Added linux arm64 runners to terraform (#4419)

Added linux arm64 runners to terraform

Author: DanilBaibak

terraform-aws-github-runner/main.tf

@@ -17,9 +17,10 @@ locals {
     Environment = var.environment
   })
 
-  s3_action_runner_url_linux   = "s3://${module.runner_binaries.bucket.id}/${module.runner_binaries.runner_distribution_object_key_linux}"
-  s3_action_runner_url_windows = "s3://${module.runner_binaries.bucket.id}/${module.runner_binaries.runner_distribution_object_key_windows}"
-  runner_architecture          = substr(var.instance_type, 0, 2) == "a1" || substr(var.instance_type, 1, 2) == "6g" ? "arm64" : "x64"
+  s3_action_runner_url_linux       = "s3://${module.runner_binaries.bucket.id}/${module.runner_binaries.runner_distribution_object_key_linux}"
+  s3_action_runner_url_linux_arm64 = "s3://${module.runner_binaries.bucket.id}/${module.runner_binaries.runner_distribution_object_key_linux_arm64}"
+  s3_action_runner_url_windows     = "s3://${module.runner_binaries.bucket.id}/${module.runner_binaries.runner_distribution_object_key_windows}"
+  runner_architecture              = substr(var.instance_type, 0, 2) == "a1" || substr(var.instance_type, 1, 2) == "6g" ? "arm64" : "x64"
 }
 
 resource "random_string" "random" {
@@ -137,10 +138,12 @@ module "runners" {
 
   launch_template_name_linux           = module.runners_instances.launch_template_name_linux
   launch_template_name_linux_nvidia    = module.runners_instances.launch_template_name_linux_nvidia
+  launch_template_name_linux_arm64     = module.runners_instances.launch_template_name_linux_arm64
   launch_template_name_windows         = module.runners_instances.launch_template_name_windows
   launch_template_version_linux        = module.runners_instances.launch_template_version_linux
   launch_template_version_windows      = module.runners_instances.launch_template_version_windows
   launch_template_version_linux_nvidia = module.runners_instances.launch_template_version_linux_nvidia
+  launch_template_version_linux_arm64  = module.runners_instances.launch_template_version_linux_arm64
 
   logging_retention_in_days                  = var.logging_retention_in_days
   scale_up_lambda_concurrency                = var.scale_up_lambda_concurrency
@@ -167,9 +170,10 @@ module "runners_instances" {
     encrypt    = var.encrypt_secrets
   }
 
-  s3_bucket_runner_binaries           = module.runner_binaries.bucket
-  s3_location_runner_binaries_linux   = local.s3_action_runner_url_linux
-  s3_location_runner_binaries_windows = local.s3_action_runner_url_windows
+  s3_bucket_runner_binaries               = module.runner_binaries.bucket
+  s3_location_runner_binaries_linux       = local.s3_action_runner_url_linux
+  s3_location_runner_binaries_linux_arm64 = local.s3_action_runner_url_linux_arm64
+  s3_location_runner_binaries_windows     = local.s3_action_runner_url_windows
 
   instance_type         = var.instance_type
   block_device_mappings = var.block_device_mappings

terraform-aws-github-runner/modules/runner-binaries-syncer/main.tf

@@ -9,8 +9,9 @@ terraform {
 }
 
 locals {
-  action_runner_distribution_object_key_linux   = "actions-runner-linux-x64.tar.gz"
-  action_runner_distribution_object_key_windows = "actions-runner-windows-x64.zip"
+  action_runner_distribution_object_key_linux       = "actions-runner-linux-x64.tar.gz"
+  action_runner_distribution_object_key_linux_arm64 = "actions-runner-linux-arm64-2.307.1.tar.gz"
+  action_runner_distribution_object_key_windows     = "actions-runner-windows-x64.zip"
 }
 
 resource "aws_s3_bucket" "action_dist" {

terraform-aws-github-runner/modules/runner-binaries-syncer/outputs.tf

@@ -6,6 +6,10 @@ output "runner_distribution_object_key_linux" {
   value = local.action_runner_distribution_object_key_linux
 }
 
