Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Trace:
инструмент_gitlab

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
инструмент_gitlab [2024/02/05 09:54]
val [Клиент OpenID] 		инструмент_gitlab [2025/06/16 16:26] (current)
val [Пример CI с использованием контейнеров]
Line 10: Line 10:
   * RAM от 4Gb   * RAM от 4Gb
  
-==== Если нужен почтовый сервер ==== 
  
-<​code>​ 
-server# time ansible-playbook conf/​ansible/​roles/​mail.yml 
-real    2m57.922s 
- 
-# cat /​etc/​apache2/​ports.conf 
-</​code><​code>​ 
-... 
-Listen 81 
-... 
-</​code><​code>​ 
-server# service apache2 restart 
-</​code><​code>​ 
-http://​server.corpX.un:​81/​mail/​ 
-</​code>​ 
  
 ==== Установка из репозитория ==== ==== Установка из репозитория ====
Line 31: Line 16:
   * [[https://​about.gitlab.com/​install/​|Install self-managed GitLab]]   * [[https://​about.gitlab.com/​install/​|Install self-managed GitLab]]
   * Доступно из РФ: [[https://​packages.gitlab.com/​gitlab/​gitlab-ce]]   * Доступно из РФ: [[https://​packages.gitlab.com/​gitlab/​gitlab-ce]]
-  * [[http://​gate.isp.un/​unix/​Git/​gitlab-ce_16.3.3-ce.0_amd64.deb]] 
  
 <​code>​ <​code>​
Line 38: Line 22:
 server# curl https://​packages.gitlab.com/​install/​repositories/​gitlab/​gitlab-ce/​script.deb.sh | bash server# curl https://​packages.gitlab.com/​install/​repositories/​gitlab/​gitlab-ce/​script.deb.sh | bash
  
-server# time EXTERNAL_URL="​http://​server.corpX.un" apt-get install gitlab-ce+server# time EXTERNAL_URL="​http://​$(hostname)" apt-get install gitlab-ce
 ... ...
-real    ​38m49.787s  !!! Загрузка может прерываться,​ надо повторять команду !!!+real    ​122m54.883s  !!! Загрузка может прерываться,​ надо повторять команду !!!
 .. ..
 </​code>​ </​code>​
Line 47: Line 31:
  
   * [[https://​docs.gitlab.com/​ee/​install/​docker.html#​install-gitlab-using-docker-compose|Install GitLab using Docker Compose]]   * [[https://​docs.gitlab.com/​ee/​install/​docker.html#​install-gitlab-using-docker-compose|Install GitLab using Docker Compose]]
 +  * [[https://​hub.docker.com/​r/​gitlab/​gitlab-ce/​tags/​|gitlab/​gitlab-ce tags (versions)]]
 +
   * [[Технология Docker]]   * [[Технология Docker]]
   * [[Технология Docker#​docker-compose]]   * [[Технология Docker#​docker-compose]]
Line 57: Line 43:
   web:   web:
     image: '​gitlab/​gitlab-ce:​latest'​     image: '​gitlab/​gitlab-ce:​latest'​
 +#    image: '​gitlab/​gitlab-ce:​16.7.4-ce.0'​
     restart: always     restart: always
     hostname: '​server.corpX.un'​     hostname: '​server.corpX.un'​
Line 62: Line 49:
       GITLAB_ROOT_PASSWORD:​ "​strongpassword"​       GITLAB_ROOT_PASSWORD:​ "​strongpassword"​
       GITLAB_OMNIBUS_CONFIG:​ |       GITLAB_OMNIBUS_CONFIG:​ |
-        ​external_url ​'http://​server.corpX.un+        ​prometheus_monitoring['enable'] = false 
-       ​gitlab_rails['​initial_root_password'] = 'strongpassword+        gitlab_rails['​registry_enabled'] = true 
-       registry_external_url ​'http://​server.corpX.un'​ +        gitlab_rails['registry_host'] = "​server.corpX.un"​ 
-       gitlab_rails['registry_enabled'​] = true +        ​external_url ​'https://​server.corpX.un'​ 
-#        gitlab_rails['​registry_host'​] = "server.corpX.un" +        ​registry_external_url ​'https://server.corpX.un:5000' 
-       ​gitlab_rails['​registry_port'​] = "5000+        gitlab_rails['​registry_port'​] = "5050
-       ​registry['​registry_http_addr'​] = "​server.corpX.un:​5000" +        registry['​registry_http_addr'​] = "​server.corpX.un:​5050"
-#        prometheus_monitoring['​enable'​] = false +
-#        external_url '​https://​gitlab.bmstu.ru:​8443'​ +
-#        registry_external_url '​https://​gitlab.bmstu.ru:​5050'​+
     ports:     ports:
-      - '80:80' +      - '443:443'
-#      - '​8443:​8443'+
       - '​2222:​22'​       - '​2222:​22'​
       - '​5000:​5000'​       - '​5000:​5000'​
-#      - '​5050:​5050'​ 
     volumes:     volumes:
       - '/​etc/​gitlab:/​etc/​gitlab'​       - '/​etc/​gitlab:/​etc/​gitlab'​
Line 83: Line 65:
       - '/​srv/​gitlab/​data:/​var/​opt/​gitlab'​       - '/​srv/​gitlab/​data:/​var/​opt/​gitlab'​
     shm_size: '​256m'​     shm_size: '​256m'​
 +    logging:
 +      driver: "​json-file"​
 +      options:
 +        max-size: "​2048m"​
 </​code><​code>​ </​code><​code>​
-# ### cat /​etc/​gitlab/​ssl/​gitlab.bmstu.ru.{crt,​key} 
- 
 # docker-compose up -d # docker-compose up -d
  
