AKAI TSUKI

System development or Technical something

Using Git repository on GitLab.

GitLab

After preparing:

akai-tsuki.hatenablog.com

git clone

$ git clone http://username01@172.16.10.25/testgrp/testpj.git
Cloning into 'testpj'...
warning: You appear to have cloned an empty repository.

$ ls
testpj

$ cd testpj/

setting user info:

$ git config user.name username01

$ git config user.email <mail address>

prepare sample file “README.md”

$ vi README.md

$ cat README.md
Test Message: hello Gitlab!

$

git commit and push

$ git status
On branch master
Your branch is up-to-date with 'origin/master'.
Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git checkout -- <file>..." to discard changes in working directory)

        modified:   README.md

no changes added to commit (use "git add" and/or "git commit -a")

$ git commit -a -m "test commit"
[master 7ee70bd] test commit
 1 file changed, 1 insertion(+)

$ git push -u origin master
Counting objects: 3, done.
Writing objects: 100% (3/3), 249 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To http://172.16.10.25/testgrp/testpj.git
 * [new branch]      master -> master
Branch master set up to track remote branch master from origin.

$

for example:
f:id:akai_tsuki:20170527230545p:plain

Prepare group, project and user before using GitLab

GitLab

After installation:akai-tsuki.hatenablog.com

set pass for root user.

input password of root.
f:id:akai_tsuki:20170527174634p:plain

login by root.
f:id:akai_tsuki:20170527181231p:plain

f:id:akai_tsuki:20170527181403p:plain

1. create Group

f:id:akai_tsuki:20170527181418p:plain

f:id:akai_tsuki:20170527181536p:plain

2. create PJ

f:id:akai_tsuki:20170527181546p:plain

f:id:akai_tsuki:20170527181603p:plain

3. create users

f:id:akai_tsuki:20170527181725p:plain

f:id:akai_tsuki:20170527181738p:plain

4. add member to group

f:id:akai_tsuki:20170527181822p:plain

After adding member:
f:id:akai_tsuki:20170527181833p:plain

At this point we can not see icon image of added user,
because I don’t change external_url parameter in /etc/gitlab/gitlab.rb,
I need to chenage form hostname to ip address for this parameter in my environment.

change external_url parameter

# cp -p /etc/gitlab/gitlab.rb{,.org}
# vi /etc/gitlab/gitlab.rb
# diff /etc/gitlab/gitlab.rb /etc/gitlab/gitlab.rb.org
13c13
< external_url 'http://172.16.10.25'
---
> external_url 'http://gitlab2'
#

# gitlab-ctl reconfigure
Starting Chef Client, version 12.12.15

  *snip*

Running handlers complete
Chef Client finished, 327/438 resources updated in 01 minutes 20 seconds
gitlab Reconfigured!
#

install GitLab 9.2.2 CE (Omnibus install) on CentOS 7

GitLab

see: https://about.gitlab.com/downloads/#centos7

summary

# yum update
# firewall-cmd --permanent --add-service=http
# systemctl reload firewalld
# curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | bash
# yum install gitlab-ce
# gitlab-ctl reconfigure

prepare

# yum update
# firewall-cmd --permanent --add-service=http
# systemctl reload firewalld
(if you need) # reboot
# firewall-cmd --state
running
# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s3 enp0s8
  sources:
  services: dhcpv6-client http ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

#

add GitLab package repository setting

# curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | bash
Detected operating system as centos/7.

  *snip*

Installed:
  yum-utils.noarch 0:1.1.31-40.el7

Dependency Installed:
  libxml2-python.x86_64 0:2.9.1-6.el7_2.3           python-chardet.noarch 0:2.2.1-1.el7_1
  python-kitchen.noarch 0:1.1.1-5.el7

Complete!
Generating yum cache for gitlab_gitlab-ce...
Importing GPG key 0xE15E78F4:
 Userid     : "GitLab B.V. (package repository signing key) <packages@gitlab.com>"
 Fingerprint: 1a4c 919d b987 d435 9396 38b9 1421 9a96 e15e 78f4
 From       : https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey

The repository is setup! You can now install packages.
#

# ls -l /etc/yum.repos.d/gitlab_gitlab-ce.repo
-rw-r--r-- 1 root root 571 May 27 15:29 /etc/yum.repos.d/gitlab_gitlab-ce.repo
#

install the package

# yum install gitlab-ce
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: ftp.nara.wide.ad.jp
 * extras: ftp.iij.ad.jp
 * updates: ftp.iij.ad.jp
Resolving Dependencies
--> Running transaction check
---> Package gitlab-ce.x86_64 0:9.2.2-ce.0.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package              Arch              Version                   Repository                   Size
====================================================================================================
Installing:
 gitlab-ce            x86_64            9.2.2-ce.0.el7            gitlab_gitlab-ce            311 M

Transaction Summary
====================================================================================================
Install  1 Package

Total download size: 311 M
Installed size: 910 M
Is this ok [y/d/N]: y
Downloading packages:
gitlab-ce-9.2.2-ce.0.el7.x86_64.rpm                                          | 311 MB  00:00:37
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : gitlab-ce-9.2.2-ce.0.el7.x86_64                                                  1/1


       *.                  *.
      ***                 ***
     *****               *****
    .******             *******
    ********            ********
   ,,,,,,,,,***********,,,,,,,,,
  ,,,,,,,,,,,*********,,,,,,,,,,,
  .,,,,,,,,,,,*******,,,,,,,,,,,,
      ,,,,,,,,,*****,,,,,,,,,.
         ,,,,,,,****,,,,,,
            .,,,***,,,,
                ,*,.

     _______ __  __          __
    / ____(_) /_/ /   ____ _/ /_
   / / __/ / __/ /   / __ `/ __ \
  / /_/ / / /_/ /___/ /_/ / /_/ /
  \____/_/\__/_____/\__,_/_.___/


gitlab: Thank you for installing GitLab!
gitlab: To configure and start GitLab, RUN THE FOLLOWING COMMAND:

sudo gitlab-ctl reconfigure

gitlab: GitLab should be reachable at http://gitlab2
gitlab: Otherwise configure GitLab for your system by editing /etc/gitlab/gitlab.rb file
gitlab: And running reconfigure again.
gitlab:
gitlab: For a comprehensive list of configuration options please see the Omnibus GitLab readme
gitlab: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md
gitlab:
It looks like GitLab has not been configured yet; skipping the upgrade script.
  Verifying  : gitlab-ce-9.2.2-ce.0.el7.x86_64                                                  1/1

Installed:
  gitlab-ce.x86_64 0:9.2.2-ce.0.el7

Complete!
#

configure and start GitLab

# gitlab-ctl reconfigure
Starting Chef Client, version 12.12.15
resolving cookbooks for run list: ["gitlab"]
Synchronizing Cookbooks:
  - package (0.0.0)
  - gitlab (0.0.1)
  - runit (0.14.2)

 *snip*

Running handlers:
Running handlers complete
Chef Client finished, 327/438 resources updated in 01 minutes 20 seconds
gitlab Reconfigured!
#

access by the browser (Chrome)

access to http://<IP address>/

f:id:akai_tsuki:20170527174634p:plain

ssh-keygen specifying output file with no passphrase.

Linux

create ssh key.

$ ssh-keygen -t rsa -b 2048 -f ./id_rsa -N ""
Generating public/private rsa key pair.
Your identification has been saved in ./id_rsa.
Your public key has been saved in ./id_rsa.pub.
The key fingerprint is:
*snip*
The key's randomart image is:
*snip*
$ ls -l
total 8
-rw------- 1 test test 1679 Apr  8 07:58 id_rsa
-rw-r--r-- 1 test test  397 Apr  8 07:58 id_rsa.pub
$

Try Kubernetes (v1.6.1).

