DevOps GitLab CICD 實踐1——GitLab 部署

配置目標

• 郵件提示
• GitHub第三方受權登錄
• GitLab Runner
• Docker私服註冊

官方介紹

目前微服務盛行環境下，服務部署優先考慮Docker方式，便於遷移和彈性伸縮

官方鏡像介紹 GitLab Docker images

GitLab Docker images

Both GitLab CE and EE are in Docker Hub:

• GitLab CE Docker image
• GitLab EE Docker image

The GitLab Docker images are monolithic images of GitLab running all the necessary services on a single container.

In the following examples we are using the image of GitLab CE. To use GitLab EE instead of GitLab CE, replace the image name to gitlab/gitlab-ee:latest.

If you want to use the latest RC image, use gitlab/gitlab-ce:rc or gitlab/gitlab-ee:rc for GitLab CE and GitLab EE respectively.

The GitLab Docker images can be run in multiple ways:

• Run the image in Docker Engine
• Install GitLab into a cluster
• Install GitLab using docker-compose

docker-compose 腳本

此處選擇社區版(CE)安裝，同時爲了便於參數配置，使用docker-compose方式編寫腳本文件

Install GitLab using docker-compose

With Docker compose you can easily configure, install, and upgrade your Docker-based GitLab installation.

1. Install Docker Compose

2. Create a docker-compose.yml file (or download an example):

    web:
    image: 'gitlab/gitlab-ce:latest'
    restart: always
    hostname: 'gitlab.example.com'
    environment:
    GITLAB_OMNIBUS_CONFIG: | external_url 'https://gitlab.example.com' # Add any other gitlab.rb configuration here, each on its own line  ports:
    - '80:80'
    - '443:443'
    - '22:22'
    volumes:
    - '/srv/gitlab/config:/etc/gitlab'
    - '/srv/gitlab/logs:/var/log/gitlab'
    - '/srv/gitlab/data:/var/opt/gitlab'
   複製代碼

3. Make sure you are in the same directory as docker-compose.yml and run docker-compose up -d to start GitLab

Read 「Pre-configure Docker container」 to see how the GITLAB_OMNIBUS_CONFIG variable works.

Below is another docker-compose.yml example with GitLab running on a custom HTTP and SSH port. Notice how the GITLAB_OMNIBUS_CONFIG variables match the ports section:

web:
 image: 'gitlab/gitlab-ce:latest'
 restart: always
 hostname: 'gitlab.example.com'
 environment:
 GITLAB_OMNIBUS_CONFIG: | external_url 'http://gitlab.example.com:9090' gitlab_rails['gitlab_shell_ssh_port'] = 2224  ports:
 - '9090:9090'
 - '2224:22'
 volumes:
 - '/srv/gitlab/config:/etc/gitlab'
 - '/srv/gitlab/logs:/var/log/gitlab'
 - '/srv/gitlab/data:/var/opt/gitlab'
複製代碼

This is the same as using --publish 9090:9090 --publish 2224:22.

官方提示說明Docker CE版基於Omnibus版本，故環境配置也可參考相關文檔

Omnibus文檔目錄

Installation and Configuration using omnibus package

Note: This section describes the commonly used configuration settings. Check configuration section of the documentation for complete configuration settings.

• Installing GitLab
  • Manually downloading and installing a GitLab package
• Setting up a domain name/URL for the GitLab Instance so that it can be accessed easily
• Enabling HTTPS
• Enabling notification EMails
• Enabling replying via email
  • Installing and configuring postfix
• Enabling container registry on GitLab
  • You will require SSL certificates for the domain used for container registry
• Enabling GitLab Pages
  • If you want HTTPS enabled, you will have to get wildcard certificates
• Enabling Elasticsearch
• GitLab Mattermost Set up the Mattermost messaging app that ships with Omnibus GitLab package.
• GitLab Prometheus Set up the Prometheus monitoring included in the Omnibus GitLab package.
• GitLab High Availability Roles

結合配置目標編寫yaml文件

注意：

• 此處郵件使用163郵箱（官方沒有提供163郵箱支持案例）
• Docker私服公鑰執行從私服上獲取
• 因爲特殊緣由，目標配置未啓動SSL安全鏈接，但GitLab能夠經過簡單配置支持SSL並自動更新證書

配置文檔

Let’s Encrypt Integration

Primary GitLab Instance

Note: Introduced in GitLab version 10.5 and disabled by default. Enabled by default in GitLab version 10.7 and later if external_url is set with the httpsprotocol and no certificates are configured.

Note: In order for Let’s Encrypt verification to work correctly, ports 80 and 443 will need to be accessible to the Let’s Encrypt servers that run the validation. Also note that the validation currently does not work with non-standard ports.

Caution Administrators installing or upgrading to GitLab version 10.7 or later and do not plan on using Let’s Encrypt should set the following in /etc/gitlab/gitlab.rb to disable:

letsencrypt['enable'] = false
複製代碼

Add the following entries to /etc/gitlab/gitlab.rb to enable Let’s Encrypt support for the primary domain:

letsencrypt['enable'] = true                      # GitLab 10.5 and 10.6 require this option
external_url "https://gitlab.example.com"	  # Must use https protocol
letsencrypt['contact_emails'] = ['foo@email.com'] # Optional
複製代碼

生成163郵箱受權密碼

生成GitHub受權祕鑰

最終配置

version: '3.1'

services:

 gitlab:
 environment:
 GITLAB_OMNIBUS_CONFIG: | external_url '外部訪問地址' gitlab_rails['gitlab_shell_ssh_port'] = 22 registry_external_url 'Docker私服地址' registry_nginx['ssl_certificate'] = "Docker 私服CA證書 crt文件" registry_nginx['ssl_certificate_key'] = "Docker 私服公鑰 pem文件" gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "smtp.163.com" gitlab_rails['smtp_port'] = 465 gitlab_rails['smtp_user_name'] = "郵件發送者名稱" gitlab_rails['gitlab_email_from'] = '郵件發送地址' gitlab_rails['smtp_password'] = "受權密碼" gitlab_rails['smtp_domain'] = "163.com" gitlab_rails['smtp_authentication'] = "login" gitlab_rails['smtp_enable_starttls_auto'] = true gitlab_rails['smtp_tls'] = true gitlab_rails['omniauth_enabled'] = true gitlab_rails['omniauth_allow_single_sign_on'] = true gitlab_rails['omniauth_block_auto_created_users'] = true gitlab_rails['omniauth_providers'] = [ { "name" => "github", "app_id" => "Client ID", "app_secret" => "Client Secret", "url" => "https://github.com/", "args" => { "scope" => "user:email" } } ]  image: gitlab/gitlab-ce:latest
 hostname: 域名
 restart: always
 networks:
 - devops-service-bridge
 ports:
 - '443:443'
 - '80:8099'
 - '22:22'
 volumes:
 - ./srv/gitlab/config:/etc/gitlab
 - ./srv/gitlab/logs:/var/log/gitlab
 - ./srv/gitlab/data:/var/opt/gitlab
 - /etc/docker/certs.d:/etc/docker/certs.d


networks:
 devops-service-bridge:
 driver: bridge
複製代碼