Uitrol van GitLab CE Deze handleiding beschrijft hoe een GitLab Community Edition-instance in de PHX-referentie-implementatie te provisionen en configureren.
Projects:
Overzicht Met behulp van de
PHX-ontwikkelomgeving
worden de volgende stappen uitgevoerd:
Vagrant creëert een LXD-node met de naam pxd-gitlab. Met behulp van de Ansible-provider voert Vagrant twee plays uit in volgorde. De eerste play richt de node in:Bootstrapt OS-pakketten. Configureert OS-trust zodat C2-certificaten worden vertrouwd. Voegt toe aan het domein C2.ORG (geleverd door pxd-ad): Kerberos, DNS-records. Installeert GitLab, inclusief C2-certificaten. Creëert een PAT als voorbereiding op API-toegang in de volgende play. Herstart GitLab zodat de API beschikbaar wordt. De volgende play creëert GitLab-groepen en importeert verschillende projecten. Randvoorwaarden Uitrol Om de GitLab-node te starten en te provisionen, voer uit:
Dit commando duurt ongeveer 15 minuten om te voltooien.
Toon me Bringing machine 'pxd-gitlab' up with 'lxd' provider...
==> pxd-gitlab: Machine has not been created yet, starting...
==> pxd-gitlab: Importing LXC image...
==> pxd-gitlab: Mounting shared folders...
pxd-gitlab: /vagrant => /home/onknows/git/gitlab/c2/ansible-phx
pxd-gitlab: /home/vagrant/.marker => /home/onknows/.marker
pxd-gitlab: /home/vagrant/.local/share/marker => /home/onknows/.local/share/marker
pxd-gitlab: /root/.marker => /home/onknows/.marker
pxd-gitlab: /root/.local/share/marker => /home/onknows/.local/share/marker
pxd-gitlab: /home/vagrant/scripts => /home/onknows/git/c2/c2/user-scripts
pxd-gitlab: /ansible-dev-collections => /home/onknows/git/gitlab/c2/ansible-dev-collections
==> pxd-gitlab: Waiting for machine to boot. This may take a few minutes...
pxd-gitlab: SSH address: 10.190.101.182:22
pxd-gitlab: SSH username: vagrant
pxd-gitlab: SSH auth method: private key
==> pxd-gitlab: Machine booted and ready!
==> pxd-gitlab: Setting hostname...
==> pxd-gitlab: Running provisioner: shell...
pxd-gitlab: Running: inline script
==> pxd-gitlab: Running provisioner: ansible...
pxd-gitlab: Running ansible-playbook...
ini_path: /home/onknows/git/gitlab/c2/ansible-phx/hosts.ini
PLAY [GitLab] ******************************************************************
TASK [Gathering Facts] *********************************************************
ok: [pxd-gitlab]
TASK [Include Linux roles] *****************************************************
included: server_update for pxd-gitlab => (item=server_update)
included: bootstrap for pxd-gitlab => (item=bootstrap)
included: apt_repo for pxd-gitlab => (item=apt_repo)
included: os_trusts for pxd-gitlab => (item=os_trusts)
included: secrets for pxd-gitlab => (item=secrets)
included: mount for pxd-gitlab => (item=mount)
included: radix_guardian for pxd-gitlab => (item=radix_guardian)
TASK [c2platform.core.server_update : include_tasks] ***************************
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/server_update/tasks/update_cache.yml for pxd-gitlab
TASK [c2platform.core.server_update : Apt update cache] ************************
changed: [pxd-gitlab]
TASK [c2platform.core.server_update : include_tasks] ***************************
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/server_update/tasks/update.yml for pxd-gitlab
TASK [c2platform.core.server_update : include_tasks] ***************************
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/server_update/tasks/debian.yml for pxd-gitlab
TASK [c2platform.core.server_update : Upgrade all packages] ********************
changed: [pxd-gitlab]
TASK [c2platform.core.server_update : Check reboot] ****************************
ok: [pxd-gitlab]
TASK [c2platform.core.server_update : Fact server_update_reboot] ***************
ok: [pxd-gitlab]
TASK [c2platform.core.bootstrap : Include package tasks] ***********************
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/bootstrap/tasks/os.yml for pxd-gitlab => (item=['nano' , 'wget' , 'tree' , 'unzip' , 'zip' , 'jq' , 'build-essential' , 'python3-dev' , 'python3-wheel' , 'libsasl2-dev' , 'libldap2-dev' , 'libssl-dev' , 'git' , 'git-lfs' , 'nfs-common' , 'net-tools' , 'telnet' , 'curl' , 'dnsutils' , 'python3' ])
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/bootstrap/tasks/os.yml for pxd-gitlab => (item=python3-pip)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/bootstrap/tasks/os.yml for pxd-gitlab => (item=['realmd' , 'sssd' , 'sssd-ad' , 'sssd-krb5' , 'krb5-user' , 'adcli' , 'policykit-1' , 'packagekit' , 'sssd-tools' , 'libnss-sss' , 'libpam-sss' , 'bind9-utils' , 'samba-common-bin' ])
TASK [c2platform.core.bootstrap : OS package] **********************************
changed: [pxd-gitlab] => (item=['nano' , 'wget' , 'tree' , 'unzip' , 'zip' , 'jq' , 'build-essential' , 'python3-dev' , 'python3-wheel' , 'libsasl2-dev' , 'libldap2-dev' , 'libssl-dev' , 'git' , 'git-lfs' , 'nfs-common' , 'net-tools' , 'telnet' , 'curl' , 'dnsutils' , 'python3' ])
TASK [c2platform.core.bootstrap : OS package] **********************************
ok: [pxd-gitlab] => (item=python3-pip)
TASK [c2platform.core.bootstrap : OS package] **********************************
changed: [pxd-gitlab] => (item=['realmd' , 'sssd' , 'sssd-ad' , 'sssd-krb5' , 'krb5-user' , 'adcli' , 'policykit-1' , 'packagekit' , 'sssd-tools' , 'libnss-sss' , 'libpam-sss' , 'bind9-utils' , 'samba-common-bin' ])
TASK [c2platform.core.os_trusts : CA distribute ( Debian )] ********************
changed: [pxd-gitlab] => (item=https://letsencrypt.org/certs/isrgrootx1.pem)
changed: [pxd-gitlab] => (item=file:///vagrant/.ca/c2/c2.crt)
TASK [c2platform.core.os_trusts : Execute update-ca-certificates ( Debian )] ***
changed: [pxd-gitlab] => (item=https://letsencrypt.org/certs/isrgrootx1.pem)
changed: [pxd-gitlab] => (item=file:///vagrant/.ca/c2/c2.crt)
TASK [c2platform.core.secrets : Stat secret dir] *******************************
ok: [pxd-gitlab -> localhost] => (item=/home/onknows/git/gitlab/c2/ansible-phx/secret_vars/development)
ok: [pxd-gitlab -> localhost] => (item=/runner/project/secret_vars/development)
TASK [c2platform.core.secrets : Include secrets] *******************************
ok: [pxd-gitlab] => (item=None)
TASK [c2platform.core.radix_guardian : Copy Python script] *********************
changed: [pxd-gitlab]
TASK [c2platform.core.radix_guardian : Configure systemd service] **************
changed: [pxd-gitlab]
TASK [c2platform.core.radix_guardian : Start and enable service] ***************
changed: [pxd-gitlab]
TASK [c2platform.core.linux : Include linux_resources] *************************
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/fail.yml for pxd-gitlab => (item=0_bootstrap Environment pxd-gitlab → development)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/copy.yml for pxd-gitlab => (item=kerberos /etc/hosts)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/file.yml for pxd-gitlab => (item=kerberos /etc/systemd/resolved.conf.d)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/copy.yml for pxd-gitlab => (item=kerberos Configure systemd/resolved via resolved.conf.d drop-in)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/lineinfile.yml for pxd-gitlab => (item=kerberos pam_mkhomedir → /etc/pam.d/common-session)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/copy.yml for pxd-gitlab => (item=kerberos /usr/local/bin/update_dns_record.sh)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/copy.yml for pxd-gitlab => (item=kerberos Enable GSSAPI via sshd_config.d drop-in)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/service.yml for pxd-gitlab => (item=kerberos sssd)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/shell.yml for pxd-gitlab => (item=kerberos Join AD domain)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/copy.yml for pxd-gitlab => (item=kerberos /etc/sssd/sssd.conf)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/copy.yml for pxd-gitlab => (item=kerberos /etc/sudoers.d/c2)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/copy.yml for pxd-gitlab => (item=kerberos /etc/krb5.conf)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/lineinfile.yml for pxd-gitlab => (item=marker Marker)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/copy.yml for pxd-gitlab => (item=ssh_client Configure SSH client via ssh_config.d drop-in)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/file.yml for pxd-gitlab => (item=ubuntu_dev /usr/bin/python)
TASK [c2platform.core.linux : Copy files to remote locations] ******************
changed: [pxd-gitlab] => (item=/etc/hosts)
TASK [c2platform.core.linux : Manage files and file properties] ****************
