User Tools
инструмент_gitlab
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
инструмент_gitlab [2024/02/05 10:53] val [Клиент OpenID] |
инструмент_gitlab [2024/04/16 08:16] (current) val [Установка из пакета] |
||
|---|---|---|---|
| Line 38: | Line 38: | ||
| server# curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | bash | server# curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | bash | ||
| - | server# time EXTERNAL_URL="http://server.corpX.un" apt-get install gitlab-ce | + | server# time EXTERNAL_URL="http://$(hostname)" apt-get install gitlab-ce |
| ... | ... | ||
| real 38m49.787s !!! Загрузка может прерываться, надо повторять команду !!! | real 38m49.787s !!! Загрузка может прерываться, надо повторять команду !!! | ||
| Line 57: | Line 57: | ||
| web: | web: | ||
| image: 'gitlab/gitlab-ce:latest' | image: 'gitlab/gitlab-ce:latest' | ||
| + | # image: 'gitlab/gitlab-ce:16.7.4-ce.0' | ||
| restart: always | restart: always | ||
| hostname: 'server.corpX.un' | hostname: 'server.corpX.un' | ||
| Line 62: | Line 63: | ||
| GITLAB_ROOT_PASSWORD: "strongpassword" | GITLAB_ROOT_PASSWORD: "strongpassword" | ||
| GITLAB_OMNIBUS_CONFIG: | | GITLAB_OMNIBUS_CONFIG: | | ||
| + | prometheus_monitoring['enable'] = false | ||
| + | gitlab_rails['registry_enabled'] = true | ||
| + | gitlab_rails['registry_host'] = "server.corpX.un" | ||
| external_url 'http://server.corpX.un' | external_url 'http://server.corpX.un' | ||
| - | # gitlab_rails['initial_root_password'] = 'strongpassword' | + | registry_external_url 'http://server.corpX.un' |
| - | # registry_external_url 'http://server.corpX.un' | + | gitlab_rails['registry_port'] = "5000" |
| - | # gitlab_rails['registry_enabled'] = true | + | registry['registry_http_addr'] = "server.corpX.un:5000" |
| - | # gitlab_rails['registry_host'] = "server.corpX.un" | + | # external_url 'https://server.corpX.un' |
| - | # gitlab_rails['registry_port'] = "5000" | + | # registry_external_url 'https://server.corpX.un:5000' |
| - | # registry['registry_http_addr'] = "server.corpX.un:5000" | + | # gitlab_rails['registry_port'] = "5050" |
| - | # prometheus_monitoring['enable'] = false | + | # registry['registry_http_addr'] = "server.corpX.un:5050" |
| - | # external_url 'https://gitlab.bmstu.ru:8443' | + | |
| - | # registry_external_url 'https://gitlab.bmstu.ru:5050' | + | |
| ports: | ports: | ||
| - '80:80' | - '80:80' | ||
| - | # - '8443:8443' | + | # - '443:443' |
| - '2222:22' | - '2222:22' | ||
| - '5000:5000' | - '5000:5000' | ||
| - | # - '5050:5050' | ||
| volumes: | volumes: | ||
| - '/etc/gitlab:/etc/gitlab' | - '/etc/gitlab:/etc/gitlab' | ||
| Line 195: | Line 196: | ||
| <code> | <code> | ||
| - | # mkdir /etc/gitlab/ssl/ | + | mkdir /etc/gitlab/ssl/ |
| - | # cp wild.crt /etc/gitlab/ssl/$(hostname).crt | + | cp wild.crt -v /etc/gitlab/ssl/$(hostname).crt |
| - | # cp wild.key /etc/gitlab/ssl/$(hostname).key | + | cp wild.key -v /etc/gitlab/ssl/$(hostname).key |
| # cat /etc/gitlab/gitlab.rb | # cat /etc/gitlab/gitlab.rb | ||
| Line 248: | Line 249: | ||
| # host: 'server2.corpX.un' | # host: 'server2.corpX.un' | ||
| port: 389 | port: 389 | ||
| - | uid: 'uid' | + | # uid: 'uid' |
| - | # uid: 'sAMAccountName' | + | uid: 'sAMAccountName' |
| - | bind_dn: 'cn=admin,dc=corpX,dc=un' | + | # bind_dn: 'cn=admin,dc=corpX,dc=un' |
| - | password: 'secret' | + | # password: 'secret' |
| - | # bind_dn: 'cn=Administrator,cn=Users,dc=corpX,dc=un' | + | bind_dn: 'cn=Administrator,cn=Users,dc=corpX,dc=un' |
| - | # password: 'Pa$$w0rd' | + | password: 'Pa$$w0rd' |
| encryption: 'plain' | encryption: 'plain' | ||
| - | active_directory: false | + | # active_directory: false |
| - | # active_directory: true | + | active_directory: true |
| base: 'dc=corpX,dc=un' | base: 'dc=corpX,dc=un' | ||
| EOS | EOS | ||
| Line 268: | Line 269: | ||
| * [[https://docs.gitlab.com/runner/install/linux-manually.html|Install GitLab Runner manually on GNU/Linux]] | * [[https://docs.gitlab.com/runner/install/linux-manually.html|Install GitLab Runner manually on GNU/Linux]] | ||
| - | * [[https://val.bmstu.ru/unix/Git/gitlab-runner_amd64.deb]] (15.0.0) | + | * [[https://val.bmstu.ru/unix/Git/gitlab-runner_amd64.deb]] (16.10.0) |
| <code> | <code> | ||
