Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
286 lines (257 sloc) 9.32 KB
type: install
version: 1.4
id: gitlab-ci-cd
baseUrl: https://raw.githubusercontent.com/jelastic-jps/gitlab/master
categories:
- apps/dev-and-admin-tools
description:
text: /text/description.md
short: 'Private GitLab Server with scalable runners and Docker Hub Registry'
logo: /images/gitlab-logo.png
name: DevOps Lab - GitLab Server
targetRegions:
type: vz7
settings:
fields:
- type: checkbox
name: le-addon
caption: Install Let's Encrypt Certificates and Custom Domains Addon. Public IP is required.
value: false
onBeforeInit: |
var resp = jelastic.billing.account.GetQuotas(appid, session, 'environment.externalip.enabled');
if (resp.result != 0) return resp;
var r = {result:0}
if (!resp.array[0].value) r.settings = {};
return r;
globals:
DB_USER: gitlab-${fn.password(5)}
DB_PASSWORD: ${fn.password(32)}
RUNNER_TOKEN: ${fn.password(32)}
GITLAB_SECRETS_BASE: ${fn.password(64)}
ROOT_PASSWORD: ${fn.password(16)}
HTTP_SECRET: ${fn.password(32)}
REPO_URL: https://github.com/jelastic/docker-gitlab.git
DEPLOY_HOOK: /root/deployLE.sh
UNDEPLOY_HOOK: /root/undeployLE.sh
DEPLOY_HOOK_JS: https://raw.githubusercontent.com/jelastic-jps/gitlab/master/scripts/deployHook.js?_r=${fn.random}
CERTS: /srv/docker/gitlab/certs
HTTPS_PORT: 443
SSH_PORT: 10022
REGISTRY_PORT: 5000
RUN_RUNNER: |-
docker run -d --privileged --name gitlab-runner --restart always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /srv/docker/gitlab-runner:/etc/gitlab-runner:shared \
gitlab/gitlab-runner &>> /var/log/run.log
nodes:
- count: 1
cloudlets: 32
image: jelastic/docker-ce
nodeGroup: cp
displayName: GitLab Server
volumes:
- /srv/docker/gitlab
- /root
env:
JELASTIC_EXPOSE: 80
RUNNER_TOKEN: ${globals.RUNNER_TOKEN}
GITLAB_SECRETS_BASE: ${globals.GITLAB_SECRETS_BASE}
ROOT_PASSWORD: ${globals.ROOT_PASSWORD}
HTTP_SECRET: ${globals.HTTP_SECRET}
DB_USER: ${globals.DB_USER}
DB_PASSWORD: ${globals.DB_PASSWORD}
USER_EMAIL: ${user.email}
startService: false
extip: ${settings.le-addon:false}
- count: 1
cloudlets: 32
image: jelastic/docker-ce
nodeGroup: runner
displayName: Runners
env:
RUNNER_TOKEN: ${globals.RUNNER_TOKEN}
DOCKER_IMAGE: docker:stable-git
volumes:
- /srv/docker/gitlab-runner/certs
volumeMounts:
/srv/docker/gitlab-runner/certs:
sourcePath: ${globals.CERTS}
sourceNodeGroup: cp
readOnly: true
ssl: true
skipNodeEmails: true
onBeforeServiceScaleOut[runner]:
forEach(event.response.nodes):
set-runner-ssl: ${@i.id}
onAfterServiceScaleOut[runner]:
forEach(event.response.nodes):
register-runner: ${@i.id}
onBeforeScaleIn[runner]:
forEach(event.response.nodes):
unregister-runner: ${@i.id}
onInstall:
- installAddon:
id: update-addon
nodeGroup: cp
- if (!${settings.le-addon:false}):
- installAddon:
id: letsencrypt-ssl-addon
nodeGroup: cp
- api: env.control.AddEndpoint
nodeId: ${nodes.cp.master.id}
privatePort: ${globals.SSH_PORT}
protocol: TCP
name: GitLab SSH
- api: env.control.EditEndpoint
id: ${response.object.id}
privatePort: ${response.object.publicPort}
protocol: TCP
name: GitLab SSH
- setGlobals:
SSH_PORT: ${response.object.publicPort}
HTTPS_PORT: 4848
REGISTRY_PORT: 8443
- add-env-vars:
https_port: ${globals.HTTPS_PORT}
- run-docker
- install-ssl
- deploy
- forEach(nodes.runner):
register-runner: ${@i.id}
- if (${settings.le-addon:false}):
install-LE:
skipEnvs: true
actions:
add-env-vars:
- api: env.control.AddContainerEnvVars
nodeGroup: cp
vars: {"GITLAB_HOST": "${env.domain}", "REGISTRY_HOST": "${env.domain}", "HTTPS_PORT": "${this.https_port}", "SSH_PORT": "${globals.SSH_PORT}", "REGISTRY_PORT": "${globals.REGISTRY_PORT}"}
- api: env.control.AddContainerEnvVars
nodeGroup: runner
vars: {"CI_SERVER_URL": "https://${env.domain}:${globals.HTTPS_PORT}/ci"}
run-docker:
- api: env.control.ExecDockerRunCmd
nodeId: ${nodes.cp.master.id}
install-ssl:
- cmd[cp]: |-
cd ${globals.CERTS}
openssl req -nodes -newkey rsa:4096 -keyout auth.key -out auth.csr -subj "/CN=${env.domain}" &>> /var/log/run.log
openssl x509 -req -extfile <(printf "subjectAltName=DNS:${env.domain},DNS:registry") -in auth.csr -out auth.crt -signkey auth.key -days 3650 &>> /var/log/run.log
openssl dhparam -out dhparam.pem 2048 &>> /var/log/run.log
cp auth.crt ca.crt
- set-runner-ssl: runner
set-runner-ssl:
cmd[${this}]: |-
yum install ca-certificates -y
update-ca-trust force-enable
while [ ! -f /srv/docker/gitlab-runner/certs/ca.crt ]; do ls -l /srv/docker/gitlab-runner/certs; mount | grep certs; sleep 2; done
cp /srv/docker/gitlab-runner/certs/ca.crt /etc/pki/ca-trust/source/anchors/
cp /srv/docker/gitlab-runner/certs/ca.crt /etc/pki/tls/certs/
update-ca-trust extract
service docker restart
register-runner:
cmd[${this}]: |-
until docker run --rm --privileged --name gitlab-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /srv/docker/gitlab-runner:/etc/gitlab-runner:shared \
gitlab/gitlab-runner register \
--non-interactive \
--name "node${this}" \
--executor "docker" \
--docker-image "$DOCKER_IMAGE" \
--docker-volumes /var/run/docker.sock:/var/run/docker.sock \
--docker-privileged \
--url "$CI_SERVER_URL" \
--registration-token "$RUNNER_TOKEN" \
--tag-list "" \
--run-untagged \
--locked="false" &>> /var/log/run.log
do
sleep 2;
done
${globals.RUN_RUNNER}
unregister-runner:
cmd[${this}]: |-
docker run --rm --privileged --name unreg-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /srv/docker/gitlab-runner:/etc/gitlab-runner:shared \
gitlab/gitlab-runner unregister \
--name "node${this}"
deploy:
cmd[cp]: |-
git clone ${globals.REPO_URL} gitlab &>> /var/log/run.log
cd gitlab && docker-compose up -d &>> /var/log/run.log
install-LE:
- if (!${this.skipEnvs:false}):
- add-env-vars:
https_port: 443
- cmd[cp]: |-
iptables -t nat -I PREROUTING -p tcp -m tcp --dport 4848 -j REDIRECT --to-ports 443
service iptables save
- cmd[cp]: |-
dir=${globals.CERTS}/../certs_ss
[ ! -d "${dir}" ] && { mkdir -p ${dir}; yes | cp ${globals.CERTS}/* ${dir}; }
printf '#!/bin/bash
mkdir -p $(dirname ${globals.DEPLOY_HOOK})
#wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem -O ${globals.CERTS}/ca.crt
wget https://letsencrypt.org/certs/fakelerootx1.pem -O ${globals.CERTS}/ca.crt
yes | cp -f /var/lib/jelastic/keys/fullchain.pem ${globals.CERTS}/auth.crt
yes | cp -f /var/lib/jelastic/keys/privkey.pem ${globals.CERTS}/auth.key
service docker restart' > ${globals.DEPLOY_HOOK}
printf '#!/bin/bash
mkdir -p $(dirname ${globals.UNDEPLOY_HOOK})
yes | cp -f ${dir}/* ${globals.CERTS}
iptables -t nat -D PREROUTING -p tcp -m tcp --dport 4848 -j REDIRECT --to-ports 443
service iptables save
service docker restart' > ${globals.UNDEPLOY_HOOK}
- install:
jps: https://raw.githubusercontent.com/jelastic-jps/lets-encrypt/master/manifest.jps?_r=${fn.random}
nodeGroup: cp
settings:
deployHook: ${globals.DEPLOY_HOOK_JS}
deployHookType: js
undeployHook: ${globals.DEPLOY_HOOK_JS}
undeployHookType: js
_customDomains: ${env.domain}
- if (!${this.skipEnvs:false}):
cmd[cp]: |-
cd gitlab
docker-compose stop &>> /var/log/run.log
docker-compose rm -f &>> /var/log/run.log
docker network prune -f &>> /var/log/run.log
docker-compose up -d &>> /var/log/run.log
- cmd[runner]: |-
cp /srv/docker/gitlab-runner/certs/ca.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust extract
service docker restart
addons:
- id: update-addon
name: Update GitLab Server
description: Press "Update" button to initiate update procedure
buttons:
- caption: Update
action: update
loadingText: Updating...
confirmText: Do you want to update GitLab Server?
successText: GitLab Server has been successfully updated!
actions:
update:
- cmd[cp]: |-
cd gitlab && git pull origin master &>> /var/log/run.log
docker-compose up -d &>> /var/log/run.log
- cmd[runner]: |-
docker rm -f gitlab-runner
${globals.RUN_RUNNER}
- id: letsencrypt-ssl-addon
name: Let's Encrypt + Custom Domains
description: Press "Install" button to initiate installation procedure
globals:
HTTPS_PORT: 443
buttons:
- caption: Install
action: install-LE
loadingText: Installing...
confirmText: Do you want to install Let's Encrypt addon?
successText: Let's Encrypt addon has been successfully installed!
startPage: https://${env.domain}:${globals.HTTPS_PORT}
success: /text/success.md