« Gitlab » : différence entre les versions

De Banane Atomic
Aller à la navigationAller à la recherche
Ligne 332 : Ligne 332 :
# Executor: docker
# Executor: docker
# Default Docker image: mcr.microsoft.com/dotnet/sdk:6.0
# Default Docker image: mcr.microsoft.com/dotnet/sdk:6.0
# Configuration (with the authentication token) is saved in "/etc/gitlab-runner/config.toml"


# bring runner online
# bring runner online

Version du 9 juin 2023 à 21:45

Links

Continuous Integration (CI)

Pipeline

Ensure you have installed and registered runners

Gitlab → top left menu → Projects → My project → left column: Repository → Files

.gitlab-ci.yml
# use a docker image with the dotnet sdk already available
image: mcr.microsoft.com/dotnet/sdk:7.0

variables:
  # 1) Name of directory where restore and build objects are stored.
  OBJECTS_DIRECTORY: 'obj'
  # 2) Name of directory used for keeping restored dependencies.
  NUGET_PACKAGES_DIRECTORY: '.nuget'
  # 3) A relative path to the source code from project repository root.
  # NOTE: Please edit this path so it matches the structure of your project!
  SOURCE_CODE_PATH: '*/*/'

cache:
  # Per-stage and per-branch caching.
  key: "$CI_JOB_STAGE-$CI_COMMIT_REF_SLUG"
  paths:
    # Specify three paths that should be cached:
    #
    # 1) Main JSON file holding information about package dependency tree, packages versions,
    # frameworks etc. It also holds information where to the dependencies were restored.
    - '$SOURCE_CODE_PATH$OBJECTS_DIRECTORY/project.assets.json'
    # 2) Other NuGet and MSBuild related files. Also needed.
    - '$SOURCE_CODE_PATH$OBJECTS_DIRECTORY/*.csproj.nuget.*'
    # 3) Path to the directory where restored dependencies are kept.
    - '$NUGET_PACKAGES_DIRECTORY'

  policy: pull-push

before_script:
  - 'dotnet restore --packages $NUGET_PACKAGES_DIRECTORY'

build:
  stage: build
  script:
    - 'dotnet build --no-restore'

tests:
  stage: test
  script:
    - 'dotnet test --no-restore'

deploy:
  stage: deploy
  script: echo "Define your deployment script!"
  environment: production

Log

Log files are in /var/log/gitlab

Change sidekiq log level

/usr/share/webapps/gitlab/config/initializers/sidekiq.rb
Sidekiq.configure_server do |config|
  # force WARN level
  config.logger.level = Logger::WARN
  # or set the same log level as Rails
  config.logger.level = Rails.logger.level

Rails Console Session

Bash.svg
sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rails console -e production

Add new user

  1. from admin account → menu → admin
  2. Overview → Users
  3. click on the button New user (top right)

Resend confirmation email: https://gitlab.domain.net/users/confirmation/new

Installation

  1. install and configure PostgreSQL
Bash.svg
sudo pacman gitlab
/etc/webapps/gitlab/gitlab.yml
host: gitlab.domain.net
port: 443
https: true

Secret string

Fill the following files with a secret:

Bash.svg
hexdump -v -n 64 -e '1/1 "%02x"' /dev/urandom | sudo dd of=/etc/webapps/gitlab/secret
sudo chmod 640 /etc/webapps/gitlab/secret

hexdump -v -n 64 -e '1/1 "%02x"' /dev/urandom | sudo dd of=/etc/webapps/gitlab-shell/secret
sudo chmod 640 /etc/webapps/gitlab-shell/secret

Set secrets in the following configuration file:

/etc/webapps/gitlab/secrets.yml
production:
  secret_key_base: [secret]
  db_key_base: [secret]
  otp_key_base: [secret]
  openid_connect_signing_key: [secret]
  encrypted_settings_key_base: [secret]

Redis

Bash.svg
# Add user gitlab to group redis
cat /etc/group | grep redis
sudo gpasswd -a gitlab redis

Listen on socket

/etc/redis/redis.conf
unixsocket /run/redis/redis.sock
unixsocketperm 770

# don't listen on TCP
#port 6379
port 0
/etc/webapps/gitlab/resque.yml
development:
  url: unix:/run/redis/redis.sock
test:
  url: unix:/run/redis/redis.sock
production:
  url: unix:/run/redis/redis.sock

PostgreSQL database

Bash.svg
# switch to the PostgreSQL user
sudo -iu postgres

# create a user named gitlab with superuser rights
createuser --interactive

# login into the databases server
psql

# change the password of the gitlab user
\password gitlab

# create the database
create database gitlabdb OWNER gitlab;
/var/lib/postgres/data/pg_hba.conf
# TYPE  DATABASE        USER            METHOD
local   gitlabdb        gitlab          scram-sha-256
Bash.svg
# login as gitlab
psql -U gitlab -d gitlabdb
/etc/webapps/gitlab/database.yml
production:
  main:
    adapter: postgresql
    encoding: unicode
    database: gitlabdb
    username: gitlab
    password: [password]
    # host: localhost
    # port: 5432
    socket: /run/postgresql/.s.PGSQL.5432
Bash.svg
# start redis and gitlab-gitaly
sc-start redis
sc-start gitlab-gitaly

cd /usr/share/webapps/gitlab
sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rake gitlab:setup

