User Tools
инструмент_gitlab
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
инструмент_gitlab [2026/02/07 05:02] val [Проверка конфигурации и перезапуск] |
инструмент_gitlab [2026/04/10 17:37] (current) val [Пример CI с использованием контейнеров] |
||
|---|---|---|---|
| Line 58: | Line 58: | ||
| gitlab_rails['registry_port'] = "5050" | gitlab_rails['registry_port'] = "5050" | ||
| registry['registry_http_addr'] = "0.0.0.0:5050" | registry['registry_http_addr'] = "0.0.0.0:5050" | ||
| + | #gitlab_rails['env'] = { 'SKIP_RAISE_ON_INITIALIZE_CONNECTIONS' => 'true' } | ||
| ports: | ports: | ||
| - '443:443' | - '443:443' | ||
| Line 109: | Line 110: | ||
| sudo -i | sudo -i | ||
| - | export BR=main; bash <(curl -s http://gate.corp13.un/api/v4/projects/1/repository/files/start.sh/raw?ref=$BR) | + | export BR=main; bash <(curl -s http://gate.corpX.un/api/v4/projects/1/repository/files/start.sh/raw?ref=$BR) |
| </code> | </code> | ||
| Line 119: | Line 120: | ||
| <code> | <code> | ||
| - | kube1:~/gitlab# cat adduser.sh | + | client1$ cat adduser.sh |
| </code><code> | </code><code> | ||
| GITLAB_URL="https://gitlab.corpX.un" | GITLAB_URL="https://gitlab.corpX.un" | ||
| - | PRIVATE_TOKEN="NNNNNNNNNNNN" | + | PRIVATE_TOKEN=NNNNNNNNNNNN |
| USER_EMAIL="user1@corpX.un" | USER_EMAIL="user1@corpX.un" | ||
| Line 153: | Line 154: | ||
| # ###gitlab-ctl status | # ###gitlab-ctl status | ||
| - | |||
| # ###gitlab-rake gitlab:check | # ###gitlab-rake gitlab:check | ||
| + | # ###gitlab-ctl tail sidekiq | ||
| # gitlab-ctl show-config | # gitlab-ctl show-config | ||
| Line 163: | Line 164: | ||
| ... | ... | ||
| </code> | </code> | ||
| + | ==== Настройка отправки почты ==== | ||
| + | * [[Утилита msmtp#sendmail без mta]] | ||
| + | <code> | ||
| + | root@gitlab:/# gitlab-rails console | ||
| + | irb(main):001> Notify.test_email('student@corp15.un', 'Message Subject', 'Message Body').deliver_now | ||
| + | </code> | ||
| ==== GitLab Docker Registry ==== | ==== GitLab Docker Registry ==== | ||
| Line 291: | Line 298: | ||
| * [[https://docs.gitlab.com/runner/install/linux-manually.html|Install GitLab Runner manually on GNU/Linux]] | * [[https://docs.gitlab.com/runner/install/linux-manually.html|Install GitLab Runner manually on GNU/Linux]] | ||
| - | * [[https://val.bmstu.ru/unix/Git/gitlab-runner_amd64.deb]] (16.10.0) | + | * [[https://val.bmstu.ru/unix/Git/gitlab-runner_amd64.deb]] (17.3.1-1) |
| <code> | <code> | ||
| Line 299: | Line 306: | ||
| ## Может занять 2 часа ## | ## Может занять 2 часа ## | ||
| - | # ###curl -LJO "https://s3.dualstack.us-east-1.amazonaws.com/gitlab-runner-downloads/latest/deb/gitlab-runner-helper-images.deb" | + | # ###curl -LJO "https://s3.dualstack.us-east-1.amazonaws.com/gitlab-runner-downloads/v18.6.2/deb/gitlab-runner-helper-images.deb" |
| - | # ###curl -LJO "https://s3.dualstack.us-east-1.amazonaws.com/gitlab-runner-downloads/latest/deb/gitlab-runner_amd64.deb" | + | # ###curl -LJO "https://s3.dualstack.us-east-1.amazonaws.com/gitlab-runner-downloads/v18.6.2/deb/gitlab-runner_amd64.deb" |
| # ###dpkg -i gitlab-runner-helper-images.deb gitlab-runner_amd64.deb | # ###dpkg -i gitlab-runner-helper-images.deb gitlab-runner_amd64.deb | ||
| </code> | </code> | ||
| Line 357: | Line 364: | ||
