Moon Light Box

Time is Money

Posts match “ gitlab ” tag:

Linux - Change Gitlab Port

| Comments

# sudo vim /etc/gitlab/gitlab.rb

external_url 'http://10.10.10.10:81'  // Change to your IP
unicorn['port'] = 81
nginx['listen_port'] = 81
ci_nginx['listen_port'] = 81
mattermost_nginx['listen_port'] = 81
pages_nginx['listen_port'] = 81
# sudo gitalb-ctl reconfigure

Browser URL http://10.10.10.10:81

Gerrit - pre-receive hook declined

| Comments

Problem

When Gerrit sync data to Gitlab, the error message show in replication_log.

# tail -200 $GERRIT_HOME/log/replication_log

[2016-02-15 12:29:30,623] [19262100] Failed replicate of refs/heads/master to root@10.16.179.37:/var/opt/gitlab/git-data/repositories/root/test_only.git, reason: pre-receive hook declined

Solution

# vim $GERRIT_HOME/etc/replication.config

[remote "gitlab"]
    url = http://gerrit:XXXXX@10.10.10.10/gerrit/${name}.git  // You must create the "gerrit" account in Gitlab first.
    push = +refs/heads/*:refs/heads/*
    push = +refs/tags/*:refs/tags/*
    threads = 1

# $GERRIT_HOME/bin/gerrit.sh restart

GitLab - Enable Https

| Comments

Step 1. Generate a Private Key and Self-Signed Certificate

# openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/gitlab/ssl/192.168.1.1.key -out /etc/gitlab/ssl/192.168.1.1.crt

Generating a 4096 bit RSA private key
.....................++
.......................................................................++
writing new private key to '/etc/gitlab/ssl/192.168.1.1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:TW
State or Province Name (full name) []:Taiwan
Locality Name (eg, city) [Default City]:Kaohsiung
Organization Name (eg, company) [Default Company Ltd]:YOUR_COMPANY_NAME
Organizational Unit Name (eg, section) []: YOUR_DEPARTMENT_NAME
Common Name (eg, your name or your server's hostname) []:YOUR_NAME
Email Address []:YOUR_EMAIL

Note

The files name(192.168.1.1.key and 192.168.1.1.crt) are needed following rule in /etc/gitlab/gitlab.rb

external_url "https://192.168.1.1" <---- Files Name Rule.

Step 2. Perfect Forward Secrecy

# openssl dhparam -out /etc/gitlab/ssl/dhparams.pem 4096

Step 3. Modify gitlab.rb

# vim /etc/gitlab/gitlab.rb

...
...
external_url "https://192.168.1.1"
nginx['redirect_http_to_https'] = true
...
...
nginx['ssl_certificate'] = "/etc/gitlab/ssl/192.168.1.1.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/192.168.1.1.key"
...
...
nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparams.pem"
...
...

# gitlab-ctl reconfigure

https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04

https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#enable-https

GitLab - Install CI Runner in CentOS7

| Comments

Updated 2017-03-03

Step 1. Set Repository with RHEL/CentOS

# curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-ci-multi-runner/script.rpm.sh | sudo bash

# yum install gitlab-ci-multi-runner

Step 2. Register GitLab Runner.

# gitlab-ci-multi-runner register

(See GitLab - CI Runner Register x509 Error and GitLab - Register CI Runner)

Step 3. If you use GitLab Runner with Docker. (Must install docker first.)

# usermod -aG docker gitlab-runner
# su - gitlab-runner
# docker login 10.10.10.10:5000

https://gitlab.com/gitlab-org/gitlab-ci-multi-runner/blob/master/docs/install/linux-repository.md
https://docs.gitlab.com/ce/ci/docker/using_docker_images.html

GitLab - CI Runner Register x509 Error

| Comments

When you follow GitLab Document to install and set by

# gitlab-ci-multi-runner register

And you will occur x509 self-signed certificate error.

ERROR: Registering runner... failed runner=SScdJmzB status=couldn't execute POST against https://192.168.1.1/ci/api/v1/runners/register.json: Post https://192.168.1.1/te certificate for 192.168.1.1 because it doesn't contain any IP SANs
PANIC: Failed to register this runner. Perhaps you are having network problems

"It doesn't contain any IP SANs" error is caursed by invalid CN (default used domain name instead of IP).
So we need to modify openssl configuration in GitLab server (not GitLab CI Runner server).

# vim /etc/pki/tls/openssl.cnf

[ v3_ca ]
subjectAltName=IP:192.168.1.1 <---- Add this line. 192.168.1.1 is your GitLab server IP.

Then re-generate self-signed CA.

# cd /etc/gitlab/ssl
# openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/gitlab/ssl/192.168.1.1.key -out /etc/gitlab/ssl/192.168.1.1.crt
# openssl dhparam -out /etc/gitlab/ssl/dhparam.pem 4096
# gitlab-ctl restart

Copy the new CA to GitLab CI Runner server.

