Gitlab, Gitlab-Runner (Docker)
By Bys on April 21, 2021
- Gitlab, Gitlab-Runner를 위한 OS계정 등록
groupadd cicdadm
useradd -g cicdadm -m cicdadm
- Install Docker
sudo yum install docker
# cicdadm계정으로 docker 사용
sudo usermod -aG docker cicdadm
- Install Docker-Compose
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version
- Install Gitlab
- Path
/gitlab/gitlab/docker-compose.yml
/gitlab/gitlab-runner
docker-compose.yml
version: '3.5'
services:
service:
image: "gitlab/gitlab-ee:13.10.3-ee.0"
restart: always
hostname: "10.20.11.239"
privileged: true
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://10.20.11.239'
ports:
- "11010:80"
# - "443:443"
# - "22:22"
volumes:
- 'config:/etc/gitlab'
- 'data:/var/opt/gitlab'
- 'logs:/var/log/gitlab'
# Using Docker Volume
volumes:
config:
logs:
data:
| Volumes | Container location | Usage |
|---|---|---|
| config | /etc/gitlab | GitLab 구성 파일 저장용 |
| data | /var/opt/gitlab | 애플리케이션 데이터 저장용 |
| logs | /var/log/gitlab | 로그 저장용 |
start_gitlab.sh
cd /gitlab/gitlab
docker-compose up -d
stop_gitlab.sh
cd /gitlab/gitlab
docker-compose down
여기 까지 설치 후 혹시나 패스워드를 모를 경우 아래와 같이 진행한다.
docker-compose로 서비스가 되었기 때문에 서비스에 진입을 해야 한다.
docker exec -it gitlab_svc_1 /bin/bash
cd /var/opt/gitlab
gitlab-rails console -e production
u = User.where(id: 1).first
# => #<User id:1 @root>
u.password = 'newpassword'
u.password_confirmation = 'newpassword'
u.save
exit
User는 root에 초기 설정된 패스워드로 진행한다.
- Install Gitlab-Runner
install_gitlab-runner.sh
curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh" | sudo bash
# Debian buster users should disable skel to prevent No such file or directory Job failures
export GITLAB_RUNNER_DISABLE_SKEL=true; sudo -E yum install gitlab-runner
gitlab-runner --version
sudo mkdir /gitlab/gitlab-runner/.gradle
sudo chown -R cicdadm:cicdadm /gitlab/gitlab-runner/.gradle
sudo gitlab-runner register --non-interactive \
--url "http://10.20.11.239:11010" \
--registration-token "sTygbanb-nN9LVzsmxZK" \
--executor "docker" \
--docker-image docker:stable \
--description "docker-runner" \
--tag-list "docker,aws" \
--run-untagged="true" \
--locked="false" \
--access-level="not_protected" \
--docker-volumes "/fsgitlab/gitlab/repository:/fsgitlab/gitlab/repository" \
--docker-volumes "/fsgitlab/gitlab-runner/.kube:/root/.kube" \
--docker-volumes "/gitlab/gitlab-runner/.gradle:/root/.gradle" \
--docker-volumes "/var/run/docker.sock:/var/run/docker.sock"
sudo service gitlab-runner restart
위 설정은 아래 config 파일에 저장 됨
/etc/gitlab-runner/config.toml
최종설정은 아래와 같으며 environment에 DOCKER_AUTH_CONFIG 는 Runner에서 각 Stage마다 Image Pull 할 때 인증에 대한 처리를 위해서 설정필요
pull_policy의 경우 Docker Image에 대한 정책 설정이다.
concurrent = 2
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "docker-runner"
url = "http://10.75.235.125:11010"
token = "Dv45HecFqMTiiBzf4QSE"
executor = "docker"
environment = ["DOCKER_AUTH_CONFIG={ \"credHelpers\": { \"222383050459.dkr.ecr.ap-northeast-2.amazonaws.com\": \"ecr-login\" }} "]
[runners.custom_build_dir]
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
[runners.cache.azure]
[runners.docker]
tls_verify = false
image = "222383050459.dkr.ecr.ap-northeast-2.amazonaws.com/common:docker-stable"
privileged = false
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/fsgitlab/gitlab/repository:/fsgitlab/gitlab/repository", "/fsgitlab/gitlab-runner/.gradle:/root/.gradle", "/var/run/docker.sock:/var/run/docker.sock", "/cache", "/fsgitlab/gitlab-runner/.kube:/root/.kube"]
pull_policy = ["if-not-present"]
shm_size = 0
- Gitlab-Runner Credential Helper 설정
Credential Helper는 ecr docker login을 유지하기 위해 사용하였으며,
해당 프로젝트에서는 gitlab-runner 각 Stage에서 사용하는 ecr image를 pull 하기 위해서 ecr_login에 대한 부분을 처리하기 위해 설정.
Credential Helper를 설치하기 위해서는 아래를 참고한다.
https://github.com/awslabs/amazon-ecr-credential-helper
Install golang && export PATH
yum install go
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
docker-credential-ecr-login
go get 을 통해 docker-credential-ecr-login을 설치
environment 설정에 DOCKER_AUTH_CONFIG 설정을 잡아주면 된다.
go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login
#아래 경로로 move
/usr/local/bin/docker-credential-ecr-login
/etc/gitlab-runner/config.toml
concurrent =1
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "docker-runner"
url = "http://10.75.235.125:11010"
token = "Dv45HecFQmtasdf"
executor = "docker"
environment = ["DOCKER_AUTH_CONFIG={ \"credHelpers\": { \"222383050459.dkr.ecr.ap-northeast-2.amazonaws.com\": \"ecr-login\" }} "]
.......
공식 문서의 샘플
To use this credential helper for a specific ECR registry, create a credHelpers section with the URI of your ECR registry:
{
"credHelpers": {
"public.ecr.aws": "ecr-login",
"<aws_account_id>.dkr.ecr.<region>.amazonaws.com": "ecr-login"
}
}
cicd gitlab gitlab-runner pipeline docker docker-compose opensource