travix/gocd-agent-gcloud

By travix

Updated over 1 year ago

This repository can be used to bring up a GoCD Agent with google cloud sdk, in a container.

Image
3

1M+

travix/gocd-agent-gcloud

This container inherits from travix/gocd-agent:latest and adds the following packages

  • gcloud

Usage

To run this docker container use the following command

docker run -d travix/gocd-agent-gcloud:latest

Environment variables

In order to configure the agent for use in your cluster with other than default settings you can pass in the following environment variables

NameDescriptionDefault value
GO_SERVERThe host name or ip address of the server to connect tolocalhost
GO_SERVER_PORTThe http port of the go server8153
AGENT_MEMThe -Xms value for the java vm128m
AGENT_MAX_MEMThe -Xmx value for the java vm256m
AGENT_KEYThe secret key set on the server for auto-registration of the agent
AGENT_RESOURCESThe resource tags for the agent in case of auto-registration
AGENT_ENVIRONMENTSThe environments the agent is assigned to in case of auto-registration
AGENT_HOSTNAMEThe hostname used for the agent; normally it's the hosts actual hostname
DOCKER_GID_ON_HOSTTo mount docker socket and use it without sudo the go user needs to be added to the docker group; pass in the gid from the guest os with this variable

To connect the agent to your server with other than default ip or hostname

docker run -d \
    -e "GO_SERVER=gocd.yourdomain.com" \
    travix/gocd-agent-gcloud:latest

If you've set up your server for autoregistration of agents pass in the same value for environment variable AGENT_KEY when starting the agent

docker run -d \
    -e "GO_SERVER=gocd.yourdomain.com" \
    -e "AGENT_KEY=388b633a88de126531afa41eff9aa69e" \
    travix/gocd-agent-gcloud:latest

You can also set resource tags, gocd environment and hostname for the agent when autoregistering

docker run -d \
    -e "GO_SERVER=gocd.yourdomain.com" \
    -e "AGENT_KEY=388b633a88de126531afa41eff9aa69e" \
    -e "AGENT_RESOURCES=deploy-x,deploy-z" \
    -e "AGENT_ENVIRONMENTS=Production" \
    -e "AGENT_HOSTNAME=deploy-agent-01" \
    travix/gocd-agent-gcloud:latest

To mount docker socket and be able to use it sudo-less inside the container use the following

docker run -d \
    -e "GO_SERVER=gocd.yourdomain.com" \
    -e "DOCKER_GID_ON_HOST=$(getent group docker | cut -d: -f3)" \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v /usr/bin/docker:/usr/bin/docker \
    travix/gocd-agent-gcloud:latest

Do be aware that mounting docker inside your container poses a large security risk as the container indirectly has access to the whole machine in this way.

Mounting volumes

In order to keep working copies over a restart and use ssh keys from the host machine you can mount the following directories

DirectoryDescriptionImportance
/var/lib/go-agent/pipelinesThis directory holds the working copies for all pipelines that have run on this agentYou want to have this cleaned up regularly anyway, so no real need to mount it
/var/log/go-agentAll output logs go here, but there also written to standard out in the containerPreferably collect logs from standard out
/var/go/.sshThe ssh keys to connect to version control systems like github and bitbucketAs it's better not to embed these keys in the container you likely need to mount this
/var/go/.gcloudThe google cloud service account key files can be stored hereAs it's better not to embed these keys in the container you likely need to mount this
/var/run/docker.sockTo mount the docker socket of the guest osNote: mounting this is a security risk!
/usr/bin/dockerTo mount the docker binary of the guest osNote: mounting this is a security risk!

Start the container like this to mount the directories

docker run -d \
    -e "GO_SERVER=gocd.yourdomain.com" \
    -e "AGENT_KEY=388b633a88de126531afa41eff9aa69e" \
    -e "AGENT_RESOURCES=deploy-x,deploy-z" \
    -e "AGENT_ENVIRONMENTS=Production" \
    -e "AGENT_HOSTNAME=deploy-agent-01" \
    -v /mnt/persistent-disk/gocd-agent/pipelines:/var/lib/go-agent/pipelines
    -v /mnt/persistent-disk/gocd-agent/logs:/var/log/go-agent
    -v /mnt/persistent-disk/gocd-agent/ssh:/var/go/.ssh
    -v /mnt/persistent-disk/gocd-agent/gcloud:/var/go/.gcloud
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v /usr/bin/docker:/usr/bin/docker \
    travix/gocd-agent-gcloud:latest

To make sure the process in the container can read and write to those directories create a user and group with same gid and uid on the host machine

groupadd -r -g 999 go
useradd -r -g go -u 999 go

And then change the owner of the host directories

chown -R go:go /mnt/persistent-disk/gocd-agent/pipelines
chown -R go:go /mnt/persistent-disk/gocd-agent/ssh
chown -R go:go /mnt/persistent-disk/gocd-agent/gcloud

Docker Pull Command

docker pull travix/gocd-agent-gcloud