Cool Solution - GitLab integration

cool-solution
ucs-4-3
ucs-4-4

#1

Gitlab is an open source repository management tool. It comes as both a community and enterprise edition. Getting either of them to run on UCS as well as integrating them with UCS is fast and easy.

Installation

When installing GitLab directly on UCS 4.3 or 4.4, a segmentation fault in one of the libraries of GitLab might appear during configuration. This however does not happen when using docker containers.

The docker images provided by GitLab can be used to run the service on UCS 4.3 and UCS 4.4. The process is described on [https://docs.gitlab.com/ee/install/docker.html], but here is a short version of it.

Since docker is already used in UCS there are no further dependencies to be installed. Just run

docker run --detach \
  --hostname gitlab.example.com \
  --publish 444:443 --publish 81:80 --publish 23:22 \
  --name gitlab \
  --restart always \
  --volume /srv/gitlab/config:/etc/gitlab \
  --volume /srv/gitlab/logs:/var/log/gitlab \
  --volume /srv/gitlab/data:/var/opt/gitlab \
  gitlab/gitlab-ce:latest

to download and run the official docker container. The image for the enterprise edition would be called gitlab/gitlab-ee. UCS already uses the ports 443, 80, and 22 for Apache2 and SSH. GitLab uses the same ports inside the docker container. To grant external external access to GitLab we have to forward those ports to unused ones. In this example we used 444, 81, and 23.
Please note that HTTPS isn’t enabled by default. Instructions how to enable SSL can be found inside the GitLab documentation and many guides on the web.

To configure GitLab we can either open a shell inside the container with

docker exec -it gitlab /bin/bash

or directly edit the configuration file /etc/gitlab/gitlab.rb

docker exec -it gitlab vi /etc/gitlab/gitlab.rb

Configuration

Most of the configuration is fine for usage with UCS. However to connect to the LDAP server of the host system we need to make some configurations. For this, you will need the LDAP server name and the LDAP base. You can find the name with the command

ucr get ldap/server/name

While the following command gives you the ldap/base

ucr get ldap/base

To create a LDAP user for the gitlab container to search with

udm users/ldap create --position "cn=users,$(ucr get ldap/base)" \
  --set username="gitlabauth" \
  --set password="<password>"

Now go into the container

docker exec -it gitlab /bin/bash

On the command line open /etc/gitlab/gitlab.rb with your favourite editor.

Then find the line
# gitlab_rails['ldap_enabled'] = false
and just above it enter the following code block

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
  main:
    label: 'LDAP'
    sync_time:
    host: '<ldap/server/name>'
    port: 7636
    uid: 'uid'
    method: "ssl" # "tls" or "ssl" or "plain"
    bind_dn: "uid=gitlabauth,cn=users,<ldap/binddn>"
    password: "<password>"
    active_directory: false
    allow_username_or_email_login: false
    base: "cn=users,<ldap/base>"
    user_filter: "(objectClass=organizationalPerson)"
    block_auto_created_users: false
    verify_certificates: false
    group_base: "cn=groups,<ldap/base>"
    admin_group: "Domain Admins"
    attributes:
      username: 'uid'
      email: 'mailPrimaryAddress'  
      cn: 'displayName'
      first_name: 'givenName'
      last_name: 'sn'
EOS

Reconfigure gitlab with

gitlab-ctl reconfigure

and then you can start gitlab

gitlab-ctl start

Multiple LDAP Servers

The enterprise edition offers integration with multiple LDAP servers. To configure multiple LDAP servers add the second server in the block above before the EOS

  backup:
    label: 'LDAP'
    sync_time:
    host: '<name of the ldap backup>'
    port: 7636
    uid: 'uid'
    method: "ssl" # "tls" or "ssl" or "plain"
    bind_dn: "uid=gitlabauth,cn=users,<ldap/binddn>"
    password: "<password>"
    active_directory: false
    allow_username_or_email_login: false
    base: "cn=users,<ldap/base>"
    user_filter: "(objectClass=organizationalPerson)"
    block_auto_created_users: false
    verify_certificates: false
    group_base: "cn=groups,<ldap/base>"
    admin_group: "Domain Admins"
    attributes:
      username: 'uid'
      email: 'mailPrimaryAddress'  
      cn: 'displayName'
      first_name: 'givenName'
      last_name: 'sn'