# scp /etc/gitlab/ssl/192.168.1.1.crt root@192.168.1.2:/etc/gitlab-runner/certs

http://yukinami.github.io/2015/11/26/Docker-CI/

GitLab - Register CI Runner

| Comments

# gitlab-ci-multi-runner --debug register
Runtime platform                                    arch=amd64 os=linux revision=b32125f version=1.10.4
Checking runtime mode                               GOOS=linux uid=0
Running in system-mode.

Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
-> https://10.10.10.10/ci

Please enter the gitlab-ci token for this runner:
-> sCzPxuwSLQrQwfiQk96u

Please enter the gitlab-ci description for this runner:
-> [Docker01]:

Please enter the gitlab-ci tags for this runner (comma separated):
-> TestProject

Whether to run untagged builds [true/false]:
-> [false]:

Trying to load /etc/gitlab-runner/certs/10.10.10.10.crt ...
Dialing: tcp 10.10.10.10:443 ...
Registering runner... succeeded                     runner=sCzPxuwS
Please enter the executor: ssh, shell, docker-ssh, parallels, virtualbox, docker+machine, docker-ssh+machine, kubernetes, docker:
-> shell

Please enter the default Docker image (e.g. ruby:2.1):
-> 10.10.10.10:5000/docker/TestProject:latest

Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

GitLab - Backup and Restore

| Comments

For omnibus installations

Step1. Backup

# gitlab-rake gitlab:backup:create
# ls -lah /var/opt/gitlab/backups/

-rw-------.  1 git  git  980K Jun 16 18:33 1466073203_gitlab_backup.tar
-rw-------.  1 git  git  1.1M Jun 24 08:39 1466728758_gitlab_backup.tar
-rw-------.  1 git  git  1.6M Jul  6 08:53 1467766425_gitlab_backup.tar
-rw-------.  1 git  git  3.3M Jul 21 19:16 1469099786_gitlab_backup.tar
-rw-------.  1 git  git  4.8M Aug 11 17:36 1470908204_gitlab_backup.tar
-rw-------.  1 git  git  5.8M Aug 23 16:15 1471940158_gitlab_backup.tar
-rw-------.  1 git  git  7.1M Sep  2 18:10 1472811017_gitlab_backup.tar
-rw-------.  1 git  git  8.0M Sep 26 10:26 1474856772_gitlab_backup.tar
-rw-------.  1 git  git  9.3M Oct 14 17:54 1476438840_gitlab_backup.tar
-rw-------.  1 git  git  9.8M Oct 24 09:13 1477271599_gitlab_backup.tar
-rw-------.  1 git  git  4.2G Oct 28 14:24 1477635758_gitlab_backup.tar // Restore this backup

Step2. Change Backup Files Path

# vim /etc/gitlab/gitlab.rb
gitlab_rails['backup_path'] = "/var/opt/gitlab/backups" // This is default path. You can change it.

# gitlab-ctl reconfigure

Step3. Crontab

// Schedule the backup for everyday at 2 AM
// The CRON=1 environment setting tells the backup script to suppress all progress output if there are no errors. This is recommended to reduce cron spam.

# crontab -e
0 2 * * * /opt/gitlab/bin/gitlab-rake gitlab:backup:create CRON=1
0 3 * * * /usr/bin/scp /var/opt/gitlab/backups/*_gitlab_backup.tar BACKUP_SERVER_ACCOUNT@BACKUP_SERVER:~/gitlab_backups

Step4. Set SSH key

# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
89:bd:c1:86:3e:f8:27:aa:b0:37:af:0f:e2:3b:a3:90 root@GitLab01
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|       = .       |
|      o S        |
| .   o . o       |
|E . . o .        |
|o*o. ....        |
|++**+..o         |
+-----------------+

# cat ~/.ssh/id_rsa.pub | ssh BACKUP_SERVER_ACCOUNT@BACKUP_SERVER "cat >> ~/.ssh/authorized_keys"

Step5. Set Backup Expire Time

# vim /etc/gitlab/gitlab.rb
gitlab_rails['backup_keep_time'] = 604800 // limit backup lifetime to 7 days - 604800 seconds

# gitlab-ctl reconfigure

Step6. Restore

# gitlab-ctl stop unicorn
# gitlab-ctl stop sidekiq
# gitlab-ctl status
# gitlab-rake gitlab:backup:restore BACKUP=1477635758
# gitlab-ctl start
# gitlab-rake gitlab:check SANITIZE=true

https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/raketasks/backup_restore.md
http://gwokae.mewggle.com/wordpress/2010/08/%E8%B6%85%E6%98%93-%E5%85%A9%E8%A1%8C%E6%8C%87%E4%BB%A4%E6%90%9E%E5%AE%9A-linux-ssh%E7%99%BB%E5%85%A5%E5%85%8D%E5%AF%86%E7%A2%BC/
http://ascendbruce.logdown.com/posts/139004-backup-ubuntu-linux-and-upload-to-another-server