环境准备
| sed -e 's|^mirrorlist=|#mirrorlist=|g' \ |
| -e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' \ |
| -i.bak /etc/yum.repos.d/rocky-*.repo |
| dnf makecache |
| setenforce 0 |
| sed -i 's#^SELINUX=.*#SELINUX=disabled#' /etc/sysconfig/selinux |
| systemctl stop firewalld |
部署Docker
| curl -o /etc/yum.repos.d/docker-ce.repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo |
| dnf install docker-ce |
部署GitLab
| [root@gitlab ~]# cat docker-compose.yaml |
| version: '3.6' |
| services: |
| gitlab: |
| image: gitlab/gitlab-ce:latest |
| container_name: gitlab |
| restart: always |
| hostname: 'gitlab' |
| environment: |
| TZ: 'Asia/Shanghai' |
| GITLAB_OMNIBUS_CONFIG: | |
| # Add any other gitlab.rb configuration here, each on its own line |
| external_url 'http://gitlab.sundayhk.com' |
| gitlab_rails['gitlab_shell_ssh_port'] = 8022 |
| #nginx['listen_port'] = 80 |
| nginx['client_max_body_size'] = '2048m' |
| gitlab_rails['smtp_enable'] = true |
| gitlab_rails['smtp_address'] = "smtp.qq.com" |
| gitlab_rails['smtp_port'] = 465 |
| gitlab_rails['smtp_user_name'] = "xxx@qq.com" |
| gitlab_rails['smtp_password'] = "xxxxxxxxxxxxxx" |
| gitlab_rails['smtp_domain'] = "smtp.qq.com" |
| gitlab_rails['smtp_authentication'] = "login" |
| gitlab_rails['smtp_enable_starttls_auto'] = false |
| gitlab_rails['smtp_tls'] = true |
| gitlab_rails['gitlab_email_enabled'] = true |
| gitlab_rails['gitlab_email_from'] = 'xxx@qq.com' |
| #gitlab_rails['openssl_verify_mode'] = false |
| #gitlab_rails['smtp_openssl_verify_mode'] = 'none' |
| ports: |
| - '80:80' |
| - '8443:443' |
| - '8022:22' |
| volumes: |
| - '/data/app_data/gitlab/config:/etc/gitlab' |
| - '/data/app_data/gitlab/logs:/var/log/gitlab' |
| - '/data/app_data/gitlab/data:/var/opt/gitlab' |
| shm_size: '256m' |
| |
| [root@gitlab ~]# docker compose up -d |
获取gitlab root默认密码
| [root@gitlab ~] |
| Password: UCc6hQKMurkvNllkBamAkS+7DCDGxxxxxxxxx= |
访问 http://gitlab.sundayhk.com/
使用root和密码登陆
关闭注册 (帐号通过管理员添加)
禁用 Gravatar
邮件配置及测试
上面通过docker-compose.yaml 配置ENV Gitlab邮件相关变量,已经实现邮件配置。
这里也可以直接编辑容器内的gitlab.rb文件实现
| [root@gitlab ~] |
| root@gitlab:/ |
| |
| gitlab_rails['smtp_enable'] = true |
| gitlab_rails['smtp_address'] = "smtp.qq.com" |
| gitlab_rails['smtp_port'] = 465 |
| gitlab_rails['smtp_user_name'] = "sundayhk@qq.com" |
| gitlab_rails['smtp_password'] = "bdoowbxxxxxxxxxxxxxx" |
| gitlab_rails['smtp_domain'] = "smtp.qq.com" |
| gitlab_rails['smtp_authentication'] = "login" |
| gitlab_rails['smtp_enable_starttls_auto'] = false |
| gitlab_rails['smtp_tls'] = true |
| |
| |
| gitlab_rails['gitlab_email_enabled'] = true |
| gitlab_rails['gitlab_email_from'] = 'sundayhk@qq.com' |
每次修改都要重新生成配置文件及重启服务
| |
| gitlab-ctl reconfigure |
| gitlab-ctl restart |
邮件测试
| root@gitlab:/# gitlab-rails console |
| -------------------------------------------------------------------------------- |
| Ruby: ruby 3.1.5p253 (2024-04-023 revision 1945f8dc0e) [x86_64-linux] |
| GitLab: 17.2.1 (b30193cc04c) FOSS |
| GitLab Shell: 14.37.0 |
| PostgreSQL: 14.11 |
| ------------------------------------------------------------[ booted in 59.20s ] |