Check

Bash.svg
# Adjust modifier bits
sudo chmod -R ug+rwX,o-rwx /var/lib/gitlab/repositories/
sudo chmod -R ug-s /var/lib/gitlab/repositories
sudo find /var/lib/gitlab/repositories/ -type d -print0 | xargs -0 sudo chmod g+s

sc-start postgresql
sc-start redis
sc-start gitlab.target

sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rake gitlab:env:info
sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rake gitlab:check

Nginx

/etc/nginx/sites-available/gitlab.conf
upstream gitlab-workhorse {
  server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
}

server {
  listen 80;                  # IPv4 HTTP
  #listen 443 ssl http2;      # uncomment to enable IPv4 HTTPS + HTTP/2
  #listen [::]:80;            # uncomment to enable IPv6 HTTP
  #listen [::]:443 ssl http2; # uncomment to enable IPv6 HTTPS + HTTP/2
  server_name gitlab.localhost;

  access_log  /var/log/gitlab/nginx_access.log;
  error_log   /var/log/gitlab/nginx_error.log;

  #ssl_certificate ssl/example.com.crt;
  #ssl_certificate_key ssl/example.com.key;

  location ~ ^/(assets)/ {
    root /usr/share/webapps/gitlab/public;
    gzip_static on; # to serve pre-gzipped version
    expires max;
    add_header Cache-Control public;
  }

  location / {
      # unlimited upload size in nginx (so the setting in GitLab applies)
      client_max_body_size 0;

      # proxy timeout should match the timeout value set in /etc/webapps/gitlab/puma.rb
      proxy_read_timeout 60;
      proxy_connect_timeout 60;
      proxy_redirect off;

      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      #proxy_set_header X-Forwarded-Ssl on;

      proxy_pass http://gitlab-workhorse;
  }

  error_page 404 /404.html;
  error_page 422 /422.html;
  error_page 500 /500.html;
  error_page 502 /502.html;
  error_page 503 /503.html;
  location ~ ^/(404|422|500|502|503)\.html$ {
    root /usr/share/webapps/gitlab/public;
    internal;
  }
}

Fast lookup of authorized SSH keys

/etc/ssh/sshd_config
# Gitlab fast SSH key lookup
AuthorizedKeysCommand /var/lib/gitlab/gitlab-shell/bin/gitlab-shell-authorized-keys-check gitlab %u %k
AuthorizedKeysCommandUser gitlab
Bash.svg
# generate private and public keys: ~/.ssh/id_ed25519 ~/.ssh/id_ed25519.pub
ssh-keygen -t ed25519 -C "$(whoami)@$(hostname)"

# start ssh daemon
sc-start sshd

Add the public key to Gitlab:

  1. click on the user icone top right → edit profile
  2. SSH Keys on left menu
  3. paste the public key (~/.ssh/id_ed25519.pub)
  4. click on the Add key button

SMTP

/etc/webapps/gitlab/smtp_settings.rb
if Rails.env.production?
  Rails.application.config.action_mailer.delivery_method = :smtp
  secrets = Gitlab::Email::SmtpConfig.secrets

  ActionMailer::Base.delivery_method = :smtp
  ActionMailer::Base.smtp_settings = {
    address: "smtp.domain.net",
    port: 587,
    user_name: secrets.username,
    password: secrets.password,
    domain: "domain.net",
    authentication: :login,
    enable_starttls_auto: true,
    openssl_verify_mode: 'peer' # See ActionMailer documentation for other possible options
  }
end
Bash.svg
# add the username and password to the smtp:secret
sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rake gitlab:smtp:secret:edit EDITOR=nano

# open a Rails Console Session
sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rails console -e production

# check the configuration
ActionMailer::Base.delivery_method
# => :smtp
ActionMailer::Base.smtp_settings
# => {:address=>"smtp.domain.net", :port=587, ...

# send a test email
Notify.test_email('user@domain.net', 'Hello World', 'This is a test message').deliver_now

Runner

Bash.svg
# install
sudo pacman -S gitlab-runner

# register
sudo gitlab-runner register
# GitLab instance URL: https://www.mygitlab.net/
# Registration token: Gitlab (admin) → top left menu → Admin → left column: CI/CD → Runners → right: Register an instance runner button → copy the registration token
# Executor: docker
# Default Docker image: mcr.microsoft.com/dotnet/sdk:6.0

# Configuration (with the authentication token) is saved in "/etc/gitlab-runner/config.toml"

# bring runner online
sudo gitlab-runner run

Errors

Number of Sidekiq processes (cluster/worker) ... 0/1

Sidekiq: ... Running? ... yes
Number of Sidekiq processes (cluster/worker) ... 0/1
  Try fixing it:
  sudo systemctl restart gitlab-sidekiq.service
  Please fix the error above and rerun the checks.

All migrations up? ... Exception: No such file or directory - bundle

Database config exists? ... yes
All migrations up? ... Exception: No such file or directory - bundle

Cable config exists? ... no

Cable config exists? ... no
  Try fixing it:
  Copy config/cable.yml.example to config/cable.yml
  Update config/cable.yml to match your setup
  For more information see:
  doc/install/installation.md in section "GitLab"
  Please fix the error above and rerun the checks.