« Gitlab » : différence entre les versions
De Banane Atomic
Aller à la navigationAller à la recherche
| Ligne 9 : | Ligne 9 : | ||
* [https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/dotNET-Core.gitlab-ci.yml .NET Gitlab CI template] | * [https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/dotNET-Core.gitlab-ci.yml .NET Gitlab CI template] | ||
{{warn | Ensure you have installed and registered [[Gitlab#Runner|runners]]}} | {{warn | Ensure you have installed and registered [[Gitlab#Runner|runners]]}} | ||
{{warn | Gitlab runs each job in a new container}} | |||
Gitlab → top left menu → Projects → My project → left column: Repository → Files | Gitlab → top left menu → Projects → My project → left column: Repository → Files | ||
| Ligne 28 : | Ligne 29 : | ||
- 'echo "$local_var ${VAR2}"' | - 'echo "$local_var ${VAR2}"' | ||
- echo ${VAR2} | - echo ${VAR2} | ||
rules: # the jib is executed only if one of the rules matches | |||
- if: $CI_PIPELINE_SOURCE == "merge_request_event" | |||
when: manual # manual job | |||
allow_failure: true # the pipeline continues running even if the manual job is not run | |||
- if: $CI_PIPELINE_SOURCE == "schedule" # if the first rule doesn’t match, then the second rule is evaluated | |||
when: on_success # default | |||
allow_failure: false # default | |||
cache: | cache: | ||
# | key: $CI_COMMIT_REF_SLUG # Share caches between jobs in the same branch | ||
key: "$CI_JOB_STAGE-$CI_COMMIT_REF_SLUG" | key: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG" # per-job and per-branch caching | ||
key: "$CI_JOB_STAGE-$CI_COMMIT_REF_SLUG" # per-stage and per-branch caching | |||
key: one-key-to-rule-them-all # share a cache across all branches and all jobs, use the same key for everything | |||
key: $CI_JOB_NAME # share a cache between branches, but have a unique cache for each job | |||
paths: | paths: | ||
- '$NUGET_PACKAGES_DIRECTORY' | - '$NUGET_PACKAGES_DIRECTORY' | ||
policy: pull-push | policy: pull-push # pull-push for changes to the default branch, pull for changes to other branches. | ||
before_script: | before_script: | ||
Version du 10 juin 2023 à 18:15
Links
Continuous Integration (CI)
Pipeline
 |
Ensure you have installed and registered runners |
|
Gitlab runs each job in a new container |
Gitlab → top left menu → Projects → My project → left column: Repository → Files
| .gitlab-ci.yml |
include:
template: Template1.gitlab-ci.yml
# define the docker image to use
image: mcr.microsoft.com/dotnet/sdk:7.0
variables:
VAR1: value
job1:
variables:
VAR2: "The $VAR1 is invalid"
script:
- local_var=value
- 'echo "$local_var ${VAR2}"'
- echo ${VAR2}
rules: # the jib is executed only if one of the rules matches
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
when: manual # manual job
allow_failure: true # the pipeline continues running even if the manual job is not run
- if: $CI_PIPELINE_SOURCE == "schedule" # if the first rule doesn’t match, then the second rule is evaluated
when: on_success # default
allow_failure: false # default
cache:
key: $CI_COMMIT_REF_SLUG # Share caches between jobs in the same branch
key: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG" # per-job and per-branch caching
key: "$CI_JOB_STAGE-$CI_COMMIT_REF_SLUG" # per-stage and per-branch caching
key: one-key-to-rule-them-all # share a cache across all branches and all jobs, use the same key for everything
key: $CI_JOB_NAME # share a cache between branches, but have a unique cache for each job
paths:
- '$NUGET_PACKAGES_DIRECTORY'
policy: pull-push # pull-push for changes to the default branch, pull for changes to other branches.
before_script:
- 'dotnet restore --packages $NUGET_PACKAGES_DIRECTORY'
build:
stage: build
script:
- 'dotnet build --no-restore'
tests:
stage: test
script:
- 'dotnet test --no-restore'
deploy:
stage: deploy
script: echo "Define your deployment script!"
