Gitlab

Random notes on Gitlab

Backup

Configure S3 as a destination:

/etc/gitlab/gitlab.rb:

gitlab_rails['backup_upload_connection'] = {
'provider' => 'AWS',
'region' => 'ap-southeast-2',
'aws_access_key_id' => 'AKIA...',
'aws_secret_access_key' => '...'
}
gitlab_rails['backup_upload_remote_directory'] = 'cetinich-backup'

A script to backup the gitlab install (docker based)

#!/bin/bash
# A lifecycle configuration in S3 is created to clean up old backups
# The backup created assumes S3 creds configured in the gitlab.rb
docker exec -t gitlab_web_1 gitlab-backup create DIRECTORY=gitlab/daily

docker exec -t gitlab_web_1 cat /etc/gitlab/gitlab.rb > gitlab.rb
docker exec -t gitlab_web_1 cat /etc/gitlab/gitlab-secrets.json > gitlab-secrets.json
zip -P "Password" gitlab-secrets.zip gitlab-secrets.json  gitlab.rb

aws s3 cp gitlab-secrets.zip s3://cetinich-backups/gitlab/
############################################################################
# crontab -e to install backup job above
0 4 * * *  /home/brent/cronjobs/gitlab.sh >> /home/brent/cronjobs/gitlab.log 2>&1

Errors

The below error is caused because only the bucket name should be configured: ['backup_upload_remote_directory'] = 'bucket' whereas originally I had both the bucket and the key ['backup_upload_remote_directory'] = 'bucket/path/'

2021-08-28 07:18:28 +0000 -- done
2021-08-28 07:18:28 +0000 -- Dumping lfs objects ...
2021-08-28 07:18:28 +0000 -- done
2021-08-28 07:18:28 +0000 -- Dumping container registry images ...
2021-08-28 07:18:28 +0000 -- [DISABLED]
Creating backup archive: 1630135108_2021_08_28_14.2.1-ee_gitlab_backup.tar ... done
Uploading backup archive to remote storage cetinich-backup/gitlab/ ... [fog][WARNING] fog: the specified s3 bucket name(cetinich-backup/gitlab/) is not a valid dns name, which will negatively impact performance.  For details see: http://docs.amazonwebservices.com/AmazonS3/latest/dev/BucketRestrictions.html
rake aborted!

Registering a runner for CI

In 2017 when Chrome 58 came out it dropped support for the commonName field. It was actually dropped in RFC 2818 (published in 2000). So the browsers were almost 20 years late to the party. The v3_req extension support for Subject Alternate Name subjectAltName became mandatory.

Some links about it: - Deprecation notice - Intent to remove

Here is the certificate request cert.req:

[req]
prompt             = no
default_bits       = 2048
x509_extensions    = v3_req
distinguished_name = req_distinguished_name

[req_distinguished_name]
organizationName        = Brentopia
commonName              = gitlab.cetinich.net

[v3_req]
subjectAltName = @alt_names

[alt_names]
DNS.1 = gitlab.cetinich.net
DNS.2 = gitlab.local
DNS.3 = gitlab

And the command to generate it:

sudo openssl req -x509 -days 365 -nodes -out gitlab.cetinich.net.crt -keyout gitlab.cetinich.net.key -config cert.req -extensions v3_req

TLS error registration

The below error was simply because I put my cert in the wrong place:

ERROR: Registering runner... failed                 runner=AsvJbNJ_ status=couldn't execute POST against https://gitlab.cetinich.net/api/v4/runners: Post "https://gitlab.cetinich.net/api/v4/runners": x509: certificate signed by unknown authority
PANIC: Failed to register the runner.

Registering a gitlab-runner fails with forbidden

The process is you launch the runner then run gitlab-runner register this command will prompt you for the token you got from the gitlab UI and some other details then generate the config.toml file for you with the negotiated token that is generated during the registration (it will not look like the one given to you from the UI) put the token generated during the register command into the config.toml not the one from the UI. (another hint, register command put it there for you if you provided the correct token from the UI during the prompts)

Starting runner for XXXXX with token ZZZZZ ...
ERROR: Checking for jobs... forbidden               runner=ZZZZZ
Runner is not healthy!

Git client trust store details

A list of base 64 encoded x.509 CER certs are in here add your own CA in here:

C:Program FilesGitmingw64sslcertsca-bundle.crt

Gitlab runner fail to start

Getting error:

Panic: Failed to register the GitLab-runner, you may be having network issues

The issue here for me I was passing --token when I should have been passing --registration-token to the gitlab-runner register command.

Gitlab excessive memory usage

You can reduce the memory usage of gitlab by editing /etc/gitlab/gitlab.rb and uncommenting this line. After this is done I am using 5 GB of RAM. Still terrible but an improvement.

# postgresql['shared_buffers'] = "256MB"
sidekiq['max_concurrency'] = 3
sidekiq['min_concurrency'] = 2

# Then run reconfigure
gitlab-ctl reconfigure

CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /\^(develop\|testing)\$/]

This causes MR pipelines to run in detached merge request pipeline.

Comments

comments powered by Disqus