User Tools
инструмент_gitlab
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
инструмент_gitlab [2025/01/02 06:58] val [Регистрация] |
инструмент_gitlab [2025/10/15 06:43] (current) val [Управление пользователями] |
||
|---|---|---|---|
| Line 24: | Line 24: | ||
| server# time EXTERNAL_URL="http://$(hostname)" apt-get install gitlab-ce | server# time EXTERNAL_URL="http://$(hostname)" apt-get install gitlab-ce | ||
| ... | ... | ||
| - | real 38m49.787s !!! Загрузка может прерываться, надо повторять команду !!! | + | real 122m54.883s !!! Загрузка может прерываться, надо повторять команду !!! |
| .. | .. | ||
| </code> | </code> | ||
| Line 31: | Line 31: | ||
| * [[https://docs.gitlab.com/ee/install/docker.html#install-gitlab-using-docker-compose|Install GitLab using Docker Compose]] | * [[https://docs.gitlab.com/ee/install/docker.html#install-gitlab-using-docker-compose|Install GitLab using Docker Compose]] | ||
| + | * [[https://hub.docker.com/r/gitlab/gitlab-ce/tags/|gitlab/gitlab-ce tags (versions)]] | ||
| + | |||
| * [[Технология Docker]] | * [[Технология Docker]] | ||
| * [[Технология Docker#docker-compose]] | * [[Технология Docker#docker-compose]] | ||
| Line 37: | Line 39: | ||
| # cat docker-compose.yml | # cat docker-compose.yml | ||
| </code><code> | </code><code> | ||
| - | version: '3.6' | + | #version: '3.6' |
| services: | services: | ||
| web: | web: | ||
| + | # gitlab: | ||
| image: 'gitlab/gitlab-ce:latest' | image: 'gitlab/gitlab-ce:latest' | ||
| # image: 'gitlab/gitlab-ce:16.7.4-ce.0' | # image: 'gitlab/gitlab-ce:16.7.4-ce.0' | ||
| + | # userns_mode: 'host' | ||
| restart: always | restart: always | ||
| hostname: 'server.corpX.un' | hostname: 'server.corpX.un' | ||
| Line 50: | Line 54: | ||
| gitlab_rails['registry_enabled'] = true | gitlab_rails['registry_enabled'] = true | ||
| gitlab_rails['registry_host'] = "server.corpX.un" | gitlab_rails['registry_host'] = "server.corpX.un" | ||
| - | external_url 'http://server.corpX.un' | + | external_url 'https://server.corpX.un' |
| - | registry_external_url 'http://server.corpX.un' | + | registry_external_url 'https://server.corpX.un:5000' |
| - | gitlab_rails['registry_port'] = "5000" | + | gitlab_rails['registry_port'] = "5050" |
| - | registry['registry_http_addr'] = "server.corpX.un:5000" | + | registry['registry_http_addr'] = "server.corpX.un:5050" |
| - | # external_url 'https://server.corpX.un' | + | |
| - | # registry_external_url 'https://server.corpX.un:5000' | + | |
| - | # gitlab_rails['registry_port'] = "5050" | + | |
| - | # registry['registry_http_addr'] = "server.corpX.un:5050" | + | |
| ports: | ports: | ||
| - | - '80:80' | + | - '443:443' |
| - | # - '443:443' | + | |
| - '2222:22' | - '2222:22' | ||
| - '5000:5000' | - '5000:5000' | ||
| Line 73: | Line 72: | ||
| max-size: "2048m" | max-size: "2048m" | ||
| </code><code> | </code><code> | ||
| - | # ### cat /etc/gitlab/ssl/gitlab.bmstu.ru.{crt,key} | ||
| - | |||
| # docker-compose up -d | # docker-compose up -d | ||
| - | # docker logs root_web_1 -n 10 -f | + | # docker-compose logs -f |
| ### docker-compose stop | ### docker-compose stop | ||
| Line 93: | Line 90: | ||
| ==== Подключение через API ==== | ==== Подключение через API ==== | ||
| + | |||
| + | === проект === | ||