| -v /srv/gitlab-runner/config:/etc/gitlab-runner \ | -v /srv/gitlab-runner/config:/etc/gitlab-runner \ | ||
| -v /var/run/docker.sock:/var/run/docker.sock \ | -v /var/run/docker.sock:/var/run/docker.sock \ | ||
| - | gitlab/gitlab-runner:latest | + | gitlab/gitlab-runner:v18.6.2 |
| </code> | </code> | ||
| Line 365: | Line 372: | ||
| <code> | <code> | ||
| - | gate:~# docker run --rm -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register \ | + | gate:~# docker run --rm -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner:v18.6.2 register \ |
| --non-interactive \ | --non-interactive \ | ||
| --url "http://server.corpX.un/" \ | --url "http://server.corpX.un/" \ | ||
| Line 380: | Line 387: | ||
| <code> | <code> | ||
| - | gate:~# docker run --rm -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register \ | + | gate:~# docker run --rm -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner:v18.6.2 register \ |
| --non-interactive \ | --non-interactive \ | ||
| --url "http://server.corpX.un/" \ | --url "http://server.corpX.un/" \ | ||
| Line 396: | Line 403: | ||
| === TLS для DooD и DinD === | === TLS для DooD и DinD === | ||
| <code> | <code> | ||
| - | # cp wild.crt /srv/gitlab-runner/config/ | + | server# scp /opt/freeipa-data/etc/ipa/ca.crt client1:/srv/gitlab-runner/config/ |
| - | docker run --rm -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register \ | + | client1# docker run --rm -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner:v18.6.2 register \ |
| ... | ... | ||
| - | --url "https://server.corpX.un/" \ | + | --url "https://gitlab.corpX.un/" \ |
| - | --tls-ca-file "/etc/gitlab-runner/wild.crt" \ | + | --tls-ca-file "/etc/gitlab-runner/ca.crt" \ |
| ... | ... | ||
| </code> | </code> | ||
| Line 451: | Line 458: | ||
| <code> | <code> | ||
| - | Settings -> CI/CD -> Variables -> Add variable -> Masked and hidden ... ANS_V_SEC или VAULT_ADDR | + | Settings -> CI/CD -> Variables -> Add variable -> Masked and hidden ... ANS_V_SEC или VAULT_ADDR/VAULT_TOKEN |
| снять Protect variable | снять Protect variable | ||
| Line 458: | Line 465: | ||
| </code> | </code> | ||
| <code> | <code> | ||
| - | Administrator@Ra-master ~/openvpn1 (test) | + | ~/openvpn1# cat .gitlab-ci.yml |
| - | λ touch .gitlab-ci.yml | + | |
| или | или | ||
| Build -> Pipeline editor -> Configure Pipelines | Build -> Pipeline editor -> Configure Pipelines | ||
| Line 471: | Line 477: | ||
| - ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=test_nodes" | - ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=test_nodes" | ||
| # - echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml --vault-password-file=/bin/cat -e "variable_host=test_nodes" | # - echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml --vault-password-file=/bin/cat -e "variable_host=test_nodes" | ||
| - | # - sops exec-file --no-fifo inventory4.yaml 'ansible-playbook openvpn1.yaml -i {} -e "variable_host=test_nodes"' | + | # - sops exec-file --no-fifo inventory.yaml 'ansible-playbook openvpn1.yaml -i {} -e "variable_host=test_nodes"' |
| tags: | tags: | ||
| - ansible | - ansible | ||
| Line 482: | Line 488: | ||
| - ansible-playbook openvpn1.yaml -i inventory.yaml | - ansible-playbook openvpn1.yaml -i inventory.yaml | ||
| # - echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml --vault-password-file=/bin/cat | # - echo $ANS_V_SEC | ansible-playbook openvpn1.yaml -i inventory2.yaml --vault-password-file=/bin/cat | ||
| - | # - sops exec-file --no-fifo inventory4.yaml 'ansible-playbook openvpn1.yaml -i {}' | + | # - sops exec-file --no-fifo inventory.yaml 'ansible-playbook openvpn1.yaml -i {}' |
| tags: | tags: | ||
| - ansible | - ansible | ||
| Line 672: | Line 678: | ||
| # - prebuildtest | # - prebuildtest | ||
| - build | - build | ||
| + | # - scan | ||
| # - test | # - test | ||
| - push | - push | ||
| Line 703: | Line 710: | ||
| --pull | --pull | ||
| --cache-from $CI_REGISTRY_IMAGE:latest | --cache-from $CI_REGISTRY_IMAGE:latest | ||
| - | --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA | + | --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA . |
| - | . | + | |
| - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA | - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA | ||
| Line 765: | Line 771: | ||
| # except: | # except: | ||
| # - tags | # - tags | ||
| + | # tags: | ||
| + | # - build | ||
| + | |||
| + | #semgrep: | ||
| + | # stage: lint | ||
| + | # image: semgrep/semgrep | ||
| + | # script: semgrep --config=auto --error | ||
| + | # variables: | ||
| + | # SEMGREP_SRC_DIRECTORY: $CI_PROJECT_DIR | ||
| + | # #https_proxy: http://gate.isp.un:3128/ | ||
| + | # #no_proxy: localhost,127.0.0.1,isp.un,corpX.un | ||
| + | # except: | ||
| + | # - tags | ||
| + | # tags: | ||
| + | # - build | ||
| + | |||
| + | #Unit test: | ||
| + | # stage: prebuildtest | ||
| + | # script: | ||
| + | # - export PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring | ||
| + | # - poetry install | ||
| + | # - poetry run python3 -m unittest | ||
| + | # except: | ||
| + | # - tags | ||
| + | # tags: | ||
| + | # - build | ||
| #Smoke test: | #Smoke test: | ||
| Line 775: | Line 807: | ||
| # except: | # except: | ||
| # - tags | # - tags | ||
| + | # tags: | ||
| + | # - build | ||
| - | #Unit test: | + | #trivy: |
| - | # stage: prebuildtest | + | # stage: scan |
| + | # image: | ||
| + | # name: ghcr.io/aquasecurity/trivy | ||
| + | # entrypoint: [""] | ||
| + | # variables: | ||
| + | # #TRIVY_USERNAME: "$CI_REGISTRY_USER" | ||
| + | # #TRIVY_PASSWORD: "$CI_REGISTRY_PASSWORD" | ||
| + | # TRIVY_REGISTRY: "$CI_REGISTRY" | ||
| + | # TRIVY_CACHE_DIR: ".trivycache/" | ||
| # script: | # script: | ||
| - | # - export PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring | + | # - trivy image --exit-code 1 --severity HIGH --insecure $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA |
| - | # - poetry install | + | # cache: |
| - | # - poetry run python3 -m unittest | + | # paths: |
| + | # - ".trivycache/" | ||
| # except: | # except: | ||
| # - tags | # - tags | ||
| Line 804: | Line 847: | ||
| <code> | <code> | ||
| Name: test-cgi | Name: test-cgi | ||
| - | Redirect URI: http://gate.corp13.un/cgi-bin/test-cgi !!! Если URL каталога, то без финального "/" !!! | + | Redirect URI: http://gate.corpX.un/cgi-bin/test-cgi !!! Если URL каталога, то без финального "/" !!! |
| Trusted: Yes | Trusted: Yes | ||
| Confidential: Yes | Confidential: Yes | ||
инструмент_gitlab.1770429735.txt.gz · Last modified: 2026/02/07 05:02 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