Line 93: Line 77:
 ### rm -r /​srv/​gitlab/​ /​etc/​gitlab/​ ### rm -r /​srv/​gitlab/​ /​etc/​gitlab/​
 </​code>​ </​code>​
 +==== Установка через Ansible Role ====
 +
 +  * [[https://​galaxy.ansible.com/​ui/​repo/​published/​hifis/​toolkit/​content/​role/​gitlab/​]]
  
 ===== Подключение ===== ===== Подключение =====
Line 107: Line 94:
  
 <​code>​ <​code>​
-root@node1,​2,​3:​~#​ curl "​http://​server.corpX.un/​api/​v4/​projects/​2/​repository/​files/​docker-compose.yml/​raw?ref=master" | tee docker-compose.yml+root@node1,​2,​3:​~#​ curl "​http://​server.corpX.un/​api/​v4/​projects/​2/​repository/​files/​docker-compose.yml/​raw"​ | tee docker-compose.yml
  
   или, для НЕ публичных проектов   или, для НЕ публичных проектов
Line 195: Line 182:
  
 <​code>​ <​code>​
-mkdir /​etc/​gitlab/​ssl/​+mkdir -p /​etc/​gitlab/​ssl/​
  
-cp wild.crt /​etc/​gitlab/​ssl/​$(hostname).crt +cp wild.crt ​-v /​etc/​gitlab/​ssl/​$(hostname).crt 
-cp wild.key /​etc/​gitlab/​ssl/​$(hostname).key+cp wild.key ​-v /​etc/​gitlab/​ssl/​$(hostname).key
  
 # cat /​etc/​gitlab/​gitlab.rb # cat /​etc/​gitlab/​gitlab.rb
Line 248: Line 235:
 #    host: '​server2.corpX.un'​ #    host: '​server2.corpX.un'​
     port: 389     port: 389
-    ​uid: '​uid'​ +#    ​uid: '​uid'​ 
-   uid: '​sAMAccountName'​ +    uid: '​sAMAccountName'​ 
-    bind_dn: '​cn=admin,​dc=corpX,​dc=un'​ +   ​bind_dn:​ '​cn=admin,​dc=corpX,​dc=un'​ 
-    password: '​secret'​ +   ​password:​ '​secret'​ 
-   ​bind_dn:​ '​cn=Administrator,​cn=Users,​dc=corpX,​dc=un'​ +    bind_dn: '​cn=Administrator,​cn=Users,​dc=corpX,​dc=un'​ 
-   ​password:​ '​Pa$$w0rd'​+    password: '​Pa$$w0rd'​
     encryption: '​plain'​     encryption: '​plain'​
-    ​active_directory:​ false +#    ​active_directory:​ false 
-   ​active_directory:​ true+    active_directory:​ true
     base: '​dc=corpX,​dc=un'​     base: '​dc=corpX,​dc=un'​
 EOS EOS
Line 265: Line 252:
 ===== GitLab Runner ===== ===== GitLab Runner =====
  
 +  * [[https://​stackoverflow.com/​questions/​32933174/​use-gitlab-ci-to-run-tests-locally|Use GitLab CI to run tests locally?]]
 ==== Установка из пакета ==== ==== Установка из пакета ====
  
   * [[https://​docs.gitlab.com/​runner/​install/​linux-manually.html|Install GitLab Runner manually on GNU/Linux]]   * [[https://​docs.gitlab.com/​runner/​install/​linux-manually.html|Install GitLab Runner manually on GNU/Linux]]
-  * [[https://​val.bmstu.ru/​unix/​Git/​gitlab-runner_amd64.deb]] (15.0.0) +  * [[https://​val.bmstu.ru/​unix/​Git/​gitlab-runner_amd64.deb]] (16.10.0) 
  
 <​code>​ <​code>​
-apt install ​gitlab-runner ​  достаточно для shell executor но не отображает команды ci/cd в gitlab+wget http://​gate.isp.un/​unix/​Git/​gitlab-runner_amd64.deb ​              Version: 17.3.1-1
  
-или+##2 часа## curl -LJO "​https://​gitlab-runner-downloads.s3.amazonaws.com/​latest/​deb/​gitlab-runner_amd64.deb"​
  
-# wget http://​gate.isp.un/​unix/​Git/​gitlab-runner_amd64.deb 
-##2 часа## curl -LJO "​https://​gitlab-runner-downloads.s3.amazonaws.com/​latest/​deb/​gitlab-runner_amd64.deb"​ 
 # dpkg -i gitlab-runner_amd64.deb # dpkg -i gitlab-runner_amd64.deb
 </​code>​ </​code>​
Line 292: Line 278:
 Enter tags for the runner: dhcptest, dhcpdeploy Enter tags for the runner: dhcptest, dhcpdeploy
   или   или
-Enter tags for the runner: openvpn1deploy+Enter tags for the runner: openvpn1deploy ​  или ​    ​ansible
 ... ...
 Enter an executor: shell Enter an executor: shell
Line 301: Line 287:
  
 <​code>​ <​code>​
-# gitlab-runner register -n --executor "​shell"​ -u http://​server.corp13.un -r "​NNNNNNNNNNNNNNNNNNNNNNNNNNNN"​+# gitlab-runner register -n --executor "​shell"​ -u http://​server.corpX.un -r "​NNNNNNNNNNNNNNNNNNNNNNNNNNNN"​
 </​code>​ </​code>​
  
 +или по инструкции в "New instance runner"​
 +<​code>​
 +# gitlab-runner register -n --executor "​shell"​ -u http://​server.corpX.un -t "​NNNNNNNNNNNNNNNNNNNNNNNNNNNN"​
 +</​code>​
 Перезапускать не нужно Перезапускать не нужно
 +
 +<​code>​
 +# gitlab-runner verify
 +</​code>​
  
 <​code>​ <​code>​
Line 312: Line 306:
 </​code><​code>​ </​code><​code>​
 # systemctl restart gitlab-runner # systemctl restart gitlab-runner
- 
-# gitlab-runner verify 
 </​code>​ </​code>​
  
Line 321: Line 313:
  
 <​code>​ <​code>​
 +gate:~### docker stop gitlab-runner;​ docker rm gitlab-runner
 gate:~### rm /​srv/​gitlab-runner/​config/​config.toml gate:~### rm /​srv/​gitlab-runner/​config/​config.toml
  
