Gitlab CE II
페이지 정보
작성자 꿈꾸는여행자 작성일 23-05-26 13:36 조회 3,243 댓글 0본문
안녕하세요.
꿈꾸는여행자입니다.
OpenShift 환경에서 자주 사용되는 Git Tool, Gitlab CE 환경 구성을 공유 하고자 합니다.
해당 내역은 기존 Gitlab 사전 구성 준비 이후, Gitlab 설치 관련된 사항입니다.
상세 내역은 아래와 같습니다.
감사합니다.
> 아래
2.1.8. DNS
* DNS 정보 확인
cp ocpcst.ldsproject.com.zone ocpcst.ldsproject.com.zone.20221228_1030
cp rev.ocpcst.ldsproject.com.zone rev.ocpcst.ldsproject.com.zone.20221228_1030
nslookup cicd.ocpcst.ldsproject.com
[root@bastion named]# pwd
/var/named
[root@bastion named]# ls -al
total 32
drwxrwx--T. 5 root named 4096 Dec 25 00:00 .
drwxr-xr-x. 22 root root 4096 Dec 15 16:10 ..
drwxrwx---. 2 named named 75 Dec 25 00:00 data
drwxrwx---. 2 named named 60 Dec 28 09:58 dynamic
-rw-r-----. 1 root named 2253 Sep 30 05:09 named.ca
-rw-r-----. 1 root named 152 Sep 30 05:09 named.empty
-rw-r-----. 1 root named 152 Sep 30 05:09 named.localhost
-rw-r-----. 1 root named 168 Sep 30 05:09 named.loopback
-rw-r--r-- 1 named named 900 Dec 19 09:58 ocpcst.ldsproject.com.zone
-rw-r--r-- 1 named named 1111 Dec 15 16:10 rev.ocpcst.ldsproject.com.zone
drwxrwx---. 2 named named 6 Sep 30 05:09 slaves
[root@bastion named]#
[root@bastion named]# cp ocpcst.ldsproject.com.zone ocpcst.ldsproject.com.zone.20221228_1030
[root@bastion named]# cp rev.ocpcst.ldsproject.com.zone rev.ocpcst.ldsproject.com.zone.20221228_1030
[root@bastion named]#
[root@bastion named]# nslookup cicd.ocpcst.ldsproject.com
Server: 192.168.120.100
Address: 192.168.120.100#53
** server can't find cicd.ocpcst.ldsproject.com: NXDOMAIN
[root@bastion named]#
* Edit zone file
vi ocpcst.ldsproject.com.zone
cicd.ocpcst.ldsproject.com. IN A 192.168.120.51
* Edit reverse zone file
vi rev.ocpcst.ldsproject.com.zone
51.120.168.192.in-addr.arpa. IN PTR cicd.ocpcst.ldsproject.com.
* Restart bind service
sudo systemctl restart named
* Check lookup
nslookup cicd.ocpcst.ldsproject.com
[root@bastion named]# nslookup cicd.ocpcst.ldsproject.com
Server: 192.168.120.100
Address: 192.168.120.100#53
Name: cicd.ocpcst.ldsproject.com
Address: 192.168.120.51
[root@bastion named]#
2.2. Gitlab CE
* Install and Configure GitLab on RHEL 9 / CentOS Stream 9
* https://technixleo.com/install-and-configure-gitlab-on-rhel-9-centos-stream-9/
2.2.1. Prerequisite
* Update your system packages
sudo dnf update -y
* Install GitLab dependencies using the following command.
sudo dnf install -y curl policycoreutils perl
* Configure the Firewall to allow HTTP and HTTPS services.
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo systemctl reload firewalld
* Install, start and enable Postfix to send notification emails.
sudo dnf install postfix
sudo systemctl enable postfix
sudo systemctl start postfix
* Check the status of Postfix
sudo systemctl status postfix
2.2.2. Install
* Add the GitLab repository to the system.
vim /etc/yum.repos.d/gitlab_gitlab-ce.repo
[gitlab_gitlab-ce]
name=gitlab_gitlab-ce
baseurl=https://packages.gitlab.com/gitlab/gitlab-ce/el/8/$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce-3D645A26AB9FBD22.pub.gpg
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
[gitlab_gitlab-ce-source]
name=gitlab_gitlab-ce-source
baseurl=https://packages.gitlab.com/gitlab/gitlab-ce/el/8/SRPMS
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce-3D645A26AB9FBD22.pub.gpg
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
* Then install the Gitlab community edition with the following command.
sudo dnf install gitlab-ce -y
2.2.3. Configure GitLab on RHEL 9|CentOS 9
* Set up your DNS to the URL at which you want to access your GitLab instance.
sudo hostnamectl set-hostname gitlab.technixleo.com
* To change the GitLab URL access, edit the configuration file.
* Change the external URL to your domain name.
* You can set a password for the initial administrator user account (root).
sudo cp /etc/gitlab/gitlab.rb /etc/gitlab/gitlab.rb.orig
sudo vi /etc/gitlab/gitlab.rb
external_url 'https://gitlab.technixleo.com'
external_url 'https://cicd.ocpcst.ldsproject.com'
external_url 'http://cicd.ocpcst.ldsproject.com'
gitlab_rails['initial_root_password'] = 'ldssmart1160!!'
* Reconfigure the instance to save changes.
sudo gitlab-ctl reconfigure
2.2.4. Secure GitLab with SSL
* SSL 적용 실패
* We can secure GitLab with a Self-signed certificate or a Let’s Encrypt certificate.
2.2.4.1. Self-signed Certificate
* Create the following directory to generate a self-signed certificate and set appropriate permissions.
sudo mkdir -p /etc/gitlab/ssl
sudo chmod 755 /etc/gitlab/ssl
* Generate the self-signed certificate and store it in the directory with the following command.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/gitlab/ssl/cicd.ocpcst.ldsproject.com.key \
-out /etc/gitlab/ssl/cicd.ocpcst.ldsproject.com.crt
[root@cicd ~]# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/gitlab/ssl/cicd.ocpcst.ldsproject.com.key -out /etc/gitlab/ssl/cicd.ocpcst.ldsproject.com.crt
…
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:KR
State or Province Name (full name) []:Seoul
Locality Name (eg, city) [Default City]:GangNam
Organization Name (eg, company) [Default Company Ltd]:Exam
Organizational Unit Name (eg, section) []:Exam
Common Name (eg, your name or your server's hostname) []:cicd.ocpcst.ldsproject.com
Email Address []:ktm@linuxdata.co.kr
[root@cicd ~]#
* Edit the configuration file to provide the SSL certificate paths.
sudo vi /etc/gitlab/gitlab.rb
nginx['enable'] = true
nginx['client_max_body_size'] = '250m'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/cicd.ocpcst.ldsproject.com.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/cicd.ocpcst.ldsproject.com.key"
nginx['ssl_protocols'] = "TLSv1.1 TLSv1.2 TLSv1.3"
* Reconfigure your instance to apply the changes.
sudo gitlab-ctl reconfigure
2.2.4.2. Let’s Encrypt certificate
* Edit the GitLab configuration file with the following settings.
sudo vi /etc/gitlab/gitlab.rb
letsencrypt['enable'] = true
letsencrypt['contact_emails'] = ['ktm@linuxdata.co.kr'] # This should be an array of email addresses to add as contacts
letsencrypt['auto_renew'] = true
* Then reconfigure the instance to apply changes
sudo gitlab-ctl reconfigure
2.2.5. Start Service
* Restart
* https://potato-yong.tistory.com/145
sudo gitlab-ctl restart
[root@cicd ~]# sudo gitlab-ctl restart
ok: run: alertmanager: (pid 43380) 1s
ok: run: gitaly: (pid 43390) 0s
ok: run: gitlab-exporter: (pid 43404) 0s
ok: run: gitlab-kas: (pid 43494) 0s
ok: run: gitlab-workhorse: (pid 43503) 1s
ok: run: logrotate: (pid 43515) 0s
ok: run: nginx: (pid 43521) 1s
ok: run: node-exporter: (pid 43529) 0s
ok: run: postgres-exporter: (pid 43534) 0s
ok: run: postgresql: (pid 43546) 0s
ok: run: prometheus: (pid 43549) 0s
ok: run: puma: (pid 43566) 0s
ok: run: redis: (pid 43571) 0s
ok: run: redis-exporter: (pid 43577) 1s
ok: run: sidekiq: (pid 43584) 0s
[root@cicd ~]#
2.2.6. Connect Service
* Connect Url on Browser
* http://cicd.ocpcst.ldsproject.com
2.2.7. Manage - Account
* Create Account
* Admin > Overview > Users > New user
* Account
* Name : user01
* Username: user01
* ID 정보
* Email
* user01@example.com
* Login
* Email 기준 수신된 URL로 Password 설정
댓글목록 0
등록된 댓글이 없습니다.