GitLab

From Christoph's Personal Wiki
Jump to: navigation, search

GitLab is a web-based DevOps lifecycle tool that provides a Git-repository manager providing wiki, issue-tracking and CI/CD pipeline features, using an open-source license, developed by GitLab Inc.

Install GitLab

Note: This section will describe the process of installing GitLab on a Debian-based OS.

$ curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash
$ sudo EXTERNAL_URL="https://gitlab.example.com" apt-get install -y gitlab-ee
$ sudo gitlab-ctl restart postgresql
#$ sudo gitlab-ctl pg-upgrade # optional
$ sudo gitlab-ctl renew-le-certs
$ sudo gitlab-ctl restart redis
$ sudo gitlab-ctl reconfigure
  • Install certbot:
$ sudo apt-get install -y software-properties-common
$ sudo add-apt-repository universe
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update -y
$ sudo apt-get install -y certbot
$ sudo apt-get install -y python3-certbot-dns-route53

Commands

  • Create a configuration file for making GitLab API calls:
$ cat .python-gitlab.cfg
[global]
default = foobar
ssl_verify = true
timeout = 5

[foobar]
url = https://gitlab.example.com
private_token = aaaaaaaaaaaaaaaaaaaa
api_version = 4
  • Make API calls:
$ gitlab user list

Fix Let's Encrypt errors

If after running gitlab-ctl reconfigure you see an error that looks like the following:

Acme::Client::Error::Malformed: Method not allowed

Below are the steps I use to fix it:

  • Edit the /etc/gitlab/gitlab.rb file and disable https external_url and letsencrypt settings:
external_url 'http://domain.com'
#external_url 'https://domain.com'
# letsencrypt['auto_renew'] = true
# letsencrypt['auto_renew_hour'] = 0
# letsencrypt['auto_renew_minute'] = nil # Should be a number or cron expression, if specified.
# letsencrypt['auto_renew_day_of_month'] = "*/4"
  • Then reconfigure gitlab:
$ sudo gitlab-ctl reconfigure
  • Upgrade gitlab to the latest version:
$ sudo apt update -y && sudo apt upgrade -y
  • Edit the /etc/gitlab/gitlab.rb file again and uncomment https/letsencrypt settings:
external_url 'http://domain.com'
external_url 'https://domain.com'
letsencrypt['auto_renew'] = true
letsencrypt['auto_renew_hour'] = 0
letsencrypt['auto_renew_minute'] = nil # Should be a number or cron expression, if specified.
letsencrypt['auto_renew_day_of_month'] = "*/4"
  • Renew the certs and reconfigure (note: you may have to reconfigure one more time for the certs):
$ sudo gitlab-ctl reconfigure
$ sudo gitlab-ctl restart redis
$ sudo gitlab-ctl renew-le-certs
$ sudo gitlab-ctl gitlab-ce reconfigure

And now we are running the latest version of gitlab-ce and the certs have been renewed.

Miscelleanous

  • Reset root password:
$ cat << EOF >reset_root_passwd.sh
#!/bin/bash

gitlab-rails runner -e production " \
  user = User.find_by(id: 1);
  user.password = user.password_confirmation = '<MY_NEW_PASSWORD>'; \
  user.save!"
EOF

External links