Differences

This shows you the differences between two versions of the page.

--- инструмент_gitlab [2024/04/16 08:14]
val [Установка из пакета]
+++ инструмент_gitlab [2025/06/16 16:26] (current)
val [Пример CI с использованием контейнеров]
@@ Line 10: / Line 10: @@
   * RAM от 4Gb
-==== Если нужен почтовый сервер ====
-<code>
-server# time ansible-playbook conf/ansible/roles/mail.yml
-real    2m57.922s
-# cat /etc/apache2/ports.conf
-</code><code>
-...
-Listen 81
-...
-</code><code>
-server# service apache2 restart
-</code><code>
-http://server.corpX.un:81/mail/
-</code>
 ==== Установка из репозитория ====
@@ Line 31: / Line 16: @@
   * [[https://about.gitlab.com/install/|Install self-managed GitLab]]
   * Доступно из РФ: [[https://packages.gitlab.com/gitlab/gitlab-ce]]
-  * [[http://gate.isp.un/unix/Git/gitlab-ce_16.3.3-ce.0_amd64.deb]]
 <code>
@@ Line 40: / Line 24: @@
 server# time EXTERNAL_URL="http://$(hostname)" apt-get install gitlab-ce
 ...
-real    38m49.787s  !!! Загрузка может прерываться, надо повторять команду !!!
+real    122m54.883s  !!! Загрузка может прерываться, надо повторять команду !!!
 ..
 </code>
@@ Line 47: / Line 31: @@
   * [[https://docs.gitlab.com/ee/install/docker.html#install-gitlab-using-docker-compose|Install GitLab using Docker Compose]]
+  * [[https://hub.docker.com/r/gitlab/gitlab-ce/tags/|gitlab/gitlab-ce tags (versions)]]
   * [[Технология Docker]]
   * [[Технология Docker#docker-compose]]
@@ Line 66: / Line 52: @@
         gitlab_rails['registry_enabled'] = true
         gitlab_rails['registry_host'] = "server.corpX.un"
-        external_url 'http://server.corpX.un'
+        external_url 'https://server.corpX.un'
-        registry_external_url 'http://server.corpX.un'
+        registry_external_url 'https://server.corpX.un:5000'
-        gitlab_rails['registry_port'] = "5000"
+        gitlab_rails['registry_port'] = "5050"
-        registry['registry_http_addr'] = "server.corpX.un:5000"
+        registry['registry_http_addr'] = "server.corpX.un:5050"
-#        external_url 'https://server.corpX.un'
-#        registry_external_url 'https://server.corpX.un:5000'
-#        gitlab_rails['registry_port'] = "5050"
-#        registry['registry_http_addr'] = "server.corpX.un:5050"
     ports:
-      - '80:80'
+      - '443:443'
-#      - '443:443'
       - '2222:22'
       - '5000:5000'
@@ Line 84: / Line 65: @@
       - '/srv/gitlab/data:/var/opt/gitlab'
     shm_size: '256m'
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "2048m"
 </code><code>
-# ### cat /etc/gitlab/ssl/gitlab.bmstu.ru.{crt,key}
 # docker-compose up -d
@@ Line 94: / Line 77: @@
 ### rm -r /srv/gitlab/ /etc/gitlab/
 </code>
+==== Установка через Ansible Role ====
+  * [[https://galaxy.ansible.com/ui/repo/published/hifis/toolkit/content/role/gitlab/]]
 ===== Подключение =====
@@ Line 108: / Line 94: @@
 <code>
-root@node1,2,3:~# curl "http://server.corpX.un/api/v4/projects/2/repository/files/docker-compose.yml/raw?ref=master" | tee docker-compose.yml
+root@node1,2,3:~# curl "http://server.corpX.un/api/v4/projects/2/repository/files/docker-compose.yml/raw" | tee docker-compose.yml
   или, для НЕ публичных проектов
@@ Line 196: / Line 182: @@
 <code>
-mkdir /etc/gitlab/ssl/
+mkdir -p /etc/gitlab/ssl/
 cp wild.crt -v /etc/gitlab/ssl/$(hostname).crt
@@ Line 266: / Line 252: @@
 ===== GitLab Runner =====
+  * [[https://stackoverflow.com/questions/32933174/use-gitlab-ci-to-run-tests-locally|Use GitLab CI to run tests locally?]]
