LDAP
- /etc/gitlab/gitlab.rb
- 変更の反映
- # gitlab-ctl reconfigure
- チェック
- # gitlab-rake gitlab:ldap:check RAILS_ENV=production
- # gitlab-rake gitlab:ldap:check RAILS_ENV=production
TLS
- CentOS7 だと TLS1.2 しか使えない.
- /etc/gitlab/gitlab.rb
- 変更の反映
- # gitlab-ctl reconfigure
- # gitlab-ctl reconfigure
HTTPS
# pwd /etc/gitlab/ssl # ls -l -rw-r--r--. 1 root root 1070 2月 19 15:14 gitlab.nsl.tuis.ac.jp.crt -r--------. 1 root root 1679 2月 19 15:14 gitlab.nsl.tuis.ac.jp.key -r--------. 1 root root 1675 2月 19 15:14 gitlab.nsl.tuis.ac.jp.key-staging
Let's Encrypt
- 自動でやってくれるらしい
- /etc/gitlab/gitlab.rb
external_url 'https://gitlab.nsl.tuis.ac.jp' nginx['redirect_http_to_https'] = true nginx['redirect_http_to_https_port'] = 80 nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.crt" nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.key" letsencrypt['enable'] = true letsencrypt['contact_emails'] = ['iseki@rsch.tuis.ac.jp'] # This should be an array of email addresses to add as contacts letsencrypt['group'] = 'root' letsencrypt['key_size'] = 2048 letsencrypt['owner'] = 'root' letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www' # See http://docs.gitlab.com/omnibus/settings/ssl.html#automatic-renewal for more on these sesttings letsencrypt['auto_renew'] = true letsencrypt['auto_renew_hour'] = 1 letsencrypt['auto_renew_minute'] = 0 # Should be a number or cron expression, if specified. letsencrypt['auto_renew_day_of_month'] = "*/1" letsencrypt['auto_renew_log_directory'] = '/var/log/gitlab/lets-encrypt'
- Log: /var/log/gitlab/lets-encrypt/*
Docker Registry
- registry ディレクトリのパーミッションが固定:drwxrwx--- 3 registry git
- repository 用のディレクトリ(drwxrwx--- 3 registry git)と衝突するので位置に注意.
- 格納するイメージ名はある程度固定される.
- ホスト名:5050/ユーザ名/プロジェクト名(大文字は小文字に,空白は-に変換)/~
- ホスト名:5050/ユーザ名/プロジェクト名(大文字は小文字に,空白は-に変換)/~
/etc/gitlab/gitlab.rb
################################################################################ ## Container Registry settings ##! Docs: https://docs.gitlab.com/ee/administration/container_registry.html ################################################################################ registry_external_url 'https://gitlab.nsl.tuis.ac.jp:5050' ### Settings used by GitLab application #gitlab_rails['registry_enabled'] = true #gitlab_rails['registry_host'] = "gitlab.nsl.tuis.ac.jp" #gitlab_rails['registry_port'] = "5050" #gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry" gitlab_rails['registry_path'] = "/opt/data/registry"
push
- user: root , Project name : DockerRegistry
docker tag jupyterhub/singleuser-ltids:21092013 gitlab.nsl.tuis.ac.jp:5050/root/dockerregistry/jupytersingle-ltids docker push gitlab.nsl.tuis.ac.jp:5050/root/dockerregistry/jupytersingle-ltids
いつの間にか動かなくなっていた!
- ソフトウェアの更新が上手くいっていない可能性がある.
- 順にバージョンを上げる必要がある.
/etc/yum.repos.d/gitlab_gitlab-ce.repo をチェック # yum install gitlab-ce-5.1.* # gitlab-ctl reconfigure # yum install gitlab-ce-5.2.* # gitlab-ctl reconfigure # yum install gitlab-ce-5.3.* # gitlab-ctl reconfigure # ........
- gitlab-ce-5.18 で蹴躓く
LDAP でログイン時にエラー
- Could not authenticate you from Ldapmain because "Undefined method `provider' for nil:nilclass".
- LDAPのユーザ属性(posixAccount)に mailアドレスを追加する.see phpLDAPadmin
root のパスワードを忘れた
- # gitlab-rails console -e production
- user = User.where(id: 1).first
- user.password = '********'
- user.password_confirmation = '********'
- user.save!
- exit
-------------------------------------------------------------------------------- Ruby: ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-linux] GitLab: 14.0.1 (76b84b42f64) FOSS GitLab Shell: 13.19.0 PostgreSQL: 12.6 -------------------------------------------------------------------------------- Loading production environment (Rails 6.1.3.2) irb(main):001:0> user = User.where(id: 1).first => #<User id:1 @root> irb(main):002:0> user.password = '********' => "********" irb(main):003:0> user.password_confirmation = '********' => "********" irb(main):004:0> user.save! Enqueued ActionMailer::MailDeliveryJob (Job ID: 529eea94-54df-4468-908b-9db35758e7dd) to Sidekiq(mailers) with arguments: "DeviseMailer", "password_change", "deliver_now", {:args=>[#<GlobalID:0x00007fa9fe922160 @uri=#<URI::GID gid://gitlab/User/1>>]} => true irb(main):005:0> exit
Counter: 897,
today: 2,
yesterday: 1
最終更新: 2023-11-05 (日) 14:21:13 (JST) (315d) by iseki