service/ci.md

@@ -165,20 +165,25 @@ cluster, using this command:
           --backend-parameters memory=64g,vcpus=8 \
           ci-runner-01.torproject.org
 
-The `profile::gitlab_runner` Puppet class deploys the GitLab runner
-code and hooks it into GitLab. It uses the [gitlab_ci_runner](https://forge.puppet.com/modules/puppet/gitlab_ci_runner)
+The `roles::gitlab::runner::docker` Puppet class deploys the GitLab
+runner code and hooks it into GitLab. It uses the
+[gitlab_ci_runner](https://forge.puppet.com/modules/puppet/gitlab_ci_runner)
 module from Voxpupuli to avoid reinventing the wheel. But before
 enabling it on the instance, the following operations need to be
 performed:
 
  1. The shared runner token needs to be setup in Trocla, using:
 
-        trocla create profile::gitlab_runner::token plain
+        trocla create profile::gitlab::runner::token plain
 
-    This only needs to be done once, and might already have been done.
+    NOTE: this was probably already done. If you need a more specific
+    runner (say group- or project-specific), a new Role
+    (e.g. `roles::gitlab::runner::docker::tpa` could be created and
+    pass a different token (set in trocla like the above).
     
-    TODO: add a way to use different tokens (e.g. per project, per
-    group) tokens.
+    TODO: this is one case where the Trocla Hiera support (which we do
+    not currently use), could come in handy. See our [Puppet trocla
+    docs](howto/puppet#trocla) for more details.
 
  2. setup the large partition in `/srv`, and bind-mount it to cover
     for Docker: