User:SBassett (WMF)/Explorations/Gitlab
Gitlab local installation[edit]
The following setup steps were tested under MacOS Mojave (10.14.6) on a 2.2 Ghz Intel i7 running 8 Gb RAM.
- Install Docker locally, if you haven't, probably via Docker Desktop.
- Give Docker enough local resources. Via Docker Desktop, setting 3 cores, 5 Gb of RAM and 2 Gb of swap worked fine.
- Add
127.0.0.1 gitlab.test.wmf(or similar - whatever hostname you want to use) to your/etc/hostsfile. - Run
sudo killall -HUP mDNSResponderto refresh your DNS. - Run the following docker command:
GITLAB_HOME=$PWD \ docker run --detach \ --hostname gitlab.test.wmf \ --publish 80:80 \ --name gitlab \ --restart always \ --volume $GITLAB_HOME/config:/etc/gitlab \ --volume $GITLAB_HOME/logs:/var/log/gitlab \ --volume $GITLAB_HOME/data:/var/opt/gitlab \ gitlab/gitlab-ce:latest
- This will pull the latest gitlab-ce docker image and run it. It might take a little while to download the relevant images, especially since
gitlab-ceis almost a Gb by itself. The above runs Gitlab on port 80 as opposed to also running https on port 443 and ssh on port 22, which likely won't be needed for the Security Team's local development needs. - Edit
$GITLAB_HOME/config/gitlab.rband setexternal_urlto whatever you set the development hostname to within your/etc/hostsfile. - Run
docker exec -it gitlab bashto get abashprompt within the running container. - Run
gitlab-ctl reconfigurewithin the aforementionedbashprompt. This might take several minutes. - You should be able to see your Gitlab installation within a browser at http://gitlab.test.wmf/
- Run
docker container stop gitlabto stop the container. - Run
docker container start gitlabto start the container again. The container likely should not need to be "run" again, if you already ran thedocker runcommand above at least once. You may need to rungitlab-ctl reconfigureagain within the container as per above, if you receive an error page when attempting to load Gitlab within your browser, but this command should run much faster this time around. That being said, Gitlab may still take several minutes to get up and running and display the web frontend within your browser. - Run
docker container stop gitlab && docker container rm gitlabto stop and remove the container. Starting the container again will require the container to be created via thedocker runcommand above and to run through all of the time-intensive setup steps once more, such as thegitlab-ctl reconfigure. It's only recommended to remove the container if you need to start over completely from scratch.
Post-installation setup and troubleshooting[edit]
- There are some additional, post-installation steps for the Wikimedia Gitlab setup which are documented here for now. These steps likely are not critical to the Security Team's work with Gitlab, though are still good to review and understand.
- Once you load your local instance of Gitlab in your web browser, you should be prompted to enter a new
rootuser password. Therootuser is the default administrative account for Gitlab. - To create some test users, which may or may not be necessary, navigate to the admin area (
/admin) and towards the top-middle of the default page, there should be a user section with a New User button. Click that button to access the new user form and follow the instructions. Mail likely isn't set up to be routable for this test instance, so confirmation e-mails won't be sent. - To import a new project, to use as test data, navigate to
Home > New Project > Import Project. From there, you can click the "Repo by URL" button. The form fields here should be fairly straight-forward, and for the url, make sure you select the clone url from gerrit and add a.gitat the end, e.g.https://gerrit.wikimedia.org/r/mediawiki/extensions/StopForumSpam.git. Most repositories should import fairly quickly, except for something like mediawiki/core. You can use the default gitlab instance name as part of the url slug and you should make these test repositories public, since that will likely be the default in Wikimedia's Gitlab instance.