environment: production
|
Log
Log files are in /var/log/gitlab
Change sidekiq log level
| /usr/share/webapps/gitlab/config/initializers/sidekiq.rb |
Sidekiq.configure_server do |config| # force WARN level config.logger.level = Logger::WARN # or set the same log level as Rails config.logger.level = Rails.logger.level |
Rails Console Session
|
sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rails console -e production |
Add new user
- from admin account → menu → admin
- Overview → Users
- click on the button New user (top right)
Resend confirmation email: https://gitlab.domain.net/users/confirmation/new
Installation
- install and configure PostgreSQL
|
|
sudo pacman gitlab |
| /etc/webapps/gitlab/gitlab.yml |
host: gitlab.domain.net port: 443 https: true |
Secret string
Fill the following files with a secret:
|
|
hexdump -v -n 64 -e '1/1 "%02x"' /dev/urandom | sudo dd of=/etc/webapps/gitlab/secret sudo chmod 640 /etc/webapps/gitlab/secret hexdump -v -n 64 -e '1/1 "%02x"' /dev/urandom | sudo dd of=/etc/webapps/gitlab-shell/secret sudo chmod 640 /etc/webapps/gitlab-shell/secret |
Set secrets in the following configuration file:
| /etc/webapps/gitlab/secrets.yml |
production: secret_key_base: [secret] db_key_base: [secret] otp_key_base: [secret] openid_connect_signing_key: [secret] encrypted_settings_key_base: [secret] |
Redis
|
|
# Add user gitlab to group redis cat /etc/group | grep redis sudo gpasswd -a gitlab redis |
| /etc/redis/redis.conf |
unixsocket /run/redis/redis.sock unixsocketperm 770 # don't listen on TCP #port 6379 port 0 |
| /etc/webapps/gitlab/resque.yml |
development: url: unix:/run/redis/redis.sock test: url: unix:/run/redis/redis.sock production: url: unix:/run/redis/redis.sock |
PostgreSQL database
|
|
# switch to the PostgreSQL user sudo -iu postgres # create a user named gitlab with superuser rights createuser --interactive # login into the databases server psql # change the password of the gitlab user \password gitlab # create the database create database gitlabdb OWNER gitlab; |
| /var/lib/postgres/data/pg_hba.conf |
# TYPE DATABASE USER METHOD local gitlabdb gitlab scram-sha-256 |
|
|
# login as gitlab psql -U gitlab -d gitlabdb |
| /etc/webapps/gitlab/database.yml |
production:
main:
adapter: postgresql
encoding: unicode
database: gitlabdb
username: gitlab
password: [password]
# host: localhost
# port: 5432
socket: /run/postgresql/.s.PGSQL.5432
|
|
|
# start redis and gitlab-gitaly sc-start redis sc-start gitlab-gitaly cd /usr/share/webapps/gitlab sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rake gitlab:setup |
Check
|
|
# Adjust modifier bits sudo chmod -R ug+rwX,o-rwx /var/lib/gitlab/repositories/ sudo chmod -R ug-s /var/lib/gitlab/repositories sudo find /var/lib/gitlab/repositories/ -type d -print0 | xargs -0 sudo chmod g+s sc-start postgresql sc-start redis sc-start gitlab.target sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rake gitlab:env:info sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rake gitlab:check |
Nginx
| /etc/nginx/sites-available/gitlab.conf |
upstream gitlab-workhorse {
server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
}
server {
listen 80; # IPv4 HTTP
#listen 443 ssl http2; # uncomment to enable IPv4 HTTPS + HTTP/2
#listen [::]:80; # uncomment to enable IPv6 HTTP
#listen [::]:443 ssl http2; # uncomment to enable IPv6 HTTPS + HTTP/2
server_name gitlab.localhost;
access_log /var/log/gitlab/nginx_access.log;
error_log /var/log/gitlab/nginx_error.log;
#ssl_certificate ssl/example.com.crt;
#ssl_certificate_key ssl/example.com.key;
location ~ ^/(assets)/ {
root /usr/share/webapps/gitlab/public;
gzip_static on; # to serve pre-gzipped version
expires max;
add_header Cache-Control public;
}
location / {
# unlimited upload size in nginx (so the setting in GitLab applies)
client_max_body_size 0;
# proxy timeout should match the timeout value set in /etc/webapps/gitlab/puma.rb
proxy_read_timeout 60;