| => #<Mail::Message:513100, Multipart: false, Headers: <Date: Sat, 27 Jul 2024 13:45:40 +0000>, <From: GitLab <sundayhk@qq.com>>, <Reply-To: GitLab <noreply@git.sundayhk.com>>, <To: shaohk@qq.com>, <Message-ID: <66a4fa04941de_11ef2ff8446b4@gitlab.mail>>, <Subject: test>, <Mime-Version: 1.0>, <Content-Type: text/html; charset=US-ASCII>, <Content-Transfer-Encoding: 7bit>, <Auto-Submitted: auto-generated>, <X-Auto-Response-Suppress: All>> |
| irb(main):012:0> |
配置邮件后 添加新用户 则会发邮件 通过链接设置用户密码
部署Gitlab-runner
| mkdir -p /data/app_data/gitlab-runner/ |
| wget https://dl.k8s.io/release/v1.28.12/bin/linux/amd64/kubectl |
| mv kubectl /data/app_data/gitlab-runner/ |
| |
| wget https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.5.0/kustomize_v5.5.0_linux_amd64.tar.gz |
| tar xf kustomize_v5.5.0_linux_amd64.tar.gz |
| mv kustomize /data/app_data/gitlab-runner/ |
| |
| version: '3' |
| services: |
| gitlab-runner: |
| container_name: gitlab-runner |
| image: gitlab/gitlab-runner:latest |
| volumes: |
| - '/data/app_data/gitlab-runner/config:/etc/gitlab-runner' |
| - '/var/run/docker.sock:/var/run/docker.sock' |
| restart: always |
docker compose up -d
http://gitlab.sundayhk.com/admin/runners
进入gitlab-runner 容器 再gitlab-runner registry
docker exec -it gitlab-runner bash
注:docker 时常抽风,即使镜像本地存在,也可能docker请求导致失败,建议将docker:20.10.16-git上传到内部的harbor。
| docker pull docker:20.10.16-git |
| docker tag docker:20.10.16-git harbor.sundayhk.com/library/docker:20.10.16-git |
| docker push harbor.sundayhk.com/library/docker:20.10.16-git |
两种注册方法(任选其中一个)
| root@0fd6071790ef:~# gitlab-runner register --url http://gitlab.sundayhk.com --token glrt-XxbxP1xkTn5-yyhzMzQm |
| Runtime platform arch=amd64 os=linux pid=56 revision=12030cf4 version=17.5.3 |
| Running in system-mode. |
| |
| Enter the GitLab instance URL (for example, https://gitlab.com/): |
| [http://gitlab.sundayhk.com]: # Enter |
| Verifying runner... is valid runner=XxbxP1xkT |
| Enter a name for the runner. This is stored only in the local config.toml file: |
| [0fd6071790ef]: My Docker Runner |
| Enter an executor: parallels, virtualbox, docker, docker-windows, instance, custom, shell, ssh, docker+machine, kubernetes, docker-autoscaler: |
| docker # 输入 |
| Enter the default Docker image (for example, ruby:2.7): |
| docker:20.10.16-git # 输入 |
| Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded! |
| |
| Configuration (with the authentication token) was saved in "/etc/gitlab-runner/config.toml" |
| |
| root@0fd6071790ef:~# gitlab-runner restart # 重启服务 |
| gitlab-runner register \ |
| --non-interactive \ |
| --url "http://gitlab.sundayhk.com" \ |
| --token "glrt-XxbxP1xkTn5-yyhzMzQm" \ |
| --executor "docker" \ |
| --docker-image harbor.sundayhk.com/library/docker:20.10.16-git \ |
| --description "docker-runner" |
| root@0fd6071790ef:/etc/gitlab-runner |
| > --non-interactive \ |
| > --url "http://gitlab.sundayhk.com" \ |
| > --token "glrt-XxbxP1xkTn5-yyhzMzQm" \ |
| > --executor "docker" \ |
| > --docker-image harbor.sundayhk.com/library/docker:20.10.16-git \ |
| > --description "docker-runner" |
| Runtime platform arch=amd64 os=linux pid=739 revision=12030cf4 version=17.5.3 |
| Running in system-mode. |
| |
| Verifying runner... is valid runner=XxbxP1xkT |
| Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded! |
| |
