本文详细介绍了如何在VMware上安装BitnamiGitLabCE,包括通过SSH登录获取root密码,访问GitLab,设置TLS证书,安装并配置GitLabRunner以实现CI/CD流程,以及处理Docker的自签名证书问题。
VMware 搭建 Bitnami GitLab CE
下载 Bitnami GitLab CE
下载地址,
https://bitnami.com/stack/gitlab/virtual-machine
导入到 VMware
ssh 登录到虚拟机获取 root 用户密码
ssh -i <your_private_sshkey> bitnami@<your_gitlab_vm_ip>
sudo cat /home/bitnami/bitnami_credentials
访问 GitLab CE
打开浏览器,输入 https://<your_gitlab_vm_ip>,
- Username or email: root
- Password: 上面步骤获取的 root 用户密码
修改密码,
添加 SSH Keys,
关机命令
shutdown -h now
重启命令
shutdown -r now
扩展磁盘
关机后,打开 Vitual Machine Settings,
设置完成后,启动虚拟机,df -h 查看磁盘大小是否更改完成,
配置 tls 证书
refer: https://docs.gitlab.com/runner/configuration/tls-self-signed.html
refer: https://docs.gitlab.com/omnibus/settings/ssl/ssl_troubleshooting.html
修改 /etc/hosts,添加本地域名和IP的匹配信息,示例中使用域名 server.local,请根据情况修改,
sudo vi /etc/hosts
--- add
192.168.31.13 gitlab.server.local
---
下面是创建证书的示例命令,示例中使用域名 server.local,请根据情况修改,
sudo mkdir -p /u01/certs; cd /u01/certs
openssl genrsa -des3 -passout pass:123456 -out ca.key 2048
openssl rsa -in ca.key -passin pass:123456 -out ca.key
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.crt -subj "/CN=server.local"
openssl genrsa -out tls.key 2048
openssl req -new -key tls.key -out tls.csr -subj "/CN=server.local"
cat > server.ext <<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.server.local
EOF
openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out tls.crt -days 3650 -extfile server.ext
更换 gitlab 的 tls 证书,
mv /etc/gitlab/ssl /etc/gitlab/ssl.bak; mkdir /etc/gitlab/ssl
cp /u01/certs/ca.crt /etc/gitlab/trusted-certs
cp /u01/certs/tls.crt /etc/gitlab/ssl/server.crt
cp /u01/certs/tls.key /etc/gitlab/ssl/server.key
配置 gitlab 外部访问地址,
sudo vi /etc/gitlab/gitlab.rb
--- modify
external_url 'https://gitlab.server.local'
---
应用更新配置,
gitlab-ctl reconfigure
重启 gitlab,
gitlab-ctl restart
配置 git 使用自签名证书,
git config --global http.sslCAInfo /u01/certs/ca.crt
安装 GitLab Runner
将 ca.crt、tls.crt 合成 1 个文件,注意,tls.crt 必须放在前面,
cat tls.crt ca.crt > all.crt
启动 gitlab-runner,--add-host 指定想要使用的本地域名和IP地址,请根据实际情况修改,示例命令如下,
sudo mkdir -p /u01/gitlab-runner/config; sudo chmod 777 /u01/gitlab-runner/config
sudo mkdir -p /u01/gitlab-runner/ca-certificates; sudo chmod 777 /u01/gitlab-runner/ca-certificates
sudo mkdir -p /u01/gitlab-runner/.gitlab-runner; sudo chmod 777 /u01/gitlab-runner/.gitlab-runner
sudo cp -r /u01/certs /u01/gitlab-runner/config
sudo mv /u01/gitlab-runner/config/certs/all.crt /u01/gitlab-runner/config/certs/ca.crt
sudo docker run -d --name gitlab-runner --restart always \
-v /u01/gitlab-runner/config:/etc/gitlab-runner \
-v /u01/gitlab-runner/ca-certificates:/usr/local/share/ca-certificates \
-v /u01/gitlab-runner/.gitlab-runner:/home/gitlab-runner/.gitlab-runner \
-v /cache:/cache \
--cap-add SYS_ADMIN \
--cap-add NET_ADMIN \
--privileged \
--add-host gitlab.server.local:192.168.31.13 \
bitnami/gitlab-runner:15.11.0
sudo docker ps 查看,
注册 GitLab Runner
refer: https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker
首先在 GitLab 上创建一个项目,然后访问 Settings => CI/CD,获取 Runners 的注册 token,
配置自签名证书,
sudo cp -r /u01/certs /u01/gitlab-runner/config
为项目注册 runner,--url 指定想要使用的本地域名,--add-host 指定想要使用的本地域名和IP地址,请根据实际情况修改,示例命令如下,
sudo docker run --rm \
-v /u01/gitlab-runner/config:/etc/gitlab-runner \
-v /u01/gitlab-runner/ca-certificates:/usr/local/share/ca-certificates \
-v /u01/gitlab-runner/.gitlab-runner:/home/gitlab-runner/.gitlab-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /cache:/cache \
--cap-add SYS_ADMIN \
--cap-add NET_ADMIN \
--privileged \
--add-host gitlab.server.local:192.168.31.13 \
bitnami/gitlab-runner:15.11.0 register \
--non-interactive \
--url "https://gitlab.server.local/" \
--registration-token "<your_project_token>" \
--executor "docker" \
--docker-image alpine:latest \
--description "docker-runner" \
--maintenance-note "Free-form maintainer notes about this runner" \
--tag-list "docker,aws" \
--run-untagged="true" \
--locked="false" \
--access-level="not_protected" \
--docker-privileged \
--docker-network-mode host \
--tls-ca-file=/etc/gitlab-runner/certs/ca.crt \
--docker-volumes "/etc/gitlab-runner/certs/ca.crt:/etc/gitlab-runner/certs/ca.crt:ro" \
--pre-build-script="apk update >/dev/null && apk add ca-certificates > /dev/null && rm -rf /var/cache/apk/* && cp /etc/gitlab-runner/certs/ca.crt /usr/local/share/ca-certificates/ca.crt && update-ca-certificates --fresh > /dev/null"
sudo chmod 666 /var/run/docker.sock
sudo crontab -e
--- add
@reboot sleep 60 && chmod 666 /var/run/docker.sock
---
确认 runner 正常注册,并且是 active 的状态,
测试 CI/CD Pipeline
创建一个 .gitlab-ci.yml 文件,文件内容如下,
stages:
- start
start-code-job:
stage: start
script:
- echo "Start ..."
查看 CI/CD Pipeline 的执行结果为 Job succeeded,
可以使用 CI/CD 的 Editor 对 .gitlab-ci.yml 进行快速修改,
配置 docker
否则在 gitlab runner 中使用 docker 命令会报错,
sudo vi /lib/systemd/system/docker.service
--- modify
# ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock -H fd:// --containerd=/run/containerd/containerd.sock
---
sudo systemctl daemon-reload
sudo systemctl restart docker
sudo chmod 666 /var/run/docker.sock
配置 docker 信任自签名证书
sudo mkdir -p /etc/docker/certs.d/gitlab.server.local
sudo cp /u01/certs/ca.crt /etc/docker/certs.d/gitlab.server.local
sudo cp /u01/certs/ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
sudo systemctl daemon-reload
sudo systemctl restart docker
其他,和 Harbor 联调示例代码
https://github.com/engchina/spring-project.git
完结!
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
