Getting Started with Docker Part 2

If you were able to follow part 1 (https://adriangin.wordpress.com/2020/05/07/getting-started-with-docker/) read on to see how you can use Docker to setup other useful services.

I personally use both Github and Gitlab, however there are times when the services go offline due to upgrade / maintenance. During these times you’re generally unable to push to your repository or let the CI run.

There is a simple way around this, start your own Git repo in a container… or install Gitlab on your personal machine. This post will show you how you can setup an environment which hosts Gitlab as well as setting up your runners.

Gitlab has really good documentation at:

https://docs.gitlab.com/omnibus/docker/

Often your host machine might be using ports 80 (HTTP) ,443 (HTTPS) or 22 (SSH). Seeing as you are hosting gitlab, it’s best to stop the existing services and let gitlab take over these ports.

For the sshd, you will find it under:

sudo vi /etc/ssh/sshd_config

modify the sshd port to run on something other than 22.

sudo systemctl restart ssh

Once you have done that it’s very simple to start.

export GITLAB_HOME=/srv
sudo docker run --detach \
  --hostname gitlab.example.com \
  --publish 443:443 --publish 80:80 --publish 22:22 \
  --name gitlab \
  --restart always \
  --volume $GITLAB_HOME/gitlab/config:/etc/gitlab \
  --volume $GITLAB_HOME/gitlab/logs:/var/log/gitlab \
  --volume $GITLAB_HOME/gitlab/data:/var/opt/gitlab \
  gitlab/gitlab-ce:latest

Router / Firewall

Make sure that you port forward 80 (HTTP) ,443 (HTTPS) and 22 (SSH) to the machine running gitlab.

I also got tripped up because the ISP filters out these ports by default, so I had to login to my ISP settings and disable that.

This is only required if you want your server to be accessed from the outside world from your domain name, eg gitlab.example.com

Domain Setup

Login to your domain DNS settings such as cloudflare, and point add an A record like this:

youripdns

Setup HTTPS

Gitlab will get you a letsencrypt certificate ‘out of the box’, but first you need to edit the config. See (https://docs.gitlab.com/omnibus/settings/ssl.html#lets-encrypt-integration)

Essentially all you need to do is:

sudo docker exec -it gitlab editor /etc/gitlab/gitlab.rb

Edit the lines to read:

letsencrypt['enable'] = true                      # GitLab 10.5 and 10.6 require this option
external_url "https://gitlab.example.com"         # Must use https protocol
letsencrypt['contact_emails'] = ['foo@email.com'] # Optional
letsencrypt['auto_renew_hour'] = "12"
letsencrypt['auto_renew_minute'] = "30"
letsencrypt['auto_renew_day_of_month'] = "*/7
letsencrypt['auto_renew'] = true 

Save the changes, then restart the container:

docker container restart gitlab

If you now navigate to your gitlab.example.com, you will now see that it is encrypted via LetsEncrypt.

Setting up Runners

Login to gitlab, setup an account and start a new project.

Goto the Settings => CI / CD => Runners

gitlabrunners

You can install gitlab runners using a container. (Steps at: https://docs.gitlab.com/runner/install/)

You can run this:

docker run -d --name gitlab-runner --restart always \
  -v /srv/gitlab-runner/config:/etc/gitlab-runner \
  -v /var/run/docker.sock:/var/run/docker.sock \
  gitlab/gitlab-runner:latest

and then register your runner with this command:

docker run --rm -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register \
--non-interactive \
--executor "docker" \
--docker-image alpine:latest \
--url "https://gitlab.example.com/" \
--registration-token "TOKEN" \
--description "devel runner" \
--tag-list "docker,development" \
--run-untagged="true" \
--locked="false" \
--access-level="not_protected"

Be sure the modify the details of the URL, TOKEN, tags etc.

Once registered, you should see it appear in your list of runners. As long as your project has the .gitlab.yml file, the repo will get picked up.

Summary

Now you can add your new gitrepo as a new remote.

With this it will not matter if gitlab or github goes down for an hour or two, you’ll still be able to push to a Git repo and run your CI/CD jobs.

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s