Using libvirt with the Custom executor
- Tier: Free, Premium, Ultimate
- Offering:, GitLab Self-Managed, GitLab Dedicated
Using libvirt, the Custom executor driver will create a new disk and VM for every job it executes, after which the disk and VM will be deleted.
This example is inspired by a Community Contribution !464 to add libvirt as a GitLab Runner executor.
This document does not try to explain how to set up libvirt, since it’s
out of scope. However, this driver was tested using
GCP Nested Virtualization,
which also has
details on how to set up libvirt
with bridge networking. This example will use the default
network that
comes with when installing libvirt so make sure it’s running.
This driver requires bridge networking since each VM needs to have it’s own dedicated IP address so GitLab Runner can SSH inside of it to run commands. An SSH key can be generated using the following commands.
A base disk VM image is created so that dependencies are not downloaded every build. In the following example, virt-builder is used to create a disk VM image.
virt-builder debian-11 \
--size 8G \
--output /var/lib/libvirt/images/gitlab-runner-base.qcow2 \
--format qcow2 \
--hostname gitlab-runner-bullseye \
--network \
--install curl \
--run-command 'curl -L "" | bash' \
--run-command 'curl -s "" | bash' \
--run-command 'useradd -m -p "" gitlab-runner -s /bin/bash' \
--install gitlab-runner,git,git-lfs,openssh-server \
--run-command "git lfs install --skip-repo" \
--ssh-inject gitlab-runner:file:/root/.ssh/ \
--run-command "echo 'gitlab-runner ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers" \
--run-command "sed -E 's/GRUB_CMDLINE_LINUX=\"\"/GRUB_CMDLINE_LINUX=\"net.ifnames=0 biosdevname=0\"/' -i /etc/default/grub" \
--run-command "grub-mkconfig -o /boot/grub/grub.cfg" \
--run-command "echo 'auto eth0' >> /etc/network/interfaces" \
--run-command "echo 'allow-hotplug eth0' >> /etc/network/interfaces" \
--run-command "echo 'iface eth0 inet dhcp' >> /etc/network/interfaces"
The command above will install all the prerequisites specified earlier.
will set a root password automatically which is printed
at the end. If you want to specify a password yourself, pass
--root-password password:$SOME_PASSWORD
The following is an example of a GitLab Runner configuration for libvirt:
concurrent = 1
check_interval = 0
session_timeout = 1800
name = "libvirt-driver"
url = ""
token = "xxxxx"
executor = "custom"
builds_dir = "/home/gitlab-runner/builds"
cache_dir = "/home/gitlab-runner/cache"
prepare_exec = "/opt/libvirt-driver/" # Path to a bash script to create VM.
run_exec = "/opt/libvirt-driver/" # Path to a bash script to run script inside of VM over ssh.
cleanup_exec = "/opt/libvirt-driver/" # Path to a bash script to delete VM and disks.
Each stage (prepare, run, and cleanup) will use the base script below to generate variables that are used throughout other scripts.
It’s important that this script is located in the same directory as the
other scripts, in this case /opt/libivirt-driver/
#!/usr/bin/env bash
# /opt/libvirt-driver/
_get_vm_ip() {
virsh -q domifaddr "$VM_ID" | awk '{print $4}' | sed -E 's|/([0-9]+)?$||'
The prepare script:
- Copies the disk to a new path.
- Installs a new VM from the copied disk.
- Waits for the VM to get an IP.
- Waits for SSH to respond on the VM.
#!/usr/bin/env bash
# /opt/libvirt-driver/
currentDir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
source ${currentDir}/ # Get variables from base script.
set -eo pipefail
# trap any error, and mark it as a system failure.
# Copy base disk to use for Job.
qemu-img create -f qcow2 -b "$BASE_VM_IMAGE" "$VM_IMAGE" -F qcow2
# Install the VM
virt-install \
--name "$VM_ID" \
--os-variant debian11 \
--disk "$VM_IMAGE" \
--import \
--vcpus=2 \
--ram=2048 \
--network default \
--graphics none \
# Wait for VM to get IP
echo 'Waiting for VM to get IP'
for i in $(seq 1 30); do
if [ -n "$VM_IP" ]; then
echo "VM got IP: $VM_IP"
if [ "$i" == "30" ]; then
echo 'Waited 30 seconds for VM to start, exiting...'
# Inform GitLab Runner that this is a system failure, so it
# should be retried.
sleep 1s
# Wait for ssh to become available
echo "Waiting for sshd to be available"
for i in $(seq 1 30); do
if ssh -i /root/.ssh/id_rsa -o StrictHostKeyChecking=no gitlab-runner@$VM_IP >/dev/null 2>/dev/null; then
if [ "$i" == "30" ]; then
echo 'Waited 30 seconds for sshd to start, exiting...'
# Inform GitLab Runner that this is a system failure, so it
# should be retried.
sleep 1s
This will run the script generated by GitLab Runner by sending
the content of the script to the VM via STDIN
through SSH.
#!/usr/bin/env bash
# /opt/libvirt-driver/
currentDir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
source ${currentDir}/ # Get variables from base script.
ssh -i /root/.ssh/id_rsa -o StrictHostKeyChecking=no gitlab-runner@$VM_IP /bin/bash < "${1}"
if [ $? -ne 0 ]; then
# Exit using the variable, to make the build as failure in GitLab
# CI.
This script removes the VM and deletes the disk.
#!/usr/bin/env bash
# /opt/libvirt-driver/
currentDir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
source ${currentDir}/ # Get variables from base script.
set -eo pipefail
# Destroy VM.
virsh shutdown "$VM_ID"
# Undefine VM.
virsh undefine "$VM_ID"
# Delete VM disk.
if [ -f "$VM_IMAGE" ]; then
rm "$VM_IMAGE"
Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.
Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Feature availability and product trials
View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.
Get help
If you didn't find what you were looking for, search the docs.
If you want help with something specific and could use community support, post on the GitLab forum.
For problems setting up or using this feature (depending on your GitLab subscription).
Request support