forked from jelastic-jps/gitlab
-
Notifications
You must be signed in to change notification settings - Fork 0
/
manifest.jps
355 lines (324 loc) · 11.9 KB
/
manifest.jps
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
type: install
version: 1.4
id: gitlab-ci-cd
baseUrl: https://raw.githubusercontent.com/jelastic-jps/gitlab/master
categories:
- apps/dev-and-admin-tools
- apps/clusters
description:
text: /text/description.md
short: 'Private GitLab Server with scalable runners and Docker Hub Registry'
logo: /images/gitlab-logo.png
name: DevOps Lab - GitLab Server
targetRegions:
type: vz7
settings:
main:
fields:
- type: checkbox
name: le-addon
caption: Install Let's Encrypt Certificates and Custom Domains Addon. Public IP is required.
value: false
smtp:
fields:
- name: smtp_address
caption: SMTP Server
type: string
default: smtp.server
- name: smtp_port
caption: SMTP Port
type: string
default: 465
- name: smtp_user_name
caption: User Name
type: string
default: smtp user
- name: smtp_password
caption: Password
type: string
default: smtp password
- name: smtp_domain
caption: Domain
type: string
default: example.com
- name: smtp_authentication
caption: Authentication
type: string
default: login
- name: smtp_enable_starttls_auto
caption: Start TLS
type: string
default: true
onBeforeInit: |
var minCloudlets = 32;
var settings = jps.settings;
var fields = settings.main.fields;
var quotas = jelastic.billing.account.GetQuotas('environment.externalip.enabled' + ";" + 'environment.maxcloudletsperrec').array;
for (var i = 0; i < quotas.length; i++){
var q = quotas[i], n = toNative(q.quota.name);
if (n == 'environment.externalip.enabled' && !q.value) { fields.splice(0,1); };
if (n == 'environment.maxcloudletsperrec' && q.value < minCloudlets) {
fields.push(
{"type": "compositefield","height": 0,"hideLabel": true,"width": 0,"items": [{"height": 0,"type": "string","required": true}]}
);
};
}
return { result: 0, settings: settings };
globals:
DB_USER: gitlab-${fn.password(5)}
DB_PASSWORD: ${fn.password(32)}
RUNNER_TOKEN: ${fn.password(32)}
GITLAB_SECRETS_BASE: ${fn.password(64)}
ROOT_PASSWORD: ${fn.password(16)}
HTTP_SECRET: ${fn.password(32)}
REPO_URL: https://github.com/jelastic/docker-gitlab.git
DEPLOY_HOOK: /root/deployLE.sh
UNDEPLOY_HOOK: /root/undeployLE.sh
DEPLOY_HOOK_JS: https://raw.githubusercontent.com/jelastic-jps/gitlab/master/scripts/deployHook.js?_r=${fn.random}
CERTS: /srv/docker/gitlab/certs
HTTPS_PORT: 443
SSH_PORT: 10022
REGISTRY_PORT: 5000
RUN_RUNNER: |-
docker run -d --privileged --name gitlab-runner --restart always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /srv/docker/gitlab-runner:/etc/gitlab-runner:shared \
gitlab/gitlab-runner &>> /var/log/run.log
nodes:
- count: 1
cloudlets: 32
nodeType: dockerengine
nodeGroup: cp
displayName: GitLab Server
volumes:
- /srv/docker/gitlab
- /root
env:
JELASTIC_EXPOSE: 80
RUNNER_TOKEN: ${globals.RUNNER_TOKEN}
GITLAB_SECRETS_BASE: ${globals.GITLAB_SECRETS_BASE}
ROOT_PASSWORD: ${globals.ROOT_PASSWORD}
HTTP_SECRET: ${globals.HTTP_SECRET}
DB_USER: ${globals.DB_USER}
DB_PASSWORD: ${globals.DB_PASSWORD}
USER_EMAIL: ${user.email}
startService: false
extip: ${settings.le-addon:false}
- count: 1
cloudlets: 32
nodeType: dockerengine
nodeGroup: runner
displayName: Runners
env:
RUNNER_TOKEN: ${globals.RUNNER_TOKEN}
DOCKER_IMAGE: docker:stable-git
volumes:
- /srv/docker/gitlab-runner/certs
volumeMounts:
/srv/docker/gitlab-runner/certs:
sourcePath: ${globals.CERTS}
sourceNodeGroup: cp
