这里记录 gitlab 的安装, 配置.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| # 拉取镜像
docker pull gitlab/gitlab-ce:16.7.3-ce.0
# 跑起来
docker run \
--privileged=true \
--hostname git.kentxxq.com \
--detach \
--publish 80:80 \
--publish 443:443 \
--publish 222:22 \
--name gitlab \
--restart unless-stopped \
--volume /root/gitlab/config:/etc/gitlab \
--volume /root/gitlab/logs:/var/log/gitlab \
--volume /root/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce:16.7.3-ce.0
# 停止,修改端口和url
docker stop gitlab
|
- 主机配置文件路径
/root/gitlab/config/gitlab.rb
- 容器内
/etc/gitlab/gitlab.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
| # 配置域名地址
external_url 'https://git.kentxxq.com'
# ssh地址
gitlab_rails['gitlab_ssh_host'] = 'git.kentxxq.com'
# ssh端口
gitlab_rails['gitlab_shell_ssh_port'] = 10022
# nginx的地址,允许它代理gitlab
gitlab_rails['trusted_proxies'] = ['nginx的ip地址']
# 禁用自带的 nginx
nginx['enable'] = false
# 服务监听方式
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "0.0.0.0:80"
|
如果不生效, 可以在容器内使用环境变量(遇到过配置文件不生效的 bug,用来临时解决问题)。
1
2
3
| export external_url="https://git.kentxxq.com"
gitlab-ctl reconfigure
gitlab-ctl restart
|
重新启动 docker start gitlab
stream 放置在 nginx.conf
的最外层配置,用于 ssh 方式拉取代码
1
2
3
4
5
6
7
8
9
10
11
12
13
| stream {
upstream gitlab {
hash $remote_addr consistent;
server 172.16.0.52:222;
}
server {
listen 10022;
proxy_connect_timeout 30s;
proxy_timeout 300s;
proxy_pass gitlab;
}
}
|
配置域名代理
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
| server {
listen 80;
server_name git.kentxxq.com;
return 301 https://$server_name$request_uri;
access_log /usr/local/nginx/conf/hosts/logs/git.kentxxq.com.log k-json;
}
server {
listen 443 ssl http2;
server_name git.kentxxq.com;
access_log /usr/local/nginx/conf/hosts/logs/git.kentxxq.com.log k-json;
# 普通header头,ip之类的
include /usr/local/nginx/conf/options/normal.conf;
# 证书相关
include /usr/local/nginx/conf/options/ssl_chinnshi.conf;
location / {
proxy_pass http://172.16.0.52:80;
}
}
|
gitlab 的全局变量数有上限.
1
2
3
| gitlab-rails console
# 等待出现控制台
Plan.default.actual_limits.update!(ci_instance_level_variables: 100)
|
1
2
| gitlab-ctl reconfigure
gitlab-ctl restart
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| # 停止现有容器
docker stop gitlab
# 清理
docker system prune
# 启动容器
docker run \
--privileged=true \
--hostname git.kentxxq.com \
--detach \
--publish 80:80 \
--publish 443:443 \
--publish 222:22 \
--name gitlab \
--restart unless-stopped \
--volume /root/gitlab/config:/etc/gitlab \
--volume /root/gitlab/logs:/var/log/gitlab \
--volume /root/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce:15.11.2-ce.0
# 登录后台查看没有任务执行,即可重复升级步骤
|
官网备份手册
1
2
3
4
5
6
7
8
9
10
| # 创建备份
docker exec -it gitlab gitlab-backup create
# 拷贝 gitlab.rb,secrets.json,1686724904_2023_06_14_14.8.4_gitlab_backup.tar
# 停止两个服务
gitlab-ctl stop puma
gitlab-ctl stop sidekiq
# 开始恢复,忽略掉_gitlab_backup.tar
docker exec -it gitlab gitlab-backup restore BACKUP=1686724904_2023_06_14_14.8.4
# 重启容器
docker restart gitlab
|
这里只是 CICD 的安装调试,具体使用看 gitlab-cicd教程.
