Differences

This shows you the differences between two versions of the page.

--- инструмент_gitlab [2024/11/22 13:23]
val [Пример CI с использованием контейнеров]
+++ инструмент_gitlab [2025/10/15 06:43] (current)
val [Управление пользователями]
@@ Line 24: / Line 24: @@
 server# time EXTERNAL_URL="http://$(hostname)" apt-get install gitlab-ce
 ...
-real    38m49.787s  !!! Загрузка может прерываться, надо повторять команду !!!
+real    122m54.883s  !!! Загрузка может прерываться, надо повторять команду !!!
 ..
 </code>
@@ Line 31: / Line 31: @@
   * [[https://docs.gitlab.com/ee/install/docker.html#install-gitlab-using-docker-compose|Install GitLab using Docker Compose]]
+  * [[https://hub.docker.com/r/gitlab/gitlab-ce/tags/|gitlab/gitlab-ce tags (versions)]]
   * [[Технология Docker]]
   * [[Технология Docker#docker-compose]]
@@ Line 37: / Line 39: @@
 # cat docker-compose.yml
 </code><code>
-version: '3.6'
+#version: '3.6'
 services:
   web:
+#  gitlab:
     image: 'gitlab/gitlab-ce:latest'
 #    image: 'gitlab/gitlab-ce:16.7.4-ce.0'
+#    userns_mode: 'host'
     restart: always
     hostname: 'server.corpX.un'
@@ Line 50: / Line 54: @@
         gitlab_rails['registry_enabled'] = true
         gitlab_rails['registry_host'] = "server.corpX.un"
-        external_url 'http://server.corpX.un'
+        external_url 'https://server.corpX.un'
-        registry_external_url 'http://server.corpX.un'
+        registry_external_url 'https://server.corpX.un:5000'
-        gitlab_rails['registry_port'] = "5000"
+        gitlab_rails['registry_port'] = "5050"
-        registry['registry_http_addr'] = "server.corpX.un:5000"
+        registry['registry_http_addr'] = "server.corpX.un:5050"
-#        external_url 'https://server.corpX.un'
-#        registry_external_url 'https://server.corpX.un:5000'
-#        gitlab_rails['registry_port'] = "5050"
-#        registry['registry_http_addr'] = "server.corpX.un:5050"
     ports:
-      - '80:80'
+      - '443:443'
-#      - '443:443'
       - '2222:22'
       - '5000:5000'
@@ Line 73: / Line 72: @@
         max-size: "2048m"
 </code><code>
-# ### cat /etc/gitlab/ssl/gitlab.bmstu.ru.{crt,key}
 # docker-compose up -d
-# docker logs root_web_1 -n 10 -f
+# docker-compose logs -f
 ### docker-compose stop
@@ Line 93: / Line 90: @@
 ==== Подключение через API ====
+=== проект ===
   * Токен доступа: Settings -> Access Tokens ([[https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html|Project access tokens]]), в примере достаточно role: Reporter, Scopes: api
@@ Line 113: / Line 112: @@
 export BR=main; bash <(curl -s http://gate.corp13.un/api/v4/projects/1/repository/files/start.sh/raw?ref=$BR)
+</code>
+=== REST API интерфейс ===
+  * Search or go to... -> Profile -> Access tokens -> Add new token -> api -> Create token
+== Добавление пользователя ==
+<code>
+GITLAB_URL="https://server.corp13.un:4443"
+PRIVATE_TOKEN="NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN"
+USER_EMAIL="student@corp13.un"
+USER_PASSWORD="Pa\$\$w0rd"
+USER_USERNAME="student"
+USER_NAME="Your Name"
+curl --header "PRIVATE-TOKEN: $PRIVATE_TOKEN" \
+     --header "Content-Type: application/json" \
+     --request POST \
+     --data "{ \"email\": \"$USER_EMAIL\", \"password\": \"$USER_PASSWORD\", \"username\": \"$USER_USERNAME\", \"name\": \"$USER_NAME\", \"admin\": true }" \
+     "$GITLAB_URL/api/v4/users" -k
 </code>
 ===== Настройка =====
@@ Line 227: / Line 248: @@
   * [[Установка и настройка OpenLDAP]]
   * [[Хранение учетных записей UNIX в LDAP]] !!! с атрибутом почты и паролем
+  * [[Решение FreeIPA]]
 <code>
@@ Line 239: / Line 261: @@
     host: 'server.corpX.un'
 #    host: 'server2.corpX.un'
+#    host: '192.168.X.10'
     port: 389
 #    uid: 'uid'
@@ Line 244: / Line 267: @@
 #    bind_dn: 'cn=admin,dc=corpX,dc=un'
 #    password: 'secret'
+#    bind_dn: 'uid=admin,cn=users,cn=accounts,dc=corpX,dc=un'
+#    password: 'strongpassword'
     bind_dn: 'cn=Administrator,cn=Users,dc=corpX,dc=un'
     password: 'Pa$$w0rd'
@@ Line 257: / Line 282: @@
 ===== GitLab Runner =====
+  * [[https://stackoverflow.com/questions/32933174/use-gitlab-ci-to-run-tests-locally|Use GitLab CI to run tests locally?]]
 ==== Установка из пакета ====
@@ Line 263: / Line 289: @@
 <code>
-# wget http://gate.isp.un/unix/Git/gitlab-runner_amd64.deb
+# wget http://gate.isp.un/unix/Git/gitlab-runner_amd64.deb               # Version: 17.3.1-1
-##2 часа## curl -LJO "https://gitlab-runner-downloads.s3.amazonaws.com/latest/deb/gitlab-runner_amd64.deb"
 # dpkg -i gitlab-runner_amd64.deb
+## Может занять 2 часа ##
+# ###curl -LJO "https://s3.dualstack.us-east-1.amazonaws.com/gitlab-runner-downloads/latest/deb/gitlab-runner-helper-images.deb"
+# ###curl -LJO "https://s3.dualstack.us-east-1.amazonaws.com/gitlab-runner-downloads/latest/deb/gitlab-runner_amd64.deb"