proxy_connect_timeout 60;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy_set_header X-Forwarded-Ssl on;
proxy_pass http://gitlab-workhorse;
}
error_page 404 /404.html;
error_page 422 /422.html;
error_page 500 /500.html;
error_page 502 /502.html;
error_page 503 /503.html;
location ~ ^/(404|422|500|502|503)\.html$ {
root /usr/share/webapps/gitlab/public;
internal;
}
}
|
Fast lookup of authorized SSH keys
| /etc/ssh/sshd_config |
# Gitlab fast SSH key lookup AuthorizedKeysCommand /var/lib/gitlab/gitlab-shell/bin/gitlab-shell-authorized-keys-check gitlab %u %k AuthorizedKeysCommandUser gitlab |
|
|
# generate private and public keys: ~/.ssh/id_ed25519 ~/.ssh/id_ed25519.pub ssh-keygen -t ed25519 -C "$(whoami)@$(hostname)" # start ssh daemon sc-start sshd |
Add the public key to Gitlab:
- click on the user icone top right → edit profile
- SSH Keys on left menu
- paste the public key (~/.ssh/id_ed25519.pub)
- click on the Add key button
SMTP
| /etc/webapps/gitlab/smtp_settings.rb |
if Rails.env.production?
Rails.application.config.action_mailer.delivery_method = :smtp
secrets = Gitlab::Email::SmtpConfig.secrets
ActionMailer::Base.delivery_method = :smtp
ActionMailer::Base.smtp_settings = {
address: "smtp.domain.net",
port: 587,
user_name: secrets.username,
password: secrets.password,
domain: "domain.net",
authentication: :login,
enable_starttls_auto: true,
openssl_verify_mode: 'peer' # See ActionMailer documentation for other possible options
}
end
|
|
|
# add the username and password to the smtp:secret
sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rake gitlab:smtp:secret:edit EDITOR=nano
# open a Rails Console Session
sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rails console -e production
# check the configuration
ActionMailer::Base.delivery_method
# => :smtp
ActionMailer::Base.smtp_settings
# => {:address=>"smtp.domain.net", :port=587, ...
# send a test email
Notify.test_email('user@domain.net', 'Hello World', 'This is a test message').deliver_now
|
Runner
|
|
# install sudo pacman -S gitlab-runner # register sudo gitlab-runner register # GitLab instance URL: https://www.mygitlab.net/ # Registration token: Gitlab (admin) → top left menu → Admin → left column: CI/CD → Runners → right: Register an instance runner button → copy the registration token # Executor: docker # Default Docker image: mcr.microsoft.com/dotnet/sdk:6.0 # Configuration (with the authentication token) is saved in "/etc/gitlab-runner/config.toml" # bring runner online manually sudo gitlab-runner run # by running the service sc-start gitlab-runner |
| /etc/gitlab-runner/config.toml |
log_level = "debug" # change the loglevel
[[runners]]
url = "https://www.mygitlab.net/"
clone_url = "https://www.mygitlab.net/" # override the url defined in /etc/webapps/gitlab/gitlab.yml
environment = ["ENV=value", "LC_ALL=en_US.UTF-8"] # set environment variables
[runners.docker]
image = "mcr.microsoft.com/dotnet/sdk:7.0" # default docker image, used if no docker image is defined in the pipeline
extra_hosts = ["www.mygitlab.net:host-gateway"] # map www.mygitlab.net with the host, so the runner can access the website www.mygitlab.net running on the host
|
Errors
Number of Sidekiq processes (cluster/worker) ... 0/1
Sidekiq: ... Running? ... yes Number of Sidekiq processes (cluster/worker) ... 0/1 Try fixing it: sudo systemctl restart gitlab-sidekiq.service Please fix the error above and rerun the checks.
All migrations up? ... Exception: No such file or directory - bundle
Database config exists? ... yes All migrations up? ... Exception: No such file or directory - bundle
Cable config exists? ... no
Cable config exists? ... no Try fixing it: Copy config/cable.yml.example to config/cable.yml Update config/cable.yml to match your setup For more information see: doc/install/installation.md in section "GitLab" Please fix the error above and rerun the checks.
