龙蜥系统使用Docker搭建Gitlab+Gitlab-Runner+Registry环境

基础环境配置

系统信息

ID	主机名	ip	开放端口
1	gitlab-ci	172.24.3.241	443、2022
2	gitlab-runner-1	172.24.3.242
3	gitlab-registry	172.24.3.243	5000
4	gitlab-runner-2	172.24.3.244

通用配置

以下操作所有主机节点执行

添加/etc/hosts文件内容

172.24.3.241 gitlab-ci
172.24.3.242 gitlab-runner-1
172.24.3.243 gitlab-registry
172.24.3.244 gitlab-runner-2

安装docker

sudo yum -y install docker

添加Docker镜像加速节点

使用root用户安装，执行下面命令：

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
        "registry-mirrors": [
                "http://docker.mirrors.ustc.edu.cn",
                "http://hub-mirror.c.163.com",
                "https://registry.docker-cn.com"
        ],
        "insecure-registries": ["gitlab-registry:5000"]  ##为本地镜像仓库     
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

使用非root用户安装，同时执行以下命令：

mkdir -p  ~/.config/docker
 tee  ~/.config/docker/daemon.json <<-'EOF'
{
        "registry-mirrors": [
                "http://docker.mirrors.ustc.edu.cn",
                "http://hub-mirror.c.163.com",
                "https://registry.docker-cn.com"
        ],
        "insecure-registries": ["gitlab-registry:5000"]   
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

环境部署

部署GitLab CI/CD

本步骤操作在 172.24.3.241 gitlab-ce 节点执行

官方版本安装方法

docker pull gitlab/gitlab-ce

docker run -d \
--hostname gitlab.bgctv.com.cn \
--name gitlab-ce \
--restart always \
-p 443:443 -p 2022:22 \
-v /etc/localtime:/etc/localtime:ro \
-v /usr/local/gitlab/gitlab-ce/config:/etc/gitlab \
-v /usr/local/gitlab/gitlab-ce/logs:/var/log/gitlab \
-v /usr/local/gitlab/gitlab-ce/opt:/var/opt/gitlab \
gitlab/gitlab-ce

国内极狐（中文）版本安装方法

docker pull  registry.gitlab.cn/omnibus/gitlab-jh

docker run -d \
--hostname gitlab.bgctv.com.cn \
--name gitlab-jh \
--restart always \
-p 443:443 -p 2022:22 \
-v /etc/localtime:/etc/localtime:ro \
-v /usr/local/gitlab/gitlab-jh/config:/etc/gitlab \
-v /usr/local/gitlab/gitlab-jh/logs:/var/log/gitlab \
-v /usr/local/gitlab/gitlab-jh/opt:/var/opt/gitlab \
registry.gitlab.cn/omnibus/gitlab-jh

默认root用户密码
cat /usr/local/gitlab/gitlab-ce/config/initial_root_password #安装完成24小时后自动删除
Db54Gi2NN/kWzHAhba1DrtJzNkxXi5S/09xJLDzGGbI=

# 首先看一下本机的IP地址，并且记录下来，这里假定是192.168.xxx.xxx
ifconfig

# 进入容器内部
docker exec -it gitlab bash
 
# 修改gitlab.rb
vi /etc/gitlab/gitlab.rb
 
# 修改下面的配置
# gitlab访问地址，可以写域名。如果端口不写的话默认为80端口
external_url 'http://192.168.xxx.xxx'
# ssh主机ip
gitlab_rails['gitlab_ssh_host'] = '192.168.xxx.xxx'
#设置时区为北京时间
gitlab_rails['time_zone'] = 'UTC +8'
# ssh连接端口
gitlab_rails['gitlab_shell_ssh_port'] = 2022
#开启https
nginx['redirect_http_to_https'] = true 
#配置证书
nginx['ssl_certificate'] = "/etc/gitlab/ssl/9167262__bgctv.com.cn.pem"          
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/9167262__bgctv.com.cn.key" 

##邮箱配置##按需配置
 gitlab_rails['smtp_enable'] = true
 gitlab_rails['smtp_address'] = "smtp.163.com"
 gitlab_rails['smtp_port'] = 465
 gitlab_rails['smtp_user_name'] = "xxxx@163.com"
 gitlab_rails['smtp_password'] = "XXXXX通过邮箱网站生成专用密码，密码获取方式见下文##"
 gitlab_rails['smtp_domain'] = "163.com"
 gitlab_rails['smtp_authentication'] = "login"
 gitlab_rails['smtp_enable_starttls_auto'] = true
 gitlab_rails['smtp_tls'] = true  ##邮箱要求开启ssl即开启此选项
 
 gitlab_rails['gitlab_email_enabled'] = true
 ##配置发送邮件的邮箱、发件人名称
 gitlab_rails['gitlab_email_from'] = 'xx@163.com'
 gitlab_rails['gitlab_email_display_name'] = 'Gitlab server'
 user['git_user_email'] = 'XX@163.com'

 gitlab_rails['gitlab_default_can_create_group'] = true
 gitlab_rails['gitlab_username_changing_enabled'] = true


# 让配置生效
gitlab-ctl reconfigure
gitlab-ctl restart

#重新配置后会/etc/gitlab/gitlab.rb文件会更新gitlab.yml这个文件。

邮箱测试方法

#进入console模式
gitlab-rails console

#发送短信（收件人，主题，内容）
Notify.test_email('xxx@163.com', 'test123', 'test123').deliver_now

获取163邮箱的密码

报错处理

WARNING: IPv4 forwarding is disabled. Networking will not work.

执行下述命令解决：

echo "net.ipv4.ip_forward=1" >>/usr/lib/sysctl.d/00-system.conf
systemctl restart network

部署Gitlab-Runner

本步骤操作在 172.24.3.242 gitlab-Runner 节点执行
Gitlab-runner容器需要挂载一个路径：config，用来保存配置数据。同时我们需要指定宿主机运行docker的sock文件，这样runner在启动docker容器的时候会调用宿主机的docker-daemon，不需要再Gitlab-runner中再安装docker-daemon

docker pull gitlab/gitlab-runner

docker run -d \
--name gitlab-runner \
--restart always \
-v /usr/local/gitlab/gitlab-runner/config:/etc/gitlab-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
gitlab/gitlab-runner

向Gitlab注册Runner

1. 登录Gitlab，并修改初始密码
   
   
2. 获取Runner的token
   
   

#登陆容器内部
docker exec -it gitlab-runner /bin/bash
#注册runner
root@c6653ec7e562:/# gitlab-runner register
Runtime platform                                    arch=amd64 os=linux pid=51 revision=5316d4ac version=14.6.0
Running in system-mode.                           
                                                   
Enter the GitLab instance URL (for example, https://gitlab.com/):
https://gitlab.bgctv.com.cn
Enter the registration token:
-RvmES-yp7zqNT-CnQBX
Enter a description for the runner:
[c6653ec7e562]: runner-1  
Enter tags for the runner (comma-separated):
Test
Registering runner... succeeded                     runner=-RvmES-y
Enter an executor: virtualbox, docker+machine, kubernetes, custom, parallels, shell, docker-ssh+machine, docker, docker-ssh, ssh:
docker
Enter the default Docker image (for example, ruby:2.6):
docker:20.10.16
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded! 
root@c6653ec7e562:/# 
root@c6653ec7e562:/# exit
exit

验证

部署Gitlab-Registry

本步骤操作在 172.24.3.243 Gitlab-Registry 节点执行

docker pull registry
docker run -d \
--name gitlab-registry \
--restart always \
-p 5000:5000 \
-v /usr/local/gitlab/gitlab-registry:/var/lib/registry \
registry