Differences

This shows you the differences between two versions of the page.

--- инструмент_gitlab [2025/01/02 06:58]
val [Регистрация]
+++ инструмент_gitlab [2025/12/15 10:29] (current)
val [Клиент OpenID]
@@ Line 24: / Line 24: @@
 server# time EXTERNAL_URL="http://$(hostname)" apt-get install gitlab-ce
 ...
-real    38m49.787s  !!! Загрузка может прерываться, надо повторять команду !!!
+real    122m54.883s  !!! Загрузка может прерываться, надо повторять команду !!!
 ..
 </code>
@@ Line 31: / Line 31: @@
   * [[https://docs.gitlab.com/ee/install/docker.html#install-gitlab-using-docker-compose|Install GitLab using Docker Compose]]
+  * [[https://hub.docker.com/r/gitlab/gitlab-ce/tags/|gitlab/gitlab-ce tags (versions)]]
   * [[Технология Docker]]
   * [[Технология Docker#docker-compose]]
+  * [[#Включение TLS]]
 <code>
 # cat docker-compose.yml
 </code><code>
-version: '3.6'
 services:
-  web:
+  gitlab:
-    image: 'gitlab/gitlab-ce:latest'
+#    image: 'gitlab/gitlab-ce:latest'
-#    image: 'gitlab/gitlab-ce:16.7.4-ce.0'
+    image: 'gitlab/gitlab-ce:18.6.2-ce.0'
+#    userns_mode: 'host'
+#    privileged: true
     restart: always
     hostname: 'server.corpX.un'
@@ Line 50: / Line 54: @@
         gitlab_rails['registry_enabled'] = true
         gitlab_rails['registry_host'] = "server.corpX.un"
-        external_url 'http://server.corpX.un'
+        external_url 'https://server.corpX.un'
-        registry_external_url 'http://server.corpX.un'
+        registry_external_url 'https://server.corpX.un:5000'
-        gitlab_rails['registry_port'] = "5000"
+        gitlab_rails['registry_port'] = "5050"
-        registry['registry_http_addr'] = "server.corpX.un:5000"
+        registry['registry_http_addr'] = "0.0.0.0:5050"
-#        external_url 'https://server.corpX.un'
-#        registry_external_url 'https://server.corpX.un:5000'
-#        gitlab_rails['registry_port'] = "5050"
-#        registry['registry_http_addr'] = "server.corpX.un:5050"
     ports:
-      - '80:80'
+      - '443:443'
-#      - '443:443'
       - '2222:22'
       - '5000:5000'
     volumes:
       - '/etc/gitlab:/etc/gitlab'
-      - '/srv/gitlab/logs:/var/log/gitlab'
+      - vol1:/var/opt/gitlab
-      - '/srv/gitlab/data:/var/opt/gitlab'
     shm_size: '256m'
-    logging:
+volumes:
-      driver: "json-file"
+  vol1:
-      options:
-        max-size: "2048m"
 </code><code>
-# ### cat /etc/gitlab/ssl/gitlab.bmstu.ru.{crt,key}
 # docker-compose up -d
-# docker logs root_web_1 -n 10 -f
+# docker-compose logs -f
 ### docker-compose stop
-### rm -r /srv/gitlab/ /etc/gitlab/
 </code>
 ==== Установка через Ansible Role ====
@@ Line 93: / Line 86: @@
 ==== Подключение через API ====
+=== проект ===
   * Токен доступа: Settings -> Access Tokens ([[https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html|Project access tokens]]), в примере достаточно role: Reporter, Scopes: api
