• Youtube. RomNero. GitLab. Devops система
• GitLab бесплатен? gitlab-ee vs gitlab-ce

• Install self-managed GitLab
• Доступно из РФ: https://packages.gitlab.com/gitlab/gitlab-ce
• Configure Custom SSL to Secure GitLab Server

• gitlab initial root password

# cat /etc/gitlab/initial_root_password

# cat /etc/gitlab/gitlab.rb

# gitlab-ctl reconfigure

# cat /etc/gitlab/gitlab.rb

...
registry_external_url 'http://server.corpX.un'
...
gitlab_rails['registry_enabled'] = true
...
gitlab_rails['registry_host'] = "server.corpX.un"
...
registry['registry_http_addr'] = "server.corpX.un:5000"
...

# cat /etc/gitlab/gitlab.rb

...
grafana['http_addr'] = '0.0.0.0'
...

• Integrate LDAP with GitLab
• Установка и настройка OpenLDAP
• Хранение учетных записей UNIX в LDAP !!! с атрибутом почты и паролем

# cat /etc/gitlab/gitlab.rb

...
gitlab_rails['ldap_enabled'] = true

gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
  main:
    label: 'LDAP'
    host: 'server.corpX.un'
    port: 389
#    port: 636
    uid: 'uid'
    bind_dn: 'cn=admin,dc=corpX,dc=un'
    password: 'secret'
    encryption: 'plain'
#    encryption: 'simple_tls'
    active_directory: false
    base: 'ou=People,dc=corpX,dc=un'
...

• Install GitLab Runner manually on GNU/Linux

• GitLab: understanding pipelines, stages, jobs and organising them efficiently for speed and feedback loop

• https://val.bmstu.ru/unix/Git/gitlab-runner_amd64.deb (15.0.0)

root@node2:~# gitlab-runner register
shell или docker

root@node2:~# cat /etc/gitlab-runner/config.toml
log_level = "debug"
...

root@node2:~# systemctl start gitlab-runner

• CI/CD templates
• How to disable auto pipelines in gitlab

student@gate:~/dhcp$ cat .gitlab-ci.yml

test1:
  stage: test
  script:
    - echo $(date) "Do test dhcpd" >> /tmp/Bash.gitlab-ci.log
    - make test
  tags:
    - dhcptest

deploy1:
  stage: deploy
  script:
    - echo $(date) "Do deploy dhcpd" >> /tmp/Bash.gitlab-ci.log
    - sudo make install
  tags:
    - dhcpdeploy

root@server:~/openvpn1# cat .gitlab-ci.yml

deploy_test:
  stage: deploy
  script:
    - echo $(date) "Deploy TEST openvpn1" >> /tmp/Bash.gitlab-ci.log
    - ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=test_nodes"
  tags:
    - openvpn1deploy
  rules:
    - if: ($CI_COMMIT_BRANCH == "test" && $CI_COMMIT_REF_NAME == "test")

deploy_prod:
  stage: deploy
  script:
    - echo $(date) "Deploy PROD openvpn1" >> /tmp/Bash.gitlab-ci.log
    - ansible-playbook openvpn1.yaml -i inventory.yaml
  tags:
    - openvpn1deploy
  rules:
    - if: ($CI_COMMIT_BRANCH == "main" && $CI_COMMIT_REF_NAME == "main")

• Технология Docker Предоставление прав непривилегированным пользователям

vagrant@node1:~/project1$ cat .gitlab-ci.yml

test1:
  stage: test
  script:
    - echo $(date) "Do a test here" >> /tmp/Bash.gitlab-ci.log
    - shellcheck webd/webd
  tags:
    - shellcheck

deploy1:
  stage: deploy
  script:
    - echo $(date) "Do your deploy here" >> /tmp/Bash.gitlab-ci.log
    - docker-compose up -d
  tags:
    - webddeploy

gitlab-runner@gate:~/webd$ cat build.sh

#!/bin/sh

VER="$(echo $CI_COMMIT_MESSAGE | sed 's/[^a-zA-Z0-9\.]//g')"

docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD http://$CI_REGISTRY
docker build -t $CI_REGISTRY/$CI_REGISTRY_IMAGE:$VER webd
docker push $CI_REGISTRY/$CI_REGISTRY_IMAGE:$VER

gitlab-runner@gate:~/webd$ cat my-webd-deployment-env.yaml

...
        image: server.corp13.un:5000/student/webd:$VER

gitlab-runner@gate:~/webd$ cat deploy.sh

#!/bin/sh

export VER="$(echo $CI_COMMIT_MESSAGE | sed 's/[^a-zA-Z0-9\.]//g')"

#envsubst < my-webd-deployment-env.yaml | kubectl apply -f -
#kubectl apply -f my-webd-service.yaml,my-webd-ingress.yaml

#export HELM_NAMESPACE=my-ns
#helm test my-webd && helm upgrade my-webd webd-chart/ --set=image.tag=$VER || helm install my-webd webd-chart/ --set=image.tag=$VER

gitlab-runner@gate:~/webd$ cat .gitlab-ci.yml
stages:
  - lintertest
  - build
  - deploy

lintertest1:
  stage: lintertest
  script:
    - echo $(date) "Do a test here" >> /tmp/Bash.gitlab-ci.log
    - shellcheck webd/webd
  tags:
    - shellcheck

build1:
  stage: build
  script:
    - echo $(date) "Do a build here" >> /tmp/Bash.gitlab-ci.log
    - ./build.sh
  tags:
    - webddeploy

deploy1:
  stage: deploy
  script:
    - echo $(date) "Do your deploy k8s here" >> /tmp/Bash.gitlab-ci.log
    - ./deploy.sh
  tags:
    - webddeploy

• !!! URL без финального “/” !!!

Admin Area-> Applications-> val-auth-test
  Callback URL: https://val.bmstu.ru/auth-test
  Trusted: Yes