 ==== Установка из пакета ====
   * [[https://docs.gitlab.com/runner/install/linux-manually.html|Install GitLab Runner manually on GNU/Linux]]
-  * [[https://val.bmstu.ru/unix/Git/gitlab-runner_amd64.deb]] (15.0.0)
+  * [[https://val.bmstu.ru/unix/Git/gitlab-runner_amd64.deb]] (16.10.0)
 <code>
-# wget http://gate.isp.un/unix/Git/gitlab-runner_amd64.deb
+# wget http://gate.isp.un/unix/Git/gitlab-runner_amd64.deb               # Version: 17.3.1-1
 ##2 часа## curl -LJO "https://gitlab-runner-downloads.s3.amazonaws.com/latest/deb/gitlab-runner_amd64.deb"
@@ Line 291: / Line 278: @@
 Enter tags for the runner: dhcptest, dhcpdeploy
   или
-Enter tags for the runner: openvpn1deploy
+Enter tags for the runner: openvpn1deploy   или     ansible
 ...
 Enter an executor: shell
@@ Line 303: / Line 290: @@
 </code>
+или по инструкции в "New instance runner"
+<code>
+# gitlab-runner register -n --executor "shell" -u http://server.corpX.un -t "NNNNNNNNNNNNNNNNNNNNNNNNNNNN"
+</code>
 Перезапускать не нужно
+<code>
+# gitlab-runner verify
+</code>
 <code>
@@ Line 311: / Line 306: @@
 </code><code>
 # systemctl restart gitlab-runner
-# gitlab-runner verify
 </code>
@@ Line 352: / Line 345: @@
   --non-interactive \
   --url "http://server.corpX.un/" \
-  --registration-token "NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN" \
+  --token "NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN" \
   --executor "docker" \
   --docker-image "docker:stable" \
@@ Line 363: / Line 356: @@
 </code>
+=== TLS для DooD и DinD ===
+<code>
+# cp wild.crt /srv/gitlab-runner/config/
+docker run --rm -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register \
+...
+  --url "https://server.corpX.un/" \
+  --tls-ca-file "/etc/gitlab-runner/wild.crt" \
+...
+</code>
 ===== GitLab CI/CD =====
@@ Line 416: / Line 418: @@
 Build -> Pipeline editor -> Configure Pipelines
 </code><code>
+stages:
+  - deploy
 deploy_test:
   stage: deploy
   script:
-    - echo $(date) "Deploy TEST openvpn1" >> /tmp/Bash.gitlab-ci.log
     - ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=test_nodes"
   tags:
     - openvpn1deploy
+#    - ansible
   only:
     - test
@@ Line 429: / Line 434: @@
   stage: deploy
   script:
-    - echo $(date) "Deploy PROD openvpn1" >> /tmp/Bash.gitlab-ci.log
     - ansible-playbook openvpn1.yaml -i inventory.yaml
   tags:
     - openvpn1deploy
+#    - ansible
   only:
 #    - master
@@ Line 448: / Line 453: @@
 <code>
-# Надо назначить в GitLab (Settings -> CI/CD -> Variables)
+# Можно назначить в GitLab (Settings -> CI/CD -> Variables)
-export MY_CI_REGISTRY=server.corpX.un:5000
+# export MY_CI_REGISTRY=server.corpX.un:5000
-export MY_CI_REGISTRY_IMAGE=student/webd
+# export MY_CI_REGISTRY_IMAGE=student/webd
-# Можно использовать встроенные CI_REGISTRY и CI_REGISTRY_IMAGE
+# или использовать встроенные CI_REGISTRY и CI_REGISTRY_IMAGE
-# поскольку используем этот же проект GitLab как registry
+# поскольку используем этот же проект GitLab как Registry
-# в GitLab будет устанавлено автоматически
+# в GitLab будет установлено автоматически после git commit -m "ver 1.2" и git push
-export CI_COMMIT_MESSAGE="ver 1.2"
+# export CI_COMMIT_MESSAGE="ver 1.2"
 </code>
@@ Line 465: / Line 470: @@
 VER="$(echo $CI_COMMIT_MESSAGE | sed 's/[^a-zA-Z0-9\.]//g')"
