Introduce ci_runner_limits_override feature flag
What does this MR do?
This MR builds on !67151 (merged) to leverage the override ci_runner_limits_override
FF when creating RunnerNamespace
and RunnerProject
instances. This will allow us to add projects where the limit does not apply, to the ci_runner_limits
FF rollout.
Screenshots or Screencasts (strongly suggested)
How to setup and validate locally (strongly suggested)
-
You can try running the tests after changing the
ci_runner_limits_override
FF in the test totrue
. The test will fail because the object will be allowed to be created. -
CLI approach:
- Patch the code so that it checks limits against
:all
instead of:recent_runners
(since the runners we'll be registering are very recent by definition):
diff --git a/app/models/ci/runner_project.rb b/app/models/ci/runner_project.rb index d70772ae157..c8fdbada202 100644 --- a/app/models/ci/runner_project.rb +++ b/app/models/ci/runner_project.rb @@ -7,7 +7,7 @@ class RunnerProject < ApplicationRecord self.limit_name = 'ci_registered_project_runners' self.limit_scope = :project - self.limit_relation = :recent_runners + #self.limit_relation = :recent_runners self.limit_feature_flag = :ci_runner_limits self.limit_feature_flag_for_override = :ci_runner_limits_override
-
Enable project runner registration limits
> Plan.default.actual_limits.update!(ci_registered_project_runners: 3) => true > Feature.enable(:ci_runner_limits, Project.find(1)) => true
-
Try registering 5 runners:
$ for i in $(seq 1 5); do gitlab-runner register -config /tmp/config.gdk.toml \ --non-interactive \ --executor "shell" \ --url "http://gdk.localhost:3000/" \ --description "project test runner" \ --tag-list "shell,gdk,mac,test" \ --run-untagged="false" \ --locked="false" \ --access-level="not_protected" \ --registration-token="<YOUR-TOKEN>"; \ done Runtime platform arch=amd64 os=darwin pid=91418 revision=7620f9f0 version=14.2.0~beta.50.g7620f9f0 WARNING: Running in user-mode. WARNING: Use sudo for system-mode: WARNING: $ sudo gitlab-runner... Registering runner... succeeded runner=kVY__JFh Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded! Runtime platform arch=amd64 os=darwin pid=91441 revision=7620f9f0 version=14.2.0~beta.50.g7620f9f0 WARNING: Running in user-mode. WARNING: Use sudo for system-mode: WARNING: $ sudo gitlab-runner... Registering runner... succeeded runner=kVY__JFh Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded! Runtime platform arch=amd64 os=darwin pid=91444 revision=7620f9f0 version=14.2.0~beta.50.g7620f9f0 WARNING: Running in user-mode. WARNING: Use sudo for system-mode: WARNING: $ sudo gitlab-runner... Registering runner... succeeded runner=kVY__JFh Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded! Runtime platform arch=amd64 os=darwin pid=91445 revision=7620f9f0 version=14.2.0~beta.50.g7620f9f0 WARNING: Running in user-mode. WARNING: Use sudo for system-mode: WARNING: $ sudo gitlab-runner... ERROR: Registering runner... failed runner=kVY__JFh status=400 Bad Request PANIC: Failed to register the runner. You may be having network problems. Runtime platform arch=amd64 os=darwin pid=91447 revision=7620f9f0 version=14.2.0~beta.50.g7620f9f0 WARNING: Running in user-mode. WARNING: Use sudo for system-mode: WARNING: $ sudo gitlab-runner...
-
Override the limit for that project:
> Feature.enable(:ci_runner_limits_override, Project.find(1)) => true
-
Registering runners against project 1 is now again allowed:
$ gitlab-runner register -config /tmp/config.gdk.toml \ --non-interactive \ --executor "shell" \ --url "http://gdk.localhost:3000/" \ --description "project test runner" \ --tag-list "shell,gdk,mac,test" \ --run-untagged="false" \ --locked="false" \ --access-level="not_protected" \ --registration-token="<YOUR-TOKEN>"; \ done Runtime platform arch=amd64 os=darwin pid=91418 revision=7620f9f0 version=14.2.0~beta.50.g7620f9f0 WARNING: Running in user-mode. WARNING: Use sudo for system-mode: WARNING: $ sudo gitlab-runner... Registering runner... succeeded runner=kVY__JFh Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded! Runtime platform arch=amd64 os=darwin pid=91441 revision=7620f9f0 version=14.2.0~beta.50.g7620f9f0
- Patch the code so that it checks limits against
Does this MR meet the acceptance criteria?
Conformity
-
I have included changelog trailers, or none are needed. (Does this MR need a changelog?) -
I have added/updated documentation, or it's not needed. (Is documentation required?) -
I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?) -
I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?) -
I have self-reviewed this MR per code review guidelines. -
This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines) -
I have followed the style guides. -
This change is backwards compatible across updates, or this does not apply.
Availability and Testing
-
I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.) -
I have tested this MR in all supported browsers, or it's not needed. -
I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.
Security
Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Part of #321368