User Tools
инструмент_gitlab
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
инструмент_gitlab [2025/07/29 09:16] val [Установка из пакета] |
инструмент_gitlab [2025/12/26 15:11] (current) val [Пример CI с использованием контейнеров] |
||
|---|---|---|---|
| Line 35: | Line 35: | ||
| * [[Технология Docker]] | * [[Технология Docker]] | ||
| * [[Технология Docker#docker-compose]] | * [[Технология Docker#docker-compose]] | ||
| + | * [[#Включение TLS]] | ||
| <code> | <code> | ||
| # cat docker-compose.yml | # cat docker-compose.yml | ||
| </code><code> | </code><code> | ||
| - | version: '3.6' | ||
| services: | services: | ||
| - | web: | + | gitlab: |
| - | image: 'gitlab/gitlab-ce:latest' | + | # image: 'gitlab/gitlab-ce:latest' |
| - | # image: 'gitlab/gitlab-ce:16.7.4-ce.0' | + | image: 'gitlab/gitlab-ce:18.6.2-ce.0' |
| + | # userns_mode: 'host' | ||
| + | # privileged: true | ||
| restart: always | restart: always | ||
| hostname: 'server.corpX.un' | hostname: 'server.corpX.un' | ||
| Line 55: | Line 57: | ||
| registry_external_url 'https://server.corpX.un:5000' | registry_external_url 'https://server.corpX.un:5000' | ||
| gitlab_rails['registry_port'] = "5050" | gitlab_rails['registry_port'] = "5050" | ||
| - | registry['registry_http_addr'] = "server.corpX.un:5050" | + | registry['registry_http_addr'] = "0.0.0.0:5050" |
| ports: | ports: | ||
| - '443:443' | - '443:443' | ||
| Line 62: | Line 64: | ||
| volumes: | volumes: | ||
| - '/etc/gitlab:/etc/gitlab' | - '/etc/gitlab:/etc/gitlab' | ||
| - | - '/srv/gitlab/logs:/var/log/gitlab' | + | - vol1:/var/opt/gitlab |
| - | - '/srv/gitlab/data:/var/opt/gitlab' | + | |
| shm_size: '256m' | shm_size: '256m' | ||
| - | logging: | + | volumes: |
| - | driver: "json-file" | + | vol1: |
| - | options: | + | |
| - | max-size: "2048m" | + | |
| </code><code> | </code><code> | ||
| # docker-compose up -d | # docker-compose up -d | ||
| - | # docker logs root_web_1 -n 10 -f | + | # docker-compose logs -f |
| ### docker-compose stop | ### docker-compose stop | ||
| - | ### rm -r /srv/gitlab/ /etc/gitlab/ | ||
| </code> | </code> | ||
| ==== Установка через Ansible Role ==== | ==== Установка через Ansible Role ==== | ||
| Line 88: | Line 86: | ||
| ==== Подключение через API ==== | ==== Подключение через API ==== | ||
| + | |||
| + | === проект === | ||
| * Токен доступа: Settings -> Access Tokens ([[https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html|Project access tokens]]), в примере достаточно role: Reporter, Scopes: api | * Токен доступа: Settings -> Access Tokens ([[https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html|Project access tokens]]), в примере достаточно role: Reporter, Scopes: api | ||
| Line 108: | Line 108: | ||
| export BR=main; bash <(curl -s http://gate.corp13.un/api/v4/projects/1/repository/files/start.sh/raw?ref=$BR) | export BR=main; bash <(curl -s http://gate.corp13.un/api/v4/projects/1/repository/files/start.sh/raw?ref=$BR) | ||
| + | </code> | ||
| + | |||
| + | === REST API интерфейс === | ||
| + | |||
| + | * Search or go to... -> Profile -> Personal access tokens -> Add new token -> api -> Create token | ||
| + | |||
| + | == Добавление пользователя == | ||
| + | |||
| + | <code> | ||
| + | kube1:~/gitlab# cat adduser.sh | ||
| + | </code><code> | ||
| + | GITLAB_URL="https://gitlab.corpX.un" | ||
| + | PRIVATE_TOKEN="NNNNNNNNNNNN" | ||
| + | |||
| + | USER_EMAIL="user1@corpX.un" | ||
| + | USER_PASSWORD="Pa\$\$w0rd" | ||
| + | USER_USERNAME="user1" | ||
| + | USER_NAME="Your Name" | ||
| + | |||
| + | curl --header "PRIVATE-TOKEN: $PRIVATE_TOKEN" \ | ||
| + | --header "Content-Type: application/json" \ | ||
| + | --request POST \ | ||
| + | --data "{ \"email\": \"$USER_EMAIL\", \"password\": \"$USER_PASSWORD\", \"username\": \"$USER_USERNAME\", \"name\": \"$USER_NAME\", \"admin\": true }" \ | ||
| + | "$GITLAB_URL/api/v4/users" -k | ||
| </code> | </code> | ||
| ===== Настройка ===== | ===== Настройка ===== | ||
| Line 222: | Line 246: | ||
| * [[Установка и настройка OpenLDAP]] | * [[Установка и настройка OpenLDAP]] | ||
| * [[Хранение учетных записей UNIX в LDAP]] !!! с атрибутом почты и паролем | * [[Хранение учетных записей UNIX в LDAP]] !!! с атрибутом почты и паролем | ||
| + | * [[Решение FreeIPA]] | ||
| <code> | <code> | ||
| Line 234: | Line 259: | ||
| host: 'server.corpX.un' | host: 'server.corpX.un' | ||
| # host: 'server2.corpX.un' | # host: 'server2.corpX.un' | ||
| + | # host: '192.168.X.10' | ||
| port: 389 | port: 389 | ||
| # uid: 'uid' | # uid: 'uid' | ||
| Line 239: | Line 265: | ||
| # bind_dn: 'cn=admin,dc=corpX,dc=un' | # bind_dn: 'cn=admin,dc=corpX,dc=un' | ||
| # password: 'secret' | # password: 'secret' | ||
| + | # bind_dn: 'uid=admin,cn=users,cn=accounts,dc=corpX,dc=un' | ||
