🦊 Gitlab

Glab CLI

https://glab.readthedocs.io/en/latest/intro.html

1# add token
2glab auth login --hostname mygitlab.example.com
3# view fork of dep installer
4glab repo view mygitlab.example.com/copain/project
5# clone fork of dep installer
6glab repo clone mygitlab.example.com/copain/project

Install

1Optimization 
2puma['worker_processes'] = 16
3puma['worker_timeout'] = 60
4puma['min_threads'] = 1
5puma['max_threads'] = 4
6puma['per_worker_max_memory_mb'] = 2048

Certificats

Generate CSR in /data/gitlab/csr/server_cert.cnf

 1[req]
 2default_bits       = 2048
 3distinguished_name = req_distinguished_name
 4req_extensions     = req_ext
 5prompt = no
 6
 7[req_distinguished_name]
 8C   = PL
 9ST  = Poland
10L   = Warsaw
11O   = myOrg
12OU  = DEV
13CN  = gitlab.example.com
14
15[req_ext]
16subjectAltName = @alt_names
17
18[alt_names]
19DNS = gitlab.example.com
20IP = 192.168.01.01

1# Create CSR
2openssl req -new -newkey rsa:2048 -nodes -keyout gitlab.example.com.key -config /data/gitlab/csr/server_cert.cnf  -out gitlab.example.com.csr
3
4openssl req -noout -text -in gitlab.example.com.csr 
5
6# Sign your CSR with your PKI. If you PKI is a windows one, you should get back a .CER file.
7
8# check info:
9openssl x509 -text -in gitlab.example.com.cer -noout

 1### push it in crt/key in Gitlab
 2cp /tmp/gitlab.example.com.cer cert/gitlab.example.com.crt
 3cp /tmp/gitlab.example.com.key cert/gitlab.example.com.key
 4cp /tmp/gitlab.example.com.cer cert/192.168.01.01.crt
 5cp /tmp/gitlab.example.com.key cert/192.168.01.01.key
 6
 7### push rootCA in gitlab
 8cp /etc/pki/ca-trust/source/anchors/domain-issuing.crt  /data/gitlab/config/trusted-certs/domain-issuing.crt
 9cp /etc/pki/ca-trust/source/anchors/domain-rootca.crt   /data/gitlab/config/trusted-certs/domain-rootca.crt
10
11### Reconfigure 
12vi /data/gitlab/config/gitlab.rb
13docker exec gitlab bash -c 'update-ca-certificates'
14docker exec gitlab bash -c 'gitlab-ctl reconfigure'
15
16### Stop / Start
17docker stop gitlab
18docker rm gitlab
19docker run -d -p 5050:5050 -p 2289:22 -p 443:443 --restart=always \
20-v /data/gitlab/config:/etc/gitlab \
21-v /data/gitlab/logs:/var/log/gitlab \
22-v /data/gitlab/data:/var/opt/gitlab \
23-v /data/gitlab/cert:/etc/gitlab/ssl \
24-v /data/gitlab/config/trusted-certs:/usr/local/share/ca-certificates \
25--name gitlab gitlab/gitlab-ce:15.0.5-ce.0

Health-Checks

1docker exec gitlab bash -c 'gitlab-ctl status'
2docker exec -it gitlab gitlab-rake gitlab:check SANITIZE=true
3docker exec -it gitlab gitlab-rake gitlab:env:info

Backup

1docker exec -it gitlab gitlab-rake gitlab:backup:create --trace
2
3#Alternate way to do it 
4docker exec gitlab bash -c 'gitlab-backup create'
5docker exec gitlab bash -c 'gitlab-backup create SKIP=repositories'
6docker exec gitlab bash -c 'gitlab-backup create SKIP=registry'

Restore from a Backup

 1Restore
 2gitlab-ctl reconfigure
 3gitlab-ctl start
 4gitlab-ctl stop unicorn
 5gitlab-ctl stop sidekiq
 6gitlab-ctl status
 7ls -lart /var/opt/gitlab/backups
 8
 9docker exec -it gitlab gitlab-rake gitlab:backup:restore --trace
10docker exec -it gitlab gitlab-rake gitlab:backup:restore BACKUP=1537738690_2018_09_23_10.8.3 --trace
11
12Restart 
13docker exec gitlab bash -c 'gitlab-ctl restart'

Update

Pre-checks before update

sudo docker exec -it gitlab gitlab-rake gitlab:check sudo docker exec -it gitlab gitlab-rake gitlab:doctor:secrets

Checks the update path

In functions of your update, checks the path
https://gitlab-com.gitlab.io/support/toolbox/upgrade-path/ 14.10.5 -> 15.0.5 -> 15.4.6 -> 15.8.0

On your Workstation:

1podman pull gitlab/gitlab-ce:15.0.5-ce.0
2podman save gitlab/gitlab-ce:15.0.5-ce.0 > sources/gitlab-ce:15.0.5-ce.0.tar

Export the tar to the target host

 1docker load < /tmp/gitlab-ce:15.0.5-ce.0.tar
 2docker stop gitlab
 3docker rm gitlab
 4docker run -d -p 5050:5050 -p 2289:22 -p 443:443 --restart=always \
 5-v /data/gitlab/config:/etc/gitlab \
 6-v /data/gitlab/logs:/var/log/gitlab \
 7-v /data/gitlab/data:/var/opt/gitlab \
 8-v /data/gitlab/cert:/etc/gitlab/ssl \
 9-v /data/gitlab/config/trusted-certs:/usr/local/share/ca-certificates \
10--name gitlab gitlab/gitlab-ce:15.0.5-ce.0

Becarefull to check in the Admin console that migrations jobs completed successfully before to go to next step