+output "runner_distribution_object_key_linux_arm64" {
+  value = local.action_runner_distribution_object_key_linux_arm64
+}
+
 output "runner_distribution_object_key_windows" {
   value = local.action_runner_distribution_object_key_windows
 }

terraform-aws-github-runner/modules/runners-instances/launch-template.tf

@@ -1,20 +1,27 @@
 locals {
-  instance_profile_path                  = var.instance_profile_path == null ? "/${var.environment}/" : var.instance_profile_path
-  name_runner                            = var.overrides["name_runner"] == "" ? local.tags["Name"] : var.overrides["name_runner"]
-  role_path                              = var.role_path == null ? "/${var.environment}/" : var.role_path
-  userdata_arm_patch                     = "${path.module}/templates/arm-runner-patch.tpl"
-  userdata_install_config_runner_linux   = "${path.module}/templates/install-config-runner.sh"
+  instance_profile_path                = var.instance_profile_path == null ? "/${var.environment}/" : var.instance_profile_path
+  name_runner                          = var.overrides["name_runner"] == "" ? local.tags["Name"] : var.overrides["name_runner"]
+  role_path                            = var.role_path == null ? "/${var.environment}/" : var.role_path
+  userdata_arm_patch                   = "${path.module}/templates/arm-runner-patch.tpl"
+  userdata_install_config_runner_linux = "${path.module}/templates/install-config-runner.sh"
   userdata_install_config_runner_windows = "${path.module}/templates/install-config-runner.ps1"
   userdata_template                      = var.userdata_template == null ? "${path.module}/templates/user-data.sh" : var.userdata_template
   userdata_template_windows              = "${path.module}/templates/user-data.ps1"
 
   arm_patch = var.runner_architecture == "arm64" ? templatefile(local.userdata_arm_patch, {}) : ""
+
   install_config_runner_linux = templatefile(local.userdata_install_config_runner_linux, {
     environment                     = var.environment
     s3_location_runner_distribution = var.s3_location_runner_binaries_linux
     run_as_root_user                = var.runner_as_root ? "root" : ""
     arm_patch                       = local.arm_patch
   })
+  install_config_runner_linux_arm64 = templatefile(local.userdata_install_config_runner_linux, {
+    environment                     = var.environment
+    s3_location_runner_distribution = var.s3_location_runner_binaries_linux_arm64
+    run_as_root_user                = var.runner_as_root ? "root" : ""
+    arm_patch                       = local.arm_patch
+  })
   install_config_runner_windows = templatefile(local.userdata_install_config_runner_windows, {
     environment                     = var.environment
     s3_location_runner_distribution = var.s3_location_runner_binaries_windows
@@ -37,6 +44,20 @@ data "aws_ami" "runner_ami_linux" {
   owners = var.ami_owners_linux
 }
 
+data "aws_ami" "runner_ami_linux_arm64" {
+  most_recent = "true"
+
+  dynamic "filter" {
+    for_each = var.ami_filter_linux_arm64
+    content {
+      name   = filter.key
+      values = filter.value
+    }
+  }
+
+  owners = var.ami_owners_linux_arm64
+}
+
 data "aws_ami" "runner_ami_windows" {
   most_recent = "true"
 
@@ -91,7 +112,7 @@ resource "aws_launch_template" "linux_runner" {
     pre_install                     = var.userdata_pre_install
     post_install                    = var.userdata_post_install
     enable_cloudwatch_agent         = var.enable_cloudwatch_agent
-    nvidia_driver_install           = var.nvidia_driver_install
+    nvidia_driver_install           = false
     ssm_key_cloudwatch_agent_config = var.enable_cloudwatch_agent ? aws_ssm_parameter.cloudwatch_agent_config_runner_linux[0].name : ""
     ghes_url                        = var.ghes_url
     install_config_runner           = local.install_config_runner_linux
@@ -149,6 +170,55 @@ resource "aws_launch_template" "linux_runner_nvidia" {
   tags = local.tags
 }
 
