CheatSheet - GitLab

CheatSheet - GitLab

Add SSH Key

Generate key:

ssh-keygen -t rsa -b 2048 -C "email@example.com"

Choose file location. Default one is /home/user/.ssh/id_rsa.

Set passphrase:

Enter passphrase (empty for no passphrase): 
Enter same passphrase again:

Print and copy pub key:

cat ~/.ssh/id_rsa.pub

Add public key to GitLab account under Profile Avatar -> Settings -> SSH Keys. Choose Title for your device and paste content from previous command.

Run SSH Agent and add your private key. It will ask you for a password you set previously.

eval $(ssh-agent -s)
ssh-add ~/.ssh/id_rsa

Test if everything is okay:

ssh -T git@gitlab.com

If everything was done correctly you must see: Welcome to GitLab, @USERNAME!

Docker Build

Following script can be used to build docker images with caching during GitLab pipelines. A image will be pushed to GitLab's docker registry.

image: docker:19.03.11

services:
- docker:19.03.11-dind

variables:
DOCKER_HOST: tcp://docker:2376
DOCKER_TLS_CERTDIR: "/certs"

before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY

build:
stage: build
script:
- docker pull $CI_REGISTRY_IMAGE:latest || true
- docker build --cache-from $CI_REGISTRY_IMAGE:latest --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA --tag $CI_REGISTRY_IMAGE:latest .
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
- docker push $CI_REGISTRY_IMAGE:latest

Install GitLab Omnibus

To install GitLab on Ubuntu 18.04 server run:

sudo apt-get update
sudo apt-get install -y curl openssh-server ca-certificates

sudo apt-get install -y postfix

Choose Internet Site and server's external DNS name for 'mail name'.

Then add repository and install GitLab CE:

curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash

sudo EXTERNAL_URL="https://gitlab.example.com" apt-get install gitlab-ee

On your first visit, you'll be redirected to a password reset screen. Provide the password for the initial administrator account and you will be redirected back to the login screen. Use the default account's username root to login.

Setup GitLab Runner

First install Docker on your server. For setup instructions you can refer to my CheatSheet Docker.

Steps required to setup GitLab Runner from Ubuntu repositories:

curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh | sudo bash
sudo apt-get install gitlab-runner

After installation is done register runner:

gitlab-runner register
  • Enter your GitLab instance URL
  • Enter the token you obtained to register the Runner
  • Enter a description for the Runner, you can change this later in GitLab's UI
  • Enter the tags associated with the Runner, you can change this later in GitLab’s UI
  • Enter the Runner executor - docker
  • If you chose Docker as your executor, you’ll be asked for the default image to be used for projects that do not define one in .gitlab-ci.yml - alpine:latest

If you get following error during docker operations in your stage:

error during connect: Post http://docker:2376/v1.40/auth: dial tcp: lookup docker on 67.207.67.2:53: no such host
ERROR: Job failed: exit code 1

You need to modify GitLab Runner config. Open /etc/gitlab-runner/config.toml and set:

privileged = true

You may also get an error for certifcates stating:

Error response from daemon: Client sent an HTTP request to an HTTPS server.
ERROR: Job failed: exit code 1

To solve edit config.toml again and add "/certs/client":

volumes = ["/cache", "/certs/client"]

Disable Sign Up

If you host self-managed GitLab server then you use it for only company or personal needs. It's a good idea to disable sign up function in this case. Otherwise you may found one day that some random people found your URL and registered an account. I had such case and to be honest for first several hours I thought my Omnibus deployment was hacked. I searched in logs for user creation information without any success. GitLab doesn't log registered users creation. When I was already out of ideas how to search in terminal, I realized it may be just simple registration. So now I always uncheck sign up option through Admin Area -> General -> Sign-up restrictions on my deployments. Please save your time and do it after initial setup is done. Otherwise you may be shocked by 'curious' users amount one day.


Link
No links yet.