前期准备
开始安装
1
2
3
| curl -LJO "https://gitlab-runner-downloads.s3.amazonaws.com/latest/deb/gitlab-"runner_amd64.deb
dpkg -i gitlab-runner_amd64.deb
usermod -aG docker gitlab-runner
|
配置 runner
1
2
3
4
5
6
7
8
9
10
11
| root@cicd:~# gitlab-runner register
Runtime platform arch=amd64 os=linux pid=18805 revision=8925d9a0 version=14.1.0
Running in system-mode.
Enter the GitLab instance URL (for example, https://gitlab.com/):
https://git.kentxxq.com/
Enter the registration token:
token秘钥
Enter a description for the runner:[cicd]: docker-ci
Enter tags for the runner (comma-separated):docker-ciRegistering runner... succeeded runner=3uS9CxxN
Enter an executor: parallels, shell, ssh, virtualbox, docker+machine, kubernetes, custom, docker-ssh, docker-ssh+machine, docker:shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
|
修改配置 /etc/gitlab-runner/config.toml
, 然后重启 gitlab-runner restart
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| concurrent = 20
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "runner01"
url = "https://git.kentxxq.com/"
token = "token秘钥"
executor = "shell"
#pre_clone_script = "sudo chown -R gitlab-runner:gitlab-runner ."
#pre_clone_script = "sudo chmod -R 777 ."
[runners.custom_build_dir]
enabled = true
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
[runners.cache.azure]
|
免密 sudo
1
2
| # vim /etc/sudoers加入
gitlab-runner ALL=(ALL) NOPASSWD: ALL
|
1
2
3
4
5
6
7
8
| # 注册
docker run --rm -it -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register
# 启动
docker run -d --name gitlab-runner --restart always \
-v /root/gitlab-runner/config:/etc/gitlab-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
gitlab/gitlab-runner:latest
|
配置 runner 文件 ~/gitlab-runner/config/config.toml
的 runners.cache
部分。
minio 的安装看 minio教程.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
| concurrent = 5
check_interval = 0
shutdown_timeout = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "shared"
url = "https://gitlab.kentxxq.com/"
id = 1
token = "1"
token_obtained_at = 2024-01-16T07:29:28Z
token_expires_at = 0001-01-01T00:00:00Z
executor = "docker"
[runners.cache]
# MaxUploadedArchiveSize = 0
Type = "s3"
Path = "cicd"
Shared = true
[runners.cache.s3]
ServerAddress = "minio-cicd.kentxxq.com"
AccessKey = "1"
SecretKey = "2"
BucketName = "runner"
Insecure = false
|
通常放在 <GitLab 安装路径>/repositories/<命名空间>/<项目名称>.git/hooks/pre-receive
.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
| #!/bin/bash
#pre-receive script
#set -x #for debugging
LG='test_new'
validate_ref()
{
# --- Arguments
oldrev=$(git rev-parse $1)
newrev=$(git rev-parse $2)
refname="$3"
echo $oldrev
echo $newrev
echo $3
commitList=`git rev-list $oldrev..$newrev`
# echo $commitList
split=($commitList)
for s in ${split[@]}
do
echo "@@@@@@@"
echo "$s"
msg=`git cat-file commit $s | sed '1,/^$/d'`
echo $msg
result1=$(echo $msg|grep "$LG")
result2=$(echo $3|grep "$LG")
echo $result1
echo $result2
if [ "$result1"x != ""x ] && [ "$result2"x != "$3"x ] ;then
echo "!!! include $LG"
exit 1
else
echo "ok"
fi
done
}
fail=""
# Allow dual mode: run from the command line just like the update hook, or
# if no arguments are given then run as a hook script
if [ -n "$1" -a -n "$2" -a -n "$3" ]; then
# Output to the terminal in command line mode - if someone wanted to
# resend an email; they could redirect the output to sendmail
# themselves
PAGER= validate_ref $2 $3 $1
else
while read oldrev newrev refname
do
validate_ref $oldrev $newrev $refname
done
fi
if [ -n "$fail" ]; then
exit $fail
fi
|