User Tools
инструмент_gitlab
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
инструмент_gitlab [2025/10/10 20:51] val [Установка через docker-compose] |
инструмент_gitlab [2026/02/06 20:43] (current) val |
||
|---|---|---|---|
| Line 35: | Line 35: | ||
| * [[Технология Docker]] | * [[Технология Docker]] | ||
| * [[Технология Docker#docker-compose]] | * [[Технология Docker#docker-compose]] | ||
| + | * [[#Включение TLS]] | ||
| <code> | <code> | ||
| # cat docker-compose.yml | # cat docker-compose.yml | ||
| </code><code> | </code><code> | ||
| - | #version: '3.6' | ||
| services: | services: | ||
| - | web: | + | gitlab: |
| - | # gitlab: | + | # image: 'gitlab/gitlab-ce:latest' |
| - | image: 'gitlab/gitlab-ce:latest' | + | image: 'gitlab/gitlab-ce:18.6.2-ce.0' |
| - | # image: 'gitlab/gitlab-ce:16.7.4-ce.0' | + | |
| # userns_mode: 'host' | # userns_mode: 'host' | ||
| + | # privileged: true | ||
| restart: always | restart: always | ||
| hostname: 'server.corpX.un' | hostname: 'server.corpX.un' | ||
| Line 57: | Line 57: | ||
| registry_external_url 'https://server.corpX.un:5000' | registry_external_url 'https://server.corpX.un:5000' | ||
| gitlab_rails['registry_port'] = "5050" | gitlab_rails['registry_port'] = "5050" | ||
| - | registry['registry_http_addr'] = "server.corpX.un:5050" | + | registry['registry_http_addr'] = "0.0.0.0:5050" |
| ports: | ports: | ||
| - '443:443' | - '443:443' | ||
| Line 64: | Line 64: | ||
| volumes: | volumes: | ||
| - '/etc/gitlab:/etc/gitlab' | - '/etc/gitlab:/etc/gitlab' | ||
| - | - '/srv/gitlab/logs:/var/log/gitlab' | + | - vol1:/var/opt/gitlab |
| - | - '/srv/gitlab/data:/var/opt/gitlab' | + | |
| shm_size: '256m' | shm_size: '256m' | ||
| - | logging: | + | volumes: |
| - | driver: "json-file" | + | vol1: |
| - | options: | + | |
| - | max-size: "2048m" | + | |
| </code><code> | </code><code> | ||
| # docker-compose up -d | # docker-compose up -d | ||
| Line 77: | Line 74: | ||
| ### docker-compose stop | ### docker-compose stop | ||
| - | ### rm -r /srv/gitlab/ /etc/gitlab/ | ||
| </code> | </code> | ||
| ==== Установка через Ansible Role ==== | ==== Установка через Ansible Role ==== | ||
| * [[https://galaxy.ansible.com/ui/repo/published/hifis/toolkit/content/role/gitlab/]] | * [[https://galaxy.ansible.com/ui/repo/published/hifis/toolkit/content/role/gitlab/]] | ||
| + | |||
| + | ==== Тестирование ==== | ||
| + | <code> | ||
| + | # gitlab-ctl status | ||
| + | |||
| + | # gitlab-rake gitlab:check | ||
| + | </code> | ||
| ===== Подключение ===== | ===== Подключение ===== | ||
| Line 116: | Line 119: | ||
| === REST API интерфейс === | === REST API интерфейс === | ||
| - | * Search or go to... -> Profile -> Access tokens -> Add new token -> api -> Create token | + | * Search or go to... -> Profile -> Personal access tokens -> Add new token -> api -> Create token |
| == Добавление пользователя == | == Добавление пользователя == | ||
| <code> | <code> | ||
| - | GITLAB_URL="https://server.corp13.un:4443" | + | kube1:~/gitlab# cat adduser.sh |
| - | PRIVATE_TOKEN="NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN" | + | </code><code> |
| + | GITLAB_URL="https://gitlab.corpX.un" | ||
| + | PRIVATE_TOKEN="NNNNNNNNNNNN" | ||
| - | USER_EMAIL="student@corp13.un" | + | USER_EMAIL="user1@corpX.un" |
| USER_PASSWORD="Pa\$\$w0rd" | USER_PASSWORD="Pa\$\$w0rd" | ||
| - | USER_USERNAME="student" | + | USER_USERNAME="user1" |
| USER_NAME="Your Name" | USER_NAME="Your Name" | ||
| Line 248: | Line 253: | ||
| * [[Установка и настройка OpenLDAP]] | * [[Установка и настройка OpenLDAP]] | ||
| * [[Хранение учетных записей UNIX в LDAP]] !!! с атрибутом почты и паролем | * [[Хранение учетных записей UNIX в LDAP]] !!! с атрибутом почты и паролем | ||
| + | * [[Решение FreeIPA]] | ||
| <code> | <code> | ||
| Line 260: | Line 266: | ||
| host: 'server.corpX.un' | host: 'server.corpX.un' | ||
| # host: 'server2.corpX.un' | # host: 'server2.corpX.un' | ||
| + | # host: '192.168.X.10' | ||
| port: 389 | port: 389 | ||
| # uid: 'uid' | # uid: 'uid' | ||
| Line 265: | Line 272: | ||
| # bind_dn: 'cn=admin,dc=corpX,dc=un' | # bind_dn: 'cn=admin,dc=corpX,dc=un' | ||
| # password: 'secret' | # password: 'secret' | ||
| + | # bind_dn: 'uid=admin,cn=users,cn=accounts,dc=corpX,dc=un' | ||
| + | # password: 'strongpassword' | ||
| bind_dn: 'cn=Administrator,cn=Users,dc=corpX,dc=un' | bind_dn: 'cn=Administrator,cn=Users,dc=corpX,dc=un' | ||
| password: 'Pa$$w0rd' | password: 'Pa$$w0rd' | ||
| Line 441: | Line 450: | ||
| * [[https://stackoverflow.com/questions/52169219/get-branch-name-in-gitlab-ci|Get Branch name in gitlab ci]] | * [[https://stackoverflow.com/questions/52169219/get-branch-name-in-gitlab-ci|Get Branch name in gitlab ci]] | ||
| + | <code> | ||
