User Tools
инструмент_gitlab
This is an old revision of the document!
Table of Contents
Инструмент GitLab
Установка
- RAM от 4Gb
- Доступно из РФ: https://packages.gitlab.com/gitlab/gitlab-ce
# time ansible-playbook conf/ansible/roles/mail.yml real 2m57.922s # cat /etc/apache2/ports.conf
... 81 ...
# service apache2 restart
http://server.corpX.un:81/mail/
# apt-get install -y curl ca-certificates perl # curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | bash # time EXTERNAL_URL="http://server.corpX.un" apt-get install gitlab-ce ... real 15m49.787s ..
Подключение
Подключение к Web интерфейсу
# cat /etc/gitlab/initial_root_password
# gitlab-rake "gitlab:password:reset[root]"
Подключение через API
- Project access tokens (в примере достаточно пункта api)
root@node2:~# curl --header "PRIVATE-TOKEN: NNNNNNNNNNNNNNNNNNNNN" "http://server.corp13.un/api/v4/projects/4/repository/files/docker-compose.yml/raw?ref=master" | tee docker-compose.yml
Настройка
Файл конфигурации
# cat /etc/gitlab/gitlab.rb
... external_url 'http://server.corpX.un' ...
# gitlab-ctl reconfigure
GitLab Docker Registry
# cat /etc/gitlab/gitlab.rb
registry_external_url 'http://server.corpX.un' gitlab_rails['registry_enabled'] = true gitlab_rails['registry_host'] = "server.corpX.un" registry['registry_http_addr'] = "server.corpX.un:5000" ...
GitLab Grafana
# cat /etc/gitlab/gitlab.rb
... grafana['http_addr'] = '0.0.0.0' ...
Управление пользователями
Внутренние пользователи
- Username - login, Name - ФИО
Использование LDAP
- Хранение учетных записей UNIX в LDAP !!! с атрибутом почты и паролем
# cat /etc/gitlab/gitlab.rb
...
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main:
label: 'LDAP'
host: 'server.corpX.un'
port: 389
# port: 636
uid: 'uid'
bind_dn: 'cn=admin,dc=corpX,dc=un'
password: 'secret'
encryption: 'plain'
# encryption: 'simple_tls'
active_directory: false
base: 'ou=People,dc=corpX,dc=un'
...
GitLab Runner
# wget http://gate.isp.un/unix/Git/gitlab-runner_amd64.deb # dpkg -i gitlab-runner_amd64.deb # gitlab-runner register ... Enter the GitLab instance URL: http://server.corpX.un Enter the registration token: ... ... Enter tags for the runner: dhcptest, dhcpdeploy или Enter tags for the runner: openvpn1deploy ... Enter an executor: shell ... # cat /etc/gitlab-runner/config.toml log_level = "debug" ...
# systemctl restart gitlab-runner # gitlab-runner verify
GitLab CI/CD
Пример shell make
IDE GitLab->New File: .gitlab-ci.yml или CI/CD -> Editor -> Configure Pipelines
test1-job:
stage: test
script:
- echo $(date) "Do test dhcpd" >> /tmp/Bash.gitlab-ci.log
- make test
tags:
- dhcptest
deploy1-job:
stage: deploy
script:
- echo $(date) "Do deploy dhcpd" >> /tmp/Bash.gitlab-ci.log
- sudo make install
tags:
- dhcpdeploy
Пример shell ansible
Administrator@Ra-master ~/openvpn1 (test) λ touch .gitlab-ci.yml
deploy_test:
stage: deploy
script:
- echo $(date) "Deploy TEST openvpn1" >> /tmp/Bash.gitlab-ci.log
- ansible-playbook openvpn1.yaml -i inventory.yaml -e "variable_host=test_nodes"
tags:
- openvpn1deploy
only:
- test
deploy_prod:
stage: deploy
script:
- echo $(date) "Deploy PROD openvpn1" >> /tmp/Bash.gitlab-ci.log
- ansible-playbook openvpn1.yaml -i inventory.yaml
tags:
- openvpn1deploy
only:
# - master
# - main
Пример shell docker
- Технология Docker Предоставление прав непривилегированным пользователям
- Попробовать after_script для удаления неудачно собранного контейнера …???
# Надо назначить в GitLab export CI_REGISTRY=server.corpX.un:5000 export CI_REGISTRY_IMAGE=student/webd export CI_REGISTRY_USER=student export CI_REGISTRY_PASSWORD=password # в GitLab будет устанавливается автоматически export CI_COMMIT_MESSAGE="ver 1.2"
gitlab-runner@server:~/webd$ cat build.sh ... ---> Using cache ... ..............: Layer already exists ...
#!/bin/sh VER="$(echo $CI_COMMIT_MESSAGE | sed 's/[^a-zA-Z0-9\.]//g')" docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD http://$CI_REGISTRY docker build -t webd webd #docker build --no-cache -t webd webd docker tag webd $CI_REGISTRY/$CI_REGISTRY_IMAGE:$VER docker tag webd $CI_REGISTRY/$CI_REGISTRY_IMAGE docker push $CI_REGISTRY/$CI_REGISTRY_IMAGE:$VER docker push $CI_REGISTRY/$CI_REGISTRY_IMAGE
gitlab-runner@server:~/webd$ sh build.sh
gitlab-runner@server:~/webd$ cat .gitlab-ci.yml
stages:
- lintertest
- build
# - deploy
lintertest1:
stage: lintertest
script:
- echo $(date) "Do a test here" >> /tmp/Bash.gitlab-ci.log
- shellcheck webd/webd
tags:
- shellcheck
build1:
stage: build
script:
- echo $(date) "Do a build here" >> /tmp/Bash.gitlab-ci.log
- sh build.sh
tags:
- webdbuild
#deploy1:
# stage: deploy
# script:
# - echo $(date) "Do your deploy k8s here" >> /tmp/Bash.gitlab-ci.log
# - sh deploy.sh
# tags:
# - webddeploy
Пример shell Kubernetes
gitlab-runner@server:~/webd$ cp my-webd-deployment.yaml my-webd-deployment-env.yaml gitlab-runner@server:~/webd$ cat my-webd-deployment-env.yaml
...
image: server.corp13.un:5000/student/webd:$VER
...
gitlab-runner@gate:~/webd$ cat deploy.sh
#!/bin/sh kubectl apply -f my-webd-deployment.yaml #export VER="$(echo $CI_COMMIT_MESSAGE | sed 's/[^a-zA-Z0-9\.]//g')" #envsubst < my-webd-deployment-env.yaml | kubectl apply -f - kubectl apply -f my-webd-service.yaml #export HELM_NAMESPACE=my-ns #helm test my-webd && helm upgrade my-webd webd-chart/ --set=image.tag=$VER || helm install my-webd webd-chart/ --set=image.tag=$VER
Сервер OAuth2
- !!! URL без финального “/” !!!
Admin Area-> Applications-> val-auth-test Callback URL: https://val.bmstu.ru/auth-test Trusted: Yes
инструмент_gitlab.1663950911.txt.gz · Last modified: 2022/09/23 19:35 by val
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
