User Tools
инструмент_gitlab
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
инструмент_gitlab [2025/12/14 19:59] val [Подключение через API] |
инструмент_gitlab [2026/02/06 20:43] (current) val |
||
|---|---|---|---|
| Line 35: | Line 35: | ||
| * [[Технология Docker]] | * [[Технология Docker]] | ||
| * [[Технология Docker#docker-compose]] | * [[Технология Docker#docker-compose]] | ||
| + | * [[#Включение TLS]] | ||
| <code> | <code> | ||
| # cat docker-compose.yml | # cat docker-compose.yml | ||
| </code><code> | </code><code> | ||
| - | #version: '3.6' | ||
| services: | services: | ||
| - | web: | + | gitlab: |
| - | # gitlab: | + | # image: 'gitlab/gitlab-ce:latest' |
| - | image: 'gitlab/gitlab-ce:latest' | + | image: 'gitlab/gitlab-ce:18.6.2-ce.0' |
| - | # image: 'gitlab/gitlab-ce:16.7.4-ce.0' | + | |
| # userns_mode: 'host' | # userns_mode: 'host' | ||
| + | # privileged: true | ||
| restart: always | restart: always | ||
| hostname: 'server.corpX.un' | hostname: 'server.corpX.un' | ||
| Line 57: | Line 57: | ||
| registry_external_url 'https://server.corpX.un:5000' | registry_external_url 'https://server.corpX.un:5000' | ||
| gitlab_rails['registry_port'] = "5050" | gitlab_rails['registry_port'] = "5050" | ||
| - | registry['registry_http_addr'] = "server.corpX.un:5050" | + | registry['registry_http_addr'] = "0.0.0.0:5050" |
| ports: | ports: | ||
| - '443:443' | - '443:443' | ||
| Line 64: | Line 64: | ||
| volumes: | volumes: | ||
| - '/etc/gitlab:/etc/gitlab' | - '/etc/gitlab:/etc/gitlab' | ||
| - | - '/srv/gitlab/logs:/var/log/gitlab' | + | - vol1:/var/opt/gitlab |
| - | - '/srv/gitlab/data:/var/opt/gitlab' | + | |
| shm_size: '256m' | shm_size: '256m' | ||
| - | logging: | + | volumes: |
| - | driver: "json-file" | + | vol1: |
| - | options: | + | |
| - | max-size: "2048m" | + | |
| </code><code> | </code><code> | ||
| # docker-compose up -d | # docker-compose up -d | ||
| Line 77: | Line 74: | ||
| ### docker-compose stop | ### docker-compose stop | ||
| - | ### rm -r /srv/gitlab/ /etc/gitlab/ | ||
| </code> | </code> | ||
| ==== Установка через Ansible Role ==== | ==== Установка через Ansible Role ==== | ||
| * [[https://galaxy.ansible.com/ui/repo/published/hifis/toolkit/content/role/gitlab/]] | * [[https://galaxy.ansible.com/ui/repo/published/hifis/toolkit/content/role/gitlab/]] | ||
| + | |||
| + | ==== Тестирование ==== | ||
| + | <code> | ||
| + | # gitlab-ctl status | ||
| + | |||
| + | # gitlab-rake gitlab:check | ||
| + | </code> | ||
| ===== Подключение ===== | ===== Подключение ===== | ||
| Line 448: | Line 451: | ||
| <code> | <code> | ||
| - | Settings -> CI/CD -> Variables -> Add variable -> Masked and hidden ... ANS_V_SEC | + | Settings -> CI/CD -> Variables -> Add variable -> Masked and hidden ... ANS_V_SEC или VAULT_ADDR |
| снять Protect variable | снять Protect variable | ||
| Line 468: | Line 471: | ||
| - ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=test_nodes" | - ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=test_nodes" | ||
| # - echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml --vault-password-file=/bin/cat -e "variable_host=test_nodes" | # - echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml --vault-password-file=/bin/cat -e "variable_host=test_nodes" | ||
| + | # - sops exec-file --no-fifo inventory4.yaml 'ansible-playbook openvpn1.yaml -i {} -e "variable_host=test_nodes"' | ||
| tags: | tags: | ||
| - ansible | - ansible | ||
| Line 478: | Line 482: | ||
| - ansible-playbook openvpn1.yaml -i inventory.yaml | - ansible-playbook openvpn1.yaml -i inventory.yaml | ||
| # - echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml --vault-password-file=/bin/cat | # - echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml --vault-password-file=/bin/cat | ||
| + | # - sops exec-file --no-fifo inventory4.yaml 'ansible-playbook openvpn1.yaml -i {}' | ||
| tags: | tags: | ||
| - ansible | - ansible | ||
| Line 650: | Line 655: | ||
| * [[https://akyriako.medium.com/build-golang-docker-images-with-gitlab-ci-pipelines-2117f8505350|Build Golang Docker images with GitLab CI Pipelines]] | * [[https://akyriako.medium.com/build-golang-docker-images-with-gitlab-ci-pipelines-2117f8505350|Build Golang Docker images with GitLab CI Pipelines]] | ||
| * [[https://blog.callr.tech/building-docker-images-with-gitlab-ci-best-practices/|Best practices for building docker images with GitLab CI]] | * [[https://blog.callr.tech/building-docker-images-with-gitlab-ci-best-practices/|Best practices for building docker images with GitLab CI]] | ||
| + | |||
| + | * [[https://habr.com/ru/articles/764568/|Настройка CI/CD для Gitlab-репозитория: схемы и гайд по шагам (на примере Spring Boot-приложения)]] | ||
| * [[https://stackoverflow.com/questions/63693061/how-to-run-a-script-from-file-in-another-project-using-include-in-gitlab-ci|How to run a script from file in another project using include in GitLab CI?]] | * [[https://stackoverflow.com/questions/63693061/how-to-run-a-script-from-file-in-another-project-using-include-in-gitlab-ci|How to run a script from file in another project using include in GitLab CI?]] | ||
| Line 671: | Line 678: | ||
| #variables: | #variables: | ||
| # DOCKER_TLS_CERTDIR: "" | # DOCKER_TLS_CERTDIR: "" | ||
| + | # KANIKO_REGISTRY_MIRROR: "mirror.gcr.io" | ||
| #services: | #services: | ||
| - | # - name: docker:dind | + | # - name: docker:20.10.24-dind |
| # command: | # command: | ||
| # [ | # [ | ||
| - | # '--insecure-registry=server.corpX.un:5000', | + | # '--insecure-registry=server.corpX.un:5000','--registry-mirror=https://mirror.gcr.io', |
| # ] | # ] | ||
| Line 822: | Line 830: | ||
| gitlab_rails['omniauth_providers'] = [ | gitlab_rails['omniauth_providers'] = [ | ||
| { | { | ||
| - | name: "openid_connect", # do not change this parameter | + | name: "openid_connect", |
| - | label: "Keycloak", # optional label for login button, defaults to "Openid Connect" | + | label: "Keycloak", |
| args: { | args: { | ||
| name: "openid_connect", | name: "openid_connect", | ||
| scope: ["openid", "profile", "email"], | scope: ["openid", "profile", "email"], | ||
| response_type: "code", | response_type: "code", | ||
| - | # issuer: "https://keycloak.example.com/realms/myrealm", | ||
| issuer: "https://keycloak.corpX.un/realms/corpX", | issuer: "https://keycloak.corpX.un/realms/corpX", | ||
| client_auth_method: "query", | client_auth_method: "query", | ||
| Line 835: | Line 842: | ||
| pkce: true, | pkce: true, | ||
| client_options: { | client_options: { | ||
| - | # identifier: "<YOUR CLIENT ID>", | ||
| identifier: "any-client", | identifier: "any-client", | ||
| - | # secret: "<YOUR CLIENT SECRET>", | ||
| secret: "anystring", | secret: "anystring", | ||
| - | # redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback" | + | # redirect_uri: "https://gitlab.corpX.un/users/auth/openid_connect/callback" |
| - | # redirect_uri: "https://gitlab.corpX.un/users/auth/openid_connect/callba | + | # redirect_uri: "https://gate.corpX.un/users/auth/openid_connect/callback" |
| - | ck" | + | |
| - | redirect_uri: "https://gate.corpX.un/users/auth/openid_connect/callback" | + | |
| } | } | ||
| } | } | ||
инструмент_gitlab.1765731590.txt.gz · Last modified: 2025/12/14 19:59 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
