Gitlab is an open source repository management tool. It comes as both a community and enterprise edition. Getting either of them to run on UCS as well as integrating them with UCS is fast and easy.
Installation
When installing GitLab directly on UCS 4.3 or 4.4, a segmentation fault in one of the libraries of GitLab might appear during configuration. This however does not happen when using docker containers.
The docker images provided by GitLab can be used to run the service on UCS 4.3 and UCS 4.4. The process is described on [https://docs.gitlab.com/ee/install/docker.html], but here is a short version of it.
Since docker is already used in UCS there are no further dependencies to be installed. Just run
docker run --detach \
--hostname gitlab.example.com \
--publish 444:443 --publish 81:80 --publish 23:22 \
--name gitlab \
--restart always \
--volume /srv/gitlab/config:/etc/gitlab \
--volume /srv/gitlab/logs:/var/log/gitlab \
--volume /srv/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce:latest
to download and run the official docker container. The image for the enterprise edition would be called gitlab/gitlab-ee. UCS already uses the ports 443, 80, and 22 for Apache2 and SSH. GitLab uses the same ports inside the docker container. To grant external external access to GitLab we have to forward those ports to unused ones. In this example we used 444, 81, and 23.
Please note that HTTPS isn’t enabled by default. Instructions how to enable SSL can be found inside the GitLab documentation and many guides on the web.
To configure GitLab we can either open a shell inside the container with
docker exec -it gitlab /bin/bash
or directly edit the configuration file /etc/gitlab/gitlab.rb
docker exec -it gitlab vi /etc/gitlab/gitlab.rb
Configuration
Most of the configuration is fine for usage with UCS. However to connect to the LDAP server of the host system we need to make some configurations. For this, you will need the LDAP server name and the LDAP base. You can find the name with the command
ucr get ldap/server/name
While the following command gives you the ldap/base
ucr get ldap/base
To create a LDAP user for the gitlab container to search with
udm users/ldap create --position "cn=users,$(ucr get ldap/base)" \
--set username="gitlabauth" \
--set password="<password>"
Now go into the container
docker exec -it gitlab /bin/bash
On the command line open /etc/gitlab/gitlab.rb
with your favourite editor.
Then find the line
# gitlab_rails['ldap_enabled'] = false
and just above it enter the following code block
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main:
label: 'LDAP'
sync_time:
host: '<ldap/server/name>'
port: 7636
uid: 'uid'
method: "ssl" # "tls" or "ssl" or "plain"
bind_dn: "uid=gitlabauth,cn=users,<ldap/binddn>"
password: "<password>"
active_directory: false
allow_username_or_email_login: false
base: "cn=users,<ldap/base>"
user_filter: "(objectClass=organizationalPerson)"
block_auto_created_users: false
verify_certificates: false
group_base: "cn=groups,<ldap/base>"
admin_group: "Domain Admins"
attributes:
username: 'uid'
email: 'mailPrimaryAddress'
cn: 'displayName'
first_name: 'givenName'
last_name: 'sn'
EOS
Reconfigure gitlab with
gitlab-ctl reconfigure
and then you can start gitlab
gitlab-ctl start
Multiple LDAP Servers
The enterprise edition offers integration with multiple LDAP servers. To configure multiple LDAP servers add the second server in the block above before the EOS
backup:
label: 'LDAP'
sync_time:
host: '<name of the ldap backup>'
port: 7636
uid: 'uid'
method: "ssl" # "tls" or "ssl" or "plain"
bind_dn: "uid=gitlabauth,cn=users,<ldap/binddn>"
password: "<password>"
active_directory: false
allow_username_or_email_login: false
base: "cn=users,<ldap/base>"
user_filter: "(objectClass=organizationalPerson)"
block_auto_created_users: false
verify_certificates: false
group_base: "cn=groups,<ldap/base>"
admin_group: "Domain Admins"
attributes:
username: 'uid'
email: 'mailPrimaryAddress'
cn: 'displayName'
first_name: 'givenName'
last_name: 'sn'