Differences

This shows you the differences between two versions of the page.

--- инструмент_gitlab [2024/02/05 10:54]
val [Клиент OpenID]
+++ инструмент_gitlab [2024/04/08 18:58]
val [Установка из репозитория]
@@ Line 38: / Line 38: @@
 server# curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | bash
-server# time EXTERNAL_URL="http://server.corpX.un" apt-get install gitlab-ce
+server# time EXTERNAL_URL="http://$(hostname)" apt-get install gitlab-ce
 ...
 real    38m49.787s  !!! Загрузка может прерываться, надо повторять команду !!!
@@ Line 57: / Line 57: @@
   web:
     image: 'gitlab/gitlab-ce:latest'
+#    image: 'gitlab/gitlab-ce:16.7.4-ce.0'
     restart: always
     hostname: 'server.corpX.un'
@@ Line 62: / Line 63: @@
       GITLAB_ROOT_PASSWORD: "strongpassword"
       GITLAB_OMNIBUS_CONFIG: |
+        prometheus_monitoring['enable'] = false
+        gitlab_rails['registry_enabled'] = true
+        gitlab_rails['registry_host'] = "server.corpX.un"
         external_url 'http://server.corpX.un'
-#        gitlab_rails['initial_root_password'] = 'strongpassword'
+        registry_external_url 'http://server.corpX.un'
-#        registry_external_url 'http://server.corpX.un'
+        gitlab_rails['registry_port'] = "5000"
-#        gitlab_rails['registry_enabled'] = true
+        registry['registry_http_addr'] = "server.corpX.un:5000"
-#        gitlab_rails['registry_host'] = "server.corpX.un"
+#        external_url 'https://server.corpX.un'
-#        gitlab_rails['registry_port'] = "5000"
+#        registry_external_url 'https://server.corpX.un:5000'
-#        registry['registry_http_addr'] = "server.corpX.un:5000"
+#        gitlab_rails['registry_port'] = "5050"
-#        prometheus_monitoring['enable'] = false
+#        registry['registry_http_addr'] = "server.corpX.un:5050"
-#        external_url 'https://gitlab.bmstu.ru:8443'
-#        registry_external_url 'https://gitlab.bmstu.ru:5050'
     ports:
       - '80:80'
-#      - '8443:8443'
+#      - '443:443'
       - '2222:22'
       - '5000:5000'
-#      - '5050:5050'
     volumes:
       - '/etc/gitlab:/etc/gitlab'
@@ Line 195: / Line 196: @@
 <code>
-# mkdir /etc/gitlab/ssl/
+mkdir /etc/gitlab/ssl/
-# cp wild.crt /etc/gitlab/ssl/$(hostname).crt
+cp wild.crt -v /etc/gitlab/ssl/$(hostname).crt
-# cp wild.key /etc/gitlab/ssl/$(hostname).key
+cp wild.key -v /etc/gitlab/ssl/$(hostname).key
 # cat /etc/gitlab/gitlab.rb
@@ Line 248: / Line 249: @@
 #    host: 'server2.corpX.un'
     port: 389
-    uid: 'uid'
+#    uid: 'uid'
-#    uid: 'sAMAccountName'
+    uid: 'sAMAccountName'
-    bind_dn: 'cn=admin,dc=corpX,dc=un'
+#    bind_dn: 'cn=admin,dc=corpX,dc=un'
-    password: 'secret'
+#    password: 'secret'
-#    bind_dn: 'cn=Administrator,cn=Users,dc=corpX,dc=un'
+    bind_dn: 'cn=Administrator,cn=Users,dc=corpX,dc=un'
-#    password: 'Pa$$w0rd'
+    password: 'Pa$$w0rd'
     encryption: 'plain'
-    active_directory: false
+#    active_directory: false
-#    active_directory: true
+    active_directory: true
     base: 'dc=corpX,dc=un'
 EOS
@@ Line 301: / Line 302: @@
 <code>
-# gitlab-runner register -n --executor "shell" -u http://server.corp13.un -r "NNNNNNNNNNNNNNNNNNNNNNNNNNNN"
+# gitlab-runner register -n --executor "shell" -u http://server.corpX.un -r "NNNNNNNNNNNNNNNNNNNNNNNNNNNN"
 </code>
@@ Line 321: / Line 322: @@
 <code>
+gate:~### docker stop gitlab-runner; docker rm gitlab-runner
 gate:~### rm /srv/gitlab-runner/config/config.toml
@@ Line 695: / Line 697: @@
 # cp ca.crt /etc/gitlab/trusted-certs/
+# cat /etc/gitlab/gitlab.rb
+</code><code>
+...
 gitlab_rails['omniauth_providers'] = [
   {
     name: "openid_connect", # do not change this parameter
-    label: "Keycloak corp20", # optional label for login button, defaults to "Openid Connect"
+    label: "Keycloak", # optional label for login button, defaults to "Openid Connect"
     args: {
       name: "openid_connect",
       scope: ["openid", "profile", "email"],
       response_type: "code",
-      issuer:  "https://server.corp20.un:8443/realms/corp20/",
+#     issuer:  "https://keycloak.example.com/realms/myrealm",
+      issuer:  "https://keycloak.corpX.un/realms/corpX",
       client_auth_method: "query",
       discovery: true,
@@ Line 709: / Line 715: @@
       pkce: true,
       client_options: {
+#        identifier: "<YOUR CLIENT ID>",
         identifier: "any-client",
+#        secret: "<YOUR CLIENT SECRET>",
         secret: "anystring",
-        redirect_uri: "http://gate.corp20.un/users/auth/openid_connect/callback"
+#        redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback"
+        redirect_uri: "https://gate.corpX.un/users/auth/openid_connect/callback"
       }
     }
   }
 ]
+...
 </code>
+  * [[#Проверка конфигурации и перезапуск]]
+  * User -> Profile -> Account -> Select a service to sign in with -> Keycloak

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools