Note: Currently new registrations are closed, if you want an account Contact us

Difference between revisions of "GitLab"

From FSCI Wiki
(add loomio)
 
(18 intermediate revisions by 2 users not shown)
Line 3: Line 3:
==Hosting==
==Hosting==


Sponsored by [http://about.gitlab.com GitLab Inc]
Sponsored by [https://www.infomaniak.com/en/about Infomaniak]. Hosted in Switzerland with infomaniak.com.
 
Previously sponsored by [http://about.gitlab.com GitLab Inc] (2016-2022)
 
==Setup==
 
Running on debian gnu/linux 10 buster with postgresql 11. Using gitlab package from http://fasttrack.debian.net
 
Check https://wiki.debian.org/gitlab for installation/update instructions.
 
Debian package specific documentation -> https://salsa.debian.org/ruby-team/gitlab/raw/buster-fasttrack/debian/README.Debian
 
Letsencrypt domains:
 
  letsencrypt --expand --webroot --webroot-path /usr/share/gitlab/public -d git.fosscommunity.in -d gitlab.debian.net -d wiki.fsci.org.in -d git.fsci.org.in  certonly
 
== Mail Server Setup ==
 
* postfix is used
* SPF record is added (only a and aaaa allowed to send mails)
* Reverse DNS is updated in gandi.net server ip section
* Using letsencrypt certificates for tls in main.cf
* Using 'inet_interfaces = 127.0.0.1' in main.cf
* Configured DKIM following https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8/
* DMARC is set to reject


==Maintenance==
==Maintenance==


Maintenance discussion at [https://www.loomio.org/g/Qu3O8mSf/fosscommunity-in-git-fosscommunity-in-maintainers this loomio subgroup]
Maintenance discussion at [https://www.loomio.org/g/Qu3O8mSf/fosscommunity-in-git-fosscommunity-in-maintainers this loomio subgroup] and [https://matrix.to/#/#git.fosscommunity.in:matrix.org this matrix chat room]. Can also use the [https://git.fosscommunity.in/community/management/-/issues git tracker] for development issues.
 
* [https://git.fosscommunity.in/community/gitlab/ team repo with access details] (private)
 
If expecting service disruptions, downtime, or user-facing errors, consider adding an update to [[Status]]
 
==Gitlab QA - running tests==
 
<Create a user account for QA>
 
<code>
$ sudo gem install gitlab-qa
 
$ GITLAB_USERNAME=<username> GITLAB_PASSWORD=<password> gitlab-qa Test::Instance::Any gitlab/gitlab-ce-qa:<gitlab version> https://git.hacksk.xyz
</code>
 
==Backup==
 
Backup server is provided by Manu (KVM virtual machine with 100 GB storage and 1 GB ram). Running on debian gnu/linux 10 buster.
 
Documentation: https://linuxhint.com/setup_postgresql_replication/ and https://www.percona.com/blog/2018/09/07/setting-up-streaming-replication-postgresql/
 
===Slave configuration: Step 1===
Install postgresql and rsync
 
# apt-get install postgresql-contrib-11 rsync
 
Check postgresql server is running
 
# su postgres -c psql
 
Make sure en_US.UTF-8 locale is available
 
# dpkg-reconfigure locales
 
Create ssh key for postgres user
 
# su - postgres
$ ssh-keygen -t ed25519
 
Now copy /var/lib/postgresql/.ssh/id_ed25519.pub to master postgres users' /var/lib/postgresql/.ssh/authorized_keys
 
Stop postgresql before changing any configuration
# systemctl stop postgresql@11-main
 
as postgres user
$ su - postgres
$ cd /etc/postgresql/11/main
 
Open the postgres configuration file
 
$ nano postgresql.conf
 
Set the following configuration options in the postgresql.conf file
 
listen_addresses = 'localhost,192.168.0.115'
port=5432
wal_level = replica
max_wal_senders = 1
archive_mode = on
archive_command = 'cd .'
hot_standby = on
 
===Master configuration===
 
Create and copy ssh public key to slave like above.
 
