gitlab-ce 在docker swarm集群上的安装使用

摘要

目的

使用gitlab社区版管理代码和文档

方法

利用gitlab官方docker影像和docker swarm集群来运行gitlab

结论

在三个server搭建docker swarm集群下运行良好。

实施介绍

环境

已有下列环境

docker swarm集群
docker version
私有的harbor仓库
ceph作为docker的挂载卷
gitlab version：latest
gitlab docker源：docker hub gitlab/gitlba-ce

安装

下载image

docker pull gitlab/gitlab-ce:11.2.1-ce0

tag image

docker tag af0daec29652 reg.goluk.cn/goluk-gitlab/gitlab:11.2.1

push image到私有仓库

docker push reg.goluk.cn/goluk-gitlab/gitlab:11.2.1

第一次安装（大约执行27分钟）

第一次gitlab的容器自动启动配置耗时较长，会被swarm集群误认为无响应而杀掉，所以第一次用docker本地启动

启动gitlab容器

docker run --detach     --hostname docs.corp.goluk.cn     --publish 5188:80 --publish 5122:22     --name goluk-gitlab     --restart always     --volume /mnt/cephfs/app/goluk-gitlab/config:/etc/gitlab:Z     --volume /mnt/cephfs/app/goluk-gitlab/logs:/var/log/gitlab:Z     --volume /mnt/cephfs/app/goluk-gitlab/data:/var/opt/gitlab:Z     gitlab/gitlab-ce:11.2.1-ce.0

运行监控第一次安装过程

docker logs -f goluk-gitlab

通过http访问修改root密码

省略

汉化

确定已汉化的版本和已经容器化的版本是否一致

docker上hub 的版本

确认容器内的版本

[root@swarm2 gitlab]# docker exec -ti goluk-gitlab /bin/bash
root@docs:/# cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
11.2.1
root@docs:/# exit
exit

克隆汉化版本库

git clone

确定汉化版本

[root@swarm2 gitlab]# git fetch
[root@swarm2 gitlab]# git tag | grep 11.2.1
v11.2.1
v11.2.1-zh

生成补丁文件

[root@swarm2 gitlab]# git diff v11.2.1 v11.2.1-zh >> ../11.2.1-zh.diff

执行汉化

[root@swarm2 temp]# docker exec -ti goluk-gitlab /bin/bash root@docs:/# pwd / root@docs:/# cd /var/opt/gitlab/temp root@docs:/var/opt/gitlab/temp# ls 11.2.1-zh.diff gitlab

默认的patch命令不在容器里面，需要安装

root@docs:/var/opt/gitlab/temp# apt-get update && apt-get install patch

root@docs:/var/opt/gitlab/temp# patch -d /opt/gitlab/embedded/service/gitlab-rails/ -p1 <11.2.1-zh.diff

patch -d /opt/gitlab/embedded/service/gitlab-rails -p1 <11.2.1-zh.diff

patch错误信息（因出错汉化未成功）

can't find file to patch at input line 1114
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|diff --git a/app/assets/stylesheets/pages/ui_dev_kit.scss b/app/assets/stylesheets/pages/ui_dev_kit.scss
|index 48ac5b2..e1375b8 100644
|--- a/app/assets/stylesheets/pages/ui_dev_kit.scss
|+++ b/app/assets/stylesheets/pages/ui_dev_kit.scss
--------------------------
File to patch:
Skip this patch? [y]
Skipping patch.

gitlab-ctl start

gitlab-ctl reconfigure

gitlab与freeipa集成

freeipa上创建 gitlab连接账号

测试gitlab用户

查看gitlab用户信息

ldapsearch -x uid=gitlab

测试gitlab用户能否登录freeipa

ldapsearch -xLLL -V -D "uid=gitlab,cn=users,cn=accounts,dc=office,dc=goluk,dc=cn" -w "gitlab_password"

修改gitlab配置文件中ldap的配置

不加密认证配置

 gitlab_rails['ldap_enabled'] = true

###! **remember to close this block with 'EOS' below**
 gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
   main: # 'main' is the GitLab 'provider ID' of this LDAP server
     label: 'GOLUK LDAP'
     host: 'ipa03.office.goluk.cn'
     port: 389
     #port: 636
     uid: 'uid'
     bind_dn: 'id=gitlab,cn=users,cn=accouts,dc=ipa,dc=goluk,dc=cn'
     password: '******'
     encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
     verify_certificates: true
     active_directory: false
     allow_username_or_email_login: false
     base: 'dc=office,dc=goluk,dc=cn'

加密认证配置

 gitlab_rails['ldap_enabled'] = true

###! **remember to close this block with 'EOS' below**
 gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
   main: # 'main' is the GitLab 'provider ID' of this LDAP server
     label: 'GOLUK LDAP'
     host: 'ipa03.office.goluk.cn'
     #port: 389
     port: 636
     uid: 'uid'
     bind_dn: 'id=gitlab,cn=users,cn=accouts,dc=ipa,dc=goluk,dc=cn'
     password: '******'
     encryption: 'simple_tls' # "start_tls" or "simple_tls" or "plain"
     verify_certificates: false
     active_directory: false
     allow_username_or_email_login: false
#     lowercase_usernames: false
#     block_auto_created_users: false
     base: 'dc=office,dc=goluk,dc=cn'

加密认证测试

ldapsearch -O noplain,minssf=1,maxbufsize=512 -Y GSSAPI -U "uid=gitlab,cn=users,cn=accounts,dc=office,dc=goluk,dc=cn"

配置说明

重配、重启

docker exec -ti gitlab /bin/bash
gitlab-ctl reconfigure

gitlab-ctl restart

关闭用户注册功能

邮件设置

腾讯云邮件

### GitLab email server settings
###! Docs: 
###! **Use smtp instead of sendmail/postfix.**

 gitlab_rails['smtp_enable'] = true
 gitlab_rails['smtp_address'] = "smtp.exmail.qq.com"
 gitlab_rails['smtp_port'] = 465
 gitlab_rails['smtp_user_name'] = "****@xxx.com"
 gitlab_rails['smtp_password'] = "**********"
 gitlab_rails['smtp_domain'] = "exmail.qq.com"
 gitlab_rails['smtp_authentication'] = "login"
 gitlab_rails['smtp_enable_starttls_auto'] = true
 gitlab_rails['smtp_tls'] = true
 gitlab_rails['gitlab_email_from'] = 'xxx@xxx.com'

域名设置

## GitLab URL
##! URL on which GitLab will be reachable.
##! For more details on configuring external_url see:
##! 
 external_url ''

致谢

USING SASL WITH LDAP CLIENT TOOLS