Rocky9 GitLab + Runner Docker 部署

2024-07-25 677 0

环境准备

sed -e 's|^mirrorlist=|#mirrorlist=|g' \
    -e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' \
    -i.bak  /etc/yum.repos.d/rocky-*.repo
dnf makecache
setenforce 0
sed -i 's#^SELINUX=.*#SELINUX=disabled#' /etc/sysconfig/selinux
systemctl stop firewalld

部署Docker

curl -o /etc/yum.repos.d/docker-ce.repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
dnf install docker-ce

部署GitLab

[root@gitlab ~]# cat docker-compose.yaml 
version: '3.6'
services:
  gitlab:
    image: gitlab/gitlab-ce:latest
    container_name: gitlab
    restart: always
    hostname: 'gitlab'
    environment:
      TZ: 'Asia/Shanghai'
      GITLAB_OMNIBUS_CONFIG: |
        # Add any other gitlab.rb configuration here, each on its own line
        external_url 'http://gitlab.sundayhk.com'
        gitlab_rails['gitlab_shell_ssh_port'] = 8022
        #nginx['listen_port'] = 80
        nginx['client_max_body_size'] = '2048m'
        gitlab_rails['smtp_enable'] = true
        gitlab_rails['smtp_address'] = "smtp.qq.com"
        gitlab_rails['smtp_port'] = 465
        gitlab_rails['smtp_user_name'] = "xxx@qq.com"
        gitlab_rails['smtp_password'] = "xxxxxxxxxxxxxx"
        gitlab_rails['smtp_domain'] = "smtp.qq.com"
        gitlab_rails['smtp_authentication'] = "login"
        gitlab_rails['smtp_enable_starttls_auto'] = false
        gitlab_rails['smtp_tls'] = true
        gitlab_rails['gitlab_email_enabled'] = true
        gitlab_rails['gitlab_email_from'] = 'xxx@qq.com'
        #gitlab_rails['openssl_verify_mode'] = false
        #gitlab_rails['smtp_openssl_verify_mode'] = 'none'
    ports:
      - '80:80'
      - '8443:443'
      - '8022:22'
    volumes:
      - '/data/app_data/gitlab/config:/etc/gitlab'
      - '/data/app_data/gitlab/logs:/var/log/gitlab'
      - '/data/app_data/gitlab/data:/var/opt/gitlab'
    shm_size: '256m'

[root@gitlab ~]# docker compose up -d

获取gitlab root默认密码

[root@gitlab ~]# docker exec gitlab cat /etc/gitlab/initial_root_password | grep ^Password
Password: UCc6hQKMurkvNllkBamAkS+7DCDGxxxxxxxxx=

访问 http://gitlab.sundayhk.com/
使用root和密码登陆

关闭注册 (帐号通过管理员添加)

image.png

禁用 Gravatar

image.png

邮件配置及测试

上面通过docker-compose.yaml 配置ENV Gitlab邮件相关变量,已经实现邮件配置。

这里也可以直接编辑容器内的gitlab.rb文件实现

[root@gitlab ~]# docker exec -it gitlab bash
root@gitlab:/# vi /etc/gitlab/gitlab.rb

gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qq.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "sundayhk@qq.com"
gitlab_rails['smtp_password'] = "bdoowbxxxxxxxxxxxxxx" # 授权码
gitlab_rails['smtp_domain'] = "smtp.qq.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = false
gitlab_rails['smtp_tls'] = true
# gitlab_rails['smtp_pool'] = false

gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'sundayhk@qq.com'

每次修改都要重新生成配置文件及重启服务

# gitlab-rake gitlab:check
gitlab-ctl reconfigure
gitlab-ctl restart

邮件测试

root@gitlab:/# gitlab-rails console
--------------------------------------------------------------------------------
 Ruby:         ruby 3.1.5p253 (2024-04-023 revision 1945f8dc0e) [x86_64-linux]
 GitLab:       17.2.1 (b30193cc04c) FOSS
 GitLab Shell: 14.37.0
 PostgreSQL:   14.11
------------------------------------------------------------[ booted in 59.20s ]
=> #<Mail::Message:513100, Multipart: false, Headers: <Date: Sat, 27 Jul 2024 13:45:40 +0000>, <From: GitLab <sundayhk@qq.com>>, <Reply-To: GitLab <noreply@git.sundayhk.com>>, <To: shaohk@qq.com>, <Message-ID: <66a4fa04941de_11ef2ff8446b4@gitlab.mail>>, <Subject: test>, <Mime-Version: 1.0>, <Content-Type: text/html; charset=US-ASCII>, <Content-Transfer-Encoding: 7bit>, <Auto-Submitted: auto-generated>, <X-Auto-Response-Suppress: All>>
irb(main):012:0> 

配置邮件后 添加新用户 则会发邮件 通过链接设置用户密码
image-20240727220754262

部署Gitlab-runner

mkdir -p /data/app_data/gitlab-runner/
wget https://dl.k8s.io/release/v1.28.12/bin/linux/amd64/kubectl
mv kubectl /data/app_data/gitlab-runner/

wget https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.5.0/kustomize_v5.5.0_linux_amd64.tar.gz
tar xf kustomize_v5.5.0_linux_amd64.tar.gz
mv kustomize /data/app_data/gitlab-runner/
# docker-compose.yaml
version: '3'
services:
  gitlab-runner:
    container_name: gitlab-runner
    image: gitlab/gitlab-runner:latest
    volumes:
      - '/data/app_data/gitlab-runner/config:/etc/gitlab-runner'
      - '/var/run/docker.sock:/var/run/docker.sock'
    restart: always
docker compose up -d

http://gitlab.sundayhk.com/admin/runners
image.png

image.png

image.png

进入gitlab-runner 容器 再gitlab-runner registry

docker exec -it gitlab-runner bash

注:docker 时常抽风,即使镜像本地存在,也可能docker请求导致失败,建议将docker:20.10.16-git上传到内部的harbor。

docker pull docker:20.10.16-git
docker tag docker:20.10.16-git harbor.sundayhk.com/library/docker:20.10.16-git
docker push harbor.sundayhk.com/library/docker:20.10.16-git

两种注册方法(任选其中一个)

  • 交互
root@0fd6071790ef:~# gitlab-runner register  --url http://gitlab.sundayhk.com  --token glrt-XxbxP1xkTn5-yyhzMzQm
Runtime platform                                    arch=amd64 os=linux pid=56 revision=12030cf4 version=17.5.3
Running in system-mode.

Enter the GitLab instance URL (for example, https://gitlab.com/):
[http://gitlab.sundayhk.com]: # Enter
Verifying runner... is valid                        runner=XxbxP1xkT
Enter a name for the runner. This is stored only in the local config.toml file:
[0fd6071790ef]: My Docker Runner
Enter an executor: parallels, virtualbox, docker, docker-windows, instance, custom, shell, ssh, docker+machine, kubernetes, docker-autoscaler:
docker # 输入
Enter the default Docker image (for example, ruby:2.7):
docker:20.10.16-git # 输入
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

Configuration (with the authentication token) was saved in "/etc/gitlab-runner/config.toml"

root@0fd6071790ef:~# gitlab-runner restart  # 重启服务
  • 非交互
gitlab-runner register \
--non-interactive \
--url "http://gitlab.sundayhk.com" \
--token "glrt-XxbxP1xkTn5-yyhzMzQm" \
--executor "docker" \
--docker-image harbor.sundayhk.com/library/docker:20.10.16-git \
--description "docker-runner"
root@0fd6071790ef:/etc/gitlab-runner# gitlab-runner register \
> --non-interactive \
> --url "http://gitlab.sundayhk.com" \
> --token "glrt-XxbxP1xkTn5-yyhzMzQm" \
> --executor "docker" \
> --docker-image harbor.sundayhk.com/library/docker:20.10.16-git \
> --description "docker-runner"
Runtime platform                                    arch=amd64 os=linux pid=739 revision=12030cf4 version=17.5.3
Running in system-mode.

Verifying runner... is valid                        runner=XxbxP1xkT
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

Configuration (with the authentication token) was saved in "/etc/gitlab-runner/config.toml"

root@0fd6071790ef:~# gitlab-runner restart  # 重启服务

查看配置并修改

docker cp gitlab-runner:/etc/gitlab-runner/config.toml ./
vim config.toml
docker cp config.toml gitlab-runner:/etc/gitlab-runner/config.toml
systemctl restart gitlab-runner
# vim /data/app_data/gitlab-runner/config/config.toml 
# /etc/gitlab-runner/config.toml

concurrent = 1
check_interval = 0
connection_max_age = "15m0s"
shutdown_timeout = 0