| * Токен доступа: Settings -> Access Tokens ([[https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html|Project access tokens]]), в примере достаточно role: Reporter, Scopes: api | * Токен доступа: Settings -> Access Tokens ([[https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html|Project access tokens]]), в примере достаточно role: Reporter, Scopes: api | ||
| Line 113: | Line 112: | ||
| export BR=main; bash <(curl -s http://gate.corp13.un/api/v4/projects/1/repository/files/start.sh/raw?ref=$BR) | export BR=main; bash <(curl -s http://gate.corp13.un/api/v4/projects/1/repository/files/start.sh/raw?ref=$BR) | ||
| + | </code> | ||
| + | |||
| + | === REST API интерфейс === | ||
| + | |||
| + | * Search or go to... -> Profile -> Access tokens -> Add new token -> api -> Create token | ||
| + | |||
| + | == Добавление пользователя == | ||
| + | |||
| + | <code> | ||
| + | GITLAB_URL="https://server.corp13.un:4443" | ||
| + | PRIVATE_TOKEN="NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN" | ||
| + | |||
| + | USER_EMAIL="student@corp13.un" | ||
| + | USER_PASSWORD="Pa\$\$w0rd" | ||
| + | USER_USERNAME="student" | ||
| + | USER_NAME="Your Name" | ||
| + | |||
| + | curl --header "PRIVATE-TOKEN: $PRIVATE_TOKEN" \ | ||
| + | --header "Content-Type: application/json" \ | ||
| + | --request POST \ | ||
| + | --data "{ \"email\": \"$USER_EMAIL\", \"password\": \"$USER_PASSWORD\", \"username\": \"$USER_USERNAME\", \"name\": \"$USER_NAME\", \"admin\": true }" \ | ||
| + | "$GITLAB_URL/api/v4/users" -k | ||
| </code> | </code> | ||
| ===== Настройка ===== | ===== Настройка ===== | ||
| Line 227: | Line 248: | ||
| * [[Установка и настройка OpenLDAP]] | * [[Установка и настройка OpenLDAP]] | ||
| * [[Хранение учетных записей UNIX в LDAP]] !!! с атрибутом почты и паролем | * [[Хранение учетных записей UNIX в LDAP]] !!! с атрибутом почты и паролем | ||
| + | * [[Решение FreeIPA]] | ||
| <code> | <code> | ||
| Line 239: | Line 261: | ||
| host: 'server.corpX.un' | host: 'server.corpX.un' | ||
| # host: 'server2.corpX.un' | # host: 'server2.corpX.un' | ||
| + | # host: '192.168.X.10' | ||
| port: 389 | port: 389 | ||
| # uid: 'uid' | # uid: 'uid' | ||
| Line 244: | Line 267: | ||
| # bind_dn: 'cn=admin,dc=corpX,dc=un' | # bind_dn: 'cn=admin,dc=corpX,dc=un' | ||
| # password: 'secret' | # password: 'secret' | ||
| + | # bind_dn: 'uid=admin,cn=users,cn=accounts,dc=corpX,dc=un' | ||
| + | # password: 'strongpassword' | ||
| bind_dn: 'cn=Administrator,cn=Users,dc=corpX,dc=un' | bind_dn: 'cn=Administrator,cn=Users,dc=corpX,dc=un' | ||
| password: 'Pa$$w0rd' | password: 'Pa$$w0rd' | ||
| Line 265: | Line 290: | ||
| <code> | <code> | ||
| # wget http://gate.isp.un/unix/Git/gitlab-runner_amd64.deb # Version: 17.3.1-1 | # wget http://gate.isp.un/unix/Git/gitlab-runner_amd64.deb # Version: 17.3.1-1 | ||
| - | |||
| - | ##2 часа## curl -LJO "https://gitlab-runner-downloads.s3.amazonaws.com/latest/deb/gitlab-runner_amd64.deb" | ||
| # dpkg -i gitlab-runner_amd64.deb | # dpkg -i gitlab-runner_amd64.deb | ||
| + | |||
| + | ## Может занять 2 часа ## | ||
| + | # ###curl -LJO "https://s3.dualstack.us-east-1.amazonaws.com/gitlab-runner-downloads/latest/deb/gitlab-runner-helper-images.deb" | ||
| + | # ###curl -LJO "https://s3.dualstack.us-east-1.amazonaws.com/gitlab-runner-downloads/latest/deb/gitlab-runner_amd64.deb" | ||