readOnly: true
ssl: true
skipNodeEmails: true
onBeforeServiceScaleOut[runner]:
forEach(event.response.nodes):
set-runner-ssl: ${@i.id}
onAfterServiceScaleOut[runner]:
forEach(event.response.nodes):
register-runner: ${@i.id}
onBeforeScaleIn[runner]:
forEach(event.response.nodes):
unregister-runner: ${@i.id}
onInstall:
- installAddon:
id: update-addon
nodeGroup: cp
- installAddon:
id: smtp-addon
nodeGroup: cp
- if (!${settings.le-addon:false}):
- installAddon:
id: letsencrypt-ssl-addon
nodeGroup: cp
- api: env.control.AddEndpoint
nodeId: ${nodes.cp.master.id}
privatePort: ${globals.SSH_PORT}
protocol: TCP
name: GitLab SSH
- api: env.control.EditEndpoint
id: ${response.object.id}
privatePort: ${response.object.publicPort}
protocol: TCP
name: GitLab SSH
- setGlobals:
SSH_PORT: ${response.object.publicPort}
HTTPS_PORT: 4848
REGISTRY_PORT: 8443
- add-env-vars:
https_port: ${globals.HTTPS_PORT}
- run-docker
- install-ssl
- deploy
- forEach(nodes.runner):
register-runner: ${@i.id}
- if (${settings.le-addon:false}):
install-LE:
skipEnvs: true
actions:
add-env-vars:
- api: env.control.AddContainerEnvVars
nodeGroup: cp
vars: {"GITLAB_HOST": "${env.domain}", "REGISTRY_HOST": "${env.domain}", "HTTPS_PORT": "${this.https_port}", "SSH_PORT": "${globals.SSH_PORT}", "REGISTRY_PORT": "${globals.REGISTRY_PORT}"}
- api: env.control.AddContainerEnvVars
nodeGroup: runner
vars: {"CI_SERVER_URL": "https://${env.domain}:${globals.HTTPS_PORT}/ci"}
run-docker:
- api: env.control.ExecDockerRunCmd
nodeId: ${nodes.cp.master.id}
install-ssl:
- cmd[cp]: |-
cd ${globals.CERTS}
openssl req -nodes -newkey rsa:4096 -keyout auth.key -out auth.csr -subj "/CN=${env.domain}" &>> /var/log/run.log
openssl x509 -req -extfile <(printf "subjectAltName=DNS:${env.domain},DNS:registry") -in auth.csr -out auth.crt -signkey auth.key -days 3650 &>> /var/log/run.log
openssl dhparam -out dhparam.pem 2048 &>> /var/log/run.log
cp auth.crt ca.crt
- set-runner-ssl: runner
set-runner-ssl:
cmd[${this}]: |-
yum install ca-certificates -y
update-ca-trust force-enable
while [ ! -f /srv/docker/gitlab-runner/certs/ca.crt ]; do ls -l /srv/docker/gitlab-runner/certs; mount | grep certs; sleep 2; done
cp /srv/docker/gitlab-runner/certs/ca.crt /etc/pki/ca-trust/source/anchors/
cp /srv/docker/gitlab-runner/certs/ca.crt /etc/pki/tls/certs/
update-ca-trust extract
service docker restart
register-runner:
cmd[${this}]: |-
until docker run --rm --privileged --name gitlab-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /srv/docker/gitlab-runner:/etc/gitlab-runner:shared \
gitlab/gitlab-runner register \
--non-interactive \
--name "node${this}" \
--executor "docker" \
--docker-image "$DOCKER_IMAGE" \
--docker-volumes /var/run/docker.sock:/var/run/docker.sock \
--docker-privileged \
--url "$CI_SERVER_URL" \
--registration-token "$RUNNER_TOKEN" \
--tag-list "" \
--run-untagged \
--locked="false" &>> /var/log/run.log
do
sleep 2;
done
${globals.RUN_RUNNER}
unregister-runner:
cmd[${this}]: |-
docker run --rm --privileged --name unreg-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /srv/docker/gitlab-runner:/etc/gitlab-runner:shared \
gitlab/gitlab-runner unregister \
--name "node${this}"
deploy:
cmd[cp]: |-
git clone ${globals.REPO_URL} gitlab &>> /var/log/run.log
cd gitlab && docker-compose up -d &>> /var/log/run.log
install-LE:
- if (!${this.skipEnvs:false}):
- add-env-vars:
https_port: 443
- cmd[cp]: |-
iptables -t nat -I PREROUTING -p tcp -m tcp --dport 4848 -j REDIRECT --to-ports 443
service iptables save
