Orchestrating Automated Deployment via GitLab Runner on Linux Infrastructure

Published by TechMarmot Editorail Staff on | Category GitLab CI

The modernization of software engineering workflows relies heavily on the ability to bridge the gap between code commit and production deployment. This bridge is constructed using Continuous Integration and Continuous Deployment (CI/CD) methodologies, which transform the manual, error-prone process of software release into a streamlined, automated pipeline. At the heart of this automation within the GitLab ecosystem is the GitLab Runner, a specialized application written in the Go programming language designed to execute jobs defined within a GitLab CI/CD pipeline. By deploying a Runner directly onto a target Ubuntu server, engineers can create a seamless loop where code changes trigger immediate, automated deployments to the very environment intended to host the application. This process eliminates human intervention in the deployment phase, moving beyond Continuous Delivery—which requires manual approval—into the realm of Continuous Deployment, where updates are rolled out automatically once all test cases pass.

Architectural Foundations of GitLab CI/CD and the Runner

To understand the deployment mechanism, one must first grasp the relationship between the GitLab platform and the Runner. GitLab serves as the central orchestration hub, managing repositories, issue tracking, and the definition of CI/CD pipelines. However, GitLab itself does not execute the code; that responsibility is delegated to the Runner.

The GitLab Runner is a highly versatile, single-binary application that can be installed on virtually any environment capable of running Docker, including GNU/Linux, macOS, and Windows. It supports a variety of shell environments, such as Bash, PowerShell Core, and Windows PowerShell, providing immense flexibility for diverse infrastructure setups.

Runner Classification and Scope

The deployment strategy is heavily influenced by the type of Runner being utilized. GitLab categorizes Runners into three distinct scopes, which determine the availability and permission levels of the automated jobs:

Runner Type Availability and Scope
Group Runner Available to all projects and subgroups contained within a specific group.
Shared Runner Available for use by all projects within the GitLab instance.
Specific Runner Associated with a single, individual project, allowing for highly customized environments.

Each Runner type serves a different organizational need. For instance, a Specific Runner is ideal for a sensitive on-premises server where deployment permissions must be strictly isolated to a single repository. Conversely, Shared Runners provide a cost-effective way to standardize CI/CD processes across an entire organization's project portfolio.

Advanced Functional Capabilities

The GitLab Runner is not merely a script executor; it is a sophisticated tool capable of managing complex workflows. Its feature set includes:

  • Concurrent Job Execution: The ability to run multiple jobs simultaneously to reduce total pipeline duration.
  • Multi-Token Support: Capability to use multiple tokens across multiple servers, including per-project configurations.
  • Concurrency Control: The ability to limit the number of concurrent jobs assigned to a specific token.
  • Diverse Execution Environments: Jobs can be executed locally, within Docker containers, via SSH (including Docker containers executing over SSH), or through specialized hypervisors like VirtualBox, Parallels, or Kubernetes.
  • Cloud and Virtualization Integration: Support for Docker containers with autoscaling across various cloud providers and virtualization hypervisors.
  • Metric Reporting: An embedded Prometheus metrics HTTP server allows for deep observability, utilizing Referee workers to monitor and pass job-specific data and Prometheus metrics back to GitLab.
  • Resource Optimization: Seamless support for caching Docker containers to speed up subsequent pipeline runs.

Technical Implementation: Installing the Runner on Ubuntu

Deploying a Runner to an Ubuntu-based server involves a series of precise administrative steps. This process transitions the server from a standard compute instance to an active participant in the CI/CD lifecycle.

System Preparation and Binary Deployment

The initial phase involves preparing the host operating system. While one can add official repositories, a direct approach involves downloading the specialized binary for the target architecture.

  1. Download the binary: The runner is a Go-based single binary. It can be retrieved using curl and directed to the local binary directory.
    bash sudo curl -L --output /usr/local/bin/gitlab-runner "https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64"

  2. Set execution permissions: Once downloaded, the binary must be granted permission to run as an executable.
    bash sudo chmod +x /usr/local/bin/gitlab-runner

  3. Create a dedicated service user: For security and isolation, it is standard practice to create a specific user to manage the Runner's operations. This user should have its own home directory and a bash shell.
    bash sudo useradd --comment 'GitLab Runner' --create-home gitlab-runner --shell /bin/bash

Service Configuration and Privilege Management

After the user is created, the Runner must be installed as a system service to ensure it starts automatically upon system boot and runs in the background.

  1. Install the service: Use the install command, specifying the newly created user and the desired working directory.
    bash sudo gitlab-runner install --user=gitlab-runner --working-directory=/home/gitlab-runner

  2. Configure sudoer permissions: This is a critical security and operational step. Because CI/CD pipelines often require root-level privileges to move files, restart services, or manage Docker, the gitlab-runner user must be permitted to execute commands without a password prompt. If the pipeline halts to wait for a password, the automation fails. This is achieved by editing the sudoers file.
    bash vi /etc/sudoers
    Within the file, the user must be defined with NOPASSWD permissions to allow the pipeline to run uninterrupted.

  3. Initiate the service: Once the installation and permissions are set, the service is started.
    bash sudo gitlab-runner start

  4. Verify status: To ensure the Runner is active and communicating correctly, the service status should be checked.
    bash service gitlab-runner status

Registration and Connection to GitLab

With the Runner installed and running as a service, the next phase is the "handshake" between the local server and the GitLab instance. This is the process of registration, where the Runner is assigned to a specific project or group.