changed: [pxd-gitlab] => (item=/etc/systemd/resolved.conf.d → directory)
TASK [c2platform.core.linux : Copy files to remote locations] ******************
changed: [pxd-gitlab] => (item=/etc/systemd/resolved.conf.d/phx_resolved.conf)
TASK [c2platform.core.linux : Manage lines in text files] **********************
changed: [pxd-gitlab] => (item=/etc/pam.d/common-session)
TASK [c2platform.core.linux : Copy files to remote locations] ******************
changed: [pxd-gitlab] => (item=/usr/local/bin/update_dns_record.sh)
TASK [c2platform.core.linux : Copy files to remote locations] ******************
changed: [pxd-gitlab] => (item=/etc/ssh/sshd_config.d/gssapi.conf)
TASK [c2platform.core.linux : Manage system services] **************************
changed: [pxd-gitlab] => (item=sssd → started)
TASK [c2platform.core.linux : Execute shell commands] **************************
changed: [pxd-gitlab] => (item=realm join --user=tony C2.ORG)
TASK [c2platform.core.linux : Copy files to remote locations] ******************
changed: [pxd-gitlab] => (item=/etc/sssd/sssd.conf)
TASK [c2platform.core.linux : Copy files to remote locations] ******************
changed: [pxd-gitlab] => (item=/etc/sudoers.d/c2)
TASK [c2platform.core.linux : Copy files to remote locations] ******************
changed: [pxd-gitlab] => (item=/etc/krb5.conf)
TASK [c2platform.core.linux : Manage lines in text files] **********************
changed: [pxd-gitlab] => (item=/home/vagrant/.bashrc)
changed: [pxd-gitlab] => (item=/root/.bashrc)
TASK [c2platform.core.linux : Copy files to remote locations] ******************
changed: [pxd-gitlab] => (item=/etc/ssh/ssh_config.d/phx_ssh_client.conf)
TASK [c2platform.core.linux : Manage files and file properties] ****************
changed: [pxd-gitlab] => (item=/usr/bin/python → link)
TASK [c2platform.wincore.win : Include win_resources] **************************
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/wincore/roles/win/tasks/win_dns_zone.yml for pxd-gitlab => (item= 60.168.192.in-addr.arpa)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/wincore/roles/win/tasks/win_dns_record.yml for pxd-gitlab => (item= 12)
TASK [c2platform.wincore.win : Manage Windows Server DNS Zones] ****************
ok: [pxd-gitlab -> pxd-ad(192.168.61.11)] => (item=60.168.192.in-addr.arpa → present)
TASK [c2platform.wincore.win : Manage Windows Server DNS records] **************
ok: [pxd-gitlab -> pxd-ad(192.168.61.11)] => (item=12 → present)
TASK [c2platform.core.linux : Include linux_resources] *************************
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/package.yml for pxd-gitlab => (item=0_gitlab_dependencies ['openssh-server' , 'postfix' , 'curl' , 'openssl' , 'tzdata' ])
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/package.yml for pxd-gitlab => (item=0_gitlab_dependencies_debian gnupg2)
TASK [c2platform.core.linux : Manage packages] *********************************
changed: [pxd-gitlab] => (item=['openssh-server' , 'postfix' , 'curl' , 'openssl' , 'tzdata' ] → present)
TASK [c2platform.core.linux : Manage packages] *********************************
changed: [pxd-gitlab] => (item=gnupg2 → present)
TASK [c2platform.mgmt.gitlab : Check if GitLab repository was added] ***********
ok: [pxd-gitlab]
TASK [c2platform.mgmt.gitlab : Download GitLab repository installation script] ***
changed: [pxd-gitlab]
TASK [c2platform.mgmt.gitlab : Install GitLab repository] **********************
changed: [pxd-gitlab]
TASK [c2platform.mgmt.gitlab : Log GitLab repository scripts result] ***********
changed: [pxd-gitlab] => (item=/tmp/gitlab_install_repository.sh.log)
TASK [c2platform.mgmt.gitlab : Apt update] *************************************
ok: [pxd-gitlab]
TASK [c2platform.mgmt.gitlab : Install GitLab] *********************************
changed: [pxd-gitlab]
TASK [c2platform.mgmt.gitlab : Manage Dpkg selections] *************************
changed: [pxd-gitlab]
TASK [c2platform.mgmt.gitlab : Create a PAT for automation with API access] ****
changed: [pxd-gitlab] => (item=ansible → present)
TASK [c2platform.mgmt.gitlab : Calculate hash of gitlab_import_sources] ********
ok: [pxd-gitlab]
TASK [c2platform.mgmt.gitlab : Check if import sources hash file exists] *******
ok: [pxd-gitlab]
TASK [c2platform.mgmt.gitlab : Update GitLab import sources via gitlab-rails runner] ***
changed: [pxd-gitlab]
TASK [c2platform.mgmt.gitlab : Store import sources hash] **********************
changed: [pxd-gitlab]
TASK [c2platform.core.linux : Include linux_resources] *************************
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/file.yml for pxd-gitlab => (item=0_certificates /etc/gitlab/ssl)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/command.yml for pxd-gitlab => (item=0_certificates Create self-signed certificate)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/copy.yml for pxd-gitlab => (item=0_config /etc/gitlab/gitlab.rb)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/git.yml for pxd-gitlab => (item=0_server_config Checkout PlantUML repo)
TASK [c2platform.core.linux : Manage files and file properties] ****************
changed: [pxd-gitlab] => (item=/etc/gitlab/ssl → directory)
TASK [c2platform.core.linux : Execute a command on a remote host] **************
changed: [pxd-gitlab] => (item=openssl req -new -nodes -x509 -subj "/C=NL/ST=South Holland/L=The Hague/O=C2 Platform/CN=C2 Platform GitLab Server" -days 3650 -keyout /etc/gitlab/ssl/gitlab.c2platform.org.key -out /etc/gitlab/ssl/gitlab.c2platform.org.crt -extensions v3_ca -addext "subjectAltName=DNS:gitlab.c2platform.org,DNS:*.gitlab.c2platform.org"
)
TASK [c2platform.core.linux : Copy files to remote locations] ******************
changed: [pxd-gitlab] => (item=/etc/gitlab/gitlab.rb)
TASK [c2platform.core.linux : Manage git repositories] *************************
changed: [pxd-gitlab] => (item=https://gitlab.com/c2platform/c2/plantuml.git → /tmp/plantuml → present
)
TASK [c2platform.core.java : Set additional java facts] ************************
ok: [pxd-gitlab]
TASK [c2platform.core.java : Install Java] *************************************
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/java/tasks/install.yml for pxd-gitlab => (item=jdk11_0411_oj9)
TASK [c2platform.core.java : Check Java / JDK installed at /usr/lib/jvm/jdk11_0411_oj9] ***
ok: [pxd-gitlab]
TASK [c2platform.core.java : Download] *****************************************
changed: [pxd-gitlab]
TASK [c2platform.core.java : Create java_home] *********************************
changed: [pxd-gitlab]
TASK [c2platform.core.java : Unarchive] ****************************************
changed: [pxd-gitlab]
TASK [c2platform.core.java : Chmod java_home] **********************************
changed: [pxd-gitlab]
TASK [c2platform.core.cacerts2 : Set fact cacerts2_certificates] ***************
ok: [pxd-gitlab]
TASK [c2platform.core.cacerts2 : cacerts2_certificates] ************************
ok: [pxd-gitlab]
TASK [c2platform.core.cacerts2 : Set various certificate facts] ****************
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)]
TASK [c2platform.core.cacerts2 : Set fact cacerts2_certificates] ***************
ok: [pxd-gitlab]
TASK [c2platform.core.cacerts2 : include_tasks] ********************************
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/cacerts2/tasks/certs/cert.yml for pxd-gitlab => (item=gitlab-server)
TASK [c2platform.core.cacerts2 : Stat key] *************************************
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)]
TASK [c2platform.core.cacerts2 : Stat crt] *************************************
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)]
TASK [c2platform.core.cacerts2 : Stat dir] *************************************
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)]
TASK [c2platform.core.cacerts2 : Generate an OpenSSL private key] **************
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)]
TASK [c2platform.core.cacerts2 : Generate an OpenSSL Certificate Signing Request] ***
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)]
TASK [c2platform.core.cacerts2 : Generate an OpenSSL certificate] **************
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)]
TASK [c2platform.core.cacerts2 : Generate pkcs12 file] *************************
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)]
TASK [c2platform.core.cacerts2 : Create PEM file] ******************************
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)]
TASK [c2platform.core.cacerts2 : include_tasks] ********************************
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/cacerts2/tasks/certs/cert_deploy.yml for pxd-gitlab => (item=gitlab-server)
TASK [c2platform.core.cacerts2 : Copy to control node ( fetch )] ***************
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)] => (item=/vagrant/.ca/c2/gitlab/gitlab-server-pxd-gitlab.key → /tmp/)
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)] => (item=/vagrant/.ca/c2/gitlab/gitlab-server-pxd-gitlab.crt → /tmp/)
TASK [c2platform.core.cacerts2 : Stat parent dir] ******************************
ok: [pxd-gitlab] => (item=key)
ok: [pxd-gitlab] => (item=crt)
TASK [c2platform.core.cacerts2 : Deploy files] *********************************
changed: [pxd-gitlab] => (item=/tmp/gitlab-server-pxd-gitlab.key → /etc/gitlab/ssl/gitlab.c2platform.org.key)
changed: [pxd-gitlab] => (item=/tmp/gitlab-server-pxd-gitlab.crt → /etc/gitlab/ssl/gitlab.c2platform.org.crt)
RUNNING HANDLER [c2platform.mgmt.gitlab : Reconfigure gitlab] ******************
changed: [pxd-gitlab]
RUNNING HANDLER [c2platform.mgmt.gitlab : Restart gitlab] **********************
changed: [pxd-gitlab]
RUNNING HANDLER [c2platform.core.linux : Restart systemd-resolved] *************
changed: [pxd-gitlab]
RUNNING HANDLER [c2platform.core.linux : Restart sssd] *************************
changed: [pxd-gitlab]
RUNNING HANDLER [c2platform.core.linux : Restart ssh] **************************
changed: [pxd-gitlab]
RUNNING HANDLER [c2platform.core.radix_guardian : Restart radix_guardian] ******
changed: [pxd-gitlab]
PLAY RECAP *********************************************************************
pxd-gitlab : ok=115 changed=48 unreachable=0 failed=0 skipped=55 rescued=0 ignored=0
==> pxd-gitlab: Running provisioner: ansible...
pxd-gitlab: Running ansible-playbook...
ini_path: /home/onknows/git/gitlab/c2/ansible-phx/hosts.ini
PLAY [GitLab] ******************************************************************
TASK [Gathering Facts] *********************************************************
ok: [pxd-gitlab]
TASK [c2platform.core.secrets : Stat secret dir] *******************************
ok: [pxd-gitlab -> localhost] => (item=/home/onknows/git/gitlab/c2/ansible-phx/secret_vars/development)
ok: [pxd-gitlab -> localhost] => (item=/runner/project/secret_vars/development)
TASK [c2platform.core.secrets : Include secrets] *******************************
ok: [pxd-gitlab] => (item=None)
TASK [c2platform.core.linux : Include linux_resources] *************************
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/package.yml for pxd-gitlab => (item=0_gitlab_dependencies ['openssh-server' , 'postfix' , 'curl' , 'openssl' , 'tzdata' ])
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/package.yml for pxd-gitlab => (item=0_gitlab_dependencies_debian gnupg2)
TASK [c2platform.core.linux : Manage packages] *********************************
ok: [pxd-gitlab] => (item=['openssh-server' , 'postfix' , 'curl' , 'openssl' , 'tzdata' ] → present)
TASK [c2platform.core.linux : Manage packages] *********************************
ok: [pxd-gitlab] => (item=gnupg2 → present)
TASK [c2platform.mgmt.gitlab : Check if GitLab repository was added] ***********
ok: [pxd-gitlab]
TASK [c2platform.mgmt.gitlab : Apt update] *************************************
ok: [pxd-gitlab]
TASK [c2platform.mgmt.gitlab : Install GitLab] *********************************
ok: [pxd-gitlab]
TASK [c2platform.mgmt.gitlab : Manage Dpkg selections] *************************
ok: [pxd-gitlab]
TASK [c2platform.mgmt.gitlab : Create a PAT for automation with API access] ****
ok: [pxd-gitlab] => (item=ansible → present)
TASK [c2platform.mgmt.gitlab : Calculate hash of gitlab_import_sources] ********
ok: [pxd-gitlab]
TASK [c2platform.mgmt.gitlab : Check if import sources hash file exists] *******
ok: [pxd-gitlab]
TASK [c2platform.mgmt.gitlab : Read existing import sources hash] **************
ok: [pxd-gitlab]
TASK [c2platform.mgmt.gitlab : Set existing hash fact] *************************
ok: [pxd-gitlab]
TASK [c2platform.mgmt.gitlab : Import sources configuration unchanged] *********
ok: [pxd-gitlab] =>
msg: 'GitLab import sources configuration is up to date (hash: dbc95cb0c1b64df9c959f5609dc86db7fe503e4c615f51251e2cd46432e5aa9d)'
TASK [c2platform.core.linux : Include linux_resources] *************************