+resource "aws_launch_template" "linux_arm64_runner" {
+  name = "${var.environment}-action-linux-arm64-runner"
+
+  iam_instance_profile {
+    name = aws_iam_instance_profile.runner.name
+  }
+
+  instance_initiated_shutdown_behavior = "terminate"
+
+  image_id      = data.aws_ami.runner_ami_linux_arm64.id
+  instance_type = var.instance_type
+  key_name      = var.key_name
+
+  tag_specifications {
+    resource_type = "instance"
+    tags = merge(
+      local.tags,
+      {
+        "Name"               = format("%s", local.name_runner),
+        "InstanceManagement" = "dynamic"
+      },
+    )
+  }
+
+  tag_specifications {
+    resource_type = "volume"
+    tags = merge(
+      local.tags,
+      {
+        "Name"               = format("%s", local.name_runner)
+        "InstanceManagement" = "dynamic"
+      },
+    )
+  }
+
+  user_data = base64encode(templatefile(local.userdata_template, {
+    environment                     = var.environment
+    pre_install                     = var.userdata_pre_install
+    post_install                    = var.userdata_post_install
+    enable_cloudwatch_agent         = var.enable_cloudwatch_agent
+    nvidia_driver_install           = false
+    ssm_key_cloudwatch_agent_config = var.enable_cloudwatch_agent ? aws_ssm_parameter.cloudwatch_agent_config_runner_linux_arm64[0].name : ""
+    ghes_url                        = var.ghes_url
+    install_config_runner           = local.install_config_runner_linux_arm64
+  }))
+
+  tags = local.tags
+}
+
 resource "aws_launch_template" "windows_runner" {
   name = "${var.environment}-action-windows-runner"
 
@@ -204,7 +274,7 @@ resource "aws_launch_template" "windows_runner" {
     pre_install                     = var.userdata_pre_install
     post_install                    = var.userdata_post_install
     enable_cloudwatch_agent         = var.enable_cloudwatch_agent
-    nvidia_driver_install           = var.nvidia_driver_install
+    nvidia_driver_install           = false
     ssm_key_cloudwatch_agent_config = var.enable_cloudwatch_agent ? aws_ssm_parameter.cloudwatch_agent_config_runner_windows[0].name : ""
     ghes_url                        = var.ghes_url
     install_config_runner           = local.install_config_runner_windows

terraform-aws-github-runner/modules/runners-instances/logging.tf

@@ -97,6 +97,26 @@ resource "aws_ssm_parameter" "cloudwatch_agent_config_runner_linux_nvidia" {
   tags = local.tags
 }
 
+resource "aws_ssm_parameter" "cloudwatch_agent_config_runner_linux_arm64" {
+  count = var.enable_cloudwatch_agent ? 1 : 0
+  name  = "${var.environment}-cloudwatch_agent_config_runner_linux_arm64"
+  type  = "String"
+  value = jsonencode(
+    jsondecode(
+      templatefile(
+        "${path.module}/templates/cloudwatch_config.json",
+        {
+          aws_region        = var.aws_region
+          environment       = var.environment
+          logfiles          = jsonencode(local.logfiles_linux)
+          metrics_collected = templatefile("${path.module}/templates/cloudwatch_config_linux_arm64.json", {})
+        }
+      )
+    )
+  )
+  tags = local.tags
+}
+
 resource "aws_cloudwatch_log_group" "gh_runners_linux" {
   count             = length(local.loggroups_names_linux)
   name              = local.loggroups_names_linux[count.index]
@@ -126,6 +146,17 @@ resource "aws_iam_role_policy" "cloudwatch_linux_nvidia" {
   )
 }
 
+resource "aws_iam_role_policy" "cloudwatch_linux_arm64" {
+  count = var.enable_ssm_on_runners ? 1 : 0
+  name  = "CloudWatchLogginAndMetricsLinuxARM64"
+  role  = aws_iam_role.runner.name
+  policy = templatefile("${path.module}/policies/instance-cloudwatch-policy.json",
+    {
+      ssm_parameter_arn = aws_ssm_parameter.cloudwatch_agent_config_runner_linux_arm64[0].arn
+    }
+  )
+}
+
 resource "aws_ssm_parameter" "cloudwatch_agent_config_runner_windows" {
   count = var.enable_cloudwatch_agent ? 1 : 0
   name  = "${var.environment}-cloudwatch_agent_config_runner_windows"

terraform-aws-github-runner/modules/runners-instances/outputs.tf

@@ -38,6 +38,10 @@ output "launch_template_name_linux_nvidia" {
   value = aws_launch_template.linux_runner_nvidia.name
 }
 
+output "launch_template_name_linux_arm64" {
+  value = aws_launch_template.linux_arm64_runner.name
+}
+
 output "launch_template_name_windows" {
   value = aws_launch_template.windows_runner.name
 }
@@ -50,6 +54,10 @@ output "launch_template_version_linux_nvidia" {
   value = aws_launch_template.linux_runner_nvidia.latest_version
 }
 