@@ Line 113: / Line 108: @@
 export BR=main; bash <(curl -s http://gate.corp13.un/api/v4/projects/1/repository/files/start.sh/raw?ref=$BR)
+</code>
+=== REST API интерфейс ===
+  * Search or go to... -> Profile -> Personal access tokens -> Add new token -> api -> Create token
+== Добавление пользователя ==
+<code>
+kube1:~/gitlab# cat adduser.sh
+</code><code>
+GITLAB_URL="https://gitlab.corpX.un"
+PRIVATE_TOKEN="NNNNNNNNNNNN"
+USER_EMAIL="user1@corpX.un"
+USER_PASSWORD="Pa\$\$w0rd"
+USER_USERNAME="user1"
+USER_NAME="Your Name"
+curl --header "PRIVATE-TOKEN: $PRIVATE_TOKEN" \
+     --header "Content-Type: application/json" \
+     --request POST \
+     --data "{ \"email\": \"$USER_EMAIL\", \"password\": \"$USER_PASSWORD\", \"username\": \"$USER_USERNAME\", \"name\": \"$USER_NAME\", \"admin\": true }" \
+     "$GITLAB_URL/api/v4/users" -k
 </code>
 ===== Настройка =====
@@ Line 227: / Line 246: @@
   * [[Установка и настройка OpenLDAP]]
   * [[Хранение учетных записей UNIX в LDAP]] !!! с атрибутом почты и паролем
+  * [[Решение FreeIPA]]
 <code>
@@ Line 239: / Line 259: @@
     host: 'server.corpX.un'
 #    host: 'server2.corpX.un'
+#    host: '192.168.X.10'
     port: 389
 #    uid: 'uid'
@@ Line 244: / Line 265: @@
 #    bind_dn: 'cn=admin,dc=corpX,dc=un'
 #    password: 'secret'
+#    bind_dn: 'uid=admin,cn=users,cn=accounts,dc=corpX,dc=un'
+#    password: 'strongpassword'
     bind_dn: 'cn=Administrator,cn=Users,dc=corpX,dc=un'
     password: 'Pa$$w0rd'
@@ Line 265: / Line 288: @@
 <code>
 # wget http://gate.isp.un/unix/Git/gitlab-runner_amd64.deb               # Version: 17.3.1-1
-##2 часа## curl -LJO "https://gitlab-runner-downloads.s3.amazonaws.com/latest/deb/gitlab-runner_amd64.deb"
 # dpkg -i gitlab-runner_amd64.deb
+## Может занять 2 часа ##
+# ###curl -LJO "https://s3.dualstack.us-east-1.amazonaws.com/gitlab-runner-downloads/latest/deb/gitlab-runner-helper-images.deb"
+# ###curl -LJO "https://s3.dualstack.us-east-1.amazonaws.com/gitlab-runner-downloads/latest/deb/gitlab-runner_amd64.deb"
+# ###dpkg -i gitlab-runner-helper-images.deb gitlab-runner_amd64.deb
 </code>
 ==== Регистрация ====
@@ Line 296: / Line 322: @@
 или по инструкции в "New instance runner"
+<code>
+# gitlab-runner register -n --executor "shell" -u http://server.corpX.un -t "NNNNNNNNNNNNNNNNNNNNNNNNNNNN"
+</code>
 Перезапускать не нужно
@@ Line 348: / Line 376: @@
   --non-interactive \
   --url "http://server.corpX.un/" \
-  --registration-token "NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN" \
+  --token "NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN" \
   --executor "docker" \
   --docker-image "docker:stable" \
@@ Line 365: / Line 393: @@
 docker run --rm -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register \
 ...
-  --url "https://server.corp20.un/" \
+  --url "https://server.corpX.un/" \
   --tls-ca-file "/etc/gitlab-runner/wild.crt" \
 ...