| + | # ###dpkg -i gitlab-runner-helper-images.deb gitlab-runner_amd64.deb | ||
| </code> | </code> | ||
| ==== Регистрация ==== | ==== Регистрация ==== | ||
| Line 296: | Line 324: | ||
| или по инструкции в "New instance runner" | или по инструкции в "New instance runner" | ||
| + | <code> | ||
| + | # gitlab-runner register -n --executor "shell" -u http://server.corpX.un -t "NNNNNNNNNNNNNNNNNNNNNNNNNNNN" | ||
| + | </code> | ||
| Перезапускать не нужно | Перезапускать не нужно | ||
| Line 348: | Line 378: | ||
| --non-interactive \ | --non-interactive \ | ||
| --url "http://server.corpX.un/" \ | --url "http://server.corpX.un/" \ | ||
| - | --registration-token "NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN" \ | + | --token "NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN" \ |
| --executor "docker" \ | --executor "docker" \ | ||
| --docker-image "docker:stable" \ | --docker-image "docker:stable" \ | ||
| Line 365: | Line 395: | ||
| docker run --rm -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register \ | docker run --rm -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register \ | ||
| ... | ... | ||
| - | --url "https://server.corp20.un/" \ | + | --url "https://server.corpX.un/" \ |
| --tls-ca-file "/etc/gitlab-runner/wild.crt" \ | --tls-ca-file "/etc/gitlab-runner/wild.crt" \ | ||
| ... | ... | ||
| Line 428: | Line 458: | ||
| script: | script: | ||
| - ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=test_nodes" | - ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=test_nodes" | ||
| + | # - echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml --vault-password-file=/bin/cat -e "variable_host=test_nodes" | ||
| tags: | tags: | ||
| - | - openvpn1deploy | + | - ansible |
| - | # - ansible | + | |
| only: | only: | ||
| - test | - test | ||
| Line 438: | Line 468: | ||
| script: | script: | ||
| - ansible-playbook openvpn1.yaml -i inventory.yaml | - ansible-playbook openvpn1.yaml -i inventory.yaml | ||
| + | # - echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml --vault-password-file=/bin/cat | ||
| tags: | tags: | ||
| - | - openvpn1deploy | + | - ansible |
| - | # - ansible | + | |
| only: | only: | ||
| - | # - master | + | - main |
| - | # - main | + | |
| </code> | </code> | ||
| Line 540: | Line 569: | ||
| ==== Пример shell Kubernetes ==== | ==== Пример shell Kubernetes ==== | ||
| + | <code> | ||
| + | kube1:~/gowebd-k8s# cat .gitlab-ci.yml | ||
| + | </code><code> | ||
| + | stages: | ||
| + | - deploy | ||
| + | |||
| + | #variables: | ||
| + | # HELM_NAMESPACE: "my-ns" | ||
| + | |||
| + | trigger-deploy: | ||
| + | stage: deploy | ||
| + | rules: | ||
| + | - if: '$CI_PIPELINE_SOURCE == "pipeline" && $VER' | ||
| + | script: | ||
| + | - env | ||
| + | - envsubst < my-webd-deployment-env.yaml | kubectl apply -f - -n my-ns | ||
| + | # - helm upgrade -i my-webd webd-chart/ --set=image.tag=$VER --create-namespace | ||
| + | tags: | ||
| + | - k8s-deploy | ||
| + | |||
| + | manual-deploy: | ||
| + | stage: deploy | ||
| + | when: manual | ||
| + | variables: | ||
| + | VER: "$MY_WEBD_VER" # New Pipeline or Settings->CI/CD->Variables | ||
| + | script: | ||
| + | - env | ||
| + | - envsubst < my-webd-deployment-env.yaml | kubectl apply -f - -n my-ns | ||
| + | # - helm upgrade -i my-webd webd-chart/ --set=image.tag=$VER --create-namespace | ||
| + | tags: | ||
