gitlab

GitLab: Docker CI pipeline

Optinal: Create nested LXD container
http://www.panticz.de/lxd/nesting

CONTAINER_NAME=gitlab-runner1-dev
lxc launch ubuntu:18.04 ${CONTAINER_NAME} -p disk-zfs -p nic-dev-mgmt -c boot.autostart=true -c security.nesting=true -c security.privileged=true
#-c volatile.dev-mgmt.hwaddr=00:11:22:33:44:55
 
lxc exec ${CONTAINER_NAME} -- apt update
lxc exec ${CONTAINER_NAME} -- apt dist-upgrade
lxc exec ${CONTAINER_NAME} -- apt purge -y lxd lxd-client snapd unattended-upgrades
lxc exec ${CONTAINER_NAME} -- apt autoremove
 
lxc file push /root/.ssh/authorized_keys ${CONTAINER_NAME}/root/.ssh/authorized_keys
lxc exec ${CONTAINER_NAME} -- bash -c "sed -i 's/eth0:/dev-mgmt:/g' /etc/netplan/50-cloud-init.yaml"
lxc exec ${CONTAINER_NAME} -- netplan apply
 
printf 'lxc.apparmor.profile = unconfined\nlxc.cgroup.devices.allow = a\nlxc.mount.auto=proc:rw sys:rw\nlxc.cap.drop=' | lxc config set ${CONTAINER_NAME} raw.lxc -
lxc restart ${CONTAINER_NAME}

Install Docker inside LXD container
# http://www.panticz.de/install-docker

GitLab: Backup to S3

Configure Git
# /etc/gitlab/gitlab.rb
gitlab_rails['backup_upload_connection'] = {
'provider' => 'AWS',
'region' => 'ew-west-1',
'aws_access_key_id' => 'KEY123',
'aws_secret_access_key' => 'PASS124',
'endpoint' => 'https://s3.example.com'
}
gitlab_rails['backup_upload_remote_directory'] = 'backups'
gitlab_rails['backup_keep_time'] = 604800

gitlab-ctl reconfigure

Test
gitlab-rake gitlab:backup:create

Configure periodic backup
# crontab -e
0 2 * * * /opt/gitlab/bin/gitlab-rake gitlab:backup:create CRON=1

GitLab: LFS on S3

Configure GitLab
...
gitlab_rails['lfs_enabled'] = true
gitlab_rails['lfs_object_store_enabled'] = true
gitlab_rails['lfs_object_store_proxy_download'] = true
gitlab_rails['lfs_object_store_remote_directory'] = "lfs"
gitlab_rails['lfs_object_store_connection'] = {
'provider' => 'AWS',
'aws_access_key_id' => 'KEY123',
'aws_secret_access_key' => 'PASS1234',
'endpoint' => 'https://s3.example.com',
}

gitlab-ctl reconfigure

Install (on client)
apt-get install -y git git-lfs

# create LFS testfile

GitLab registry with S3 storage

Configure CEPH
touch /tmp/placeholder
s3cmd mb s3://gitlab
s3cmd put /tmp/placeholder s3://gitlab
s3cmd ls s3://gitlab
s3cmd du s3://gitlab

Configure GitLab
# /etc/gitlab/gitlab.rb
...
registry_external_url 'https://registry.example.com'
registry_nginx['enable'] = true
registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/registry.example.com.crt"
registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/registry.example.com.key"
#registry['log_level'] = "debug"
#registry['storage_delete_enabled'] = true
...
registry['storage'] = {

GitLab runner

Install
wget https://packages.gitlab.com/runner/gitlab-runner/gpgkey -O - | apt-key add -
cat < /etc/apt/sources.list.d/gitlab-runner.list
deb https://packages.gitlab.com/runner/gitlab-runner/ubuntu/ xenial main
EOF
apt update
apt install gitlab-runner

Instlal with Ansible
https://github.com/panticz/ansible/tree/master/roles/gitlab-runner
https://github.com/haroldb/ansible-gitlab-runner

Get token from GitLab server
http:///admin/runners

# configure DNS for GitLab server

GitLab: Web-based Git repository manager

Install
http://www.panticz.de/install-gitlab

# restart gitlab
gitlab-ctl restart

# git home directory
/var/opt/gitlab

Reset admin password
# change root password
sudo gitlab-rails console
user = User.where(id: 1).first
user.password = user.password_confirmation ='xxx'
user.save!

Gitlab settings API
https://docs.gitlab.com/ee/api/settings.html
curl --header "PRIVATE-TOKEN: 11112222333344445555" https://gitlab.example.com/api/v4/application/settings

Disalbe register / Singup