Note: Currently new registrations are closed, if you want an account Contact us
Difference between revisions of "GitLab"
(add loomio) |
|||
(18 intermediate revisions by 2 users not shown) | |||
Line 3: | Line 3: | ||
==Hosting== | ==Hosting== | ||
Sponsored by [http://about.gitlab.com GitLab Inc] | Sponsored by [https://www.infomaniak.com/en/about Infomaniak]. Hosted in Switzerland with infomaniak.com. | ||
Previously sponsored by [http://about.gitlab.com GitLab Inc] (2016-2022) | |||
==Setup== | |||
Running on debian gnu/linux 10 buster with postgresql 11. Using gitlab package from http://fasttrack.debian.net | |||
Check https://wiki.debian.org/gitlab for installation/update instructions. | |||
Debian package specific documentation -> https://salsa.debian.org/ruby-team/gitlab/raw/buster-fasttrack/debian/README.Debian | |||
Letsencrypt domains: | |||
letsencrypt --expand --webroot --webroot-path /usr/share/gitlab/public -d git.fosscommunity.in -d gitlab.debian.net -d wiki.fsci.org.in -d git.fsci.org.in certonly | |||
== Mail Server Setup == | |||
* postfix is used | |||
* SPF record is added (only a and aaaa allowed to send mails) | |||
* Reverse DNS is updated in gandi.net server ip section | |||
* Using letsencrypt certificates for tls in main.cf | |||
* Using 'inet_interfaces = 127.0.0.1' in main.cf | |||
* Configured DKIM following https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8/ | |||
* DMARC is set to reject | |||
==Maintenance== | ==Maintenance== | ||
Maintenance discussion at [https://www.loomio.org/g/Qu3O8mSf/fosscommunity-in-git-fosscommunity-in-maintainers this loomio subgroup] | Maintenance discussion at [https://www.loomio.org/g/Qu3O8mSf/fosscommunity-in-git-fosscommunity-in-maintainers this loomio subgroup] and [https://matrix.to/#/#git.fosscommunity.in:matrix.org this matrix chat room]. Can also use the [https://git.fosscommunity.in/community/management/-/issues git tracker] for development issues. | ||
* [https://git.fosscommunity.in/community/gitlab/ team repo with access details] (private) | |||
If expecting service disruptions, downtime, or user-facing errors, consider adding an update to [[Status]] | |||
==Gitlab QA - running tests== | |||
<Create a user account for QA> | |||
<code> | |||
$ sudo gem install gitlab-qa | |||
$ GITLAB_USERNAME=<username> GITLAB_PASSWORD=<password> gitlab-qa Test::Instance::Any gitlab/gitlab-ce-qa:<gitlab version> https://git.hacksk.xyz | |||
</code> | |||
==Backup== | |||
Backup server is provided by Manu (KVM virtual machine with 100 GB storage and 1 GB ram). Running on debian gnu/linux 10 buster. | |||
Documentation: https://linuxhint.com/setup_postgresql_replication/ and https://www.percona.com/blog/2018/09/07/setting-up-streaming-replication-postgresql/ | |||
===Slave configuration: Step 1=== | |||
Install postgresql and rsync | |||
# apt-get install postgresql-contrib-11 rsync | |||
Check postgresql server is running | |||
# su postgres -c psql | |||
Make sure en_US.UTF-8 locale is available | |||
# dpkg-reconfigure locales | |||
Create ssh key for postgres user | |||
# su - postgres | |||
$ ssh-keygen -t ed25519 | |||
Now copy /var/lib/postgresql/.ssh/id_ed25519.pub to master postgres users' /var/lib/postgresql/.ssh/authorized_keys | |||
Stop postgresql before changing any configuration | |||
# systemctl stop postgresql@11-main | |||
as postgres user | |||
$ su - postgres | |||
$ cd /etc/postgresql/11/main | |||
Open the postgres configuration file | |||
$ nano postgresql.conf | |||
Set the following configuration options in the postgresql.conf file | |||
listen_addresses = 'localhost,192.168.0.115' | |||
port=5432 | |||
wal_level = replica | |||
max_wal_senders = 1 | |||
archive_mode = on | |||
archive_command = 'cd .' | |||
hot_standby = on | |||
===Master configuration=== | |||
Create and copy ssh public key to slave like above. | |||
# su - postgres | |||
$ ssh-keygen | |||
Now copy /var/lib/postgresql/.ssh/id_rsa.pub to slave postgres users' /var/lib/postgresql/.ssh/authorized_keys | |||
Create postgresql user for replication. | |||
$ psql -c "CREATE USER rep REPLICATION LOGIN CONNECTION LIMIT 1 ENCRYPTED PASSWORD 'yourpassword';" | |||
Allow slave to connect to master using the user just created. | |||
$ cd /etc/postgresql/11/main | |||
$ nano pg_hba.conf | |||
Add below line to allow rep user to get access to the server | |||
host replication rep 62.210.83.200/32 md5 | |||
Next , open the postgres configuration file | |||
nano postgresql.conf | |||
Set the following configuration options in the postgresql.conf file | |||
listen_addresses = 'localhost,213.167.243.152' | |||
port=5432 | |||
wal_level = replica | |||
max_wal_senders = 1 | |||
archive_mode = on | |||
archive_command = 'cd .' | |||
hot_standby = on | |||
Now, to activate your changes, reload the postgresql server | |||
# systemctl reload postgresql@11-main | |||
You may need to restart it via systemd, | |||
# systemctl restart postgresql | |||
Open 5432 port in the firewall | |||
# ufw allow from 62.210.83.200 to any port 5432 proto tcp | |||
===Slave Configuration: Step 2=== | |||
Copy data from master and create recovery.conf | |||
$ pg_basebackup -h git.fosscommunity.in -D /var/lib/postgresql/11/main/ -P -U rep --wal-method=fetch -R | |||
Start the slave server | |||
# systemctl start postgresql@11-main | |||
===Replication Status=== | |||
On master server , | |||
$ ps -ef | grep sender | |||
$ psql -c "select * from pg_stat_activity where usename='rep';" | |||
On slave server, | |||
$ ps -ef | grep receiver | |||
[[Category:Services]] | [[Category:Services]] |
Latest revision as of 09:13, 24 November 2022
Our public GitLab instance is https://git.fosscommunity.in
Hosting
Sponsored by Infomaniak. Hosted in Switzerland with infomaniak.com.
