Summary
Implement Stage 4 (GitHub Runner Core) for the Ansible-first reboot.
Scope
- Create the github_runner role
- Download and unpack GitHub Actions runner tarball (ARM64)
- Register runner with organization/repository
- Create systemd service unit
- Manage runner token securely via Ansible Vault
- Support idempotent re-registration
Key Decisions (from gate review)
- Token management: Use Ansible Vault for encrypted token storage
- Service installation: Use native \svc.sh install\ from runner
- Runner name default: {{ ansible_hostname }}-{{ inventory_hostname }}\
- Idempotency: Skip re-registration if already configured
Acceptance
- Runner tarball downloads and extracts successfully
- Registration completes unattended
- Systemd service active and enabled
- Runner appears online in GitHub Actions Settings within 30 seconds
- Service survives reboot
- Role is idempotent
- Token never logged or visible in Ansible output
Summary
Implement Stage 4 (GitHub Runner Core) for the Ansible-first reboot.
Scope
Key Decisions (from gate review)
Acceptance