Ceci est une ancienne révision du document !
Gérer un service Gitlab
Ce qui suit s’adresse à celles et ceux qui souhaitent administrer un service Gitlab. Si vous êtes un simple utilisateur, allez plutôt voir Gitflow et Git.
Notes en vrac, récupérées ici et là.
Installation, épisode 1
Un article chez Korben : http://korben.info/gitlab-pour-arreter-de-tout-mettre-sur-github.html
Qui me donne un lien direct chez gitlab pour l'install : https://about.gitlab.com/downloads/#debian8
(en root)
apt-get install curl openssh-server ca-certificates postfix curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | bash apt-get install gitlab-ce gitlab-ctl reconfigure
postfix configuré en “local only” pour l'instant, vu la configuration réseau il ne peut pas faire grand chose d'autre.
D'un point de vue général, on configure dans
/etc/gitlab/gitlab.rb
puis on applique la commande pour prendre en compte la configuration :
gitlab-ctl reconfigure
Redirection http
Gitlab redirige régulièrement sur http, ce qui nous mets sur vpstest et présente un problème. Modification de la configuration pour résoudre ce problème :
external_url 'https://ozraya.khaganat.net/' ... nginx['listen_port'] = '80' nginx['listen_https'] = false nginx['proxy_set_headers'] = { "X-Forwarded-Proto" => "https", "X-Forwarded-Ssl" => "on" } #
ldap
lien : https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/ldap.md
gitlab_rails['ldap_enabled'] = true gitlab_rails['ldap_servers'] = YAML.load <<-EOS # remember to close this block with 'EOS' below main: # 'main' is the GitLab 'provider ID' of this LDAP server ## label # # A human-friendly name for your LDAP server. It is OK to change the label later, # for instance if you find out it is too large to fit on the web page. # # Example: 'Paris' or 'Acme, Ltd.' label: 'LDAP' host: '10.10.100.1' port: 389 # or 636 uid: 'uid' method: 'plain' # "tls" or "ssl" or "plain" bind_dn: 'cn=consultation,dc=khaganat,dc=net' password: '8IknNd5kbxrVNy4V' # This setting specifies if LDAP server is Active Directory LDAP server. # For non AD servers it skips the AD specific queries. # If your LDAP server is not AD, set this to false. active_directory: false # If allow_username_or_email_login is enabled, GitLab will ignore everything # after the first '@' in the LDAP username submitted by the user on login. # # Example: # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials; # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'. # # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to # disable this setting, because the userPrincipalName contains an '@'. allow_username_or_email_login: false # Base where we can search for users # # Ex. ou=People,dc=gitlab,dc=example # base: 'ou=people,dc=khaganat,dc=net' # Filter LDAP users # # Format: RFC 4515 http://tools.ietf.org/search/rfc4515 # Ex. (employeeType=developer) # # Note: GitLab does not support omniauth-ldap's custom filter syntax. # user_filter: '' EOS
Mattermost
Ajout d'un virtualhost sur vpstests
<VirtualHost *:443> ProxyPreserveHost On ServerName mattermost.khaganat.net ProxyVia On ProxyRequests Off ProxyPass / http://10.10.100.18:80/ ProxyPassReverse / http://10.10.100.18:80/ ProxyPreserveHost on SSLCertificateFile /etc/letsencrypt/live/vpstests.khaganat.net/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/vpstests.khaganat.net/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost>
Authoriser omniauth :
gitlab_rails['omniauth_enabled'] = true
Configurer mattermost :
mattermost_external_url 'https://mattermost.khaganat.net/' mattermost_nginx['listen_port'] = 80 mattermost_nginx['listen_https'] = false mattermost_nginx['proxy_set_headers'] = { "X-Forwarded-Proto" => "https", "X-Forwarded-Ssl" => "on" }