+output "launch_template_version_linux_arm64" {
+  value = aws_launch_template.linux_arm64_runner.latest_version
+}
+
 output "launch_template_version_windows" {
   value = aws_launch_template.windows_runner.latest_version
 }

terraform-aws-github-runner/modules/runners-instances/templates/cloudwatch_config_linux_arm64.json

@@ -0,0 +1,49 @@
+{
+  "cpu": {
+    "measurement": [
+      "cpu_usage_idle",
+      "cpu_usage_iowait",
+      "cpu_usage_user",
+      "cpu_usage_system"
+    ],
+    "metrics_collection_interval": 10
+  },
+  "disk": {
+    "measurement": [
+      "free",
+      "total",
+      "used",
+      "used_percent",
+      "inodes_free",
+      "inodes_total"
+    ],
+    "metrics_collection_interval": 10,
+    "resources": [
+      "*"
+    ]
+  },
+  "diskio": {
+    "measurement": [
+      "io_time"
+    ],
+    "metrics_collection_interval": 10,
+    "resources": [
+      "/"
+    ]
+  },
+  "mem": {
+    "measurement": [
+      "total",
+      "used",
+      "free",
+      "used_percent"
+    ],
+    "metrics_collection_interval": 10
+  },
+  "swap": {
+    "measurement": [
+      "swap_used_percent"
+    ],
+    "metrics_collection_interval": 10
+  }
+}

terraform-aws-github-runner/modules/runners-instances/templates/install-config-runner.sh

@@ -8,8 +8,14 @@ rm -rf actions-runner.tar.gz
 
 ${arm_patch}
 
-INSTANCE_ID=$(wget -q -O - http://169.254.169.254/latest/meta-data/instance-id)
-REGION=$(curl -s 169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region)
+if [ "$(uname -m)" == "aarch64" ]; then
+  TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
+  INSTANCE_ID=$(curl http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN")
+  REGION=$(curl -s 169.254.169.254/latest/dynamic/instance-identity/document -H "X-aws-ec2-metadata-token: $TOKEN" | jq -r .region)
+else
+  INSTANCE_ID=$(wget -q -O - http://169.254.169.254/latest/meta-data/instance-id)
+  REGION=$(curl -s 169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region)
+fi
 
 echo wait for configuration
 while [[ $(aws ssm get-parameters --names ${environment}-$INSTANCE_ID --with-decryption --region $REGION | jq -r ".Parameters | .[0] | .Value") == null ]]; do

terraform-aws-github-runner/modules/runners-instances/templates/user-data.sh

@@ -12,7 +12,12 @@ amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c ssm:${ssm_key_cloudwatc
 %{ endif ~}
 
 # Install docker
-amazon-linux-extras install docker
+if [ "$(uname -m)" == "aarch64" ]; then
+  yum install -y docker
+else
+  amazon-linux-extras install docker
+fi
+
 service docker start
 usermod -a -G docker ec2-user
 

terraform-aws-github-runner/modules/runners-instances/variables.tf

@@ -40,6 +40,11 @@ variable "s3_location_runner_binaries_linux" {
   type        = string
 }
 
+variable "s3_location_runner_binaries_linux_arm64" {
+  description = "S3 location of runner distribution."
+  type        = string
+}
+
 variable "s3_location_runner_binaries_windows" {
   description = "S3 location of runner distribution."
   type        = string
@@ -66,6 +71,21 @@ variable "ami_filter_linux" {
   }
 }
 
+variable "ami_filter_linux_arm64" {
+  description = "List of maps used to create the AMI filter for the action runner AMI."
+  type        = map(list(string))
+
+  default = {
+    name = ["amzn2-ami-hvm-2.*-arm64-gp2"]
+  }
+}
+
+variable "ami_owners_linux_arm64" {
+  description = "The list of owners used to select the AMI of linux action runner instances."
+  type        = list(string)
+  default     = ["amazon"]
+}
+
 variable "ami_filter_windows" {
   description = "List of maps used to create the AMI filter for the action runner AMI."
   type        = map(list(string))
@@ -176,12 +196,6 @@ variable "enable_cloudwatch_agent" {
   default     = true
 }
 
-variable "nvidia_driver_install" {
-  description = "Preinstall nvidia driver on GPU machines."
-  type        = bool
-  default     = false
-}
-
 variable "ghes_url" {
   description = "GitHub Enterprise Server URL. DO NOT SET IF USING PUBLIC GITHUB"
   type        = string