GitLab
Yes it's Ruby. And Go. Yes it's time for yet another shitty "solution to everything" framework... sigh...
GLAM hosts the GitLab website.
MATRYOSHKA hosts the gitlab-runner that performs GitLab jobs.
Configure
- To turn on/off registration:
Admin > Settings > General > Signup restrictions
Server
See the alias list on glam for a few gitlab commands available as shortcuts.
- Much of the server configuration (eg SMTP) is in this file:
👠 m@glam [~] sudo emacs /etc/gitlab/gitlab.rb
Change it, then reload it:
👠 m@glam [~] sudo gitlab-ctl reconfigure
- tail gitlab log
sudo tail -f /var/log/gitlab/gitlab-rails/production_json.log
- tail gitlab nginx
sudo tail -f /var/log/gitlab/nginx/gitlab_access.log
- service
sudo gitlab-ctl # to see commands sudo gitlab-ctl restart nginx sudo gitlab-ctl restart ok: run: alertmanager: (pid 463302) 1s ok: run: gitaly: (pid 463311) 0s ok: run: gitlab-exporter: (pid 463336) 0s ok: run: gitlab-workhorse: (pid 463338) 0s ok: run: grafana: (pid 463351) 1s ok: run: logrotate: (pid 463440) 0s ok: run: nginx: (pid 463446) 1s ok: run: node-exporter: (pid 463454) 0s ok: run: postgres-exporter: (pid 463461) 1s ok: run: postgresql: (pid 463475) 0s ok: run: prometheus: (pid 463484) 0s ok: run: puma: (pid 463499) 0s ok: run: redis: (pid 463504) 0s ok: run: redis-exporter: (pid 463510) 1s ok: run: sidekiq: (pid 463519) 0s sudo gitlab-ctl stop sudo gitlab-ctl tail
- to get to a rails console:
sudo gitlab-rails console
From there, you can do things like send a test email:
irb(main):010:0> irb(main):010:0> Notify.test_email('[email protected]', 'Message Subject', 'Message Body').deliver_now
Push Notifications
- I have email working. Each user can decide when they want to receive email notifications on events, by group and project.
- Consider coupling with RocketChat, see here
Runner
- to work with runners, use gitlab-runner cmd, eg:
gitlab-runner list sudo gitlab-runner status
Upgrade
Like so many other software packages, they are totally lazy and dont support version jumping. Check what you need to do here.
14.9 to 15
It is puking going from 14.9.3 to 15, even though it is supposedly supported. This helped.
sudo apt upgrade -y gitlab-ce=14.10.0-ce.0 Configuration backup archive complete: /etc/gitlab/config_backup/gitlab_config_1656455183_2022_06_28.tar
Now you can jump to 15.0. What fun.
sudo apt upgrade -y gitlab-ce=15.0.0-ce.0
And finally, to 15.1, the latest as of 2022/07.
sudo apt upgrade -y gitlab-ce
I pledge to NEVER EVER be this lazy with any software I release. It's just. Sad.
Install
- set up shitcutter.com in domains.google.com and certbot
- Set up haproxy redirection; see haproxy.cfg for details. Note that you will be redirecting shitcutter.com https to glam:8095 http.
- Install up to the point where you configure - basics:
curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash sudo apt update sudo apt -y install gitlab-ce
- You SHOULD IMMEDIATELY INSTALL the SAME VERSION of gitlab-runner but on a different machine - pita - see details below...
- configure; see MDM comments
sudo emacs /etc/gitlab/gitlab.rb # set external_url, registry_external_url (to enable docker registry), nginx port, etc.
- build
sudo gitlab-ctl reconfigure # whoa, this builds/bakes everything
- fix root pw RIGHT AWAY
sudo gitlab-rake "gitlab:password:reset[root]"
- browse to admin console and get configuring; for now, turn off sign-up (if anyone wants in later, we can turn it on as it has admin approval turned on)
SSH
First, each user needs to add their [.ssh/id_ed25519.pub] public key to their GitLab profile to use git with GitLab.
Once you add your [.ssh/id_ed25519.pub] key to your GitLab profile, this is the test to make sure GitLab has your ssh key:
ssh -T [email protected]
Being able to ssh in this specific way is essential to host code. If you have any problems, debug it!
[glam] sudo tail -f /var/log/auth.log --- [client] ssh -vvv [email protected]
WARNING: It took me a while to realize THERE'S NO DIRECT SSH PATHWAY to to my GitLab host machine (shitcutter.com), as it's on proxmox VM glam. I had to update [.ssh/config] to use bitpost.com as a jump server to get to glam from shitcutter.com ssh requests, like I do with morosoph. NICE!
# Allow shitcutter-via-bitpost for gitlab Host shitcutter.com sc shit ProxyCommand ssh -q bitpost.com nc -q0 glam 22
The next problem was that on glam, because I had set git up previously, the git user was "locked" (it had a password). Fix:
sudo passwd -d git
Next, I needed to add git to ssh AllowUsers. Done in the common file, so this should be good into the future.
sudo emacs ~/develop/config/common/etc/ssh/sshd_config sudo service sshd restart
And FINALLY, it works:
ssh -T [email protected] Welcome to GitLab, @moodboom!
SMTP
See /etc/gitlab/gitlab.rb
Runners
You have to install and config runners, to actually perform jobs, and CI. "Don't run them on the same host as GitLab". "You must ensure your GitLab and Runner versions match". Wtf. Pita. Whatevs.
- Follow instructions to install the latest runner via apt.
[matryoshka] curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh" | sudo bash sudo apt install gitlab-runner
NOTE it seems Debian bullseye (11) repo is out, but empty. You can use the Debian buster (10) repo on 11, which is reported to work fine:
curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh" | sudo os=debian dist=10 bash
- Then follow the somewhat byzantine instructions in GitLab, provided on the Admin > Runners page.
WARNING you have to do this with your specially-provided unique token... and you have to provide a name... and all this executor shit...
Command to register a runner:
[matryoshka] sudo gitlab-runner register --url https://shitcutter.com/ --registration-token ########## enter the executor: docker enter the gitlab-ci description: glam gitlab runner ("glam" was default, maybe should have used that...) enter the gitlab-ci tags: (none) enter the default Docker image: node:17-slim