-# need only one time
+# needed once
 # docker login -u $MY_CI_REGISTRY_USER -p $MY_CI_REGISTRY_PASSWORD $MY_CI_REGISTRY
 # docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
 docker build -t webd webd
-#docker build --no-cache -t webd webd
-docker tag webd $MY_CI_REGISTRY/$MY_CI_REGISTRY_IMAGE:$VER
+#docker run --rm -e MYMODE=TEST webd || exit 1
-docker tag webd $MY_CI_REGISTRY/$MY_CI_REGISTRY_IMAGE
-#docker tag webd $CI_REGISTRY_IMAGE:$VER
+#docker tag webd $MY_CI_REGISTRY/$MY_CI_REGISTRY_IMAGE:$VER
-#docker tag webd $CI_REGISTRY_IMAGE
+#docker tag webd $MY_CI_REGISTRY/$MY_CI_REGISTRY_IMAGE
+docker tag webd $CI_REGISTRY_IMAGE:$VER
+docker tag webd $CI_REGISTRY_IMAGE
 # previously need: docker login ...
-docker push $MY_CI_REGISTRY/$MY_CI_REGISTRY_IMAGE:$VER
+#docker push $MY_CI_REGISTRY/$MY_CI_REGISTRY_IMAGE:$VER
-docker push $MY_CI_REGISTRY/$MY_CI_REGISTRY_IMAGE
+#docker push $MY_CI_REGISTRY/$MY_CI_REGISTRY_IMAGE
-#docker push $CI_REGISTRY_IMAGE:$VER
+docker push $CI_REGISTRY_IMAGE:$VER
-#docker push $CI_REGISTRY_IMAGE
+docker push $CI_REGISTRY_IMAGE
 </code><code>
 gitlab-runner@server:~/webd$ cat .gitlab-ci.yml
@@ Line 494: / Line 500: @@
   stage: lintertest
   script:
-    - echo $(date) "Do a test webd here" >> /tmp/Bash.gitlab-ci.log
+#    - echo $(date) "Do a test webd here" >> /tmp/Bash.gitlab-ci.log
     - shellcheck webd/webd
   tags:
@@ Line 502: / Line 508: @@
   stage: build
   script:
-    - echo $(date) "Do a build webd here" >> /tmp/Bash.gitlab-ci.log
+#    - echo $(date) "Do a build webd here" >> /tmp/Bash.gitlab-ci.log
-#    - env | tee /tmp/Bash.gitlab-ci.log
+#    - env | tee -a /tmp/Bash.gitlab-ci.log
     - sh build.sh
   tags:
@@ Line 511: / Line 517: @@
 #  stage: deploy
 #  script:
-#    - echo $(date) "Do your deploy webd to k8s here" >> /tmp/Bash.gitlab-ci.log
 #    - sh deploy.sh
 #  tags:
@@ Line 532: / Line 537: @@
 ==== Пример shell Kubernetes ====
+<code>
+kube1:~/gowebd-k8s# cat .gitlab-ci.yml
+</code><code>
+stages:
+  - deploy
+#variables:
+#  HELM_NAMESPACE: "my-ns"
+trigger-deploy:
+  stage: deploy
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "pipeline" && $VER'
+  script:
+    - env
+    - envsubst < my-webd-deployment-env.yaml | kubectl apply -f - -n my-ns
+#    - helm upgrade -i my-webd webd-chart/ --set=image.tag=$VER --create-namespace
+  tags:
+    - k8s-deploy
+manual-deploy:
+  stage: deploy
+  when: manual
+  variables:
+    VER: "$MY_WEBD_VER"  # New Pipeline or Settings->CI/CD->Variables
+  script:
+    - env
+    - envsubst < my-webd-deployment-env.yaml | kubectl apply -f - -n my-ns
+#    - helm upgrade -i my-webd webd-chart/ --set=image.tag=$VER --create-namespace
+  tags:
+    - k8s-deploy
+</code>
+== старый вариант ==
 <code>
 gitlab-runner@server:~/webd$ cp my-webd-deployment.yaml my-webd-deployment-env.yaml
@@ Line 582: / Line 621: @@
 </code><code>
 stages:
+#  - lint
+#  - prebuildtest
   - build
+#  - test
   - push
 #  - deploy
@@ Line 616: / Line 658: @@
     - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
-#    - echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"},\"$CI_DEPENDENCY_PROXY_SERVER\":{\"auth\":\"$(printf "%s:%s" ${CI_DEPENDENCY_PROXY_USER} "${CI_DEPENDENCY_PROXY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
+#    - echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
 #    - /kaniko/executor
 #      --insecure --skip-tls-verify
@@ Line 622: / Line 664: @@
 #      --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
 #      --destination "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}"
+#  except:
+#    - tags
+#  tags:
+#    - build
 Push latest:
@@ Line 639: / Line 686: @@
 #    - crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
 #    - crane --insecure cp $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest
+#  tags:
+#    - build
 Push tag:
@@ Line 656: / Line 705: @@
 #   - crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
 #   - crane --insecure cp $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
+#  tags:
+#    - build
+### Not work in DooD
+#Lint test:
+#  stage: lint
+#  script:
+#    - pwd
+#    - docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.62.2 golangci-lint run --timeout=10m
+#  except:
+#    - tags
+#Smoke test:
+#  stage: test
+#  script:
+#    - MY_ID=$(docker run -d --rm $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA)
+#    - MY_IP=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $MY_ID)
+#    - docker run --rm alpine/curl -sS $MY_IP
+#    - docker stop $MY_ID
+#  except:
+#    - tags
+#Unit test:
+#  stage: prebuildtest
+#  script:
+#    - export PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring
+#    - poetry install
+#    - poetry run python3 -m unittest
+#  except:
+#    - tags
+#  tags:
+#    - build
 #Deploy:

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools