change this if necessary
	allowed_images:
	- miniconda
	- miniconda3
	- miniforge
	- miniforge3
	- buildtools2019
	<powershell>
	iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))
	</powershell>