| Configuration (with the authentication token) was saved in "/etc/gitlab-runner/config.toml" |
| |
| root@0fd6071790ef:~# gitlab-runner restart # 重启服务 |
查看配置并修改
| docker cp gitlab-runner:/etc/gitlab-runner/config.toml ./ |
| vim config.toml |
| docker cp config.toml gitlab-runner:/etc/gitlab-runner/config.toml |
| systemctl restart gitlab-runner |
| |
| |
| |
| concurrent = 1 |
| check_interval = 0 |
| connection_max_age = "15m0s" |
| shutdown_timeout = 0 |
| |
| [session_server] |
| session_timeout = 1800 |
| |
| [[runners]] |
| name = "My Docker Runner" |
| url = "http://gitlab.sundayhk.com" |
| id = 3 |
| token = "glrt-XxbxP1xkTn5-yyhzMzQm" |
| token_obtained_at = 2024-11-21T05:32:19Z |
| token_expires_at = 0001-01-01T00:00:00Z |
| executor = "docker" |
| [runners.custom_build_dir] |
| enabled = true |
| [runners.cache] |
| MaxUploadedArchiveSize = 0 |
| [runners.cache.s3] |
| [runners.cache.gcs] |
| [runners.cache.azure] |
| [runners.docker] |
| tls_verify = false |
| image = "harbor.sundayhk.com/library/docker:20.10.16-git" |
| privileged = false |
| disable_entrypoint_overwrite = false |
| oom_kill_disable = false |
| disable_cache = false |
| |
| volumes = [ "/cache","/var/run/docker.sock:/var/run/docker.sock"] |
| shm_size = 0 |
| network_mtu = 0 |
注意 volumes 属性,这里增加了一个 Unix Socket 地址映射,这样容器中的 docker 命令就可以和宿主机中的 docker 守护程序进行通信了。
systemctl restart gitlab-runner
Gitlab备份与恢复
Gitlab备份
手动备份
| [root@gitlab ~] |
| |
| [root@gitlab ~] |
| 1722090118_2024_07_27_17.2.1_gitlab_backup.tar |
宿主机定时备份任务
| [root@gitlab ~] |
| |
| |
| |
| 00 02 * * * /data/shell/gitlab_backup.sh > /dev/null 2>&1 |
备份脚本
| [root@gitlab ~] |
| |
| |
| export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin |
| |
| docker exec gitlab gitlab-rake gitlab:backup:create |
Gitlab恢复
| [root@gitlab ~] |
| |
| |
| root@gitlab:/ |
| root@gitlab:/ |
| root@gitlab:/ |
| root@gitlab:/var/opt/gitlab/backups |
| total 1000 |
| -rw-------. 1 git git 512000 Jul 27 22:22 1722090118_2024_07_27_17.2.1_gitlab_backup.tar |
| |
| root@gitlab:/var/opt/gitlab/backups |
| BACKUP=1722090118_2024_07_27_17.2.1 |
| |
| |
| root@gitlab:/var/opt/gitlab/backups |
报错解决
| Running handlers: |
| [2024-07-27T18:23:17+08:00] ERROR: Running exception handlers |
| There was an error running gitlab-ctl reconfigure: |
| |
| gitlab_rails['smtp_tls'] and gitlab_rails['smtp_enable_starttls_auto'] are mutually exclusive. Set one of them to false. SMTP providers usually use port 465 for TLS and port 587 for STARTTLS. |
| |
| 解决: |
| 在配置文件/etc/gitlab/gitlab.rb中,同时配置了smtp_tls和smtp_enable_starttls_auto为true,把其中一个设置为false就行了。 |
| error during connect: Post "http://docker:2375/v1.24/build?buildargs=%7B%7D&cachefrom=%5B%5D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&labels=%7B%7D&memory=0&memswap=0&networkmode=default&rm=1&shmsize=0&t=yunnysunny%2Fcn-alpine%3Amain&target=&ulimits=null&version=1": dial tcp: lookup docker on x.x.x.x:53: no such host |
| |
| 解决: |
| 这是由于我们的 docker 命令运行在 docker 镜像中无法与宿主机中真正的 docker 守护程序进行通信,需要修改一下 gitlab-runner 中 config.toml , 将守护程序监听的 Unix Socket 路径挂载在 runner 启动的容器上 |
| |
| vim /etc/gitlab-runner/config.toml |
| |
| volumes = ["/var/run/docker.sock:/var/run/docker.sock","/cache"] |
链接
https://blog.whyun.com/posts/gitlab-runner-docker/
SundayHK
