DevOps Tools/SCM/GitLab

From r00tedvw.com wiki
Jump to: navigation, search

Overview | Continuous Integration (CI) | Source Control Management (SCM) | Containerization | Configuration | Integration

Contents

Git Lab

Installing

Done on a CentOS7 machine. Reference

Dependencies and Configuration

~$ sudo yum install -y curl policycoreutils-python openssh-server cronie postfix
~$ sudo systemctl enable sshd postfix
~$ sudo systemctl start sshd postfix

~$ sudo firewall-cmd --permanent --add-service=http
~$ sudo systemctl reload firewalld

Download Gitlab and Install

~$ sudo curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash

Configure. After Gitlab 10.7, if you specified the External URL to be https then gitlab will automatically use Let's Encrypt to generate the SSL certificate.
NOTE: Make sure to change the localhost to your hostname and remove the s from https if you don't want SSL through let's encrypt.

~$ sudo EXTERNAL_URL="https://localhost/gitlab" yum install -y gitlab-ce

When installation is complete you'll get a message confirming it:

Chef Client finished, 458/656 resources updated in 03 minutes 18 seconds
gitlab Reconfigured!

       *.                  *.
      ***                 ***
     *****               *****
    .******             *******
    ********            ********
   ,,,,,,,,,***********,,,,,,,,,
  ,,,,,,,,,,,*********,,,,,,,,,,,
  .,,,,,,,,,,,*******,,,,,,,,,,,,
      ,,,,,,,,,*****,,,,,,,,,.
         ,,,,,,,****,,,,,,
            .,,,***,,,,
                ,*,.



     _______ __  __          __
    / ____(_) /_/ /   ____ _/ /_
   / / __/ / __/ /   / __ `/ __ \
  / /_/ / / /_/ /___/ /_/ / /_/ /
  \____/_/\__/_____/\__,_/_.___/


Thank you for installing GitLab!
GitLab should be available at http://gitlab01.r00tedvw.com/gitlab

Browse to the webpage and set your admin password. log in using root as the username.

Add user

At this time the only known (2) options to manage users are to:

  • Use the GitLab API
  • Use the GitLab Web Interface


ssh key

Add user ssh key

First create the ssh key pair from the machine you'll be connecting to gitlab from.

~$ ssh-keygen
enerating public/private rsa key pair.
Enter file in which to save the key (/Users/demo/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/demo/.ssh/id_rsa.
Your public key has been saved in /Users/demo/.ssh/id_rsa.pub.

Next, print the public key

~$ cat ~/.ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMuyMtMl6aWwqBCvQx7YXvZd7bCFVDsyln3yh5/8Pu23LW88VXfJgsBvhZZ9W0rPBGYyzE/TDzwwITvVQcKrwQrvQlYxTVbqZQDlmsC41HnwDfGFXg+QouZemQ2YgMeHfBzy+w26/gg480nC2PPNd0OG79+e7gFVrTL79JA/MyePBugvYqOAbl30h7M1a7EHP3IV5DQUQg4YUq49v4d3AvM0aia4EUowJs0P/j83nsZt8yiE2JEYR03kDgT/qziPK7LnVFqpFDSPC3MR3b8B354E9Af4C/JHgvglv2tsxOyvKupyZonbyr68CqSorO2rAwY/jWFEiArIaVuDiR9YM5 [email protected]

Using the gitlab web interface, log in and select the SSH Keys menu item. Follow the instructions and save your SSH Key. ssh_keys_menu_item2.png

new project

You will need a new project in order to create repos within. From the web interface, create a new project and then from your git IDE (I use iterm2 with zsh) clone it.

~$ git clone [email protected]:user/test-project.git

Now you can being pushing files to gitlab.

Non-standard port

If you are using gitlab on non-standard ports, then you may need to add a config file so that git works.

~$ touch ~/.ssh/config
~$ vim ~/.ssh/config
...
Host localhost
HostName localhost
Port 8922
User demo

Troubleshooting

Unable to clone via SSH

Even with the ssh key in place, I was unable to clone any repo after a fresh install of gitlab. Looking at /var/log/messages, I saw the following:

Aug  9 04:10:36 ncwv-gitlab01 setroubleshoot: SELinux is preventing sshd from read access on the file authorized_keys. For complete SELinux messages run: sealert -l bdda8979-07aa-47bd-baac-e818c54abb49

This told me that SELinux was blocking sshd from reading a file. I put disabled SELinux and was able to clone the repo.
Below is the SELinux module that I implemented which allowed me to clone without getting a password prompt (error in logs).

~$ cat local-gitlab.te

module local-gitlab 1.0;

require {
	type var_t;
	type sshd_t;
	class file getattr;
	class file read;
	class file open;
}

#============= sshd_t ==============

#!!!! WARNING: 'var_t' is a base type.
allow sshd_t var_t:file getattr;
allow sshd_t var_t:file read;
allow sshd_t var_t:file open;
Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Ubuntu
Oracle Linux
AWS
Windows
OpenVPN
Grafana
OwnCloud
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
Plex Media Server
MetaSploit
Zoneminder
ShinobiCE
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
2020 Election
Volkswagen
Toolbox