| + | # password: 'strongpassword' | ||
| bind_dn: 'cn=Administrator,cn=Users,dc=corpX,dc=un' | bind_dn: 'cn=Administrator,cn=Users,dc=corpX,dc=un' | ||
| password: 'Pa$$w0rd' | password: 'Pa$$w0rd' | ||
| Line 415: | Line 443: | ||
| * [[https://stackoverflow.com/questions/52169219/get-branch-name-in-gitlab-ci|Get Branch name in gitlab ci]] | * [[https://stackoverflow.com/questions/52169219/get-branch-name-in-gitlab-ci|Get Branch name in gitlab ci]] | ||
| + | <code> | ||
| + | Settings -> CI/CD -> Variables -> Add variable -> Masked and hidden ... ANS_V_SEC | ||
| + | |||
| + | снять Protect variable | ||
| + | ИЛИ | ||
| + | Settings -> Repository -> Protected Branches - Add Protected Branch -> test | ||
| + | </code> | ||
| <code> | <code> | ||
| Administrator@Ra-master ~/openvpn1 (test) | Administrator@Ra-master ~/openvpn1 (test) | ||
| Line 428: | Line 463: | ||
| script: | script: | ||
| - ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=test_nodes" | - ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=test_nodes" | ||
| + | # - echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml --vault-password-file=/bin/cat -e "variable_host=test_nodes" | ||
| tags: | tags: | ||
| - | - openvpn1deploy | + | - ansible |
| - | # - ansible | + | |
| only: | only: | ||
| - test | - test | ||
| Line 438: | Line 473: | ||
| script: | script: | ||
| - ansible-playbook openvpn1.yaml -i inventory.yaml | - ansible-playbook openvpn1.yaml -i inventory.yaml | ||
| + | # - echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml --vault-password-file=/bin/cat | ||
| tags: | tags: | ||
| - | - openvpn1deploy | + | - ansible |
| - | # - ansible | + | |
| only: | only: | ||
| - | # - master | + | - main |
| - | # - main | + | |
| </code> | </code> | ||
| Line 612: | Line 646: | ||
| * [[https://akyriako.medium.com/build-golang-docker-images-with-gitlab-ci-pipelines-2117f8505350|Build Golang Docker images with GitLab CI Pipelines]] | * [[https://akyriako.medium.com/build-golang-docker-images-with-gitlab-ci-pipelines-2117f8505350|Build Golang Docker images with GitLab CI Pipelines]] | ||
| * [[https://blog.callr.tech/building-docker-images-with-gitlab-ci-best-practices/|Best practices for building docker images with GitLab CI]] | * [[https://blog.callr.tech/building-docker-images-with-gitlab-ci-best-practices/|Best practices for building docker images with GitLab CI]] | ||
| + | |||
| + | * [[https://habr.com/ru/articles/764568/|Настройка CI/CD для Gitlab-репозитория: схемы и гайд по шагам (на примере Spring Boot-приложения)]] | ||
| * [[https://stackoverflow.com/questions/63693061/how-to-run-a-script-from-file-in-another-project-using-include-in-gitlab-ci|How to run a script from file in another project using include in GitLab CI?]] | * [[https://stackoverflow.com/questions/63693061/how-to-run-a-script-from-file-in-another-project-using-include-in-gitlab-ci|How to run a script from file in another project using include in GitLab CI?]] | ||
| Line 633: | Line 669: | ||
| #variables: | #variables: | ||
| # DOCKER_TLS_CERTDIR: "" | # DOCKER_TLS_CERTDIR: "" | ||
| + | # KANIKO_REGISTRY_MIRROR: "mirror.gcr.io" | ||
| #services: | #services: | ||
| Line 784: | Line 821: | ||
| gitlab_rails['omniauth_providers'] = [ | gitlab_rails['omniauth_providers'] = [ | ||
| { | { | ||
| - | name: "openid_connect", # do not change this parameter | + | name: "openid_connect", |
| - | label: "Keycloak", # optional label for login button, defaults to "Openid Connect" | + | label: "Keycloak", |
| args: { | args: { | ||
| name: "openid_connect", | name: "openid_connect", | ||
| scope: ["openid", "profile", "email"], | scope: ["openid", "profile", "email"], | ||
| response_type: "code", | response_type: "code", | ||
| - | # issuer: "https://keycloak.example.com/realms/myrealm", | ||
| issuer: "https://keycloak.corpX.un/realms/corpX", | issuer: "https://keycloak.corpX.un/realms/corpX", | ||
| client_auth_method: "query", | client_auth_method: "query", | ||
| Line 797: | Line 833: | ||
| pkce: true, | pkce: true, | ||
| client_options: { | client_options: { | ||
| - | # identifier: "<YOUR CLIENT ID>", | ||
| identifier: "any-client", | identifier: "any-client", | ||
| - | # secret: "<YOUR CLIENT SECRET>", | ||
| secret: "anystring", | secret: "anystring", | ||
| - | # redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback" | + | # redirect_uri: "https://gitlab.corpX.un/users/auth/openid_connect/callback" |
| - | redirect_uri: "https://gate.corpX.un/users/auth/openid_connect/callback" | + | # redirect_uri: "https://gate.corpX.un/users/auth/openid_connect/callback" |
| } | } | ||
| } | } | ||
инструмент_gitlab.1753769813.txt.gz · Last modified: 2025/07/29 09:16 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