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/file.yml for pxd-gitlab => (item=0_certificates /etc/gitlab/ssl)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/command.yml for pxd-gitlab => (item=0_certificates Create self-signed certificate)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/copy.yml for pxd-gitlab => (item=0_config /etc/gitlab/gitlab.rb)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/git.yml for pxd-gitlab => (item=0_server_config Checkout PlantUML repo)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/pip.yml for pxd-gitlab => (item=1_api_config python-gitlab)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/gitlab_group.yml for pxd-gitlab => (item=1_api_config C2 Platform Groups)
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/linux/tasks/gitlab_project.yml for pxd-gitlab => (item=1_api_config C2 Platform Projects)
TASK [c2platform.core.linux : Manage files and file properties] ****************
ok: [pxd-gitlab] => (item=/etc/gitlab/ssl → directory)
TASK [c2platform.core.linux : Execute a command on a remote host] **************
ok: [pxd-gitlab] => (item=openssl req -new -nodes -x509 -subj "/C=NL/ST=South Holland/L=The Hague/O=C2 Platform/CN=C2 Platform GitLab Server" -days 3650 -keyout /etc/gitlab/ssl/gitlab.c2platform.org.key -out /etc/gitlab/ssl/gitlab.c2platform.org.crt -extensions v3_ca -addext "subjectAltName=DNS:gitlab.c2platform.org,DNS:*.gitlab.c2platform.org"
)
TASK [c2platform.core.linux : Copy files to remote locations] ******************
ok: [pxd-gitlab] => (item=/etc/gitlab/gitlab.rb)
TASK [c2platform.core.linux : Manage git repositories] *************************
ok: [pxd-gitlab] => (item=https://gitlab.com/c2platform/c2/plantuml.git → /tmp/plantuml → present
)
TASK [c2platform.core.linux : Manage Python packages] **************************
changed: [pxd-gitlab] => (item=python-gitlab → present)
TASK [c2platform.core.linux : Creates/updates/deletes GitLab Groups] ***********
changed: [pxd-gitlab] => (item=C2 Platform → present)
changed: [pxd-gitlab] => (item=C2 Platform → present)
changed: [pxd-gitlab] => (item=Examples → present)
changed: [pxd-gitlab] => (item=Docker → present)
changed: [pxd-gitlab] => (item=PHX Project → present)
changed: [pxd-gitlab] => (item=Examples → present)
TASK [c2platform.core.linux : Creates/updates/deletes GitLab Projects] *********
changed: [pxd-gitlab] => (item=Ansible Inventory → present)
changed: [pxd-gitlab] => (item=Git LFS and GitLab Pages → present)
changed: [pxd-gitlab] => (item=GitLab Runner → present)
changed: [pxd-gitlab] => (item=Ansible Inventory PHX Project → present)
changed: [pxd-gitlab] => (item=GitLab Runners → present)
TASK [c2platform.core.java : Set additional java facts] ************************
ok: [pxd-gitlab]
TASK [c2platform.core.java : Install Java] *************************************
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/java/tasks/install.yml for pxd-gitlab => (item=jdk11_0411_oj9)
TASK [c2platform.core.java : Check Java / JDK installed at /usr/lib/jvm/jdk11_0411_oj9] ***
ok: [pxd-gitlab]
TASK [c2platform.core.cacerts2 : Set fact cacerts2_certificates] ***************
ok: [pxd-gitlab]
TASK [c2platform.core.cacerts2 : cacerts2_certificates] ************************
ok: [pxd-gitlab]
TASK [c2platform.core.cacerts2 : Set various certificate facts] ****************
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)]
TASK [c2platform.core.cacerts2 : Set fact cacerts2_certificates] ***************
ok: [pxd-gitlab]
TASK [c2platform.core.cacerts2 : include_tasks] ********************************
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/cacerts2/tasks/certs/cert.yml for pxd-gitlab => (item=gitlab-server)
TASK [c2platform.core.cacerts2 : Stat key] *************************************
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)]
TASK [c2platform.core.cacerts2 : Stat crt] *************************************
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)]
TASK [c2platform.core.cacerts2 : Stat dir] *************************************
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)]
TASK [c2platform.core.cacerts2 : Generate an OpenSSL private key] **************
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)]
