Automatically obtain gitlab registration token when provisioning

Question

I have an ansible playbook which installs GitLab and configures a GitLab Runner. To register the runner, we need a GitLab registration token.

Currently I need to:

1. run the playbook, letting it install Gitab
2. manually login and obtain the registration token
3. reconfigure the playbook to use this token
4. let the playbook run again to register the runner

How can I obtain (or force?) this token when provisioning GitLab, so that the whole playbook can run automatically?

Answer 1

Updated Version for extracting the encrypted token:

gitlab-rails runner "print TokenAuthenticatableStrategies::EncryptionHelper.decrypt_token('$(echo 'select runners_registration_token_encrypted from application_settings;' | gitlab-psql -d gitlabhq_production -qtAX)')"

Extracting it form a docker container:

TOKEN_COMMAND='gitlab-rails runner "print TokenAuthenticatableStrategies::EncryptionHelper.decrypt_token('"'"'$(echo '"'"'select runners_registration_token_encrypted from application_settings;'"'"' | gitlab-psql -d gitlabhq_production -qtAX)'"'"')"'
RONNER_TOKEN="$(docker exec -it gitlab_gitlab_1 /bin/bash -c "$TOKEN_COMMAND")"

Answer 2

My first approach would be to utilize the REST API, however this feature is not implemented yet. The linked feature request contains a SQL query to obtain the runner token. The query seems to be (for POSTgres):

"select runners_registration_token from application_settings where runners_registration_token!='';"

It should be possible to run that query against the database and register the token as a fact for further configuration.