Terraform Docker Images using Gitlab CI/CD

Hi. I’m new and learning how to use terraform with gitlab and docker containers.

I had to recently use this guide for trusting custom certificate authorities in my lab: Self-signed certificates or custom Certification Authorities | GitLab

I had to add my own CA into the trusted CA keystore and configure the config
.toml file to mount the volume for the CRT file so the runner could load and add the CA onto any future jobs and trust and communicate with the gitlab server. However, the steps called to know if it was based on Ubuntu or Alpine to then know whether I needed to use APT-GET or APK in the PRE_BUILD_SCRIPT section for package management. I had to just try one first, see it error out, then try the other. For the life of me I couldn’t figure out for sure which one I needed to use since the image the template uses is registry.gitlab.com/gitlab-org/terraform-images/stable:latest

It wasn’t as straight as other times where I’ve seen the images being called out like image:node.alpine or Ubuntu-latest etc

I would appreciate some explanation how to determine what an image is using.

Since you are trying to trust the certificate for user scripts, there is no way (that I know of) for the runner to know what distribution you’ll be using.

As a work around, you can tweak the script to make it support both ubuntu and alpine based images.

OS=$(grep '^ID=' /etc/*-release | cut -d'=' -f2)

if [ $OS = 'ubuntu' ]; then
  apt-get update >/dev/null
  apt-get install -y ca-certificates > /dev/null
elif [ $OS = 'alpine' ]; then
  apk update >/dev/null
  apk add ca-certificates > /dev/null
fi

rm -rf /var/cache/apk/*

cp /etc/gitlab-runner/certs/ca.crt /usr/local/share/ca-certificates/ca.crt
update-ca-certificates --fresh > /dev/null

Oh Thank you very much! I really appreciate your reply! I see how powerful this can be. I will try adding that and run the pipeline again. Thanks again!

1 Like