[session_server]
  session_timeout = 1800

[[runners]]
  name = "My Docker Runner"
  url = "http://gitlab.sundayhk.com"
  id = 3
  token = "glrt-XxbxP1xkTn5-yyhzMzQm"
  token_obtained_at = 2024-11-21T05:32:19Z
  token_expires_at = 0001-01-01T00:00:00Z
  executor = "docker"
  [runners.custom_build_dir]
    enabled = true # 添加
  [runners.cache]
    MaxUploadedArchiveSize = 0
    [runners.cache.s3]
    [runners.cache.gcs]
    [runners.cache.azure]
  [runners.docker]
    tls_verify = false
    image = "harbor.sundayhk.com/library/docker:20.10.16-git"
    privileged = false
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    #volumes = ["/cache"]
    volumes = [ "/cache","/var/run/docker.sock:/var/run/docker.sock"] # 修改
    shm_size = 0
    network_mtu = 0

注意 volumes 属性,这里增加了一个 Unix Socket 地址映射,这样容器中的 docker 命令就可以和宿主机中的 docker 守护程序进行通信了。

systemctl restart gitlab-runner

Gitlab备份与恢复

Gitlab备份

手动备份

[root@gitlab ~]# docker exec gitlab gitlab-rake gitlab:backup:create

[root@gitlab ~]# docker exec gitlab ls /var/opt/gitlab/backups/
1722090118_2024_07_27_17.2.1_gitlab_backup.tar

宿主机定时备份任务

[root@gitlab ~]# crontab -e

# m h  dom mon dow   command
# gitlab backup 
00 02 * * * /data/shell/gitlab_backup.sh > /dev/null 2>&1

备份脚本

[root@gitlab ~]#  vim /data/shell/gitlab_backup.sh

#!/bin/bash
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin

docker exec gitlab gitlab-rake gitlab:backup:create

Gitlab恢复

[root@gitlab ~]# docker exec -it gitlab bash

# 停止相关数据连接服务
root@gitlab:/# gitlab-ctl stop unicorn
root@gitlab:/# gitlab-ctl stop sidekiq
root@gitlab:/# cd /var/opt/gitlab/backups
root@gitlab:/var/opt/gitlab/backups# ls -l
total 1000
-rw-------. 1 git git 512000 Jul 27 22:22 1722090118_2024_07_27_17.2.1_gitlab_backup.tar

root@gitlab:/var/opt/gitlab/backups# gitlab-rake gitlab:backup:restore
BACKUP=1722090118_2024_07_27_17.2.1

# 启动Gitlab
root@gitlab:/var/opt/gitlab/backups# gitlab-ctl start

报错解决

Running handlers:
[2024-07-27T18:23:17+08:00] ERROR: Running exception handlers
There was an error running gitlab-ctl reconfigure:

gitlab_rails['smtp_tls'] and gitlab_rails['smtp_enable_starttls_auto'] are mutually exclusive. Set one of them to false. SMTP providers usually use port 465 for TLS and port 587 for STARTTLS.

解决:
在配置文件/etc/gitlab/gitlab.rb中,同时配置了smtp_tls和smtp_enable_starttls_auto为true,把其中一个设置为false就行了。
error during connect: Post "http://docker:2375/v1.24/build?buildargs=%7B%7D&cachefrom=%5B%5D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&labels=%7B%7D&memory=0&memswap=0&networkmode=default&rm=1&shmsize=0&t=yunnysunny%2Fcn-alpine%3Amain&target=&ulimits=null&version=1": dial tcp: lookup docker on x.x.x.x:53: no such host

解决:
这是由于我们的 docker 命令运行在 docker 镜像中无法与宿主机中真正的 docker 守护程序进行通信,需要修改一下 gitlab-runner 中 config.toml , 将守护程序监听的 Unix Socket 路径挂载在 runner 启动的容器上

vim /etc/gitlab-runner/config.toml
    #volumes = ["/cache"]
    volumes = ["/var/run/docker.sock:/var/run/docker.sock","/cache"]

链接

https://blog.whyun.com/posts/gitlab-runner-docker/

相关文章

win11终端配置 ubuntu trzsz-go trz/tsz 上传/下载
UFW+IPSET 禁用非法IP
ip_local_port_range: prefer different parity for start/end values
Linux Sudo 权限配置
阿里云ECS云盘IOPS压测
nextcloud preview-generate 报错文件无权限解决

发布评论