Previously sponsored by GitLab Inc (2016-2022)
Setup
Running on debian gnu/linux 10 buster with postgresql 11. Using gitlab package from http://fasttrack.debian.net
Check https://wiki.debian.org/gitlab for installation/update instructions.
Debian package specific documentation -> https://salsa.debian.org/ruby-team/gitlab/raw/buster-fasttrack/debian/README.Debian
Letsencrypt domains:
letsencrypt --expand --webroot --webroot-path /usr/share/gitlab/public -d git.fosscommunity.in -d gitlab.debian.net -d wiki.fsci.org.in -d git.fsci.org.in certonly
Mail Server Setup
- postfix is used
- SPF record is added (only a and aaaa allowed to send mails)
- Reverse DNS is updated in gandi.net server ip section
- Using letsencrypt certificates for tls in main.cf
- Using 'inet_interfaces = 127.0.0.1' in main.cf
- Configured DKIM following https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8/
- DMARC is set to reject
Maintenance
Maintenance discussion at this loomio subgroup and this matrix chat room. Can also use the git tracker for development issues.
- team repo with access details (private)
If expecting service disruptions, downtime, or user-facing errors, consider adding an update to Status
Gitlab QA - running tests
<Create a user account for QA>
$ sudo gem install gitlab-qa
$ GITLAB_USERNAME=<username> GITLAB_PASSWORD=<password> gitlab-qa Test::Instance::Any gitlab/gitlab-ce-qa:<gitlab version> https://git.hacksk.xyz
Backup
Backup server is provided by Manu (KVM virtual machine with 100 GB storage and 1 GB ram). Running on debian gnu/linux 10 buster.
Documentation: https://linuxhint.com/setup_postgresql_replication/ and https://www.percona.com/blog/2018/09/07/setting-up-streaming-replication-postgresql/
Slave configuration: Step 1
Install postgresql and rsync
# apt-get install postgresql-contrib-11 rsync
Check postgresql server is running
# su postgres -c psql
Make sure en_US.UTF-8 locale is available
# dpkg-reconfigure locales
Create ssh key for postgres user
# su - postgres $ ssh-keygen -t ed25519
Now copy /var/lib/postgresql/.ssh/id_ed25519.pub to master postgres users' /var/lib/postgresql/.ssh/authorized_keys
Stop postgresql before changing any configuration
# systemctl stop postgresql@11-main
as postgres user
$ su - postgres $ cd /etc/postgresql/11/main
Open the postgres configuration file
$ nano postgresql.conf
Set the following configuration options in the postgresql.conf file
listen_addresses = 'localhost,192.168.0.115' port=5432 wal_level = replica max_wal_senders = 1 archive_mode = on archive_command = 'cd .' hot_standby = on
Master configuration
Create and copy ssh public key to slave like above.
# su - postgres $ ssh-keygen
Now copy /var/lib/postgresql/.ssh/id_rsa.pub to slave postgres users' /var/lib/postgresql/.ssh/authorized_keys
Create postgresql user for replication.
$ psql -c "CREATE USER rep REPLICATION LOGIN CONNECTION LIMIT 1 ENCRYPTED PASSWORD 'yourpassword';"
Allow slave to connect to master using the user just created.
$ cd /etc/postgresql/11/main
$ nano pg_hba.conf
Add below line to allow rep user to get access to the server
host replication rep 62.210.83.200/32 md5
Next , open the postgres configuration file
nano postgresql.conf
Set the following configuration options in the postgresql.conf file
listen_addresses = 'localhost,213.167.243.152' port=5432 wal_level = replica max_wal_senders = 1 archive_mode = on archive_command = 'cd .' hot_standby = on
Now, to activate your changes, reload the postgresql server
# systemctl reload postgresql@11-main
You may need to restart it via systemd,
# systemctl restart postgresql
Open 5432 port in the firewall
# ufw allow from 62.210.83.200 to any port 5432 proto tcp
Slave Configuration: Step 2
Copy data from master and create recovery.conf
$ pg_basebackup -h git.fosscommunity.in -D /var/lib/postgresql/11/main/ -P -U rep --wal-method=fetch -R
Start the slave server
# systemctl start postgresql@11-main
Replication Status
On master server ,
$ ps -ef | grep sender $ psql -c "select * from pg_stat_activity where usename='rep';"
On slave server,
$ ps -ef | grep receiver