Install Gitlab CE

I describe here how to install and setup Gitlab-CE.

Change Git

The latest Gitlab-CE version needs git > 2.x.
For CentOS7 install IUS Repo

rpm -ivh https://centos7.iuscommunity.org/ius-release.rpm

After, install yum-plugin-replace and replace official git with git2u

yum install yum-plugin-replace
yum replace git --replace-with git2u

Install Gitlab

Fetch Gitlab-ce repository

First, you need to set-up the repository:

curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash

And Install Gitlab-ce packages

yum install gitlab-ce -y

Docker tip

If, like me, you use a Docker to run your CI, you should install docker-ce

usermod -aG docker gitlab-runner

Enable Gitlab-CE service

And Start

systemctl enable gitlab
systemctl enable gitlab-runsvdir.service
systemctl start gitlab
systemctl start gitlab-runsvdir.service

Install Lets Encrypt

To continue with the configuration, you should install Let’s Encrypt.

Enable Epel and install Certbot

yum install epel-release
yum install certbot

Create a directory to Let’s Encrypt use to ensure the domain point to the server where are installed.

mkdir -p /var/www/letsencrypt

Edit /etc/gitlab/gitlab.rb and create a nginx redirect to this dir

vi /etc/gitlab/gitlab.rb
nginx['custom_gitlab_server_config'] = "location ^~ /.well-known {\n alias /var/www/letsencrypt/.well-known;\n}\n"

Reconfigure the Gitlab

gitlab-ctl reconfigure

And run certbot command to request your certs

certbot certonly -a webroot --webroot-path=/var/www/letsencrypt -d gitlab.domaint.tld -d reg-gitlab.domain.tld

Configure Gitlab

You need to change some configs at /etc/gitlab/gitlab.rb, but the most important for me are listed below.

Change time zone

gitlab_rails['time_zone'] = 'America/Sao_Paulo'

Change git data dir

In my case I created a mount point /gitlab.

git_data_dirs({ "default" => { "path" => "/gitlab/git-data" } })

The Registry configs

Yes, I use a local registry to store the projects containers built by CI.

################################################################################
## Container Registry settings
##! Docs: https://docs.gitlab.com/ce/administration/container_registry.html
################################################################################

registry_external_url 'https://reg-gitlab.domain.tld'

### Settings used by GitLab application
gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_host'] = "reg-gitlab.domain.tld"
gitlab_rails['registry_path'] = "/gitlab/registry"

Nginx configs

################################################################################
## GitLab Nginx
##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
################################################################################

nginx['redirect_http_to_https'] = true

nginx['ssl_certificate'] = "/etc/letsencrypt/live/gitlab.domain.tld/fullchain.pem"
nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/gitlab.domain.tld/privkey.pem"
nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
nginx['ssl_prefer_server_ciphers'] = "on"

nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2"

Nginx and the registry

################################################################################
## Registry NGINX
################################################################################

registry_nginx['enable'] = true
registry_nginx['redirect_http_to_https'] = true
registry_nginx['redirect_http_to_https_port'] = 80
registry_nginx['ssl_ciphers'] = "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
registry_nginx['ssl_prefer_server_ciphers'] = "on"
registry_nginx['ssl_certificate'] = "/etc/letsencrypt/live/gitlab.domain.tld/fullchain.crt"
registry_nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/gitlab.domain.tld/privkey.pem"

Reconfigure the Gitlab

gitlab-ctl reconfigure

Install Gitlab-Runner

Fetch Gitlab-Runner repository

curl -sS https://packages.gitlab.com/install/repositories/runner/gitlab-ci-multi-runner/script.rpm.sh | sudo bash

And install the package

yum install gitlab-ci-multi-runner -y

Enable Gitlab-Runner service

and start

systemctl enable gitlab-runner.service
systemctl start gitlab-runner.service

Register a Runner

First of all, you need to get the token ID to register. It can be found https://gitlab.domain.tld/admin/runners

gitlab-ci-multi-runner register

You should ask something like that:

Running in system-mode.                            

Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.domain.tld/
Please enter the gitlab-ci token for this runner:
_z2PxQuMW7dAeHJPJ4jo
Please enter the gitlab-ci description for this runner:
[host.domain.tld]: docker-dind
Please enter the gitlab-ci tags for this runner (comma separated):
docker, dind
Whether to run untagged builds [true/false]:
[false]:
Whether to lock Runner to current project [true/false]:
[false]:
Registering runner... succeeded runner=_z2PxQuM
Please enter the executor: parallels, docker-ssh+machine, kubernetes, docker, docker-ssh, shell, ssh, virtualbox, docker+machine:
docker
Please enter the default Docker image (e.g. ruby:2.1):
docker:latest
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

It registered a docker-dind runner.

And change /etc/gitlab-runner/config.toml

[[runners]]
name = "docker-dind"
url = "https://gitlab.domain.tld/"
token = "vae7gu3shaid8xaikohfoojei1ha1h"
executor = "docker"
environment = ["VAR1=value1", "VAR2=value2"]
[runners.docker]
tls_verify = false
image = "docker:latest"
privileged = true
disable_cache = false
volumes = ["/cache", "/gitlab/docker-images-pipeline:/images:rw"]
services = ["docker:dind"]
shm_size = 0
[runners.cache]

Understand some configs:

  • environment = ["VAR1=value1", "VAR2=value2"]: Use to pass an ENV to the runner
  • privileged = true: You need to give a privilege to container to use docker’in’docker
  • volumes = ["/cache", "/gitlab/docker-images-pipeline:/images:rw"]: The last volume (docker-images-pipeline)
    is used to keep docker images during the pipeline steps. You can use docker save -o /images/NameOfTheImage.img
    to save and docker load /images/NameOfTheImage.img it again on the next step.
  • services = ["docker:dind"]: This entry call another container, in this case a dind, to run a service needed
    by the runner image. Dind service will run a Docker Daemon to provide the docker service to the runner.

Docker commands to survive

docker ps –size

An important command which I discovered and use is docker ps --size.
Its show what is the size of the container.

[[email protected] ~]$ docker ps --size
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES SIZE
dbffabfb478a docker:17.05-dind "dockerd-entrypoin..." 4 weeks ago Up About a minute 2375/tcp docker1705-dind 10.2MB (virtual 110MB)

On this case, you can see the column size which show 10.2MB (virtual 110MB). Compare with the output of docker images:

[[email protected] ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker 17.05-dind b547d892dffa 4 weeks ago 99.6MB

We discover the virtual size is the sum of image size + 10.2MB (this space was used creating a file with dd command).

The slice (or slices) that compose the base image is not used for each instance that you run with docker, only the the difference will be stored on the hard disk.
In this case represented by 10.2MB.

free space used by docker containers and images

[[email protected] ~]$ docker rm $(docker ps -aq)
[[email protected] ~]$ docker rmi $(docker images -aq)
[[email protected] ~]$ docker volume rm $(docker volume ls -q)

Inspect a container and discover its pid

If you have any PID that you saw using a lot of resource (like CPU or memory), use this command to inspect all
running dockers and its respective PID - ID - NAME.

[[email protected] docker]$ docker ps -q | xargs docker inspect --format '{{.State.Pid}}|{{.ID}}|{{.Name}}'
5746|413810b0c00fe51ac616205db90db222915410202263dc1d2493de5916146534|/test1
4383|dbffabfb478adb2755d5574f586e2250e63dd602bba7706bb2e79252096f036e|/docker1705-dind

Install Docker CE

To install docker from official repository, you should remove any previous installed version.

yum remove docker \
docker-common \
container-selinux \
docker-selinux \
docker-engine \
docker-engine-selinux

Add the official repository

yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

Maybe you shoud install yum-utils first

yum install -y yum-utils

And other required packages

yum install -y device-mapper-persistent-data lvm2

Now you would be able to install docker-ce

yum install -y docker-ce

Enable and start Docker

systemctl enable docker
systemctl start docker

Run hello-world

docker run hello-world
Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×