Is it possible to use self hosted machine runners as your executor for use by an orb in this case aws-ecr orb?
version: 2.1
orbs:
aws-ecr: circleci/aws-ecr@8.2.1
executors:
my-runner:
machine: true
jobs:
another-build:
docker:
- image: cimg/base:current
resource_class: basebandit/small
steps:
- run: echo "Hi I'm on a Container Runner 2!"
machine-build:
machine: true
resource_class: basebandit/machine
steps:
- run: echo "Hi I'm on Runners!"
- run: node --version
- checkout
- run:
command: npm version
name: Get npm version
- run:
command: node --version
name: Get node version
workflows:
my-workflow:
jobs:
- another-build
- machine-build
- aws-ecr/build-and-push-image:
executor: my-runner
context: circleci-dev
push-image: false
create-repo: true
dockerfile: Dockerfile
path: .
repo: circle-dev
tag: "$CIRCLE_SHA1"
assume-web-identity: true
attach-workspace: false
That is an interesting question and something I’ve never tried.
One key thing is that in the code you have posted, you would need to fully define the my-runner executor so that it provides the resource_class. Without that it has to fail, you did include the value in the job that uses the runner.
I was able to use my self hosted ec2 ubuntu runner like so:
version: 2.1
orbs:
aws-ecr: circleci/aws-ecr@8.2.1
jobs:
another-build:
docker:
- image: cimg/base:current
resource_class: basebandit/small
steps:
- run: echo "Hi I'm on a Container Runner 2!"
aws-build-and-push-image:
machine: true
resource_class: basebandit/ubuntu
steps:
- aws-ecr/build-and-push-image:
push-image: false
create-repo: true
dockerfile: Dockerfile
path: .
repo: "$AWS_REPO"
tag: "$CIRCLE_SHA1"
assume-web-identity: true
attach-workspace: false
workflows:
my-workflow:
jobs:
- another-build
- aws-build-and-push-image:
context: aws
However the pipeline is stuck on Preparing environment. Am using terraform to provision the infrastructure for my self hosted runners. And the user data templates looks like so:
#!/bin/bash
#-------------------------------------------------------------------------------
# CircleCI Runner installation script
# Based on the documentation at https://circleci.com/docs/2.0/runner-installation/
#-------------------------------------------------------------------------------
# Prerequisites:
# Complete these:
# https://circleci.com/docs/2.0/runner-installation/#authentication
# This script must be run as root
# This script was tested on Ubuntu 22.04
platform="linux/amd64" # Runner platform: linux/amd64 || linux/arm64 || platform=darwin/amd64
prefix="/opt/circleci" # Runner install directory
CONFIG_PATH="/opt/circleci/launch-agent-config.yaml" # Determines where Runner config will be stored
SERVICE_PATH="/opt/circleci/circleci.service" # Determines where the Runner service definition will be stored
TIMESTAMP=$(date +"%g%m%d-%H%M%S-%3N") # Used to avoid Runner naming collisions
AUTH_TOKEN="${auth_token}" # Auth token for CircleCI
RUNNER_NAME="${runner_name}" # A runner name - this is not the same as the Resource class - keep it short, and only with letters/numbers/dashes/underscores
UNIQUE_RUNNER_NAME="$RUNNER_NAME-$TIMESTAMP" # Runners must have a unique name, so we'll append a timestamp
USERNAME="circleci" # The user which the runner will execute as
#-------------------------------------------------------------------------------
# Update; install dependencies
#-------------------------------------------------------------------------------
apt update
apt install coreutils curl tar gzip -y
#-------------------------------------------------------------------------------
# Download, install, and verify the binary
#-------------------------------------------------------------------------------
mkdir -p "$prefix/workdir"
base_url="https://circleci-binary-releases.s3.amazonaws.com/circleci-launch-agent"
echo "Determining latest version of CircleCI Launch Agent"
agent_version=$(curl "$base_url/release.txt")
echo "Using CircleCI Launch Agent version $agent_version"
echo "Downloading and verifying CircleCI Launch Agent Binary"
curl -sSL "$base_url/$agent_version/checksums.txt" -o checksums.txt
file="$(grep -F "$platform" checksums.txt | cut -d ' ' -f 2 | sed 's/^.//')"
mkdir -p "$platform"
echo "Downloading CircleCI Launch Agent: $file"
curl --compressed -L "$base_url/$agent_version/$file" -o "$file"
echo "Verifying CircleCI Launch Agent download"
grep "$file" checksums.txt | sha256sum --check && chmod +x "$file"; cp "$file" "$prefix/circleci-launch-agent" || echo "Invalid checksum for CircleCI Launch Agent, please try download again"
#-------------------------------------------------------------------------------
# Install the CircleCI runner configuration
# CircleCI Runner will be executing as the configured $USERNAME
# Note the short idle timeout - this script is designed for auto-scaling scenarios - if a runner is unclaimed, it will quit and the system will shut down as defined in the below service definition
#-------------------------------------------------------------------------------
cat << EOF >$CONFIG_PATH
api:
auth_token: $AUTH_TOKEN
runner:
name: $UNIQUE_RUNNER_NAME
command_prefix: ["sudo", "-niHu", "$USERNAME", "--"]
working_directory: /opt/circleci/workdir/%s
cleanup_working_directory: true
idle_timeout: 1m
max_run_time: 5h
mode: single-task
EOF
# Set correct config file permissions and ownership
chown root: /opt/circleci/launch-agent-config.yaml
chmod 600 /opt/circleci/launch-agent-config.yaml
#-------------------------------------------------------------------------------
# Create the circleci user & give permissions to working directory
# This user should NOT already exist
#-------------------------------------------------------------------------------
adduser --disabled-password --gecos GECOS "$USERNAME"
chown -R "$USERNAME" "$prefix/workdir"
#-------------------------------------------------------------------------------
# Create the service
# The service will shut down the instance when it exits - that is, the runner has completed with a success or error
#-------------------------------------------------------------------------------
cat << EOF >$SERVICE_PATH
[Unit]
Description=CircleCI Runner
After=network.target
[Service]
ExecStart=$prefix/circleci-launch-agent --config $CONFIG_PATH
ExecStopPost=shutdown now -h
Restart=no
User=root
NotifyAccess=exec
TimeoutStopSec=18300
[Install]
WantedBy = multi-user.target
EOF
#-------------------------------------------------------------------------------
# Configure your runner environment
# This script must be able to run unattended - without user input
#-------------------------------------------------------------------------------
snap install docker
addgroup --system docker
adduser ubuntu docker
newgrp docker
snap disable docker
snap enable docker
apt install -y nodejs npm openjdk-18-jdk openjdk-18-jre zip unzip
export JAVA_HOME=/usr/lib/jvm/java-18-openjdk-amd64
export PATH=$JAVA_HOME/bin:$PATH
wget -c https://services.gradle.org/distributions/gradle-7.4.2-bin.zip -P /tmp
unzip -d /opt/gradle /tmp/gradle-7.4.2-bin.zip
export GRADLE_HOME=/opt/gradle/gradle-7.4.2
export PATH=$GRADLE_HOME/bin:$PATH
#-------------------------------------------------------------------------------
# Enable CircleCI Runner service and start it
# This MUST be done last, as it will immediately advertise to the CircleCI server that the runner is ready to use
#-------------------------------------------------------------------------------
systemctl enable $prefix/circleci.service
systemctl start circleci.service
I would really like to know what my pipeline job is executing. Is there a way I can get some form of logs from circleci.
I use Ansible to drive my aws builds, which are static rather than dynamic so we have different workflows, which may mean different results.
When your AWS instance comes up does it have an /var/log/cloud-init-output.log file? If so that should contain any console output from the circleci agent and “systemctl status circleci.service” should return its active status.
One thing to check is that your /usr/lib/systemd/system/circleci.service file is getting the correct
permissions and ownership.
You may need to add the following
sudo chown root: /usr/lib/systemd/system/circleci.service
sudo chmod 644 /usr/lib/systemd/system/circleci.service
Hey Folks thank you for your suggestions. So I solved it , I had to ensure that the subnet had access to an internet gateway to allow for the tools I needed be installed in the machine runner’s ec2 instance.