3、gitlab部署(部署成功)
gitlab部署
此文档依赖于基础环境配置文档, 运行K8s集群并配置NFS存储。
代码库地址: https://jihulab.com/devopsvvip/myiac/-/tree/main/devops/gitlab
Docker镜像:
- docker pull gitlab/gitlab-ce:16.2.2-ce.0
主机hosts文件更新: 192.168.1.200 gitlab.idevops.site
Step1 NFS目录
mkdir -p /data/storage/kubernetes/gitlab/{config,logs,data}
chmod 777 -R /data/storage/kubernetes/gitlab/
[root@devops-nuc-service devops]# ls -l /data/storage/kubernetes/gitlab/
总用量 0
drwxrwxr-x 3 root root 268 8月 3 20:08 config
drwxr-xr-x 13 root root 237 8月 3 20:09 data
drwxr-xr-x 10 root root 139 8月 3 20:09 logs
Step2 部署GitLab
已经编写好了一套K8s 清单文件和一个声明式的Argo APP。【具体参考代码库】
docker pull uhub.service.ucloud.cn/onedayxyy/gitlab-ce:16.2.2-ce.0
docker tag uhub.service.ucloud.cn/onedayxyy/gitlab-ce:16.2.2-ce.0 gitlab/gitlab-ce:16.2.2-ce.0
## LoadDockerImage
kind load docker-image gitlab/gitlab-ce:16.2.2-ce.0 --name devopscluster
#cd /root/myiac-gitee/devops/gitlab
kubectl -n argocd apply -f gitlab-argoapp.yaml
- 部署成功后:
- 查看pod日志
Step3 GitLab初始化配置
- 从
initial_root_password
文件中获取初始密码:
cd /data/storage/kubernetes/gitlab/config
[root@devops-nuc-service config]# pwd
/data/storage/kubernetes/gitlab/config
[root@devops-nuc-service config]# ls -l
总用量 192
-rwxrwxrwx 1 root root 146358 8月 3 20:08 gitlab.rb
-rwxrwxrwx 1 root root 19404 8月 3 20:16 gitlab-secrets.json
-rwxrwxrwx 1 root root 749 8月 3 20:08 initial_root_password
-rwxrwxrwx 1 root root 525 8月 3 20:08 ssh_host_ecdsa_key
-rwxrwxrwx 1 root root 190 8月 3 20:08 ssh_host_ecdsa_key.pub
-rwxrwxrwx 1 root root 419 8月 3 20:08 ssh_host_ed25519_key
-rwxrwxrwx 1 root root 110 8月 3 20:08 ssh_host_ed25519_key.pub
-rwxrwxrwx 1 root root 2622 8月 3 20:08 ssh_host_rsa_key
-rwxrwxrwx 1 root root 582 8月 3 20:08 ssh_host_rsa_key.pub
drwxrwxrwx 2 root root 6 8月 3 20:08 trusted-certs
[root@devops-nuc-service config]# cat initial_root_password
# WARNING: This value is valid only in the following conditions
# 1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run).
# 2. Password hasn't been changed manually, either via UI or via command line.
#
# If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.
Password: iGru391uh1dE9LZ2eZFLdgwZPVLNQ4cKcPpGltdZwH8=
# NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.
- 登入GitLab: root/初始化密码 (nLU4eXA2YjRPjKZ)
Step4 修改密码
- 耐心等待一会儿:
单击头像, 选择Preferences。
单击左侧Password
- 完美,自己部署成功
一键部署代码
mkdir -p /data/storage/kubernetes/gitlab/{config,logs,data}
chmod 777 -R /data/storage/kubernetes/gitlab/
## LoadDockerImage
kind load docker-image gitlab/gitlab-ce:16.2.2-ce.0 --name devopscluster
#cd /root/myiac-gitee/devops/gitlab
kubectl -n argocd apply -f /root/myiac-gitee/devops/gitlab/gitlab-argoapp.yaml
FAQ
Q1 Unable to load host key: /etc/gitlab/ssh_host_ecdsa_
2023-08-03_12:37:56.33701 Unable to load host key: /etc/gitlab/ssh_host_ecdsa_key
2023-08-03_12:37:56.33713 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2023-08-03_12:37:56.33713 @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
2023-08-03_12:37:56.33713 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2023-08-03_12:37:56.33713 Permissions 0777 for '/etc/gitlab/ssh_host_ed25519_key' are too open.
2023-08-03_12:37:56.33713 It is required that your private key files are NOT accessible by others.
2023-08-03_12:37:56.33714 This private key will be ignored.
根据错误提示Permissions 0777 for '/etc/gitlab/ssh_host_ed25519_key' are too open.