| + | Settings -> CI/CD -> Variables -> Add variable -> Masked and hidden ... ANS_V_SEC или VAULT_ADDR | ||
| + | |||
| + | снять Protect variable | ||
| + | ИЛИ | ||
| + | Settings -> Repository -> Protected Branches - Add Protected Branch -> test | ||
| + | </code> | ||
| <code> | <code> | ||
| Administrator@Ra-master ~/openvpn1 (test) | Administrator@Ra-master ~/openvpn1 (test) | ||
| Line 455: | Line 471: | ||
| - ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=test_nodes" | - ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=test_nodes" | ||
| # - echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml --vault-password-file=/bin/cat -e "variable_host=test_nodes" | # - echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml --vault-password-file=/bin/cat -e "variable_host=test_nodes" | ||
| + | # - sops exec-file --no-fifo inventory4.yaml 'ansible-playbook openvpn1.yaml -i {} -e "variable_host=test_nodes"' | ||
| tags: | tags: | ||
| - ansible | - ansible | ||
| Line 465: | Line 482: | ||
| - ansible-playbook openvpn1.yaml -i inventory.yaml | - ansible-playbook openvpn1.yaml -i inventory.yaml | ||
| # - echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml --vault-password-file=/bin/cat | # - echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml --vault-password-file=/bin/cat | ||
| + | # - sops exec-file --no-fifo inventory4.yaml 'ansible-playbook openvpn1.yaml -i {}' | ||
| tags: | tags: | ||
| - ansible | - ansible | ||
| Line 637: | Line 655: | ||
| * [[https://akyriako.medium.com/build-golang-docker-images-with-gitlab-ci-pipelines-2117f8505350|Build Golang Docker images with GitLab CI Pipelines]] | * [[https://akyriako.medium.com/build-golang-docker-images-with-gitlab-ci-pipelines-2117f8505350|Build Golang Docker images with GitLab CI Pipelines]] | ||
| * [[https://blog.callr.tech/building-docker-images-with-gitlab-ci-best-practices/|Best practices for building docker images with GitLab CI]] | * [[https://blog.callr.tech/building-docker-images-with-gitlab-ci-best-practices/|Best practices for building docker images with GitLab CI]] | ||
| + | |||
| + | * [[https://habr.com/ru/articles/764568/|Настройка CI/CD для Gitlab-репозитория: схемы и гайд по шагам (на примере Spring Boot-приложения)]] | ||
| * [[https://stackoverflow.com/questions/63693061/how-to-run-a-script-from-file-in-another-project-using-include-in-gitlab-ci|How to run a script from file in another project using include in GitLab CI?]] | * [[https://stackoverflow.com/questions/63693061/how-to-run-a-script-from-file-in-another-project-using-include-in-gitlab-ci|How to run a script from file in another project using include in GitLab CI?]] | ||
| Line 658: | Line 678: | ||
| #variables: | #variables: | ||
| # DOCKER_TLS_CERTDIR: "" | # DOCKER_TLS_CERTDIR: "" | ||
| + | # KANIKO_REGISTRY_MIRROR: "mirror.gcr.io" | ||
| #services: | #services: | ||
| - | # - name: docker:dind | + | # - name: docker:20.10.24-dind |
| # command: | # command: | ||
| # [ | # [ | ||
| - | # '--insecure-registry=server.corpX.un:5000', | + | # '--insecure-registry=server.corpX.un:5000','--registry-mirror=https://mirror.gcr.io', |
| # ] | # ] | ||
| Line 809: | Line 830: | ||
| gitlab_rails['omniauth_providers'] = [ | gitlab_rails['omniauth_providers'] = [ | ||
| { | { | ||
| - | name: "openid_connect", # do not change this parameter | + | name: "openid_connect", |
| - | label: "Keycloak", # optional label for login button, defaults to "Openid Connect" | + | label: "Keycloak", |
| args: { | args: { | ||
| name: "openid_connect", | name: "openid_connect", | ||
| scope: ["openid", "profile", "email"], | scope: ["openid", "profile", "email"], | ||
| response_type: "code", | response_type: "code", | ||
| - | # issuer: "https://keycloak.example.com/realms/myrealm", | ||
| issuer: "https://keycloak.corpX.un/realms/corpX", | issuer: "https://keycloak.corpX.un/realms/corpX", | ||
| client_auth_method: "query", | client_auth_method: "query", | ||
| Line 822: | Line 842: | ||
| pkce: true, | pkce: true, | ||
| client_options: { | client_options: { | ||
| - | # identifier: "<YOUR CLIENT ID>", | ||
| identifier: "any-client", | identifier: "any-client", | ||
| - | # secret: "<YOUR CLIENT SECRET>", | ||
| secret: "anystring", | secret: "anystring", | ||
| - | # redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback" | + | # redirect_uri: "https://gitlab.corpX.un/users/auth/openid_connect/callback" |
| - | redirect_uri: "https://gate.corpX.un/users/auth/openid_connect/callback" | + | # redirect_uri: "https://gate.corpX.un/users/auth/openid_connect/callback" |
| } | } | ||
| } | } | ||
инструмент_gitlab.1760118696.txt.gz · Last modified: 2025/10/10 20:51 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
