延續上一篇 Docker 開發筆記 - 使用 Docker Compose 架設 Jenkins 服務 @ macOS 14.2.1 活動,該寫一下 gitlab 架設筆記。其實過年期間有播空試試,但是處理很不順,再加上跑去玩樂就荒廢了。昨晚終於可以收尾一下,把一些使用過程列一下。當時踩坑的原因是自己沒有把環境清乾淨,花了大把時間除錯。
先來個環境簡介:
% docker version
Client:
Cloud integration: v1.0.35+desktop.10
Version: 25.0.3
API version: 1.44
Go version: go1.21.6
Git commit: 4debf41
Built: Tue Feb 6 21:13:26 2024
OS/Arch: darwin/arm64
Context: desktop-linux
Server: Docker Desktop 4.27.2 (137060)
Engine:
Version: 25.0.3
API version: 1.44 (minimum version 1.24)
Go version: go1.21.6
Git commit: f417435
Built: Tue Feb 6 21:14:22 2024
OS/Arch: linux/arm64
Experimental: false
containerd:
Version: 1.6.28
GitCommit: ae07eda36dd25f8a1b98dfbf587313b99c0190bb
runc:
Version: 1.1.12
GitCommit: v1.1.12-0-g51d5e94
docker-init:
Version: 0.19.0
GitCommit: de40ad0
清乾淨後再重啟:
% docker-compose down -v% rm -rf ~/docker-gitlab% docker-compose up
總之先來為回顧官網的 docker 教學吧!依照 gitlab 官網的安裝簡介 可以很快速地裝起來 :
% cat /etc/hosts | grep gitlab127.0.0.1 gitlab.example.com% cat docker-compose.yml# https://docs.docker.com/compose/compose-file/compose-versioning/version: '3.8'services:gitlab:image: gitlab/gitlab-ee:latestcontainer_name: gitlabrestart: alwayshostname: 'gitlab.example.com'environment:GITLAB_OMNIBUS_CONFIG: |external_url 'http://gitlab.example.com:8929'gitlab_rails['gitlab_shell_ssh_port'] = 2424ports:- '8929:8929'- '2424:2424'volumes:- '~/docker-gitlab/config:/etc/gitlab'- '~/docker-gitlab/logs:/var/log/gitlab'- '~/docker-gitlab/data:/var/opt/gitlab'shm_size: '256m'% docker-compose up...% docker container lsCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESXXXXXXXXXXXX gitlab/gitlab-ee:latest "/assets/wrapper" 3 minutes ago Up 3 minutes (healthy) 22/tcp, 443/tcp, 0.0.0.0:20080->80/tcp, 0.0.0.0:20022->2424/tcp gitlab
主要是看到 docker container 狀態要顯示 healthy ,接著就可以去瀏覽 http://gitlab.example.com:8929 位置了(註:gitlab.example.com被我設定成 127.0.0.1)。
接著我還在惡搞切換 nginx port,以及碰到 chrome browser 的 ERR_UNSAFE_PORT,最後延宕了好一陣子 :P 就把剩下的流水帳心得都記錄一下:
- 關於 gitlab/gitlab-ee:latest 和 gitlab/gitlab-ce:latest ,據說 gitlab/gitlab-ee:latest 沒有序號啟動時,就等同於 gitlab/gitlab-ce:latest ,就統一用 gitlab/gitlab-ee:latest 即可
- 記得初次使用時,登入帳號是 root ,密碼躲在 /etc/gitlab/initial_root_password
% docker container lsCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESXXXXXXXX gitlab/gitlab-ee:latest "/assets/wrapper" 20 minutes ago Up 18 minutes (healthy) 80/tcp, 443/tcp, 0.0.0.0:20443->20443/tcp, 0.0.0.0:20022->22/tcp gitlab% docker exec -it XXXXXXXX cat /etc/gitlab/initial_root_password# WARNING: This value is valid only in the following conditions# 1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run).# 2. Password hasn't been changed manually, either via UI or via command line.## If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.Password: yNRnhTRu9IZ/eBvlC3BCDeuK6zn6BUBmGB+a89SMpn0=# NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.
- 使用 GITLAB_OMNIBUS_CONFIG 可以便利的完成絕大部分的設定
- 自訂的 port 請避開 chrome browser 定義的 ERR_UNSAFE_PORT 清單,這個雷不小心會耗掉非常多時間的,例如我偷懶把 80 增加個 10000 變成 10080 ...就中招,讓我以為有什麼服務沒啟動成功
- 善用 external_url 設定外部連進去的資訊,並且把 HOST:CONTAINER Ports 都填寫一樣是最輕鬆的方式:
environment:GITLAB_OMNIBUS_CONFIG: |external_url 'http://gitlab.example.com:20080'gitlab_rails['gitlab_shell_ssh_port'] = 20022ports:- '20080:20080'- '20022:20022'
- 想要來惡搞讓 nginx 聽在不同 port ,那就要設定更多東西
environment:GITLAB_OMNIBUS_CONFIG: |external_url 'http://gitlab.example.com:20080'nginx['listen_port'] = 80gitlab_rails['gitlab_shell_ssh_port'] = 22ports:- '20080:80'- '20022:22'
- 想要啟用加密連線,單靠 external_url 更新成 `https://` 的描述也會默認啟動 SSL 加密連線服務,但下一刻還得處理憑證問題,連續動作:
% mkdir -p ssl% test -e ./ssl/localhost.key || openssl genpkey -algorithm RSA -out ./ssl/localhost.key% test -e ./ssl/localhost.crt || openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ./ssl/localhost.key -out ./ssl/localhost.crt -subj '/C=US/ST=State/L=City/O=Organization/OU=Unit/CN=localhost'% tree sslssl├── localhost.crt└── localhost.key1 directory, 2 files
% cat docker-compose.yml...
environment:GITLAB_OMNIBUS_CONFIG: |external_url 'https://gitlab.example.com:20443'#nginx['listen_port'] = 443nginx['ssl_certificate'] = "/etc/gitlab-ssl-usage/localhost.crt"nginx['ssl_certificate_key'] = "/etc/gitlab-ssl-usage/localhost.key"gitlab_rails['gitlab_shell_ssh_port'] = 22ports:- '20443:20443'- '20022:22'volumes:- './ssl:/etc/gitlab-ssl-usage'
- 若不想靠 volumes 掛進來,也可以改用 command 來發動
command: ["sh", "-c", "mkdir -p /etc/gitlab-ssl-usage && (test -e /etc/gitlab-ssl-usage/localhost.key || openssl genpkey -algorithm RSA -out /etc/gitlab-ssl-usage/localhost.key ) && ( test -e /etc/gitlab-ssl-usage/localhost.crt || openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/gitlab-ssl-usage/localhost.key -out /etc/gitlab-ssl-usage/localhost.crt -subj '/C=US/ST=State/L=City/O=Organization/OU=Unit/CN=localhost' ) && /assets/wrapper "]#command: ["sh", "-c", "/tmp/config/setup.sh"]environment:GITLAB_OMNIBUS_CONFIG: |external_url 'https://gitlab.example.com:20443'nginx['ssl_certificate'] = "/etc/gitlab-ssl-usage/localhost.crt"nginx['ssl_certificate_key'] = "/etc/gitlab-ssl-usage/localhost.key"gitlab_rails['gitlab_shell_ssh_port'] = 22ports:- '20443:20443'- '20022:22'
- 最初實驗時還曾碰過 redis 跟 postgres 無法跑起來的問題 ( /var/opt/gitlab/postgresql/ , /var/opt/gitlab/redis/ ),以至於變成非常臭長的架構,我想沒事都可以不用這樣惡搞了,在此順便留戀一下
# https://docs.docker.com/compose/compose-file/compose-versioning/version: '3.8'services:redis:restart: unless-stoppedimage: redis:latestcontainer_name: gitlab-redisvolumes:- ~/docker_gitlab_home/redis:/data- ~/docker_gitlab_home/socket-redis:/var/run/redispostgres:image: postgres:latestcontainer_name: gitlab-postgresrestart: unless-stoppedenvironment:POSTGRES_USER: gitlabPOSTGRES_PASSWORD: gitlabAdminvolumes:- ~/docker_gitlab_home/postgres:/var/lib/postgresql/data- ~/docker_gitlab_home/socket-postgresql:/var/run/postgresqlgitlab:# https://docs.gitlab.com/ee/install/docker.html#install-gitlab-using-docker-compose# https://hub.docker.com/r/gitlab/gitlab-ee/# https://hub.docker.com/r/gitlab/gitlab-ceimage: gitlab/gitlab-ee:latestcontainer_name: gitlab-maindepends_on:- postgres- redis# https://docs.docker.com/config/containers/start-containers-automatically/#use-a-restart-policyrestart: unless-stoppedhostname: 'localhost'command: ["sh", "-c", "mkdir -p /etc/gitlab-ssl-usage && (test -e /etc/gitlab-ssl-usage/localhost.key || openssl genpkey -algorithm RSA -out /etc/gitlab-ssl-usage/localhost.key ) && ( test -e /etc/gitlab-ssl-usage/localhost.crt || openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/gitlab-ssl-usage/localhost.key -out /etc/gitlab-ssl-usage/localhost.crt -subj '/C=US/ST=State/L=City/O=Organization/OU=Unit/CN=localhost' ) && /assets/wrapper "]environment:GITLAB_OMNIBUS_CONFIG: |# Add any other gitlab.rb configuration here, each on its own line#external_url 'http://localhost:20080'#nginx['listen_port'] = 80external_url 'https://localhost:20443'gitlab_rails['gitlab_shell_ssh_port'] = 22nginx['listen_port'] = 443nginx['listen_https'] = truenginx['ssl_certificate'] = "/etc/gitlab-ssl-usage/localhost.crt"nginx['ssl_certificate_key'] = "/etc/gitlab-ssl-usage/localhost.key"#letsencrypt['enable'] = falsegitlab_rails['db_username'] = "gitlab"gitlab_rails['db_password'] = "gitlabAdmin"ports:# note: ERR_UNSAFE_PORT - https://chromium.googlesource.com/chromium/src.git/+/refs/heads/main/net/base/port_util.cc#27# HOST:CONTAINER- 20443:443#- 20080:80- 20022:22volumes:- ~/docker_gitlab_home/config:/etc/gitlab- ~/docker_gitlab_home/logs:/var/log/gitlab- ~/docker_gitlab_home/data:/var/opt/gitlab- ~/docker_gitlab_home/redis:/var/opt/gitlab/data/redis- ~/docker_gitlab_home/postgresql:/var/opt/gitlab/postgresql- ~/docker_gitlab_home/socket-postgresql:/var/opt/gitlab/postgresql/- ~/docker_gitlab_home/socket-redis:/var/opt/gitlab/redis/
沒有留言:
張貼留言