準(zhǔn)備機(jī)器,信息如下：

root@server:~# hostnamectl
   Static hostname: server.local
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 7b0c392aff5f742bb78a87e65b929466
           Boot ID: bef54cfd95454cbc92e14b5091745b67
    Virtualization: vmware
  Operating System: Ubuntu 16.04.5 LTS
            Kernel: Linux 4.4.0-134-generic
      Architecture: x86-64

更改ssh server端口，避免與gitlab ssh端口沖突

root@server:~# vim /etc/ssh/sshd_config
...(省略)
# What ports, IPs and protocols we listen for
Port 2222
...(省略)

重啟sshd服務(wù)變更端口生效

root@server:~# systemctl restart sshd.service

設(shè)置從客戶端ssh免密到server

#確保通過名稱server.local訪問到服務(wù)器
gitadmin@DESKTOP-PCPO8BK:~$ sudo vim /etc/hosts
192.168.193.200 server.local

#更改ssh客戶端連接ssh服務(wù)器的默認(rèn)關(guān)口
gitadmin@DESKTOP-PCPO8BK:~$ vim .ssh/config
Host server.local
    Port 2222

#生成密鑰夺欲，-C 備注關(guān)聯(lián)用戶
gitadmin@DESKTOP-PCPO8BK:~$ ssh-keygen -C "simon.zhu@xxxx.com"

#copy公鑰到服務(wù)器
gitadmin@DESKTOP-PCPO8BK:~$ ssh-copy-id root@server.local

#測(cè)試免密連接
gitadmin@DESKTOP-PCPO8BK:~$ ssh root@server.local
Welcome to Ubuntu 16.04.5 LTS (GNU/Linux 4.4.0-134-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

38 packages can be updated.
28 updates are security updates.

New release '18.04.1 LTS' available.
Run 'do-release-upgrade' to upgrade to it.


Last login: Sat Oct 27 13:00:15 2018 from 192.168.193.1
root@server:~#

在服務(wù)器安裝Docker
在服務(wù)器安裝Docker Compose
給服務(wù)配置大內(nèi)存囱淋，盡量使用內(nèi)存，提高性能

以下安裝MTA（smtp服務(wù)器）樊拓，為Gitlab準(zhǔn)備郵件通知功能

apt install -y postfix
#將docker的ip（一般以172開頭）設(shè)置為可信網(wǎng)絡(luò)纠亚，以便smtp服務(wù)器接收gitlab發(fā)出的投遞請(qǐng)求
root@server:~# vim /etc/postfix/main.cf
mynetworks = 172.0.0.0/8 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
root@server:~# systemctl restart postfix.service

運(yùn)行Gitlab Runner

root@runner1:~/runner# vim docker-compose.yml
version: '3.7'
services:
  runner:
    image: gitlab/gitlab-runner:alpine-v11.4.2
    restart: always
    extra_hosts:
      - "server.local:192.168.193.200"
    environment:
      - RUNNER_NAME=Docker Executor (Docker in Docker)
    volumes:
      - /srv/gitlab-runner/config:/etc/gitlab-runner
      - /var/run/docker.sock:/var/run/docker.sock
root@runner1:~/runner# docker-compose up -d

啟動(dòng)Gitlab

root@server:~# mkdir -p ci
root@server:~# cd ci/
root@server:~/ci# vim gitlab.yml
version: '3.7'
services:
  web:
    image: 'gitlab/gitlab-ce:11.4.0-ce.0'
    restart: always
    hostname: 'server.local'
    extra_hosts:
      #郵件通知服務(wù)器地址
      - "smtp.server:192.168.193.200"
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'http://192.168.193.200'
        gitlab_rails['smtp_enable'] = true;
        gitlab_rails['smtp_address'] = 'smtp.server';
        gitlab_rails['smtp_port'] = 25;
        gitlab_rails['smtp_domain'] = 'server.local';
        gitlab_rails['smtp_tls'] = false;
        gitlab_rails['smtp_openssl_verify_mode'] = 'none'
        gitlab_rails['smtp_enable_starttls_auto'] = false
        gitlab_rails['smtp_ssl'] = false
        gitlab_rails['smtp_force_ssl'] = false
        gitlab_rails['ldap_enabled'] = true
        gitlab_rails['ldap_servers'] = YAML.load <<-EOS
        main:
          label: 'ldap.mycom.com'
          host: 'ldap'
          port: 389
          uid: 'uid'
          encryption: 'plain'
          bind_dn: 'cn=admin,dc=mycom,dc=com'
          password: '1'
          active_directory: false
          allow_username_or_email_login: true
          lowercase_usernames: true
          base: 'cn=admin,dc=mycom,dc=com'
          user_filter: ''
        EOS
    ports:
      - '80:80'
      - '443:443'
      - '22:22'
    volumes:
      - './gitlab/config:/etc/gitlab'
      - './gitlab/logs:/var/log/gitlab'
      - './gitlab/data:/var/opt/gitlab'