- cmd[cp]: |-
dir=${globals.CERTS}/../certs_ss
[ ! -d "${dir}" ] && { mkdir -p ${dir}; yes | cp ${globals.CERTS}/* ${dir}; }
printf '#!/bin/bash
mkdir -p $(dirname ${globals.DEPLOY_HOOK})
#wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem -O ${globals.CERTS}/ca.crt
wget https://letsencrypt.org/certs/fakelerootx1.pem -O ${globals.CERTS}/ca.crt
yes | cp -f /var/lib/jelastic/keys/fullchain.pem ${globals.CERTS}/auth.crt
yes | cp -f /var/lib/jelastic/keys/privkey.pem ${globals.CERTS}/auth.key
service docker restart' > ${globals.DEPLOY_HOOK}
printf '#!/bin/bash
mkdir -p $(dirname ${globals.UNDEPLOY_HOOK})
yes | cp -f ${dir}/* ${globals.CERTS}
iptables -t nat -D PREROUTING -p tcp -m tcp --dport 4848 -j REDIRECT --to-ports 443
service iptables save
service docker restart' > ${globals.UNDEPLOY_HOOK}
- install:
jps: https://raw.githubusercontent.com/jelastic-jps/lets-encrypt/master/manifest.jps?_r=${fn.random}
nodeGroup: cp
settings:
deployHook: ${globals.DEPLOY_HOOK_JS}
deployHookType: js
undeployHook: ${globals.DEPLOY_HOOK_JS}
undeployHookType: js
_customDomains: ${env.domain}
- if (!${this.skipEnvs:false}):
cmd[cp]: |-
cd gitlab
docker-compose stop &>> /var/log/run.log
docker-compose rm -f &>> /var/log/run.log
docker network prune -f &>> /var/log/run.log
docker-compose up -d &>> /var/log/run.log
- cmd[runner]: |-
cp /srv/docker/gitlab-runner/certs/ca.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust extract
service docker restart
addons:
- id: update-addon
name: Update GitLab Server
description: Press "Update" button to initiate update procedure
buttons:
- caption: Update
action: update
loadingText: Updating...
confirmText: Do you want to update GitLab Server?
successText: GitLab Server has been successfully updated!
actions:
update:
- cmd[cp]: |-
cd gitlab && git stash && git pull origin master &>> /var/log/run.log && git stash pop
docker-compose up -d &>> /var/log/run.log
- cmd[runner]: |-
docker rm -f gitlab-runner
${globals.RUN_RUNNER}
- id: letsencrypt-ssl-addon
name: Let's Encrypt + Custom Domains
description: Press "Install" button to initiate installation procedure
globals:
HTTPS_PORT: 443
buttons:
- caption: Install
action: install-LE
loadingText: Installing...
confirmText: Do you want to install Let's Encrypt addon?
successText: Let's Encrypt addon has been successfully installed!
- id: smtp-addon
name: GitLab SMTP Settings
description: Press "Configure" button to update SMTP settings
buttons:
- caption: Configure
settings: smtp
action: configure
loadingText: Updating...
confirmText: Do you want to update SMTP settings?
successText: GitLab SMTP settings have been successfully updated!
actions:
configure:
cmd[cp]: |-
cd gitlab
sed -i 's|SMTP_ENABLED=.*|SMTP_ENABLED=true|g' docker-compose.yml
sed -i 's|SMTP_HOST=.*|SMTP_HOST=${settings.smtp_address}|g' docker-compose.yml
sed -i 's|SMTP_PORT=.*|SMTP_PORT=${settings.smtp_port}|g' docker-compose.yml
sed -i 's|SMTP_USER=.*|SMTP_USER=${settings.smtp_user_name}|g' docker-compose.yml
sed -i 's|SMTP_PASS=.*|SMTP_PASS=${settings.smtp_password}|g' docker-compose.yml
sed -i 's|SMTP_DOMAIN=.*|SMTP_DOMAIN=${settings.smtp_domain}|g' docker-compose.yml
sed -i 's|SMTP_AUTHENTICATION=.*|SMTP_AUTHENTICATION=${settings.smtp_authentication}|g' docker-compose.yml
sed -i 's|SMTP_STARTTLS=.*|SMTP_STARTTLS=${settings.smtp_enable_starttls_auto}|g' docker-compose.yml
docker-compose up -d &>> /var/log/run.log
startPage: https://${env.domain}:${globals.HTTPS_PORT}
success: /text/success.md