Kubernetes Version

[root@cent7no01 ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.1+coreos.0", GitCommit:"9212f77ed8c169a0afa02e58dce87913c6387b3e", GitTreeState:"clean", BuildDate:"2017-04-04T00:32:53Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.1+coreos.0", GitCommit:"9212f77ed8c169a0afa02e58dce87913c6387b3e", GitTreeState:"clean", BuildDate:"2017-04-04T00:32:53Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
[root@cent7no01 ~]#

nodes

[root@cent7no01 ~]# kubectl get nodes
NAME        STATUS    AGE       VERSION
cent7no01   Ready     1d        v1.6.1+coreos.0
cent7no02   Ready     1d        v1.6.1+coreos.0
cent7no03   Ready     1d        v1.6.1+coreos.0
[root@cent7no01 ~]#
[root@cent7no02 ~]# kubectl get nodes
NAME        STATUS    AGE       VERSION
cent7no01   Ready     1d        v1.6.1+coreos.0
cent7no02   Ready     1d        v1.6.1+coreos.0
cent7no03   Ready     1d        v1.6.1+coreos.0
[root@cent7no02 ~]#

pods

[root@cent7no01 ~]# kubectl get pods
No resources found.
[root@cent7no01 ~]#
[root@cent7no01 ~]# kubectl get pods --namespace=kube-system
NAME                                  READY     STATUS    RESTARTS   AGE
dnsmasq-2996005329-5zrjg              1/1       Running   0          1d
dnsmasq-2996005329-pqtsg              1/1       Running   0          1d
dnsmasq-autoscaler-2349860636-wnsp1   1/1       Running   0          1d
kube-apiserver-cent7no01              1/1       Running   0          1d
kube-apiserver-cent7no02              1/1       Running   0          1d
kube-controller-manager-cent7no01     1/1       Running   0          1d
kube-controller-manager-cent7no02     1/1       Running   0          1d
kube-proxy-cent7no01                  1/1       Running   0          1d
kube-proxy-cent7no02                  1/1       Running   0          1d
kube-proxy-cent7no03                  1/1       Running   0          1d
kube-scheduler-cent7no01              1/1       Running   0          1d
kube-scheduler-cent7no02              1/1       Running   0          1d
kubedns-1519522227-ckxl0              3/3       Running   0          1d
kubedns-autoscaler-2999057513-gxs16   1/1       Running   0          1d
nginx-proxy-cent7no03                 1/1       Running   0          1d
[root@cent7no01 ~]#

Setup LXD on Ubuntu 16.04

Linux

In the case of using Ubuntu Server 16.04, already the server was intalled LXD.

check version

test@ubuntu01:~$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS"
test@ubuntu01:~$
test@ubuntu01:~$ lxd --version
2.0.9
test@ubuntu01:~$
test@ubuntu01:~$ dpkg -l | grep lxd
ii  lxd                                2.0.9-0ubuntu1~16.04.2                     amd64        Container hypervisor based on LXC - daemon
ii  lxd-client                         2.0.9-0ubuntu1~16.04.2                     amd64        Container hypervisor based on LXC - client
test@ubuntu01:~$ dpkg -l | grep zfs
test@ubuntu01:~$

install zfs

test@ubuntu01:~$ sudo apt-get install zfs
[sudo] password for test:
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'zfsutils-linux' instead of 'zfs'
The following additional packages will be installed:
  libnvpair1linux libuutil1linux libzfs2linux libzpool2linux zfs-doc zfs-zed
Suggested packages:
  default-mta | mail-transport-agent samba-common-bin nfs-kernel-server zfs-initramfs
The following NEW packages will be installed:
  libnvpair1linux libuutil1linux libzfs2linux libzpool2linux zfs-doc zfs-zed zfsutils-linux
0 upgraded, 7 newly installed, 0 to remove and 25 not upgraded.
Need to get 897 kB of archives.
After this operation, 2,902 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 zfs-doc all 0.6.5.6-0ubuntu16 [50.1 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libuutil1linux amd64 0.6.5.6-0ubuntu16 [27.5 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libnvpair1linux amd64 0.6.5.6-0ubuntu16 [23.4 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libzpool2linux amd64 0.6.5.6-0ubuntu16 [384 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libzfs2linux amd64 0.6.5.6-0ubuntu16 [106 kB]
Get:6 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 zfsutils-linux amd64 0.6.5.6-0ubuntu16 [276 kB]
Get:7 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 zfs-zed amd64 0.6.5.6-0ubuntu16 [29.8 kB]
Fetched 897 kB in 1s (626 kB/s)
Selecting previously unselected package zfs-doc.
(Reading database ... 91931 files and directories currently installed.)
Preparing to unpack .../zfs-doc_0.6.5.6-0ubuntu16_all.deb ...
Unpacking zfs-doc (0.6.5.6-0ubuntu16) ...
Selecting previously unselected package libuutil1linux.
Preparing to unpack .../libuutil1linux_0.6.5.6-0ubuntu16_amd64.deb ...
Unpacking libuutil1linux (0.6.5.6-0ubuntu16) ...
Selecting previously unselected package libnvpair1linux.
Preparing to unpack .../libnvpair1linux_0.6.5.6-0ubuntu16_amd64.deb ...
Unpacking libnvpair1linux (0.6.5.6-0ubuntu16) ...
Selecting previously unselected package libzpool2linux.
Preparing to unpack .../libzpool2linux_0.6.5.6-0ubuntu16_amd64.deb ...
Unpacking libzpool2linux (0.6.5.6-0ubuntu16) ...
Selecting previously unselected package libzfs2linux.
Preparing to unpack .../libzfs2linux_0.6.5.6-0ubuntu16_amd64.deb ...
Unpacking libzfs2linux (0.6.5.6-0ubuntu16) ...
Selecting previously unselected package zfsutils-linux.
Preparing to unpack .../zfsutils-linux_0.6.5.6-0ubuntu16_amd64.deb ...
Unpacking zfsutils-linux (0.6.5.6-0ubuntu16) ...
Selecting previously unselected package zfs-zed.
Preparing to unpack .../zfs-zed_0.6.5.6-0ubuntu16_amd64.deb ...
Unpacking zfs-zed (0.6.5.6-0ubuntu16) ...
Processing triggers for libc-bin (2.23-0ubuntu7) ...
Processing triggers for initramfs-tools (0.122ubuntu8.8) ...
update-initramfs: Generating /boot/initrd.img-4.4.0-78-generic
W: mdadm: /etc/mdadm/mdadm.conf defines no arrays.
Processing triggers for systemd (229-4ubuntu10) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up zfs-doc (0.6.5.6-0ubuntu16) ...
Setting up libuutil1linux (0.6.5.6-0ubuntu16) ...
Setting up libnvpair1linux (0.6.5.6-0ubuntu16) ...
Setting up libzpool2linux (0.6.5.6-0ubuntu16) ...
Setting up libzfs2linux (0.6.5.6-0ubuntu16) ...
Setting up zfsutils-linux (0.6.5.6-0ubuntu16) ...
zfs-import-cache.service is a disabled or a static unit, not starting it.
zfs-import-scan.service is a disabled or a static unit, not starting it.
zfs-mount.service is a disabled or a static unit, not starting it.
Processing triggers for initramfs-tools (0.122ubuntu8.8) ...
update-initramfs: Generating /boot/initrd.img-4.4.0-78-generic
W: mdadm: /etc/mdadm/mdadm.conf defines no arrays.
Setting up zfs-zed (0.6.5.6-0ubuntu16) ...
zed.service is a disabled or a static unit, not starting it.
Processing triggers for libc-bin (2.23-0ubuntu7) ...
Processing triggers for systemd (229-4ubuntu10) ...
Processing triggers for ureadahead (0.100.0-19) ...
test@ubuntu01:~$
test@ubuntu01:~$