@@ Line 415: / Line 443: @@
   * [[https://stackoverflow.com/questions/52169219/get-branch-name-in-gitlab-ci|Get Branch name in gitlab ci]]
+<code>
+Settings -> CI/CD -> Variables -> Add variable -> Masked and hidden ... ANS_V_SEC
+снять Protect variable
+  ИЛИ
+Settings -> Repository -> Protected Branches - Add Protected Branch -> test
+</code>
 <code>
 Administrator@Ra-master ~/openvpn1 (test)
@@ Line 428: / Line 463: @@
   script:
     - ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=test_nodes"
+#    - echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml --vault-password-file=/bin/cat -e "variable_host=test_nodes"
   tags:
-    - openvpn1deploy
+    - ansible
-#    - ansible
   only:
     - test
@@ Line 438: / Line 473: @@
   script:
     - ansible-playbook openvpn1.yaml -i inventory.yaml
+#    - echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml --vault-password-file=/bin/cat
   tags:
-    - openvpn1deploy
+    - ansible
-#    - ansible
   only:
-#    - master
+    - main
-#    - main
 </code>
@@ Line 540: / Line 574: @@
 ==== Пример shell Kubernetes ====
+<code>
+kube1:~/gowebd-k8s# cat .gitlab-ci.yml
+</code><code>
+stages:
+  - deploy
+#variables:
+#  HELM_NAMESPACE: "my-ns"
+trigger-deploy:
+  stage: deploy
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "pipeline" && $VER'
+  script:
+    - env
+    - envsubst < my-webd-deployment-env.yaml | kubectl apply -f - -n my-ns
+#    - helm upgrade -i my-webd webd-chart/ --set=image.tag=$VER --create-namespace
+  tags:
+    - k8s-deploy
+manual-deploy:
+  stage: deploy
+  when: manual
+  variables:
+    VER: "$MY_WEBD_VER"  # New Pipeline or Settings->CI/CD->Variables
+  script:
+    - env
+    - envsubst < my-webd-deployment-env.yaml | kubectl apply -f - -n my-ns
+#    - helm upgrade -i my-webd webd-chart/ --set=image.tag=$VER --create-namespace
+  tags:
+    - k8s-deploy
+</code>
+== старый вариант ==
 <code>
 gitlab-runner@server:~/webd$ cp my-webd-deployment.yaml my-webd-deployment-env.yaml
@@ Line 591: / Line 659: @@
 stages:
 #  - lint
+#  - prebuildtest
   - build
 #  - test
@@ Line 626: / Line 695: @@
     - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
-#    - echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"},\"$CI_DEPENDENCY_PROXY_SERVER\":{\"auth\":\"$(printf "%s:%s" ${CI_DEPENDENCY_PROXY_USER} "${CI_DEPENDENCY_PROXY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
+#    - echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
 #    - /kaniko/executor
 #      --insecure --skip-tls-verify
@@ Line 632: / Line 701: @@
 #      --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
 #      --destination "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}"
+#  except:
+#    - tags
+#  tags:
+#    - build
 Push latest:
@@ Line 649: / Line 723: @@
 #    - crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
 #    - crane --insecure cp $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest
+#  tags:
+#    - build
 Push tag:
@@ Line 666: / Line 742: @@
 #   - crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
 #   - crane --insecure cp $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
+#  tags:
+#    - build
+### Not work in DooD
 #Lint test:
 #  stage: lint
 #  script:
+#    - pwd
 #    - docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.62.2 golangci-lint run --timeout=10m
+#  except:
+#    - tags
 #Smoke test:
@@ Line 679: / Line 761: @@
 #    - docker run --rm alpine/curl -sS $MY_IP
 #    - docker stop $MY_ID
+#  except:
+#    - tags
+#Unit test:
+#  stage: prebuildtest
+#  script:
+#    - export PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring
+#    - poetry install
+#    - poetry run python3 -m unittest
+#  except:
+#    - tags
+#  tags:
+#    - build
 #Deploy:
@@ Line 723: / Line 818: @@
 gitlab_rails['omniauth_providers'] = [
   {
-    name: "openid_connect", # do not change this parameter
+    name: "openid_connect",
-    label: "Keycloak", # optional label for login button, defaults to "Openid Connect"
+    label: "Keycloak",
     args: {
       name: "openid_connect",
       scope: ["openid", "profile", "email"],
       response_type: "code",
-#     issuer:  "https://keycloak.example.com/realms/myrealm",
       issuer:  "https://keycloak.corpX.un/realms/corpX",
       client_auth_method: "query",
@@ Line 736: / Line 830: @@
       pkce: true,
       client_options: {
-#        identifier: "<YOUR CLIENT ID>",
         identifier: "any-client",
-#        secret: "<YOUR CLIENT SECRET>",
         secret: "anystring",
-#        redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback"
+#        redirect_uri: "https://gitlab.corpX.un/users/auth/openid_connect/callback"
-        redirect_uri: "https://gate.corpX.un/users/auth/openid_connect/callback"
+#        redirect_uri: "https://gate.corpX.un/users/auth/openid_connect/callback"
       }
     }

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools