Lab GitLab
Richard Mortier · April 19, 2017 · #tech #config #oldRecently had cause to do this as part of the SRG’s and OCaml Labs infrastructure. Thought it might be useful to make some notes, so here they are! Assuming your local sys-admin
has kindly created you a suitable VM running Ubuntu with login credentials, etc, read on…
Note that several commands that follow must be run as root
, via use of sudo
below. Given that, think twice before just cutting and pasting them in, obviously… And I am not held responsible for anything either way!
Install Docker
On a new Ubuntu stretch/sid (testing) VM:
Next, install up-to-date Docker:
Tweak the systemd
Docker configuration by adding a fragment to point all Docker to the /data
partition, lest the root partition /
fill:
Then start the Docker daemon and run hello-world
just to check all is well:
Finally, test the install by running hello-world
:
If appropriate, you may also wish to add yourself to the docker
user group:
GitLab
Assuming you have rights to run docker
, install and run Gitlab-CE:
S=128.232.xxx.yyy
H=gitlab.srg.cl.cam.ac.uk
\
) )
…or use the make start
target in the Makefile in the related GitHub repo.
TLS Certificates
Self-certified certificates:
Run Backups
backup
script to create backup tarballs and extractsync
script to rsync extracted tarballs to filer
Recovering Password
To change the root
password you need to use the Ruby-on-Rails console to access the relevant object, modify it, and save it back:
gitlab-rails console production
irb(main):001:0> user = User.where(id: 1).first
=> #<User id: 1, email: "admin@example.com", created_at: "2016-11-16 22:57:21", updated_at: "2016-12-05 23:42:50", name: "Administrator", admin: true, projects_limit: 10, skype: "", linkedin: "", twitter: "", authentication_token: "secrettoken", theme_id: 2, bio: nil, username: "root", can_create_group: true, can_create_team: false, state: "active", color_scheme_id: 1, password_expires_at: nil, created_by_id: nil, last_credential_check_at: nil, avatar: nil, hide_no_ssh_key: false, website_url: "", notification_email: "admin@example.com", hide_no_password: false, password_automatically_set: false, location: nil, encrypted_otp_secret: nil, encrypted_otp_secret_iv: nil, encrypted_otp_secret_salt: nil, otp_required_for_login: false, otp_backup_codes: nil, public_email: "", dashboard: 0, project_view: 0, consumed_timestep: nil, layout: 0, hide_project_limit: false, otp_grace_period_started_at: nil, ldap_email: false, external: false, organization: nil>
irb(main):002:0> user.password =
=>
irb(main):003:0> user.password_confirmation =
=>
irb(main):004:0> user.save!
Enqueued ActionMailer::DeliveryJob (Job ID: 5f74573d-dfa2-4778-b365-cbebd88e454e) to Sidekiq(mailers) with arguments: , , , gid: gitlab/User/1
=> true
irb(main):005:0>
gitlab-ctl reconfigure
Hook up to GitHub
Per https://docs.gitlab.com/ce/integration/omniauth.html#initial-omniauth-configuration and https://docs.gitlab.com/ce/integration/github.html:
Edit via sudo docker exec -it gitlab /bin/bash
:
gitlab_rails[] = true
gitlab_rails[] = [, ]
gitlab_rails[] = true
Use SMTP via <ppsw.cam.ac.uk>, for which the from address must have a valid MX
record and not be under <cam.ac.uk> per http://help.uis.cam.ac.uk/email-telephony-and-collaboration/email/technical/sending.
Configuration can be tested via the console:
Notify.test_email(Hello WorldThis is a test message