TASK [c2platform.core.cacerts2 : Generate an OpenSSL Certificate Signing Request] ***
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)]
TASK [c2platform.core.cacerts2 : Generate an OpenSSL certificate] **************
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)]
TASK [c2platform.core.cacerts2 : Generate pkcs12 file] *************************
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)]
TASK [c2platform.core.cacerts2 : Create PEM file] ******************************
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)]
TASK [c2platform.core.cacerts2 : include_tasks] ********************************
included: /home/onknows/git/gitlab/c2/ansible-dev-collections/ansible_collections/c2platform/core/roles/cacerts2/tasks/certs/cert_deploy.yml for pxd-gitlab => (item=gitlab-server)
TASK [c2platform.core.cacerts2 : Copy to control node ( fetch )] ***************
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)] => (item=/vagrant/.ca/c2/gitlab/gitlab-server-pxd-gitlab.key → /tmp/)
ok: [pxd-gitlab -> pxd-rproxy1(192.168.60.10)] => (item=/vagrant/.ca/c2/gitlab/gitlab-server-pxd-gitlab.crt → /tmp/)
TASK [c2platform.core.cacerts2 : Stat parent dir] ******************************
ok: [pxd-gitlab] => (item=key)
ok: [pxd-gitlab] => (item=crt)
TASK [c2platform.core.cacerts2 : Deploy files] *********************************
ok: [pxd-gitlab] => (item=/tmp/gitlab-server-pxd-gitlab.key → /etc/gitlab/ssl/gitlab.c2platform.org.key)
ok: [pxd-gitlab] => (item=/tmp/gitlab-server-pxd-gitlab.crt → /etc/gitlab/ssl/gitlab.c2platform.org.crt)
PLAY RECAP *********************************************************************
pxd-gitlab : ok=51 changed=3 unreachable=0 failed=0 skipped=37 rescued=0 ignored=0
Verificatie Inloggen Ga vervolgens naar
https://gitlab.c2platform.org , log in als root met het wachtwoord supersecret.
Personal access token (PAT) Navigeer naar
Preferences → Personal access tokens .
Dit toont een token met de naam ansible. Dit token wordt gebruikt om via de API te configureren.
GitLab-groepen en -projecten Ga vervolgens naar
Groups → C2 Platform . Dit toont verschillende groepen en projecten die zijn gecreëerd met behulp van de API.
Review Vagrant Box De Ansible-configuratie voor GitLab bestaat uit twee plays: een voor het inrichten van
GitLab en een andere voor het configureren ervan. Deze zijn gedefinieerd in afzonderlijke
playbooks . Logisch gezien zijn ze gescheiden omdat in realistische scenario’s
deze taken vaak worden uitgevoerd door verschillende teams
Box-definitie in Vagrantfile.yml:
Vagrantfile.yml
243 - name : gitlab
244 short_description : Gitlab CE
245 description : Gitlab CE
246 box : ubuntu24-lxd
247 ip-address : 192.168.60.12
248 plays :
249 - mgmt/gitlab
250 - mgmt/gitlab_config
251 labels :
252 - gitlab
Play voor het creëren van de instance Deze eerste playbook installeert en richt de GitLab-instance in op de host.
plays/mgmt/gitlab.yml
---
name : GitLab
hosts : gitlab
become : true
roles :
- { role : c2platform.core.linux }
- { role : c2platform.wincore.win }
- { role : c2platform.mgmt.gitlab }
Merk op dat de play de Windows-role bevat, wat interessant is omdat de
GitLab-node pxd-gitlab een Linux-node is. De reden hiervoor is dat de
Windows-role wordt gebruikt om een taak te delegeren aan pxd-ad om een PTR-record te creëren,
wat vereist is voor de node om succesvol toe te treden tot het AD-domein C2.ORG en
ervoor te zorgen dat Kerberos correct werkt.
Merk op dat dit niet specifiek is voor de GitLab-node; het geldt voor alle Ubuntu-nodes.
Als gevolg hiervan maakt de relevante configuratie deel uit van de Ansible-groep ubuntu en
kan worden gevonden in group_vars/ubuntu/ptr.yml:
group_vars/ubuntu/ptr.yml
---
win_roles : []
win_resources :
- name : "{{ '.'.join(ansible_eth1.ipv4.address.split('.')[-2::-1]) }}.in-addr.arpa"
module : win_dns_zone
type : Primary
replication : Domain
state : present
delegate_to : pxd-ad
- name : "{{ ansible_eth1.ipv4.address.split('.')[-1] }}"
module : win_dns_record
type : "PTR"
zone : "{{ '.'.join(ansible_eth1.ipv4.address.split('.')[-2::-1]) }}.in-addr.arpa"
value : "{{ inventory_hostname }}.{{ px_ad_domain_name }}"
state : present
delegate_to : pxd-ad
Deze tweede playbook behandelt de configuratie na de installatie, zoals het creëren van
groepen en het importeren van projecten via de GitLab-API.
plays/mgmt/gitlab_config.yml
---
name : GitLab
hosts : gitlab
become : true
roles :
- { role : c2platform.core.secrets }
- { role : c2platform.mgmt.gitlab }
vars :
gitlab_resource_groups_disabled : []
Personal Access Token (PAT) Voor het configureren van de GitLab-instance wordt de variabele gitlab_pats
in de GitLab-role (c2platform.mgmt.gitlab) gebruikt om een Personal
Access Token (PAT) te creëren:
group_vars/gitlab/main.yml
6 gitlab_pats :
7 - name : ansible
8 username : root
9 token : "{{ px_gitlab_root_pat }}" # vault → supersecrettoken
10 scopes : [ read_service_ping, read_user, read_repository, read_api, self_rotate, write_repository, api, ai_features, create_runner, manage_runner, k8s_proxy, admin_mode, sudo]
11 expires_days : 365
12 state : present
Import- en exportinstellingen Standaard staat een GitLab-instance het importeren van Git-projecten van
GitLab.com niet toe. Voor dit doel wordt de variabele gitlab_import_sources gebruikt om
importbronnen te configureren:
group_vars/gitlab/main.yml
13 gitlab_import_sources :
14 - github
15 - gitlab_project
16 - git
https://gitlab.c2platform.org/admin/application_settings/general#js-import-export-settingsGitLab-projecten en -groepen De configuratie in group_vars/gitlab/projects.yml toont hoe de variabele
gitlab_resources wordt gebruikt om GitLab-groepen te creëren en projecten te importeren:
group_vars/gitlab/projects.yml
---
gitlab_resources :
1_api_config : # → gitlab_resource_groups_disabled
- name : python-gitlab
module : pip
extra_args : --break-system-packages
- name : C2 Platform Groups
module : gitlab_group
defaults :
api_url : "https://{{ gitlab_domain }}"
api_token : "{{ px_gitlab_root_pat }}"
visibility : public
default_branch : master
avatar_path : /tmp/plantuml/icons/png/c2.png
environment :
REQUESTS_CA_BUNDLE : "{{ px_linux_cert_dir }}/c2.crt.crt"
resources :
- name : C2 Platform
path : c2platform
description : C2 Platform projects for the C2 Platform
- name : C2 Platform
path : c2
parent : c2platform
description : >-
Example / template / reference projects that showcase the power and
versatility of Ansible, GitOps, and Kubernetes. These projects are
part of the esteemed GitLab Open Source Program, and they make full
use of GitLab.
- name : Examples
path : examples
parent : c2platform/c2
- name : Docker
path : docker2
parent : c2platform/c2
avatar_path : /tmp/plantuml/icons/png/docker_min50.png
- name : PHX Project
path : phx
parent : c2platform
description : PHX projects for the PHX Platform
- name : Examples
path : examples
parent : c2platform/phx
- name : C2 Platform Projects
module : gitlab_project
defaults :
api_url : "https://{{ gitlab_domain }}"
api_token : "{{ px_gitlab_root_pat }}"
visibility : public
# default_branch: master
environment :
REQUESTS_CA_BUNDLE : "{{ px_linux_cert_dir }}/c2.crt.crt"
resources :
- name : Ansible Inventory
group : c2platform/c2
path : ansible-inventory
avatar_path : /tmp/plantuml/icons/png/vagrant_ansible.png
import_url : https://gitlab.com/c2platform/c2/ansible-inventory.git
- name : Git LFS and GitLab Pages
group : c2platform/c2/examples
path : git-lfs-and-gitlab-pages
lfs_enabled : true
avatar_path : /tmp/plantuml/icons/png/gitlab.png
import_url : https://gitlab.com/c2platform/phx/examples/git-lfs-and-gitlab-pages.git
- name : GitLab Runner
group : c2platform/c2/docker2
path : gitlab-runner
avatar_path : /tmp/plantuml/icons/png/gitlab.png
import_url : https://gitlab.com/c2platform/c2/docker2/gitlab-runner.git
- name : Ansible Inventory PHX Project
group : c2platform/phx
path : ansible
avatar_path : /tmp/plantuml/icons/png/vagrant_ansible.png
import_url : https://gitlab.com/c2platform/phx/ansible.git
- name : GitLab Runners
group : c2platform/phx/examples
path : gitlab-runners
avatar_path : /tmp/plantuml/icons/png/gitlab.png
import_url : https://gitlab.com/c2platform/phx/examples/gitlab-runners.git
gitlab_resource_groups_disabled : [ '1_api_config' ]
Documentatie van SSSD-servicefout op Ubuntu-nodes na succesvolle domeinkoppeling, inclusief fouten zoals “krb5_kt_start_seq_get failed: Key table file ‘/etc/krb5.keytab’ not found” en oplossing met PackageKit.