+# ###dpkg -i gitlab-runner-helper-images.deb gitlab-runner_amd64.deb
 </code>
 ==== Регистрация ====
@@ Line 282: / Line 311: @@
 Enter tags for the runner: dhcptest, dhcpdeploy
   или
-Enter tags for the runner: openvpn1deploy
+Enter tags for the runner: openvpn1deploy   или     ansible
 ...
 Enter an executor: shell
@@ Line 295: / Line 324: @@
 или по инструкции в "New instance runner"
+<code>
+# gitlab-runner register -n --executor "shell" -u http://server.corpX.un -t "NNNNNNNNNNNNNNNNNNNNNNNNNNNN"
+</code>
 Перезапускать не нужно
@@ Line 347: / Line 378: @@
   --non-interactive \
   --url "http://server.corpX.un/" \
-  --registration-token "NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN" \
+  --token "NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN" \
   --executor "docker" \
   --docker-image "docker:stable" \
@@ Line 364: / Line 395: @@
 docker run --rm -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register \
 ...
-  --url "https://server.corp20.un/" \
+  --url "https://server.corpX.un/" \
   --tls-ca-file "/etc/gitlab-runner/wild.crt" \
 ...
@@ Line 420: / Line 451: @@
 Build -> Pipeline editor -> Configure Pipelines
 </code><code>
+stages:
+  - deploy
 deploy_test:
   stage: deploy
   script:
     - ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=test_nodes"
+#    - echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml --vault-password-file=/bin/cat -e "variable_host=test_nodes"
   tags:
-    - openvpn1deploy
+    - ansible
   only:
     - test
@@ Line 433: / Line 468: @@
   script:
     - ansible-playbook openvpn1.yaml -i inventory.yaml
+#    - echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml --vault-password-file=/bin/cat
   tags:
-    - openvpn1deploy
+    - ansible
   only:
-#    - master
+    - main
-#    - main
 </code>
@@ Line 534: / Line 569: @@
 ==== Пример shell Kubernetes ====
+<code>
+kube1:~/gowebd-k8s# cat .gitlab-ci.yml
+</code><code>
+stages:
+  - deploy
+#variables:
+#  HELM_NAMESPACE: "my-ns"
+trigger-deploy:
+  stage: deploy
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "pipeline" && $VER'
+  script:
+    - env
+    - envsubst < my-webd-deployment-env.yaml | kubectl apply -f - -n my-ns
+#    - helm upgrade -i my-webd webd-chart/ --set=image.tag=$VER --create-namespace
+  tags:
+    - k8s-deploy
+manual-deploy:
+  stage: deploy
+  when: manual
+  variables:
+    VER: "$MY_WEBD_VER"  # New Pipeline or Settings->CI/CD->Variables
+  script:
+    - env
+    - envsubst < my-webd-deployment-env.yaml | kubectl apply -f - -n my-ns
+#    - helm upgrade -i my-webd webd-chart/ --set=image.tag=$VER --create-namespace
+  tags:
+    - k8s-deploy
+</code>
+== старый вариант ==
 <code>
 gitlab-runner@server:~/webd$ cp my-webd-deployment.yaml my-webd-deployment-env.yaml
@@ Line 584: / Line 653: @@
 </code><code>
 stages:
+#  - lint
+#  - prebuildtest
   - build
 #  - test
@@ Line 619: / Line 690: @@
     - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
-#    - echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"},\"$CI_DEPENDENCY_PROXY_SERVER\":{\"auth\":\"$(printf "%s:%s" ${CI_DEPENDENCY_PROXY_USER} "${CI_DEPENDENCY_PROXY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
+#    - echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
 #    - /kaniko/executor
 #      --insecure --skip-tls-verify
@@ Line 625: / Line 696: @@
 #      --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
 #      --destination "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}"
+#  except:
+#    - tags
+#  tags:
+#    - build
 Push latest:
@@ Line 642: / Line 718: @@
 #    - crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
 #    - crane --insecure cp $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest
+#  tags:
+#    - build
 Push tag:
@@ Line 659: / Line 737: @@
 #   - crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
 #   - crane --insecure cp $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
+#  tags:
+#    - build
+### Not work in DooD
+#Lint test:
+#  stage: lint
+#  script:
+#    - pwd
+#    - docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.62.2 golangci-lint run --timeout=10m
+#  except:
+#    - tags
 #Smoke test:
@@ Line 665: / Line 754: @@
 #    - MY_ID=$(docker run -d --rm $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA)
 #    - MY_IP=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $MY_ID)
-#    - wget -qO - $MY_IP
+#    - docker run --rm alpine/curl -sS $MY_IP
 #    - docker stop $MY_ID
+#  except:
+#    - tags
+#Unit test:
+#  stage: prebuildtest
+#  script:
+#    - export PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring
+#    - poetry install
+#    - poetry run python3 -m unittest
+#  except:
+#    - tags
+#  tags:
+#    - build
 #Deploy:

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools