gitlab-runner: Add explicit become directives

Normo · Normo · commit 82a4b57c8ee3 · 2025-11-24T15:31:18.000+01:00
Signed-off-by: Norman Ziegner &lt;n.ziegner@hzdr.de&gt;
diff --git a/roles/gitlab_runner/handlers/main.yml b/roles/gitlab_runner/handlers/main.yml
@@ -6,10 +6,12 @@
 ---
 
 - name: "Transpile the flatcar linux configuration"
+  become: true
   ansible.builtin.command: "butane -o /etc/gitlab-runner/ignition.json /etc/gitlab-runner/butane-config.bu"
   changed_when: true
 
 - name: "Restart GitLab-Runner"
+  become: true
   ansible.builtin.service:
     name: "gitlab-runner"
     state: "restarted"
diff --git a/roles/gitlab_runner/tasks/configuration.yml b/roles/gitlab_runner/tasks/configuration.yml
@@ -10,6 +10,7 @@
     - "gitlab_runner_ssh_private_key | default('') | length > 0"
   block:
     - name: "Place SSH public key on the host for communicating with Runners."
+      become: true
       ansible.builtin.copy:
         src: "{{ gitlab_runner_ssh_public_key }}"
         dest: "{{ gitlab_runner_ssh_public_key_path }}"
@@ -18,6 +19,7 @@
         mode: "0644"
 
     - name: "Place SSH private key on the host for communicating with Runners."
+      become: true
       ansible.builtin.copy:
         src: "{{ gitlab_runner_ssh_private_key }}"
         dest: "{{ gitlab_runner_ssh_private_key_path }}"
@@ -26,20 +28,23 @@
         mode: "0600"
 
 - name: "Create SSH key pair for communicating with Runners."
+  become: true
   community.crypto.openssh_keypair:  # noqa: args[module]
     path: "{{ gitlab_runner_ssh_private_key_path }}"
     type: "{{ gitlab_runner_ssh_key_type | default('ed25519') }}"
   register: "__gitlab_runner_ssh_keypair"
   when: "not __gitlab_runner_is_initial_dryrun"  # skip if run for the first time in check mode
 
 - name: "Download and install container-linux-config-transpiler"
+  become: true
   ansible.builtin.get_url:
     url: "{{ gitlab_runner_transpiler_binary_url }}"
     dest: "/usr/local/bin/butane"
     mode: "0755"
     checksum: "{{ gitlab_runner_transpiler_binary_checksum }}"
 
 - name: "Place the container linux configuration on the host"
+  become: true
   ansible.builtin.template:
     src: "{{ gitlab_runner_butane_config_template }}"
     dest: "/etc/gitlab-runner/butane-config.bu"
@@ -52,6 +57,7 @@
     - "Transpile the flatcar linux configuration"
 
 - name: "Check if ignition.json is available and create it in any case"
+  become: true
   when: "not __flatcar_config_task.changed"  # noqa no-handler
   ansible.builtin.stat:
     path: "/etc/gitlab-runner/ignition.json"
@@ -77,11 +83,13 @@
       check_mode: false
 
     - name: "Dry-run of transpile the flatcar linux configuration"
+      become: true
       ansible.builtin.command: "butane -o {{ (__temp_directory.path, 'ignition.json') | path_join }} /etc/gitlab-runner/butane-config.bu"
       changed_when: false
       check_mode: false
 
     - name: "Stat temporary ignition.json file"
+      become: true
       ansible.builtin.stat:
         path: "{{ (__temp_directory.path, 'ignition.json') | path_join }}"
       register: "__temp_ignition_stats"
diff --git a/roles/gitlab_runner/tasks/docker-machine-init.yml b/roles/gitlab_runner/tasks/docker-machine-init.yml
@@ -5,6 +5,7 @@
 
 ---
 - name: "Check if docker-machine initialization is necessary"
+  become: true
   ansible.builtin.stat:
     path: "/root/.docker/machine/certs/ca.pem"
   register: "__docker_machine_config"
@@ -17,6 +18,7 @@
         __machine_options: "--{{ gitlab_runner.machine_options | join(' --') }}"
 
     - name: "Create a VM once via docker-machine"
+      become: true
       when: "not ansible_check_mode"
       ansible.builtin.command: "docker-machine create -d {{ gitlab_runner.machine_driver }} {{ __machine_options }} test"
       register: "__creation_cmd"
@@ -25,6 +27,7 @@
 
   always:
     - name: "Remove the VM"
+      become: true
       when: "not ansible_check_mode"
       ansible.builtin.command: "docker-machine rm -y --force test"
       register: "__removal_cmd"
diff --git a/roles/gitlab_runner/tasks/install.autoscaler-plugin.yml b/roles/gitlab_runner/tasks/install.autoscaler-plugin.yml
@@ -31,6 +31,7 @@
       changed_when: false
 
     - name: "Download fleeting-plugin-openstack"
+      become: true
       ansible.builtin.get_url:
         url: "{{ gitlab_runner_autoscaler_plugin_url }}"
         dest: "{{ (__tempdir_fleeting_plugin.path, 'fleeting-plugin-openstack.tar.gz') | path_join }}"
@@ -41,6 +42,7 @@
       check_mode: false
 
     - name: "Extract fleeting-plugin-openstack binary"
+      become: true
       ansible.builtin.unarchive:
         src: "{{ (__tempdir_fleeting_plugin.path, 'fleeting-plugin-openstack.tar.gz') | path_join }}"
         dest: "/usr/local/bin/"
@@ -61,6 +63,7 @@
       changed_when: false
 
 - name: "Place clouds.yaml template"
+  become: true
   ansible.builtin.template:
     src: "clouds.yaml.j2"
     dest: "/etc/gitlab-runner/clouds.yaml"
diff --git a/roles/gitlab_runner/tasks/install.debianlike.yml b/roles/gitlab_runner/tasks/install.debianlike.yml
@@ -6,6 +6,7 @@
 ---
 
 - name: "Install GitLab-Runner dependencies"
+  become: true
   ansible.builtin.apt:
     pkg:
       - "debian-archive-keyring"
@@ -20,6 +21,7 @@
 
   block:
     - name: "Add packages repository packages.gitlab.com/runner/gitlab-runner"
+      become: true
       ansible.builtin.deb822_repository:
         name: "gitlab-runner"
         types: "deb"
@@ -31,6 +33,7 @@
         enabled: true
 
     - name: "Use APT pinning for Debian os"
+      become: true
       ansible.builtin.template:
         src: "pin-gitlab-runner.pref.j2"
         dest: "/etc/apt/preferences.d/pin-gitlab-runner.pref"
@@ -40,6 +43,7 @@
       when: "ansible_facts.distribution == 'Debian'"
 
     - name: "Install gitlab-runner-helper-images with downgrade option"
+      become: true
       ansible.builtin.apt:
         name: "{{ gitlab_runner_helper_images_package_name }}"
         state: "present"
@@ -50,6 +54,7 @@
         - "gitlab_runner_version is version('17.7.0', 'ge') or gitlab_runner_version | length == 0"
 
     - name: "Install gitlab-runner with downgrade option"
+      become: true
       ansible.builtin.apt:
         name: "{{ gitlab_runner_package_name }}"
         state: "present"
@@ -69,12 +74,14 @@
   block:
 
     - name: "Install gitlab-runner-helper-images from a .deb file"
+      become: true
       ansible.builtin.apt:
         deb: "{{ gitlab_runner_helper_images_deb_file }}"
         allow_downgrade: true
       when: "gitlab_runner_version is version('17.7.0', 'ge') or gitlab_runner_version | length == 0"
 
     - name: "Install gitlab-runner from a .deb file"
+      become: true
       ansible.builtin.apt:
         deb: "{{ gitlab_runner_deb_file }}"
         allow_downgrade: true
diff --git a/roles/gitlab_runner/tasks/install.docker-machine.yml b/roles/gitlab_runner/tasks/install.docker-machine.yml
@@ -5,6 +5,7 @@
 
 ---
 - name: "Download and install docker-machine binary"
+  become: true
   ansible.builtin.get_url:
     url: "{{ gitlab_runner_docker_machine_binary_url }}"
     dest: "/usr/local/bin/docker-machine"
diff --git a/roles/gitlab_runner/tasks/main.yml b/roles/gitlab_runner/tasks/main.yml
@@ -48,6 +48,7 @@
     loop_var: "gitlab_runner"
 
 - name: "Slurp ignition json"
+  become: true
   ansible.builtin.slurp:
     src: "/etc/gitlab-runner/ignition.json"
   register: "__ignition_json"
@@ -56,6 +57,7 @@
     - "not __gitlab_runner_is_initial_dryrun"
 
 - name: "Template config file"
+  become: true
   ansible.builtin.template:
     src: "config.toml.j2"
     dest: "{{ gitlab_runner_config_path }}"
@@ -69,6 +71,7 @@
   when: "not __gitlab_runner_is_initial_dryrun"
 
 - name: "Start GitLab-Runner"
+  become: true
   ansible.builtin.service:
     name: "gitlab-runner"
     state: "started"
