GitLab Community Edition 13.12.15に乗り換えた時のメモ

gitlab.rbの設定は以下の部分

サイトのURL

gitlab.rb

## GitLab URL
external_url "https://gitlab-on-aws.hogehoge.net"

sshでcloneする際の設定

git@ssh.gitlab-on-aws.hogehoge.netにしたい

gitlab.rb

################################################################################
################################################################################
##                Configuration Settings for GitLab CE and EE                 ##
################################################################################
################################################################################

################################################################################
## gitlab.yml configuration
## ! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md
################################################################################
gitlab_rails['gitlab_ssh_host'] = 'ssh.gitlab-on-aws.hogehoge.net'
gitlab_rails['gitlab_ssh_user'] = 'git'

タイムゾーン

gitlab.rb

gitlab_rails['time_zone'] = 'Asia/Tokyo'

メール送信（gmail）

gitlab.rb

### GitLab email server settings
### ! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
### ! **Use smtp instead of sendmail/postfix.**
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.gmail.com"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "sysdev@hogehoge.net"
gitlab_rails['smtp_password'] = "{{パスワード}}"
gitlab_rails['smtp_domain'] = "smtp.gmail.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = false
# gitlab_rails['smtp_pool'] = false

### ! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**
### ! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'


### Email Settings
gitlab_rails['gitlab_email_enabled'] = true

## ! If your SMTP server does not like the default 'From: gitlab@gitlab.example.com'
## ! can change the 'From' with this setting.
gitlab_rails['gitlab_email_from'] = 'sysdev+gitlab@hogehoge.net'
gitlab_rails['gitlab_email_display_name'] = 'HOGEHOGE Inc. GitLab'
gitlab_rails['gitlab_email_reply_to'] = 'sysdev+gitlab@hogehoge.net'
gitlab_rails['gitlab_email_subject_suffix'] = '[GitLab]'
# gitlab_rails['gitlab_email_smime_enabled'] = false
# gitlab_rails['gitlab_email_smime_key_file'] = '/etc/gitlab/ssl/gitlab_smime.key'
# gitlab_rails['gitlab_email_smime_cert_file'] = '/etc/gitlab/ssl/gitlab_smime.crt'
# gitlab_rails['gitlab_email_smime_ca_certs_file'] = '/etc/gitlab/ssl/gitlab_smime_cas.crt'

Gsuiteでログインできるようにする

gitlab.rb

### OmniAuth Settings
### ! Docs: https://docs.gitlab.com/ee/integration/omniauth.html
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
# gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
# gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
# gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_ldap_user'] = false
gitlab_rails['omniauth_auto_link_saml_user'] = true
# gitlab_rails['omniauth_auto_link_user'] = ['saml']
gitlab_rails['omniauth_external_providers'] = ['saml']
# gitlab_rails['omniauth_allow_bypass_two_factor'] = ['google_oauth2']
gitlab_rails['omniauth_providers'] = [
  {
    "name" => "saml",
    "args" => {
      "assertion_consumer_service_url" => "https://gitlab-on-aws.hogehoge.net/users/auth/saml/callback",
      "idp_cert_fingerprint" => "{{フィンガープリント}}",
      "idp_sso_target_url" => "https://accounts.google.com/o/saml2/idp?idpid={{IDプロバイダID}}",
      "issuer" => "https://gitlab-on-aws.hogehoge.net",
      "name_identifier_format" => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
      "attribute_statements" => { "email" => ["emailAddress"] }
    },
    "label" => "G Suite"
  }
]

バックアップの設定（S3バケットに保存）

gitlab.rb

### Backup Settings
gitlab_rails['backup_keep_time'] = 604800

gitlab_rails['backup_upload_connection'] = {
   'provider' => 'AWS',
   'region' => 'ap-northeast-1',
#   'aws_access_key_id' => 'AKIAKIAKI',
#   'aws_secret_access_key' => 'secret123',
#   # # If IAM profile use is enabled, remove aws_access_key_id and aws_secret_access_key
   'use_iam_profile' => true
}
# backup_upload_remote_directory = S3 buket name
gitlab_rails['backup_upload_remote_directory'] = 'gitlab-on-aws.hogehoge.net'
gitlab_rails['backup_multipart_chunk_size'] = 104857600

AWS ELB配下に配置する場合の設定

gitlab.rb

## ! **Override only if you use a reverse proxy**
## ! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
nginx['listen_port'] = 80

## ! **Override only if your reverse proxy internally communicates over HTTP**
## ! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
nginx['listen_https'] = false

nginx['proxy_set_headers'] = {
#  "Host" => "$http_host_with_default",
#  "X-Real-IP" => "$remote_addr",
#  "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
  "X-Forwarded-Proto" => "https",
  "X-Forwarded-Ssl" => "on",
#  "Upgrade" => "$http_upgrade",
#  "Connection" => "$connection_upgrade"
}

gitlab ci でdockerタイプのrunnerが開始されない

gitlab-runnerが専用ユーザー（gitlab-runner）の時に、dockerを起動できない

以下の手順でインストールして、セットアップしたんだけど・・・

# apt-get install gitlab-runner

# which gitlab-runner
/usr/bin/gitlab-runner

# Give it permissions to execute
# chmod +x /usr/bin/gitlab-runner

# Create a GitLab CI user
# useradd --comment 'GitLab Runner' --create-home gitlab-runner --shell /bin/bash


# Install and run as service
# gitlab-runner install --user=gitlab-runner --working-directory=/home/gitlab-runner

# gitlab-runner start

# gitlab-runner register --url https://gitlab-on-aws.hogehoge.net/ --registration-token $REGISTRATION_TOKEN

　待てど暮らせパイプラインが始まらない

デバッグで走らせてみると・・・パイプラインが走り出して、止めるとまたパイプライン始まらなくなるので、gitlab-runnerが起動してくれさえすれば、問題なくなるはず、でもこれrootで起動したからだった

# デバッグで起動するコマンド
# gitlab-runner --debug run

専用ユーザー（gitlab-runner）でdockerが実行できていないのでは？

確認してみると、やっぱりエラー・・・

# sudo -u gitlab-runner -H docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Build with BuildKit (Docker Inc., v0.6.3-docker)
  scan: Docker Scan (Docker Inc., v0.9.0)

Server:
ERROR: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info": dial unix /var/run/docker.sock: connect: permission denied
errors pretty printing info

gitlab-runner ユーザを docker グループに追加。

# usermod -aG docker gitlab-runner

再度確認

# sudo -u gitlab-runner docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Build with BuildKit (Docker Inc., v0.6.3-docker)
  scan: Docker Scan (Docker Inc., v0.9.0)

Server:
 Containers: 5
  Running: 1
  Paused: 0
  Stopped: 4
 Images: 4
 Server Version: 20.10.10
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 5b46e404f6b9f661a205e28d59c982d3634148f8
 runc version: v1.0.2-0-g52b36a2
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: default
 Kernel Version: 5.11.0-1020-aws
 Operating System: Ubuntu 20.04.3 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 7.768GiB
 Name: ip-10-0-5-123
 ID: 52M2:C6YD:3OXP:NHIW:CPCB:Q4UW:EAOS:OM2Y:7U2J:RK2L:746T:RE5R
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

hello-worldで確認してみる

# sudo -u gitlab-runner docker run hello-world


Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

これでOK、あとはサービス起動できていれば大丈夫

# gitlab-runner status
Runtime platform                                    arch=amd64 os=linux pid=636686 revision=4b9e985a version=14.4.0
gitlab-runner: Service is running