#啟動(dòng)Gitlab
root@server:~/ci# docker-compose -f gitlab.yml up -d

增加ldap方式的Gitlab認(rèn)證授權(quán)，啟動(dòng)ldap服務(wù)

root@server:~/ci# vim ldap.yml
version: '3.7'

services:
  ldap:
    image: "osixia/openldap:1.2.2"
    restart: always
    environment:
      LDAP_ORGANISATION: mycom
      LDAP_DOMAIN: mycom.com
      LDAP_BASE_DN: mycom.com
      LDAP_ADMIN_PASSWORD: "admin"
      LDAP_OPENLDAP_UID: 0
      LDAP_OPENLDAP_GID: 0
      LDAP_TLS: "false"
      LDAP_CONFIG_PASSWORD: "admin"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./ldap/database:/var/lib/ldap
      - ./ldap/conf:/etc/ldap/slapd.d
    expose:
      - "389"
#    network_mode: "host"
#    ports:
#      - 389:389

  phpldapadmin:
    image: "osixia/phpldapadmin:0.7.2"
    restart: always
    environment:
      PHPLDAPADMIN_HTTPS: "false"
      PHPLDAPADMIN_LDAP_HOSTS: "ldap"
    volumes:
      - /etc/localtime:/etc/localtime:ro
#    network_mode: "host"
    ports:
#      - 6443:443
      - 6080:80

#啟動(dòng)ldap服務(wù)
root@server:~/ci# docker-compose -f ldap.yml up -d

在ldap服務(wù)添加用戶

Login DN:cn=admin,dc=mycom,dc=com;Passwords:admin

image.png

用在ldap中添加的用戶登陸GItlab

用郵箱和密碼登陸

image.png

啟動(dòng)Runner
準(zhǔn)備另一臺(tái)機(jī)器筋夏，軟件環(huán)境與上面Server相同(即安裝好Docker和Docker Compose)

root@runner1:~# hostnamectl
   Static hostname: runner1.local
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 7b0c392aff5f742bb78a87e65b929466
           Boot ID: 11957514ccc14a59ae62789bb4a311fb
    Virtualization: vmware
  Operating System: Ubuntu 16.04.5 LTS
            Kernel: Linux 4.4.0-134-generic
      Architecture: x86-64
root@runner1:~# mkdir -p runner/
root@runner1:~# cd runner/
root@runner1:~/runner# vim docker-compose.yml
version: '3.7'
services:
  runner:
    image: gitlab/gitlab-runner:alpine-v11.4.2
    restart: always
    extra_hosts:
      - "server.local:192.168.193.200"
#      - "gitlab.mycom.com:192.168.193.200"
    environment:
      - RUNNER_NAME=Docker Executor (Docker in Docker)
    volumes:
      - /srv/gitlab-runner/config:/etc/gitlab-runner
      - /var/run/docker.sock:/var/run/docker.sock
root@runner1:~/runner# docker-compose up -d

注冊(cè)Runner
（token需要GItlab的root用戶通過Standard登陸查看）

image.png

root@runner1:~/runner# docker exec -it runner_runner_1 bash
bash-4.4# gitlab-runner register -n \
>   --url http://server.local/ \
>   --registration-token Qmx8nyxdCypHLpzyH5eH \
>   --executor docker \
>   --description "My Docker Runner(dind executor)" \
>   --docker-image "docker:stable" \
>   --docker-privileged
Runtime platform                                    arch=amd64 os=linux pid=17 revision=cf91d5e1 version=11.4.2
Running in system-mode.

Registering runner... succeeded                     runner=Qmx8nyxd
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

通過Gitlab查看注冊(cè)的Runner

image.png

登陸Gitlab蒂胞，注冊(cè)ssh公鑰，創(chuàng)建項(xiàng)目条篷，并克隆到本地骗随，創(chuàng)建.gitlab-ci.yml

gitadmin@DESKTOP-PCPO8BK:~/pj1$ vim .gitlab-ci.yml

push到Gitlab蛤织，Gitlab自動(dòng)運(yùn)行pipeline（編譯，測(cè)試鸿染，打包指蚜，發(fā)布）

image.png

后續(xù)打算繼續(xù)如下實(shí)驗(yàn)
1，通過redmine提出功能需求
2涨椒，基于主分支摊鸡，創(chuàng)建開發(fā)分支，完成開發(fā)蚕冬，靜態(tài)代碼分析免猾，測(cè)試
3，創(chuàng)建merge request到master
4囤热，確認(rèn)merge request通過猎提，自動(dòng)關(guān)閉redmine的issue

待完成。