Line 352: Line 345:
   --non-interactive \   --non-interactive \
   --url "​http://​server.corpX.un/"​ \   --url "​http://​server.corpX.un/"​ \
-  --registration-token "​NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN"​ \+  --token "​NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN"​ \
   --executor "​docker"​ \   --executor "​docker"​ \
   --docker-image "​docker:​stable"​ \   --docker-image "​docker:​stable"​ \
Line 363: Line 356:
 </​code>​ </​code>​
  
 +=== TLS для DooD и DinD ===
 +<​code>​
 +# cp wild.crt /​srv/​gitlab-runner/​config/​
  
 +docker run --rm -v /​srv/​gitlab-runner/​config:/​etc/​gitlab-runner gitlab/​gitlab-runner register \
 +...
 +  --url "​https://​server.corpX.un/"​ \
 +  --tls-ca-file "/​etc/​gitlab-runner/​wild.crt"​ \
 +...
 +</​code>​
 ===== GitLab CI/CD ===== ===== GitLab CI/CD =====
  
Line 416: Line 418:
 Build -> Pipeline editor -> Configure Pipelines Build -> Pipeline editor -> Configure Pipelines
 </​code><​code>​ </​code><​code>​
 +stages:
 +  - deploy
 +
 deploy_test:​ deploy_test:​
   stage: deploy   stage: deploy
   script:   script:
-    - echo $(date) "​Deploy TEST openvpn1"​ >> /​tmp/​Bash.gitlab-ci.log 
     - ansible-playbook openvpn1.yaml -i inventory.yaml -e "​variable_host=test_nodes"​     - ansible-playbook openvpn1.yaml -i inventory.yaml -e "​variable_host=test_nodes"​
   tags:   tags:
     - openvpn1deploy     - openvpn1deploy
 +#    - ansible
   only:   only:
     - test     - test
Line 429: Line 434:
   stage: deploy   stage: deploy
   script:   script:
-    - echo $(date) "​Deploy PROD openvpn1"​ >> /​tmp/​Bash.gitlab-ci.log 
     - ansible-playbook openvpn1.yaml -i inventory.yaml     - ansible-playbook openvpn1.yaml -i inventory.yaml
   tags:   tags:
     - openvpn1deploy     - openvpn1deploy
 +#    - ansible
   only:   only:
 #    - master #    - master
Line 448: Line 453:
  
 <​code>​ <​code>​
-Надо назначить в GitLab (Settings -> CI/CD -> Variables) +Можно назначить в GitLab (Settings -> CI/CD -> Variables) 
-export MY_CI_REGISTRY=server.corpX.un:​5000  +export MY_CI_REGISTRY=server.corpX.un:​5000  
-export MY_CI_REGISTRY_IMAGE=student/​webd +export MY_CI_REGISTRY_IMAGE=student/​webd 
-Можно ​использовать встроенные CI_REGISTRY и CI_REGISTRY_IMAGE  +или ​использовать встроенные CI_REGISTRY и CI_REGISTRY_IMAGE  
-# поскольку используем этот же проект GitLab как ​registry+# поскольку используем этот же проект GitLab как ​Registry
  
-# в GitLab будет устанавлено автоматически +# в GitLab будет установлено автоматически ​после git commit -m "ver 1.2" и git push 
-export CI_COMMIT_MESSAGE="​ver 1.2" ​  +export CI_COMMIT_MESSAGE="​ver 1.2" ​  
 </​code>​ </​code>​
  
Line 465: Line 470:
 VER="​$(echo $CI_COMMIT_MESSAGE | sed '​s/​[^a-zA-Z0-9\.]//​g'​)"​ VER="​$(echo $CI_COMMIT_MESSAGE | sed '​s/​[^a-zA-Z0-9\.]//​g'​)"​
  
-need only one time+needed once
 # docker login -u $MY_CI_REGISTRY_USER -p $MY_CI_REGISTRY_PASSWORD $MY_CI_REGISTRY # docker login -u $MY_CI_REGISTRY_USER -p $MY_CI_REGISTRY_PASSWORD $MY_CI_REGISTRY
 # docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY # docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
  
 docker build -t webd webd docker build -t webd webd
-#docker build --no-cache -t webd webd 
  