判断为权限问题, 权限给的太大了,解决方法: chmod 600 ssh_host_*
[root@devops-nuc-service devops]# kubectl exec -it gitlab-655c6f48db-j9htc -n gitlab bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@gitlab-655c6f48db-j9htc:/# cd /etc/gitlab/
root@gitlab-655c6f48db-j9htc:/etc/gitlab# ls -l
total 192
-rw------- 1 root root 19404 Aug 3 12:27 gitlab-secrets.json
-rwxrwxrwx 1 root root 146358 Aug 3 12:08 gitlab.rb
-rwxrwxrwx 1 root root 749 Aug 3 12:08 initial_root_password
-rwxrwxrwx 1 root root 525 Aug 3 12:08 ssh_host_ecdsa_key
-rwxrwxrwx 1 root root 190 Aug 3 12:08 ssh_host_ecdsa_key.pub
-rwxrwxrwx 1 root root 419 Aug 3 12:08 ssh_host_ed25519_key
-rwxrwxrwx 1 root root 110 Aug 3 12:08 ssh_host_ed25519_key.pub
-rwxrwxrwx 1 root root 2622 Aug 3 12:08 ssh_host_rsa_key
-rwxrwxrwx 1 root root 582 Aug 3 12:08 ssh_host_rsa_key.pub
drwxr-xr-x 2 root root 6 Aug 3 12:08 trusted-certs
root@gitlab-655c6f48db-j9htc:/etc/gitlab# chmod 600 ssh_host_*
root@gitlab-655c6f48db-j9htc:/etc/gitlab# ls -l
total 192
-rw------- 1 root root 19404 Aug 3 12:27 gitlab-secrets.json
-rwxrwxrwx 1 root root 146358 Aug 3 12:08 gitlab.rb
-rwxrwxrwx 1 root root 749 Aug 3 12:08 initial_root_password
-rw------- 1 root root 525 Aug 3 12:08 ssh_host_ecdsa_key
-rw------- 1 root root 190 Aug 3 12:08 ssh_host_ecdsa_key.pub
-rw------- 1 root root 419 Aug 3 12:08 ssh_host_ed25519_key
-rw------- 1 root root 110 Aug 3 12:08 ssh_host_ed25519_key.pub
-rw------- 1 root root 2622 Aug 3 12:08 ssh_host_rsa_key
-rw------- 1 root root 582 Aug 3 12:08 ssh_host_rsa_key.pub
drwxr-xr-x 2 root root 6 Aug 3 12:08 trusted-certs
- 自己的环境后面也突然报这个错误了:
- 故障现象就是点击Gitlab后卡顿,无法操作:
- 按以上方法配置
[root@devops8 ~]#kubectl get po -ngitlab
NAME READY STATUS RESTARTS AGE
gitlab-655c6f48db-7vfzk 1/1 Running 0 45m
[root@devops8 ~]#kubectl exec -it gitlab-655c6f48db-7vfzk -ngitlab -- bash
root@gitlab-655c6f48db-7vfzk:/# cd /etc/gitlab/
root@gitlab-655c6f48db-7vfzk:/etc/gitlab# ls -l
total 188
-rw------- 1 root root 19408 Jun 21 21:53 gitlab-secrets.json
-rwxrwxrwx 1 root root 146358 Jun 18 14:47 gitlab.rb
-rwxrwxrwx 1 root root 525 Jun 18 14:47 ssh_host_ecdsa_key
-rwxrwxrwx 1 root root 190 Jun 18 14:47 ssh_host_ecdsa_key.pub
-rwxrwxrwx 1 root root 419 Jun 18 14:47 ssh_host_ed25519_key
-rwxrwxrwx 1 root root 110 Jun 18 14:47 ssh_host_ed25519_key.pub
-rwxrwxrwx 1 root root 2622 Jun 18 14:47 ssh_host_rsa_key
-rwxrwxrwx 1 root root 582 Jun 18 14:47 ssh_host_rsa_key.pub
drwxr-xr-x 2 root root 6 Jun 18 14:47 trusted-certs
root@gitlab-655c6f48db-7vfzk:/etc/gitlab# chmod 600 ssh_host_*
root@gitlab-655c6f48db-7vfzk:/etc/gitlab# ls -l
total 188
-rw------- 1 root root 19408 Jun 21 21:53 gitlab-secrets.json
-rwxrwxrwx 1 root root 146358 Jun 18 14:47 gitlab.rb
-rw------- 1 root root 525 Jun 18 14:47 ssh_host_ecdsa_key
-rw------- 1 root root 190 Jun 18 14:47 ssh_host_ecdsa_key.pub
-rw------- 1 root root 419 Jun 18 14:47 ssh_host_ed25519_key
-rw------- 1 root root 110 Jun 18 14:47 ssh_host_ed25519_key.pub
-rw------- 1 root root 2622 Jun 18 14:47 ssh_host_rsa_key
-rw------- 1 root root 582 Jun 18 14:47 ssh_host_rsa_key.pub
drwxr-xr-x 2 root root 6 Jun 18 14:47 trusted-certs
root@gitlab-655c6f48db-7vfzk:/etc/gitlab#
- 再次观察现象
可以看到,配置后不会再报了。