Let’s confirm

test@ubuntu01:~$ dpkg -l | grep zfs
ii  libzfs2linux                       0.6.5.6-0ubuntu16                          amd64        Native OpenZFS filesystem library for Linux
ii  zfs-doc                            0.6.5.6-0ubuntu16                          all          Native OpenZFS filesystem documentation and examples.
ii  zfs-zed                            0.6.5.6-0ubuntu16                          amd64        OpenZFS Event Daemon (zed)
ii  zfsutils-linux                     0.6.5.6-0ubuntu16                          amd64        Native OpenZFS management utilities for Linux
test@ubuntu01:~$

Initial setup

test@ubuntu01:~$ lxc list
Generating a client certificate. This may take a minute...
If this is your first time using LXD, you should also run: sudo lxd init
To start your first container, try: lxc launch ubuntu:16.04

+------+-------+------+------+------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------+-------+------+------+------+-----------+
test@ubuntu01:~$

test@ubuntu01:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:9f:80:ce brd ff:ff:ff:ff:ff:ff
    inet 172.16.10.61/24 brd 172.16.10.255 scope global enp0s3
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe9f:80ce/64 scope link
       valid_lft forever preferred_lft forever
3: lxdbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether fa:a4:33:27:e6:cb brd ff:ff:ff:ff:ff:ff
    inet6 fe80::f8a4:33ff:fe27:e6cb/64 scope link
       valid_lft forever preferred_lft forever
    inet6 fe80::1/64 scope link
       valid_lft forever preferred_lft forever
test@ubuntu01:~$

test@ubuntu01:~$ sudo lxd init
Name of the storage backend to use (dir or zfs) [default=zfs]:
Create a new ZFS pool (yes/no) [default=yes]?
Name of the new ZFS pool [default=lxd]:
Would you like to use an existing block device (yes/no) [default=no]?
Size in GB of the new loop device (1GB minimum) [default=15]:
Would you like LXD to be available over the network (yes/no) [default=no]?
Do you want to configure the LXD bridge (yes/no) [default=yes]?
Warning: Stopping lxd.service, but it can still be activated by:
  lxd.socket
LXD has been successfully configured.
test@ubuntu01:~$

test@ubuntu01:~$ lxc list
+------+-------+------+------+------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------+-------+------+------+------+-----------+
test@ubuntu01:~$

for LXD bridge

setting like images below.

f:id:akai_tsuki:20170520153150p:plain

f:id:akai_tsuki:20170520153149p:plain

f:id:akai_tsuki:20170520153148p:plain

f:id:akai_tsuki:20170520153147p:plain

f:id:akai_tsuki:20170520153146p:plain

f:id:akai_tsuki:20170520153236p:plain

f:id:akai_tsuki:20170520153235p:plain

f:id:akai_tsuki:20170520153234p:plain

f:id:akai_tsuki:20170520153233p:plain

f:id:akai_tsuki:20170520153231p:plain

f:id:akai_tsuki:20170520153259p:plain IPv6 is disabled.

Try to create OpenSSL x509 certificate (2)

Linux

Generate RSA private key (des3)

$ openssl genrsa -des3 -out server.key 4096
Generating RSA private key, 4096 bit long modulus
.....++
...................................................................................................................................................................................++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
$

Generate a certificate signing request (CSR)

$ openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
$

remove the passphrase from the private key file

$ cp server.key server.key.org

$ openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:
writing RSA key
$

Generate self-signed server certificate (CRT)

$ openssl x509 -in server.csr -days 365000 -req -signkey server.key > server.crt
Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd/CN=
Getting Private key
$

output

$ ls -1
server.crt
server.csr
server.key
server.key.org
$