-docker tag webd $MY_CI_REGISTRY/​$MY_CI_REGISTRY_IMAGE:​$VER +#docker run --rm -e MYMODE=TEST webd || exit 1 
-docker tag webd $MY_CI_REGISTRY/​$MY_CI_REGISTRY_IMAGE + 
-#docker tag webd $CI_REGISTRY_IMAGE:​$VER +#docker tag webd $MY_CI_REGISTRY/​$MY_CI_REGISTRY_IMAGE:​$VER 
-#docker tag webd $CI_REGISTRY_IMAGE+#docker tag webd $MY_CI_REGISTRY/​$MY_CI_REGISTRY_IMAGE 
 +docker tag webd $CI_REGISTRY_IMAGE:​$VER 
 +docker tag webd $CI_REGISTRY_IMAGE
  
 # previously need: docker login ... # previously need: docker login ...
  
-docker push $MY_CI_REGISTRY/​$MY_CI_REGISTRY_IMAGE:​$VER +#docker push $MY_CI_REGISTRY/​$MY_CI_REGISTRY_IMAGE:​$VER 
-docker push $MY_CI_REGISTRY/​$MY_CI_REGISTRY_IMAGE +#docker push $MY_CI_REGISTRY/​$MY_CI_REGISTRY_IMAGE 
-#docker push $CI_REGISTRY_IMAGE:​$VER +docker push $CI_REGISTRY_IMAGE:​$VER 
-#docker push $CI_REGISTRY_IMAGE+docker push $CI_REGISTRY_IMAGE
 </​code><​code>​ </​code><​code>​
 gitlab-runner@server:​~/​webd$ cat .gitlab-ci.yml gitlab-runner@server:​~/​webd$ cat .gitlab-ci.yml
Line 494: Line 500:
   stage: lintertest   stage: lintertest
   script:   script:
-    ​- echo $(date) "Do a test webd here" >> /​tmp/​Bash.gitlab-ci.log+#    ​- echo $(date) "Do a test webd here" >> /​tmp/​Bash.gitlab-ci.log
     - shellcheck webd/webd     - shellcheck webd/webd
   tags:   tags:
Line 502: Line 508:
   stage: build   stage: build
   script:   script:
-    ​- echo $(date) "Do a build webd here" >> /​tmp/​Bash.gitlab-ci.log +#    ​- echo $(date) "Do a build webd here" >> /​tmp/​Bash.gitlab-ci.log 
-#    - env | tee /​tmp/​Bash.gitlab-ci.log+#    - env | tee -a /​tmp/​Bash.gitlab-ci.log
     - sh build.sh     - sh build.sh
   tags:   tags:
Line 511: Line 517:
 #  stage: deploy #  stage: deploy
 #  script: #  script:
-#    - echo $(date) "Do your deploy webd to k8s here" >> /​tmp/​Bash.gitlab-ci.log 
 #    - sh deploy.sh #    - sh deploy.sh
 #  tags: #  tags:
Line 532: Line 537:
 ==== Пример shell Kubernetes ==== ==== Пример shell Kubernetes ====
  
 +<​code>​
 +kube1:​~/​gowebd-k8s#​ cat .gitlab-ci.yml
 +</​code><​code>​
 +stages:
 +  - deploy
 +
 +#variables:
 +#  HELM_NAMESPACE:​ "​my-ns"​
 +
 +trigger-deploy:​
 +  stage: deploy
 +  rules:
 +    - if: '​$CI_PIPELINE_SOURCE == "​pipeline"​ && $VER'
 +  script:
 +    - env
 +    - envsubst < my-webd-deployment-env.yaml | kubectl apply -f - -n my-ns
 +#    - helm upgrade -i my-webd webd-chart/ --set=image.tag=$VER --create-namespace
 +  tags:
 +    - k8s-deploy
 +
 +manual-deploy:​
 +  stage: deploy
 +  when: manual
 +  variables:
 +    VER: "​$MY_WEBD_VER" ​ # New Pipeline or Settings->​CI/​CD->​Variables
 +  script:
 +    - env
 +    - envsubst < my-webd-deployment-env.yaml | kubectl apply -f - -n my-ns
 +#    - helm upgrade -i my-webd webd-chart/ --set=image.tag=$VER --create-namespace
 +  tags:
 +    - k8s-deploy
 +</​code>​
 +
 +== старый вариант ==
 <​code>​ <​code>​
 gitlab-runner@server:​~/​webd$ cp my-webd-deployment.yaml my-webd-deployment-env.yaml gitlab-runner@server:​~/​webd$ cp my-webd-deployment.yaml my-webd-deployment-env.yaml
Line 582: Line 621:
 </​code><​code>​ </​code><​code>​
 stages: stages:
 +#  - lint
 +#  - prebuildtest
   - build   - build
 +#  - test
   - push   - push
 #  - deploy #  - deploy
Line 616: Line 658:
     - docker push $CI_REGISTRY_IMAGE:​$CI_COMMIT_SHA     - docker push $CI_REGISTRY_IMAGE:​$CI_COMMIT_SHA
  
-#    - echo "​{\"​auths\":​{\"​${CI_REGISTRY}\":​{\"​auth\":​\"​$(printf "​%s:​%s"​ "​${CI_REGISTRY_USER}"​ "​${CI_REGISTRY_PASSWORD}" | base64 | tr -d '​\n'​)\"​},​\"​$CI_DEPENDENCY_PROXY_SERVER\":​{\"​auth\":​\"​$(printf "​%s:​%s"​ ${CI_DEPENDENCY_PROXY_USER} "​${CI_DEPENDENCY_PROXY_PASSWORD}" | base64 | tr -d '​\n'​)\"​}}}"​ > /​kaniko/​.docker/​config.json+#    - echo "​{\"​auths\":​{\"​${CI_REGISTRY}\":​{\"​auth\":​\"​$(printf "​%s:​%s"​ "​${CI_REGISTRY_USER}"​ "​${CI_REGISTRY_PASSWORD}"​ | base64 | tr -d '​\n'​)\"​}}}"​ > /​kaniko/​.docker/​config.json
 #    - /​kaniko/​executor #    - /​kaniko/​executor
 #      --insecure --skip-tls-verify #      --insecure --skip-tls-verify
Line 622: Line 664:
 #      --dockerfile "​${CI_PROJECT_DIR}/​Dockerfile"​ #      --dockerfile "​${CI_PROJECT_DIR}/​Dockerfile"​
 #      --destination "​${CI_REGISTRY_IMAGE}:​${CI_COMMIT_SHA}"​ #      --destination "​${CI_REGISTRY_IMAGE}:​${CI_COMMIT_SHA}"​
 +
 +#  except:
 +#    - tags
 +#  tags:
 +#    - build
  
 Push latest: Push latest:
Line 639: Line 686:
 #    - crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY #    - crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
 #    - crane --insecure cp $CI_REGISTRY_IMAGE:​$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:​latest #    - crane --insecure cp $CI_REGISTRY_IMAGE:​$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:​latest
 +#  tags:
 +#    - build
  
 Push tag: Push tag:
Line 656: Line 705:
 #   - crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY #   - crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
 #   - crane --insecure cp $CI_REGISTRY_IMAGE:​$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:​$CI_COMMIT_REF_NAME #   - crane --insecure cp $CI_REGISTRY_IMAGE:​$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:​$CI_COMMIT_REF_NAME
 +#  tags:
 +#    - build
 +
 +### Not work in DooD
 +#Lint test:
 +#  stage: lint
 +#  script:
 +#    - pwd
 +#    - docker run --rm -v $(pwd):/app -w /app golangci/​golangci-lint:​v1.62.2 golangci-lint run --timeout=10m
 +#  except:
 +#    - tags
 +
 +#Smoke test:
 +#  stage: test
 +#  script:
 +#    - MY_ID=$(docker run -d --rm $CI_REGISTRY_IMAGE:​$CI_COMMIT_SHA)
 +#    - MY_IP=$(docker inspect -f '​{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}'​ $MY_ID)
 +#    - docker run --rm alpine/curl -sS $MY_IP
 +#    - docker stop $MY_ID
 +#  except:
 +#    - tags
 +
 +#Unit test:
 +#  stage: prebuildtest
 +#  script:
 +#    - export PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring
 +#    - poetry install
 +#    - poetry run python3 -m unittest
 +#  except:
 +#    - tags
 +#  tags:
 +#    - build
  
 #Deploy: #Deploy:
Line 685: Line 766:
  
 ===== Клиент OpenID ===== ===== Клиент OpenID =====
-<​code>​ 
  
-https://​docs.gitlab.com/​ee/​administration/​auth/​oidc.html +  * [[https://​docs.gitlab.com/​ee/​administration/​auth/​oidc.html|You can use GitLab as a client application with OpenID Connect as an OmniAuth provider]] 
- +  * [[https://​gitlab.com/​gitlab-org/​gitlab/​-/​issues/​196193|use self-signed to integate gitlab with keycloak but see error: certificate verify failed (self signed certificate))]] 
-https://​gitlab.com/​gitlab-org/​gitlab/​-/​issues/​196193+  * [[https://​forum.gitlab.com/​t/​using-keycloak-as-sso-for-gitlab-with-pre-existing-users-no-autocreate/​67833|Using Keycloak as SSO for Gitlab with pre-existing users (no autocreate)]]
  
 +<​code>​
 # cp server.crt /​etc/​gitlab/​trusted-certs/​ # cp server.crt /​etc/​gitlab/​trusted-certs/​
   или   или
 # cp ca.crt /​etc/​gitlab/​trusted-certs/​ # cp ca.crt /​etc/​gitlab/​trusted-certs/​
  
 +# cat /​etc/​gitlab/​gitlab.rb
 +</​code><​code>​
 +...
 gitlab_rails['​omniauth_providers'​] = [ gitlab_rails['​omniauth_providers'​] = [
   {   {
     name: "​openid_connect",​ # do not change this parameter     name: "​openid_connect",​ # do not change this parameter
-    label: "​Keycloak ​corp20", # optional label for login button, defaults to "​Openid Connect"​+    label: "​Keycloak",​ # optional label for login button, defaults to "​Openid Connect"​
     args: {     args: {
       name: "​openid_connect",​       name: "​openid_connect",​
       scope: ["​openid",​ "​profile",​ "​email"​],​       scope: ["​openid",​ "​profile",​ "​email"​],​
       response_type:​ "​code",​       response_type:​ "​code",​
-      ​issuer: ​ "​https://​server.corp20.un:8443/realms/corp20/",+#     issuer: ​ "​https://​keycloak.example.com/realms/myrealm",​ 
 +      issuer: ​ "​https://​keycloak.corpX.un/​realms/corpX",
       client_auth_method:​ "​query",​       client_auth_method:​ "​query",​
       discovery: true,       discovery: true,
Line 709: Line 794:
       pkce: true,       pkce: true,
       client_options:​ {       client_options:​ {
 +#        identifier: "<​YOUR CLIENT ID>",​
         identifier: "​any-client",​         identifier: "​any-client",​
 +#        secret: "<​YOUR CLIENT SECRET>",​
         secret: "​anystring",​         secret: "​anystring",​
-        ​redirect_uri:​ "http://gate.corp20.un/​users/​auth/​openid_connect/​callback"​+#        ​redirect_uri:​ "https://​gitlab.example.com/​users/​auth/​openid_connect/​callback"​ 
 +        redirect_uri:​ "https://gate.corpX.un/​users/​auth/​openid_connect/​callback"​
       }       }
     }     }
   }   }
 ] ]
 +...
 </​code>​ </​code>​
 +
 +  * [[#​Проверка конфигурации и перезапуск]]
 +  * User -> Profile -> Account -> Select a service to sign in with -> Keycloak
  
инструмент_gitlab.1707116056.txt.gz · Last modified: 2024/02/05 09:54 by val

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki