gitlab 使用

安装

https://docs.gitlab.com/ee/install/docker.html

volume目录

1
mkdir  -p  /mnt/oss/gitlab/{config,logs,data}
docker-compose.yml
docker-compose.yml
version: '3.6'
services:
  web:
    image: 'gitlab/gitlab-ce:16.6.2-ce.0'
    restart: always
    container_name: gitlab
    # hostname: 'gitlab-ce' #hostname标签是设置容器的主机名
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.ui.k8s.cn:18443'
        letsencrypt['enable'] = false
        gitlab_rails['gitlab_ssh_host'] = 'gitlab.ui.k8s.cn'
        gitlab_rails['gitlab_shell_ssh_port'] = 2224
        gitlab_rails['gravatar_enabled'] = true
        #### For HTTPS
        gitlab_rails['gravatar_ssl_url'] = "https://seccdn.libravatar.org/avatar/%{hash}?s=%{size}&d=identicon"
        #### Use this line instead for HTTP
        # gitlab_rails['gravatar_plain_url'] = "http://cdn.libravatar.org/avatar/%{hash}?s=%{size}&d=identicon"

#gitlab_rails['initial_root_password'] = 'c123456;'
#复制crt证书到挂载目录 nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.ui.k8s.cn.crt" nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.ui.k8s.cn.key"
#配置http自动跳转到https协议的地址; nginx['redirect_http_to_https'] = true
nginx['enable'] = true nginx['client_max_body_size'] = '250m' #配置监听容器内的443端口,注意不是外面主机的443端口 nginx['listen_port'] = 443
nginx['ssl_protocols'] = "TLSv1.1 TLSv1.2" nginx['logrotate_frequency'] = "weekly" nginx['logrotate_rotate'] = 52 nginx['logrotate_compress'] = "compress" nginx['logrotate_method'] = "copytruncate" nginx['logrotate_delaycompress'] = "delaycompress"
nginx['proxy_set_headers'] = { "X-Forwarded-Proto" => "https", "X-Forwarded-Ssl" => "on", }
nginx['custom_error_pages'] = { '404' => { 'title' => 'Example title', 'header' => 'Example header', 'message' => 'Example message' } }
# gitlab_rails['smtp_enable'] = true # gitlab_rails['smtp_address'] = "smtp.example.com" # gitlab_rails['smtp_port'] = 587 # gitlab_rails['smtp_user_name'] = "no-reply@example.com" # gitlab_rails['smtp_password'] = "changeMeToSomethingGood" # gitlab_rails['smtp_domain'] = "example.com" # gitlab_rails['smtp_authentication'] = "login" # gitlab_rails['smtp_enable_starttls_auto'] = true ports: - '8980:80' - '18443:443' - '2224:22' volumes: - '/mnt/oss/gitlab/config:/etc/gitlab' - '/mnt/oss/gitlab/logs:/var/log/gitlab' - '/mnt/oss/gitlab/data:/var/opt/gitlab' - '/mnt/oss/gitlab/certs:/etc/gitlab/ssl' shm_size: '256m'
gitlab-runner: image: 'gitlab/gitlab-runner:v16.9.0' restart: unless-stopped container_name: 'gitlab-runner' depends_on: - web privileged: true extra_hosts: - "gitlab.ui.k8s.cn:192.168.122.1" # 添加主机名 volumes: - /mnt/oss/gitlab/runner/config:/etc/gitlab-runner - /var/run/docker.sock:/var/run/docker.sock - /mnt/oss/gitlab/certs/gitlab.ui.k8s.cn.crt:/home/gitlab-runner/gitlab.ui.k8s.cn.crt

修改密码

https://docs.gitlab.com/ee/security/reset_user_password.html

❯ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5c93a696c65e gitlab/gitlab-ce:16.6.2-ce.0 “/assets/wrapper” 7 minutes ago Up 7 minutes (healthy) 443/tcp, 0.0.0.0:2224->22/tcp, :::2224->22/tcp, 0.0.0.0:8929->80/tcp, :::8929->80/tcp gitlab-web-1
❯ docker exec -it 5c93 gitlab-rails console
-——————————————————————————-
Ruby: ruby 3.0.6p216 (2023-03-30 revision 23a532679b) [x86_64-linux]
GitLab: 16.6.2 (d2d66de7163) FOSS
GitLab Shell: 14.30.0
PostgreSQL: 13.12
-———————————————————–[ booted in 25.71s ]
Loading production environment (Rails 7.0.8)
irb(main):001:0> user = User.where(id:1).first
=> #<User id:1 @root>
irb(main):002:0> user.password=’cs123456’
=> “cs123456”
irb(main):003:0> user.save!
=> true
irb(main):004:0> exit

头像

https://docs.gitlab.com/ee/administration/libravatar.html

https://blog.csdn.net/qq_28550263/article/details/129100636

用户

ssh

1
2
3
ssh-keygen -t rsa -C "cs@test.com" -f ~/.ssh/id_rsa_personal

ssh-add ~/.ssh/id_rsa_personal

密码

initial_root_password

1
2
3
4
5
$ docker exec -it `docker ps | grep gitlab | awk '{print $1}'` gitlab-rails console -e production
irb> user = User.where(id: 1).first
irb> user.password = 'new_password'
irb> user.password_confirmation = 'new_password'
irb> user.save!

CICD

.gitlab-ci.yml https://docs.gitlab.com/ee/ci/examples/

gitlab-ci.yml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
#只在特定分支或标签上运行job
only:
- master #branches
- v1.27.16 #tags

#只在特定文件或目录更改时运行job
only:
changes:
- "app/**/*"
- "tests/**/*"


#只在推送到特定的Kubernetes环境时运行job
only:
- kubernetes: production #kubernetes在production环境

runner

1
❯ docker exec -it gitlab-runner bash

root@12687d11d44d:/# ls -l /home/gitlab-runner/gitlab.ui.k8s.cn.crt
-rw-r–r– 1 root root 1476 Feb 12 06:27 /home/gitlab-runner/gitlab.ui.k8s.cn.crt
root@12687d11d44d:/# gitlab-runner register --url https://gitlab.ui.k8s.cn:18443 \
--token glrt-sxEp2iazjXgPkXNCKMA7 \
--tls-ca-file=/home/gitlab-runner/gitlab.ui.k8s.cn.crt
Runtime platform arch=amd64 os=linux pid=27 revision=656c1943 version=16.9.0
Running in system-mode.

Enter the GitLab instance URL (for example, https://gitlab.com/):
[https://gitlab.ui.k8s.cn:18443]\: 上面url指定直接回车
Verifying runner… is valid runner=sxEp2iazj
Enter a name for the runner. This is stored only in the local config.toml file:

[12687d11d44d]: test_dev 配置文件runner的name
Enter an executor: custom, shell, parallels, docker+machine, kubernetes, docker-autoscaler, instance, ssh, virtualbox, docker, docker-windows:
docker
Enter the default Docker image (for example, ruby:2.7):
python:3.10
Runner registered successfully. Feel free to start it, but if it’s running already the config should be automatically reloaded!

Configuration (with the authentication token) was saved in “/etc/gitlab-runner/config.toml”

配置

[runners.docker]

https://docs.gitlab.cn/runner/configuration/advanced-configuration.html#runnersdocker-%E9%83%A8%E5%88%86

自定义构建目录

https://docs.gitlab.cn/runner/configuration/advanced-configuration.html#runnerscustom_build_dir-%E9%83%A8%E5%88%86

1
2
3
4
5
6
7
8
9
stages:
- build

build_job:
stage: build
script:
- echo "Building the project"
variables:
GIT_CLONE_PATH: "$CI_BUILDS_DIR/$CI_PROJECT_PATH_SLUG"

cache

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[runners.cache]
# 激活缓存的类型为:s3
Type = "s3"
# 是否共享缓存
# 如果不共享,则会根据 [[runners]] 中的 token 前 8 位创建文件夹,每个 [[runners]] 缓存仅自己能使用
Shared = false
[runners.cache.s3]
# 缓存服务器的地址+端口
ServerAddress = "192.168.80.14:9000"
# Access Keys 账户凭证
AccessKey = "hCfpQlQuEXtBYEAw"
SecretKey = "kHH5RwzCRiRUtujKlNRZZZFpuANm6Yr1"
# 创建的 Buckets 名称
BucketName = "bucket-1"
# 设置为 true 代表不使用 https
Insecure = true

示例

docker
docker-compose.yml
docker-compose.yml
version: '3.6'
services:
  web:
    image: 'gitlab/gitlab-ce:16.6.2-ce.0'
    restart: always
    container_name: gitlab
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.ui.k8s.cn:18443'
        letsencrypt['enable'] = false
        gitlab_rails['gitlab_ssh_host'] = 'gitlab.ui.k8s.cn'
        gitlab_rails['gitlab_shell_ssh_port'] = 2224
        gitlab_rails['gravatar_enabled'] = true
        #### For HTTPS
        gitlab_rails['gravatar_ssl_url'] = "https://seccdn.libravatar.org/avatar/%{hash}?s=%{size}&d=identicon"
        #### Use this line instead for HTTP
        # gitlab_rails['gravatar_plain_url'] = "http://cdn.libravatar.org/avatar/%{hash}?s=%{size}&d=identicon"

#gitlab_rails['initial_root_password'] = 'c123456;'
#复制crt证书到挂载目录 nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.ui.k8s.cn.crt" nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.ui.k8s.cn.key"
#配置http自动跳转到https协议的地址; nginx['redirect_http_to_https'] = true
nginx['enable'] = true nginx['client_max_body_size'] = '250m' #配置监听容器内的443端口,注意不是外面主机的443端口 nginx['listen_port'] = 443
nginx['ssl_protocols'] = "TLSv1.1 TLSv1.2" nginx['logrotate_frequency'] = "weekly" nginx['logrotate_rotate'] = 52 nginx['logrotate_compress'] = "compress" nginx['logrotate_method'] = "copytruncate" nginx['logrotate_delaycompress'] = "delaycompress"
nginx['proxy_set_headers'] = { "X-Forwarded-Proto" => "https", "X-Forwarded-Ssl" => "on", }
nginx['custom_error_pages'] = { '404' => { 'title' => 'Example title', 'header' => 'Example header', 'message' => 'Example message' } }
# gitlab_rails['smtp_enable'] = true # gitlab_rails['smtp_address'] = "smtp.example.com" # gitlab_rails['smtp_port'] = 587 # gitlab_rails['smtp_user_name'] = "no-reply@example.com" # gitlab_rails['smtp_password'] = "changeMeToSomethingGood" # gitlab_rails['smtp_domain'] = "example.com" # gitlab_rails['smtp_authentication'] = "login" # gitlab_rails['smtp_enable_starttls_auto'] = true ports: - '8980:80' - '18443:443' - '2224:22' volumes: - '/mnt/oss/gitlab/config:/etc/gitlab' - '/mnt/oss/gitlab/logs:/var/log/gitlab' - '/mnt/oss/gitlab/data:/var/opt/gitlab' - '/mnt/oss/gitlab/certs:/etc/gitlab/ssl' shm_size: '256m' networks: - gitlab-network
gitlab-runner: image: 'gitlab/gitlab-runner:v16.9.0' restart: unless-stopped container_name: 'gitlab-runner' depends_on: - web privileged: true extra_hosts: - "gitlab.ui.k8s.cn:192.168.122.1" # 添加主机名 - "k8s.org:192.168.122.1" # 添加主机名 volumes: - /mnt/oss/gitlab/runner/config:/etc/gitlab-runner - /var/run/docker.sock:/var/run/docker.sock - /mnt/oss/gitlab/certs/gitlab.ui.k8s.cn.crt:/home/gitlab-runner/gitlab.ui.k8s.cn.crt networks: - gitlab-network networks: gitlab-network: driver: bridge
gitlab-runner config.toml
config.toml
[[runners]]
  name = "test_dev"
  url = "https://gitlab.ui.k8s.cn:18443"
  id = 4
  token = "glrt-sxEp2iazjXgPkXNCKMA7"
  token_obtained_at = 2024-02-22T11:29:02Z
  token_expires_at = 0001-01-01T00:00:00Z
  tls-ca-file = "/home/gitlab-runner/gitlab.ui.k8s.cn.crt"
  executor = "docker"
  [runners.cache]
    MaxUploadedArchiveSize = 0
  [runners.docker]
    extra_hosts = ["gitlab.ui.k8s.cn:192.168.122.1"]
    tls_verify = false
    image = "k8s.org/cs/docker:20.10.16"
    privileged = true
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/cache","/home/cs/.docker/config.json:/root/.docker/config.json:ro"]
    shm_size = 0
    pull_policy = "if-not-present"
  [[runners.docker.services]]
      name = "k8s.org/cs/python:3.10.2"  
Dockerfile
Dockerfile
FROM k8s.org/cs/python:3.10.2
#自定义描述
MAINTAINER cs
# 环境变量设置时区 与本地时区一致
ENV TZ=Asia/Shanghai
#创建容器目录
RUN mkdir -p /opt/test
#将本地包打入容器
ADD . /opt/test
#环境
RUN pip install -r /opt/test/requirements.txt  -i https://mirrors.aliyun.com/pypi/simple/
#绑定端口
EXPOSE 5000
#启动
CMD ["python","/opt/test/hello.py"]
  
.gitlab_ci.yml
gitlab_ci.yml
default: # 定义了一个默认的参数,如果 job 里没有 参数,就使用这个
  # only:
  #   - main
  #   - /^issue-.*$/
  #   - merge_requests
  tags:  #指定流水线使用哪个runner去运行,只能定义到一个具体的项目,tags的取值范围是该项目可见的runner
    - dev
  # services:
  #   - name: k8s.org/cs/docker:20.10.16
  before_script:
    - echo "before......"
    - docker  info
  after_script:
    - echo "end ....."



stages: # List of stages for jobs, and their order of execution - build build-job: # This job runs in the build stage, which runs first. stage: build only: #限定某些分支或者某些tag changes: - README except: refs: - main script: - echo "build the code..." - pwd - ls -l - docker build -t k8s.org/cs/test:0.0.1 . - docker push k8s.org/cs/test:0.0.1

shell

https://docs.gitlab.cn/runner/executors/shell.html

scp 推送

异常

CI/CD 500

1
2
3
4
5
6
7
8
9
10
11
12
❯ sudo cat   /mnt/oss/gitlab/logs/gitlab-rails/production.log | grep -C 5 -m1 'aes256_gcm_decrypt'
10: #js-project-runner-registration-dropdown{ data: { registration_token: @project.runners_token, project_id: @project.id } }
11: - else
12: = _('Please contact an admin to create runners.')
13: = link_to _('Learn more.'), help_page_path('administration/settings/continuous_integration', anchor: 'restrict-runner-registration-by-all-users-in-an-instance'), target: '_blank', rel: 'noopener noreferrer'

lib/gitlab/crypto_helper.rb:28:in `aes256_gcm_decrypt'
app/models/concerns/token_authenticatable_strategies/encryption_helper.rb:16:in `decrypt_token'
app/models/concerns/token_authenticatable_strategies/encrypted.rb:78:in `get_encrypted_token'
app/models/concerns/token_authenticatable_strategies/encrypted.rb:113:in `token_set?'
app/models/concerns/token_authenticatable_strategies/base.rb:50:in `ensure_token!'
app/models/concerns/token_authenticatable.rb:54:in `block in add_authentication_token_field'

关键字 aes256_gcm_decrypt 清空/mnt/oss/gitlab/config/gitlab-secrets.json导致

grep -C 5 -m1

A/B/C 匹配后/匹配前/匹配前后 接行数

m1 匹配一次就停止

docker job

repository拉取超时

Failed to connect to xxxxxx after 129591 ms: Couldn’t connect to server

#config.toml

[runners.docker]
#network_mode = “bridge”
extra_hosts = [“gitlab.ui.k8s.cn:192.168.122.1”]

push unauthorized

harbor可以pull ,是因为仓库设置了anonymous 可以pull

1
2
printf "my_username:my_password" | openssl base64 -A
Y3M6Q3MxMjM0NTY=

修改 runner 的 config.toml

https://docs.gitlab.cn/jh/ci/docker/using_docker_images.html#%E9%85%8D%E7%BD%AE-runner

1
2
3
4
5
6
[[runners]]
environment = ["DOCKER_AUTH_CONFIG={\"auths\":{\"ip:prot\":{\"auth\":\"Y3M6Q3MxMjM0NTY=\"}}}"]

before_script:
- mkdir -p $HOME/.docker
- echo $DOCKER_AUTH_CONFIG > $HOME/.docker/config.json

https://docs.gitlab.cn/jh/ci/docker/using_docker_build.html#%E9%80%89%E9%A1%B9-3%E4%BD%BF%E7%94%A8-docker_auth_config

1
2
 [runners.docker]
volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/cache","/home/cs/.docker/config.json:/root/.docker/config.json:ro"]

使用该方式.gitlab-ci.yml无需其他处理

点击打赏
文章目录
  1. 1. 安装
    1. 1.1. volume目录
    2. 1.2. 修改密码
    3. 1.3. 头像
    4. 1.4. 用户
  2. 2. CICD
    1. 2.1. gitlab-ci.yml
    2. 2.2. runner
    3. 2.3. 配置
      1. 2.3.1. [runners.docker]
      2. 2.3.2. 自定义构建目录
      3. 2.3.3. cache
      4. 2.3.4. 示例
        1. 2.3.4.1. docker
        2. 2.3.4.2. shell
    4. 2.4. 异常
      1. 2.4.1. CI/CD 500
      2. 2.4.2. docker job
        1. 2.4.2.1. repository拉取超时
        2. 2.4.2.2. push unauthorized
载入天数...载入时分秒... ,