Vmware 搭建 Bitnami GitLab CE
- 下载 Bitnami GitLab CE
- 导入到 Vmware
- ssh 登录到虚拟机获取 root 用户密码
- 访问 GitLab CE
- 关机命令
- 扩展磁盘
- 配置 tls 证书
- 安装 GitLab Runner
- 注册 GitLab Runner
- 其他,配置 docker 信任自签名证书
下载 Bitnami GitLab CE
下载地址,
https://bitnami.com/stack/gitlab/virtual-machine
导入到 Vmware
ssh 登录到虚拟机获取 root 用户密码
ssh -i <your_private_sshkey> bitnami@<your_gitlab_vm_ip>
sudo cat /home/bitnami/bitnami_credentials
访问 GitLab CE
打开浏览器,输入 https://<your_gitlab_vm_ip>,
- Username or email: root
- Password: 上面步骤获取的 root 用户密码
修改密码,
添加 SSH Keys,
关机命令
shutdown -h now
扩展磁盘
关机后,打开 Vitual Machine Settings,
设置完成后,启动虚拟机,df -h 查看磁盘大小是否更改完成,
配置 tls 证书
refer: https://docs.gitlab.com/runner/configuration/tls-self-signed.html
修改 /etc/hosts,添加本地域名和IP的匹配信息,
sudo vi /ect/hosts
--- add
192.168.31.13 gitlab.server.local
---
下面是创建证书的示例命令,示例中使用域名 server.local,请根据情况修改,
sudo mkdir -p /u01/certs; cd /u01/certs
openssl genrsa -des3 -passout pass:123456 -out ca.key 2048
openssl rsa -in ca.key -passin pass:123456 -out ca.key
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.crt -subj "/CN=server.local"
openssl genrsa -out tls.key 2048
openssl req -new -key tls.key -out tls.csr -subj "/CN=server.local"
cat > server.ext <<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.server.local
EOF
openssl x509 -req -in tls.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out tls.crt -days 3650 -extfile server.ext
更换 gitlab 的 tls 证书,
mv /etc/gitlab/ssl /etc/gitlab/ssl.bak; mkdir /etc/gitlab/ssl
cp /u01/certs/ca.crt /etc/gitlab/trusted-certs
cp /u01/certs/tls.crt /etc/gitlab/ssl/server.crt
cp /u01/certs/tls.key /etc/gitlab/ssl/server.key
配置 gitlab 外部访问地址,
sudo vi /etc/gitlab/gitlab.rb
--- modify
external_url 'https://gitlab.server.local'
---
应用更新配置,
gitlab-ctl reconfigure
重启 gitlab,
gitlab-ctl restart
安装 GitLab Runner
启动 gitlab-runner,--add-host 指定想要使用的本地域名和IP地址,请根据实际情况修改,示例命令如下,
sudo mkdir -p /u01/gitlab-runner/config; sudo chmod 777 /u01/gitlab-runner/config
sudo mkdir -p /u01/gitlab-runner/ca-certificates; sudo chmod 777 /u01/gitlab-runner/ca-certificates
sudo mkdir -p /u01/gitlab-runner/.gitlab-runner; sudo chmod 777 /u01/gitlab-runner/.gitlab-runner
sudo docker run -d --name gitlab-runner --restart always \
-v /u01/gitlab-runner/config:/etc/gitlab-runner \
-v /u01/gitlab-runner/ca-certificates:/usr/local/share/ca-certificates \
-v /u01/gitlab-runner/.gitlab-runner:/home/gitlab-runner/.gitlab-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
--add-host gitlab.server.local:192.168.31.13 \
bitnami/gitlab-runner:15.11.0
sudo docker ps 查看,
注册 GitLab Runner
refer: https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker
首先在 GitLab 上创建一个项目,然后访问 Settings => CI/CD,获取 Runners 的注册 token,
配置自签名证书,
sudo cp -r /u01/certs /u01/gitlab-runner/config
为项目注册 runner,--url 指定想要使用的本地域名,--add-host 指定想要使用的本地域名和IP地址,请根据实际情况修改,示例命令如下,
sudo docker run --rm \
-v /u01/gitlab-runner/config:/etc/gitlab-runner \
-v /u01/gitlab-runner/ca-certificates:/usr/local/share/ca-certificates \
-v /u01/gitlab-runner/.gitlab-runner:/home/gitlab-runner/.gitlab-runner \
--add-host gitlab.server.local:192.168.31.13 \
bitnami/gitlab-runner:15.11.0 register \
--non-interactive \
--url "https://gitlab.server.local/" \
--registration-token "<your_project_token>" \
--executor "docker" \
--docker-image alpine:latest \
--description "docker-runner" \
--maintenance-note "Free-form maintainer notes about this runner" \
--tag-list "docker,aws" \
--run-untagged="true" \
--locked="false" \
--access-level="not_protected" \
--docker-privileged \
--docker-volumes "/certs/client" \
--tls-ca-file=/etc/gitlab-runner/certs/ca.crt
sudo chmod 777 /var/run/docker.sock
确认 runner 正常注册,并且是 active 的状态,
其他,配置 docker 信任自签名证书
sudo mkdir -p /etc/docker/certs.d/gitlab.server.local
sudo cp /u01/certs/ca.crt /etc/docker/certs.d/gitlab.server.local
sudo systemctl daemon-reload
sudo systemctl restart docker
完结!
