Gitlab¶
Random notes on Gitlab
Backup¶
Configure S3 as a destination:
/etc/gitlab/gitlab.rb:
gitlab_rails['backup_upload_connection'] = {
'provider' => 'AWS',
'region' => 'ap-southeast-2',
'aws_access_key_id' => 'AKIA...',
'aws_secret_access_key' => '...'
}
gitlab_rails['backup_upload_remote_directory'] = 'cetinich-backup'
A script to backup the gitlab install (docker based)
#!/bin/bash
# A lifecycle configuration in S3 is created to clean up old backups
# The backup created assumes S3 creds configured in the gitlab.rb
docker exec -t gitlab_web_1 gitlab-backup create DIRECTORY=gitlab/daily
docker exec -t gitlab_web_1 cat /etc/gitlab/gitlab.rb > gitlab.rb
docker exec -t gitlab_web_1 cat /etc/gitlab/gitlab-secrets.json > gitlab-secrets.json
zip -P "Password" gitlab-secrets.zip gitlab-secrets.json gitlab.rb
aws s3 cp gitlab-secrets.zip s3://cetinich-backups/gitlab/
############################################################################
# crontab -e to install backup job above
0 4 * * * /home/brent/cronjobs/gitlab.sh >> /home/brent/cronjobs/gitlab.log 2>&1
Errors¶
The below error is caused because only the bucket name should be
configured: ['backup_upload_remote_directory'] = 'bucket' whereas
originally I had both the bucket and the key
['backup_upload_remote_directory'] = 'bucket/path/'
2021-08-28 07:18:28 +0000 -- done
2021-08-28 07:18:28 +0000 -- Dumping lfs objects ...
2021-08-28 07:18:28 +0000 -- done
2021-08-28 07:18:28 +0000 -- Dumping container registry images ...
2021-08-28 07:18:28 +0000 -- [DISABLED]
Creating backup archive: 1630135108_2021_08_28_14.2.1-ee_gitlab_backup.tar ... done
Uploading backup archive to remote storage cetinich-backup/gitlab/ ... [fog][WARNING] fog: the specified s3 bucket name(cetinich-backup/gitlab/) is not a valid dns name, which will negatively impact performance. For details see: http://docs.amazonwebservices.com/AmazonS3/latest/dev/BucketRestrictions.html
rake aborted!
Registering a runner for CI¶
In 2017 when Chrome 58 came out it dropped support for the commonName
field. It was actually dropped in RFC 2818 (published in 2000). So the
browsers were almost 20 years late to the party. The v3_req extension
support for Subject Alternate Name subjectAltName became mandatory.
Some links about it: - Deprecation notice - Intent to remove
Here is the certificate request cert.req:
[req]
prompt = no
default_bits = 2048
x509_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
organizationName = Brentopia
commonName = gitlab.cetinich.net
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = gitlab.cetinich.net
DNS.2 = gitlab.local
DNS.3 = gitlab
And the command to generate it:
sudo openssl req -x509 -days 365 -nodes -out gitlab.cetinich.net.crt -keyout gitlab.cetinich.net.key -config cert.req -extensions v3_req
TLS error registration¶
The below error was simply because I put my cert in the wrong place:
ERROR: Registering runner... failed runner=AsvJbNJ_ status=couldn't execute POST against https://gitlab.cetinich.net/api/v4/runners: Post "https://gitlab.cetinich.net/api/v4/runners": x509: certificate signed by unknown authority
PANIC: Failed to register the runner.
Registering a gitlab-runner fails with forbidden¶
The process is you launch the runner then run gitlab-runner register
this command will prompt you for the token you got from the gitlab UI
and some other details then generate the config.toml file for you with
the negotiated token that is generated during the registration (it will
not look like the one given to you from the UI) put the token generated
during the register command into the config.toml not the one from
the UI. (another hint, register command put it there for you if you
provided the correct token from the UI during the prompts)
Starting runner for XXXXX with token ZZZZZ ...
ERROR: Checking for jobs... forbidden runner=ZZZZZ
Runner is not healthy!
Git client trust store details
A list of base 64 encoded x.509 CER certs are in here add your own CA in here:
C:Program FilesGitmingw64sslcertsca-bundle.crt
Gitlab runner fail to start¶
Getting error:
Panic: Failed to register the GitLab-runner, you may be having network issues
The issue here for me I was passing --token when I should have been
passing --registration-token to the gitlab-runner register command.
Random git tips¶
Remove bad commit via interactive rebase:
git rebase -i origin/main
# The most recent commit is the bottom of the list
# Leave the first commit untouched
# Say I have 3 commits
# pick d83fd3 Added some feature
# s 11111a Fixed some stuff
# s 11111b Fix some more stuff
# This will remove the fix some stuff commits
git push origin feature --force
Setting your branch to exactly match the remote branch can be done in two steps:
git fetch origin
git reset --hard origin/master
# remove any other files:
# x: ignored files, d: untracked directory, f: untracked files
git clean -xdf
List branches on remote:
git branch -r
Create a new branch and switch to it:
git checkout -b <new_branch_name>
Check what remote a local branch is tracking
git branch -vv
Pull a directory from another branch, without changing the log of the current branch:
git checkout source_branch -- path/to/folder
Gitlab excessive memory usage¶
You can reduce the memory usage of gitlab by editing
/etc/gitlab/gitlab.rb and uncommenting this line. After
this is done I am using 5 GB of RAM. Still terrible but an improvement.
# postgresql['shared_buffers'] = "256MB"
sidekiq['max_concurrency'] = 3
sidekiq['min_concurrency'] = 2
# Then run reconfigure
gitlab-ctl reconfigure
CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /\^(develop\|testing)\$/]
This causes MR pipelines to run in detached merge request pipeline.
Comments
comments powered by Disqus