The Registration Workflow

Registration is initiated by a specific command that triggers an interactive configuration wizard.

bash sudo gitlab-runner register

During this interaction, the user must provide several key pieces of information:

  • GitLab Instance URL: The exact URL of the GitLab server (e.g., https://gitlab.com/). This must be copied precisely to ensure the Runner knows where to poll for new jobs.
  • Registration Token: A unique token generated within the GitLab UI. This token acts as the authentication credential that proves the Runner is authorized to join the project.
  • Runner Description: A human-readable name for the runner to identify it within the GitLab interface.
  • Tags: Comma-separated labels used to categorize the Runner. These tags are vital during pipeline execution; when a job in .gitlab-ci.yml specifies a tag, only Runners with that matching tag will pick up the job.
  • Maintenance Note: An optional field for administrative notes.
  • Executor Selection: The user must choose how the jobs will be executed. Options include shell, docker, ssh, virtualbox, kubernetes, and more. If docker is selected, a default Docker image (such as ruby:2.7) must also be specified.

Upon successful completion, the Runner will appear in the GitLab interface under Project Settings > CI/CD > Runners.

Pipeline Orchestration via .gitlab-ci.yml

The logic governing the deployment is contained within a special file named .gitlab-ci.yml, which must reside in the root of the repository. This file defines the stages, the jobs, the scripts, and the environment variables required for the deployment.

Defining the Deployment Workflow

The .gitlab-ci.yml file allows for a highly granular definition of the deployment lifecycle. An engineer can specify:

  • Stages: The sequential phases of the pipeline (e.g., build, test, deploy).
  • Scripts: The actual shell commands to be executed on the Runner.
  • Dependencies and Caches: Files or directories that should be preserved between jobs to increase speed.
  • Parallelization: Commands that can run simultaneously to optimize time.
  • Deployment Path: The specific directory on the server where the application files should reside.
  • Execution Triggers: Defining whether a stage runs automatically or requires a manual trigger.

Example Deployment Configuration

In a typical Gitflow-based workflow, a developer might push code to a staging branch. Upon merging staging into the main branch, the automated deployment is triggered. The following is an example of a configuration that builds an application and then deploys it by moving files to a target directory on the Ubuntu server.

```yaml
stages:
- build
- deploy

build-job:
stage: build
script:
- echo "Compiling the code..."
- echo "Compile complete."

deploy-job:
stage: deploy
script:
- echo "Starting deployment to production server..."
- sudo rm -rf /home/ubuntu/*
- sudo cp -r * /home/ubuntu/
- echo "Deployment successful."
```

In this specific example, the deploy-job utilizes the sudo privileges granted to the gitlab-runner user earlier in the process. It clears the target directory (/home/ubuntu/) and copies the current working directory contents into that location.

On-Premises Deployment Considerations

Deploying to on-premises servers presents different challenges compared to cloud-native environments. While cloud deployments often leverage ephemeral containers and managed services, on-premises deployment often involves physical hardware or Virtual Machines (VMs).

Infrastructure Strategies

When moving from a cloud-centric mindset to an on-premises environment, several architectural paths exist:

  • Virtual Machines (VMs): A highly stable and common approach is to set up a VM (using VMware or similar hypervisors) and install the GitLab Runner directly on the guest OS. This is often considered less complex to maintain than containerized runners for simple "Hello World" Docker image deployments.
  • Container Orchestration: For more complex environments, one might deploy a Kubernetes cluster and run the GitLab Runner within it. This allows for massive scalability and sophisticated resource management.
  • Hybrid Approaches: Using tools like Nomad or specialized VM management can provide a middle ground between the simplicity of a single VM and the complexity of Kubernetes.

Deployment Patterns for Docker in VMs

A common requirement is deploying a Docker container to a VM via a GitLab pipeline. This can be achieved by configuring the Runner with a shell or docker executor and using standard Docker commands within the .gitlab-ci.yml script. For instance, a job can execute docker pull, docker stop, and docker run to manage container lifecycles on the host machine.

Analysis of Deployment Methodologies

The transition from manual deployment to GitLab Runner-driven automation represents a fundamental shift in operational reliability. By utilizing the "Deep Drilling" approach to understanding these components, it becomes clear that the success of a deployment pipeline is not just dependent on the .gitlab-ci.yml script, but on the underlying system configuration, specifically the security and permissioning of the Runner service.

The distinction between Continuous Delivery and Continuous Deployment is pivotal for organizational risk management. Continuous Delivery provides a "safety valve" through manual intervention, which is essential in highly regulated industries. Continuous Deployment, however, demands a much higher level of confidence in the automated test suite, as the Runner will move code to the server immediately upon the satisfaction of defined test cases.

Ultimately, the choice of executor—whether it be the simplicity of a shell executor on a dedicated Ubuntu VM or the sophisticated orchestration of a kubernetes executor—dictates the scalability and complexity of the deployment engine. The ability to run jobs locally, via SSH, or within highly scalable cloud-integrated containers makes the GitLab Runner one of the most robust tools in the modern DevOps toolkit.

Sources

  1. Cloudkul - Deploy code from GitLab to server using GitLab CI/CD
  2. GitLab Forum - Deploying to on-premises
  3. GitLab Documentation - GitLab Runner

Related Posts