Deprecate GitLab

This commit is contained in:
Joey Hafner 2024-01-06 11:55:07 -08:00
parent 8fecb04cd9
commit f8717b0d85
5 changed files with 7 additions and 133 deletions

View File

@ -1,2 +0,0 @@
DOCKER_DATA=/home/admin/data/gitlab
DOCKER_CONFIG=/home/admin/docker_config/gitlab

View File

@ -1,13 +0,0 @@
# Updating GitLab configuration
This gitlab instance is using the omnibus package.
See [GitLab Omnibus Reconfigure](https://docs.gitlab.com/ee/administration/restart_gitlab.html#omnibus-gitlab-reconfigure) for official docs on reconfiguration.
Here are the basic steps:
1. Update the `GITLAB_OMNIBUS_CONFIG` environment variable in `docker-compose.yml`. Add the desired omnibus configuration lines.
2. Run `docker exec -it gitlab_gitlab vi /etc/gitlab/gitlab.rb` to begin editing the omnibus config file. Make the necessary changes (`i` to enter insert mode), then save (`esc`, then `:wq`, enter).
3. Run `docker exec gitlab_gitlab gitlab-ctl diff-config` to compare the new config file with the *default* config file (not previous). The lines with `+` are from the default config, and the lines with `-` are the config to be applied.
4. Run `docker exec gitlab_gitlab gitlab-ctl reconfigure` to apply the changes.
5. Confirm the value set in step 1 is still correct.
# View current GitLab configuration
To get the current Gitlab config, run `docker exec gitlab_gitlab cat /etc/gitlab/gitlab.rb`.
You can also pipe this into `grep` to find the lines referring to a particular topic. For example: `docker exec gitlab_gitlab cat /etc/gitlab/gitlab.rb | grep registry`

View File

@ -1,114 +0,0 @@
version: '3.3'
services:
gitlab:
image: 'gitlab/gitlab-ee:16.6.0-ee.0'
container_name: gitlab_gitlab
deploy:
resources:
limits:
memory: 8G
restart: "no"
hostname: 'gitlab.jafner.net'
networks:
- web
- gitlab
environment:
GITLAB_SKIP_UNMIGRATED_DATA_CHECK: "false"
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.jafner.net'
gitlab_rails['gitlab_shell_ssh_port'] = 2229
nginx['listen_https'] = false
nginx['listen_port'] = 80
nginx['proxy_set_headers'] = {
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on"
}
letsencrypt['enable'] = false
gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '192.168.1.0/24']
registry_external_url 'https://registry.gitlab.jafner.net'
gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_host'] = "registry.gitlab.jafner.net"
gitlab_rails['api_url'] = 'https://registry.gitlab.jafner.net'
registry_nginx['enable'] = false
registry['registry_http_addr'] = "0.0.0.0:5000"
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect']
gitlab_rails['omniauth_sync_email_from_provider'] = 'openid_connect'
gitlab_rails['omniauth_sync_profile_from_provider'] = ['openid_connect']
gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_saml_user'] = true
gitlab_rails['omniauth_providers'] = [
{
name: "openid_connect",
label: "Keycloak",
icon: 'https://keycloak.jafner.net/resources/9tuqi/admin/keycloak.v2/favicon.svg',
args: {
name: "openid_connect",
scope: ["openid","profile","email"],
response_type: "code",
issuer: "https://keycloak.jafner.net/realms/Jafner.net",
discovery: true,
client_auth_method: "query",
uid_field: "email",
send_scope_to_token_endpoint: "false",
client_options: {
identifier: "gitlab.jafner.net",
secret: "***REMOVED***",
redirect_uri: "https://gitlab.jafner.net/users/auth/openid_connect/callback"
}
}
}
]
ports:
- '2229:22'
volumes:
- '${DOCKER_DATA}/config:/etc/gitlab'
- '${DOCKER_DATA}/logs:/var/log/gitlab'
- '${DOCKER_DATA}/data:/var/opt/gitlab'
shm_size: '256m'
labels:
- traefik.http.routers.gitlab.rule=Host(`gitlab.jafner.net`)
- traefik.http.routers.gitlab.tls.certresolver=lets-encrypt
- traefik.http.routers.gitlab.tls.options=tls12@file
- traefik.http.routers.gitlab.middlewares=securityheaders@file
- traefik.http.routers.gitlab.service=gitlab
- traefik.http.services.gitlab.loadbalancer.server.port=80
- traefik.http.routers.gitlab-registry.rule=Host(`registry.gitlab.jafner.net`)
- traefik.http.routers.gitlab-registry.tls.certresolver=lets-encrypt
- traefik.http.routers.gitlab-registry.service=gitlab-registry
- traefik.http.services.gitlab-registry.loadbalancer.server.port=5000
gitlab-runner-0:
image: 'gitlab/gitlab-runner:latest'
container_name: gitlab_runner_0
restart: "no"
networks:
- gitlab
env_file:
- runner.env
volumes:
- ${DOCKER_DATA}/runner-config:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
labels:
- traefik.enable=false
gitlab-runner-1:
image: 'gitlab/gitlab-runner:latest'
container_name: gitlab_runner_1
restart: "no"
networks:
- gitlab
env_file:
- runner.env
volumes:
- ${DOCKER_DATA}/runner-config:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
labels:
- traefik.enable=false
networks:
web:
external: true
gitlab:

View File

@ -1 +0,0 @@
GODEBUG="x509ignoreCN=0"

View File

@ -22,10 +22,14 @@ We'll assume the new service is hosted at `https://web.jafner.net`.
[Docs on Keycloak.org](https://www.keycloak.org/server/importExport)
## Export Realms
With the docker container offline, run: `docker-compose run --entrypoint="/opt/keycloak/bin/kc.sh export --dir /opt/keycloak/data/export --users realm_file" keycloak`
With the docker container offline, run: `docker-compose run --rm --entrypoint="/opt/keycloak/bin/kc.sh export --dir /opt/keycloak/data/import --users realm_file" keycloak`
This will export the contents of each realm to a `json` file in the `export/` directory. `/opt/keycloak/data` should be the directory that is mounted to the host.
This will export the contents of each realm to a `json` file in the `import/` directory. `/opt/keycloak/data` should be the directory that is mounted to the host.
## Import Realms
To import realms at startup, replace the startup command with `start --import-realm`
Additionally, you'll need to map the directory containing the files to import (e.g. `$KEYCLOAK_DATA/import`) to the `/opt/keycloak/data/import` inside the container.
Additionally, you'll need to map the directory containing the files to import (e.g. `$KEYCLOAK_DATA/import`) to the `/opt/keycloak/data/import` inside the container.
For each realm to import, run `docker-compose run --entrypoint="/opt/keycloak/bin/kc.sh import --file /opt/keycloak/data/import/{REALM_NAME}.json" keycloak` (replace `{REALM_NAME}` with the name of the realm.)
https://howtodoinjava.com/devops/keycloak-script-upload-is-disabled/