| + | - k8s-deploy | ||
| + | </code> | ||
| + | |||
| + | == старый вариант == | ||
| <code> | <code> | ||
| gitlab-runner@server:~/webd$ cp my-webd-deployment.yaml my-webd-deployment-env.yaml | gitlab-runner@server:~/webd$ cp my-webd-deployment.yaml my-webd-deployment-env.yaml | ||
| Line 591: | Line 654: | ||
| stages: | stages: | ||
| # - lint | # - lint | ||
| + | # - prebuildtest | ||
| - build | - build | ||
| # - test | # - test | ||
| Line 626: | Line 690: | ||
| - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA | - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA | ||
| - | # - echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"},\"$CI_DEPENDENCY_PROXY_SERVER\":{\"auth\":\"$(printf "%s:%s" ${CI_DEPENDENCY_PROXY_USER} "${CI_DEPENDENCY_PROXY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json | + | # - echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json |
| # - /kaniko/executor | # - /kaniko/executor | ||
| # --insecure --skip-tls-verify | # --insecure --skip-tls-verify | ||
| Line 632: | Line 696: | ||
| # --dockerfile "${CI_PROJECT_DIR}/Dockerfile" | # --dockerfile "${CI_PROJECT_DIR}/Dockerfile" | ||
| # --destination "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}" | # --destination "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}" | ||
| + | |||
| + | # except: | ||
| + | # - tags | ||
| + | # tags: | ||
| + | # - build | ||
| Push latest: | Push latest: | ||
| Line 649: | Line 718: | ||
| # - crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY | # - crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY | ||
| # - crane --insecure cp $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest | # - crane --insecure cp $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest | ||
| + | # tags: | ||
| + | # - build | ||
| Push tag: | Push tag: | ||
| Line 666: | Line 737: | ||
| # - crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY | # - crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY | ||
| # - crane --insecure cp $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME | # - crane --insecure cp $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME | ||
| + | # tags: | ||
| + | # - build | ||
| + | ### Not work in DooD | ||
| #Lint test: | #Lint test: | ||
| # stage: lint | # stage: lint | ||
| # script: | # script: | ||
| + | # - pwd | ||
| # - docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.62.2 golangci-lint run --timeout=10m | # - docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.62.2 golangci-lint run --timeout=10m | ||
| + | # except: | ||
| + | # - tags | ||
| #Smoke test: | #Smoke test: | ||
| Line 679: | Line 756: | ||
| # - docker run --rm alpine/curl -sS $MY_IP | # - docker run --rm alpine/curl -sS $MY_IP | ||
| # - docker stop $MY_ID | # - docker stop $MY_ID | ||
| + | # except: | ||
| + | # - tags | ||
| + | |||
| + | #Unit test: | ||
| + | # stage: prebuildtest | ||
| + | # script: | ||
| + | # - export PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring | ||
| + | # - poetry install | ||
| + | # - poetry run python3 -m unittest | ||
| + | # except: | ||
| + | # - tags | ||
| + | # tags: | ||
| + | # - build | ||
| #Deploy: | #Deploy: | ||
инструмент_gitlab.1735790334.txt.gz · Last modified: 2025/01/02 06:58 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