| - | # apt install gitlab-runner # достаточно для shell executor но не отображает команды ci/cd в gitlab | + | # wget http://gate.isp.un/unix/Git/gitlab-runner_amd64.deb |
| - | или | + | ##2 часа## curl -LJO "https://gitlab-runner-downloads.s3.amazonaws.com/latest/deb/gitlab-runner_amd64.deb" |
| - | # wget http://gate.isp.un/unix/Git/gitlab-runner_amd64.deb | ||
| - | ##2 часа## curl -LJO "https://gitlab-runner-downloads.s3.amazonaws.com/latest/deb/gitlab-runner_amd64.deb" | ||
| # dpkg -i gitlab-runner_amd64.deb | # dpkg -i gitlab-runner_amd64.deb | ||
| </code> | </code> | ||
| Line 301: | Line 300: | ||
| <code> | <code> | ||
| - | # gitlab-runner register -n --executor "shell" -u http://server.corp13.un -r "NNNNNNNNNNNNNNNNNNNNNNNNNNNN" | + | # gitlab-runner register -n --executor "shell" -u http://server.corpX.un -r "NNNNNNNNNNNNNNNNNNNNNNNNNNNN" |
| </code> | </code> | ||
| Line 321: | Line 320: | ||
| <code> | <code> | ||
| + | gate:~### docker stop gitlab-runner; docker rm gitlab-runner | ||
| gate:~### rm /srv/gitlab-runner/config/config.toml | gate:~### rm /srv/gitlab-runner/config/config.toml | ||
| Line 685: | Line 685: | ||
| ===== Клиент OpenID ===== | ===== Клиент OpenID ===== | ||
| - | |||
| * [[https://docs.gitlab.com/ee/administration/auth/oidc.html|You can use GitLab as a client application with OpenID Connect as an OmniAuth provider]] | * [[https://docs.gitlab.com/ee/administration/auth/oidc.html|You can use GitLab as a client application with OpenID Connect as an OmniAuth provider]] | ||
| - | * [[https://gitlab.com/gitlab-org/gitlab/-/issues/196193|use self-signed to integate gitlab with keycloak but see error: certificate verify failed (self signed certificate)) | + | * [[https://gitlab.com/gitlab-org/gitlab/-/issues/196193|use self-signed to integate gitlab with keycloak but see error: certificate verify failed (self signed certificate))]] |
| * [[https://forum.gitlab.com/t/using-keycloak-as-sso-for-gitlab-with-pre-existing-users-no-autocreate/67833|Using Keycloak as SSO for Gitlab with pre-existing users (no autocreate)]] | * [[https://forum.gitlab.com/t/using-keycloak-as-sso-for-gitlab-with-pre-existing-users-no-autocreate/67833|Using Keycloak as SSO for Gitlab with pre-existing users (no autocreate)]] | ||
| Line 696: | Line 695: | ||
| # cp ca.crt /etc/gitlab/trusted-certs/ | # cp ca.crt /etc/gitlab/trusted-certs/ | ||
| + | # cat /etc/gitlab/gitlab.rb | ||
| + | </code><code> | ||
| + | ... | ||
| gitlab_rails['omniauth_providers'] = [ | gitlab_rails['omniauth_providers'] = [ | ||
| { | { | ||
| name: "openid_connect", # do not change this parameter | name: "openid_connect", # do not change this parameter | ||
| - | label: "Keycloak corp20", # optional label for login button, defaults to "Openid Connect" | + | label: "Keycloak", # optional label for login button, defaults to "Openid Connect" |
| args: { | args: { | ||
| name: "openid_connect", | name: "openid_connect", | ||
| scope: ["openid", "profile", "email"], | scope: ["openid", "profile", "email"], | ||
| response_type: "code", | response_type: "code", | ||
| - | issuer: "https://server.corp20.un:8443/realms/corp20/", | + | # issuer: "https://keycloak.example.com/realms/myrealm", |
| + | issuer: "https://keycloak.corpX.un/realms/corpX", | ||
| client_auth_method: "query", | client_auth_method: "query", | ||
| discovery: true, | discovery: true, | ||
| Line 710: | Line 713: | ||
| pkce: true, | pkce: true, | ||
| client_options: { | client_options: { | ||
| + | # identifier: "<YOUR CLIENT ID>", | ||
| identifier: "any-client", | identifier: "any-client", | ||
| + | # secret: "<YOUR CLIENT SECRET>", | ||
| secret: "anystring", | secret: "anystring", | ||
| - | redirect_uri: "http://gate.corp20.un/users/auth/openid_connect/callback" | + | # redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback" |
| + | redirect_uri: "https://gate.corpX.un/users/auth/openid_connect/callback" | ||
| } | } | ||
| } | } | ||
| } | } | ||
| ] | ] | ||
| + | ... | ||
| </code> | </code> | ||
| + | |||
| + | * [[#Проверка конфигурации и перезапуск]] | ||
| + | * User -> Profile -> Account -> Select a service to sign in with -> Keycloak | ||
инструмент_gitlab.1707119614.txt.gz · Last modified: 2024/02/05 10:53 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
