Cool Solution - GitLab integration

cool-solution
ucs-4-3
ucs-4-4

#1

Gitlab is an open source repository management tool. It comes as both a community and enterprise edition. Getting either of them to run on UCS as well as integrating them with UCS is fast and easy.

Installation

UCS 4.1 and 4.2

Gitlab uses sudo. Please make sure it is installed before proceeding.

univention-install sudo

Using the scripts provided by Gitlab, installation becomes a breeze. The only care has to be taken to specify the underlying Debian system.

Community Edition

For the Community Edition, the installation works the following:

First determine the version of Debian the UCS instance is based on.

cat /etc/issue.debian

For UCS 4.1 this will be Debian version 7 and for UCS 4.2 version 8.

wget https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh
chmod +x ./script.deb.sh
os=Debian dist=7 ./script.deb.sh

For UCS 4.2 dist would have to be set to 8.

Afterward, the respective packages can be installed through the package management system

apt-get install gitlab-ce

Enterprise Edition

The only difference for the enterprise edition is the path of the script and the name of the install package.

wget https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh
chmod +x ./script.deb.sh
os=Debian dist=<DIST> ./script.deb.sh
apt-get install gitlab-ee

UCS 4.3 and 4.4

When installing GitLab directly on UCS 4.3 and 4.4 one might encounter a segmentation fault in one of the libraries of GitLab during configuration. This however does not happen when using docker containers.

The docker images provided by GitLab can be used to run the service on UCS 4.3 and UCS 4.4. The process is as described on [https://docs.gitlab.com/ee/install/docker.html], but here is a short version of it.

Since docker is already used in UCS there are no further dependencies to be installed. Just run

sudo docker run --detach \
  --hostname gitlab.example.com \
  --publish 444:443 --publish 81:80 --publish 23:22 \
  --name gitlab \
  --restart always \
  --volume /srv/gitlab/config:/etc/gitlab \
  --volume /srv/gitlab/logs:/var/log/gitlab \
  --volume /srv/gitlab/data:/var/opt/gitlab \
  gitlab/gitlab-ce:latest

to download an run the official docker container. The image for the enterprise edition would be called gitlab/gitlab-ee. UCS already uses the ports 443, 80, and 22 for Apache2 and SSH. GitLab uses the same ports inside the docker container. To grant external external access to GitLab we have to forward those ports to unused ones. In this example we used 444, 81, and 23.

To configure GitLab we can either open a shell inside the container with

sudo docker exec -it gitlab /bin/bash

or directly edit the configuration file /etc/gitlab/gitlab.rb

sudo docker exec -it gitlab vi /etc/gitlab/gitlab.rb

The configuration is the same as for UCS 4.1 and 4.2 except that the conflicting HTTP port is already handled.

Configuration

Most of the configuration is fine for usage with UCS. However to connect to the LDAP server of the host system we need to make some configurations. For this, you will need the LDAP server name and the LDAP base. You can find the name with the command

ucr get ldap/server/name

While the following command gives you the ldap/base

ucr get ldap/base

To create a LDAP user for the gitlab container to search with

udm users/ldap create --position "cn=users,$(ucr get ldap/base)" \
  --set username="gitlabauth" \
  --set password="<password>"

Now go into the container

sudo docker exec -it gitlab /bin/bash

On the command line open /etc/gitlab/gitlab.rb with your favourite editor.

Then find the line
# gitlab_rails['ldap_enabled'] = false
and just above it enter the following code block

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
  main:
    label: 'LDAP'
    sync_time:
    host: '<ldap/server/name>'
    port: 389
    uid: 'uid'
    method: "tls" # "tls" or "ssl" or "plain"
    bind_dn: "uid=gitlabauth,cn=users,<ldap/binddn>"
    password: "<password>"
    active_directory: false
    allow_username_or_email_login: false
    base: "cn=users,<ldap/base>"
    user_filter: "(objectClass=organizationalPerson)"
    block_auto_created_users: false
    verify_certificates: false
    attributes:
      username: 'uid'
      email: 'mailPrimaryAddress'  
      cn: 'displayName'
      first_name: 'givenName'
      last_name: 'sn'
EOS

Reconfigure gitlab with

gitlab-ctl reconfigure

and then you can start gitlab

gitlab-ctl start

Multiple LDAP Servers

The enterprise edition offers integration with multiple LDAP servers. To configure multiple LDAP servers add the second server in the block above before the EOS

  backup:
    label: 'LDAP'
    sync_time:
    host: '<name of the ldap backup>'
    port: 7389
    uid: 'uid'
    method: "tls" # "tls" or "ssl" or "plain"
    bind_dn: "uid=gitlabauth,cn=users,<ldap/binddn>"
    password: "<password>"
    active_directory: false
    allow_username_or_email_login: false
    base: "cn=users,<ldap/base>"
    user_filter: "(objectClass=organizationalPerson)"
    block_auto_created_users: false
    verify_certificates: false
    attributes:
      username: 'uid'
      email: 'mailPrimaryAddress'  
      cn: 'displayName'
      first_name: 'givenName'
      last_name: 'sn'

closed #2