# su - postgres
$ ssh-keygen
 
Now copy /var/lib/postgresql/.ssh/id_rsa.pub to slave postgres users' /var/lib/postgresql/.ssh/authorized_keys
 
Create postgresql user for replication.
 
$ psql -c "CREATE USER rep REPLICATION LOGIN CONNECTION LIMIT 1 ENCRYPTED PASSWORD 'yourpassword';"
 
Allow slave to connect to master using the user just created.
 
$ cd /etc/postgresql/11/main
 
$ nano pg_hba.conf
 
Add below line to allow rep user to get access to the server
 
host    replication    rep    62.210.83.200/32  md5
 
Next , open the postgres configuration file
 
nano postgresql.conf
 
Set the following configuration options in the postgresql.conf file
 
listen_addresses = 'localhost,213.167.243.152'
port=5432
wal_level = replica
max_wal_senders = 1
archive_mode = on
archive_command = 'cd .'
hot_standby = on
 
Now, to activate your changes, reload the postgresql server
 
# systemctl reload postgresql@11-main
 
You may need to restart it via systemd,
 
# systemctl restart postgresql
 
Open 5432 port in the firewall
 
# ufw allow from 62.210.83.200 to any port 5432 proto tcp
 
===Slave Configuration: Step 2===
 
Copy data from master and create recovery.conf
$ pg_basebackup -h git.fosscommunity.in -D /var/lib/postgresql/11/main/ -P -U rep --wal-method=fetch  -R
 
Start the slave server
 
# systemctl start postgresql@11-main
 
===Replication Status===
 
On master server ,
 
$ ps -ef | grep sender
$ psql -c "select * from pg_stat_activity where usename='rep';"
 
On slave server,
 
$ ps -ef | grep receiver


[[Category:Services]]
[[Category:Services]]

Latest revision as of 09:13, 24 November 2022

Our public GitLab instance is https://git.fosscommunity.in

Hosting

Sponsored by Infomaniak. Hosted in Switzerland with infomaniak.com.

Previously sponsored by GitLab Inc (2016-2022)

Setup

Running on debian gnu/linux 10 buster with postgresql 11. Using gitlab package from http://fasttrack.debian.net

Check https://wiki.debian.org/gitlab for installation/update instructions.

Debian package specific documentation -> https://salsa.debian.org/ruby-team/gitlab/raw/buster-fasttrack/debian/README.Debian

Letsencrypt domains:

 letsencrypt --expand --webroot --webroot-path /usr/share/gitlab/public -d git.fosscommunity.in -d gitlab.debian.net -d wiki.fsci.org.in -d git.fsci.org.in  certonly

Mail Server Setup

Maintenance

Maintenance discussion at this loomio subgroup and this matrix chat room. Can also use the git tracker for development issues.

If expecting service disruptions, downtime, or user-facing errors, consider adding an update to Status

Gitlab QA - running tests

<Create a user account for QA>

$ sudo gem install gitlab-qa

$ GITLAB_USERNAME=<username> GITLAB_PASSWORD=<password> gitlab-qa Test::Instance::Any gitlab/gitlab-ce-qa:<gitlab version> https://git.hacksk.xyz

Backup

Backup server is provided by Manu (KVM virtual machine with 100 GB storage and 1 GB ram). Running on debian gnu/linux 10 buster.

Documentation: https://linuxhint.com/setup_postgresql_replication/ and https://www.percona.com/blog/2018/09/07/setting-up-streaming-replication-postgresql/

Slave configuration: Step 1

Install postgresql and rsync

# apt-get install postgresql-contrib-11 rsync

Check postgresql server is running

# su postgres -c psql

Make sure en_US.UTF-8 locale is available

# dpkg-reconfigure locales

Create ssh key for postgres user

# su - postgres
$ ssh-keygen -t ed25519

Now copy /var/lib/postgresql/.ssh/id_ed25519.pub to master postgres users' /var/lib/postgresql/.ssh/authorized_keys

Stop postgresql before changing any configuration

# systemctl stop postgresql@11-main

as postgres user

$ su - postgres
$ cd /etc/postgresql/11/main

Open the postgres configuration file

$ nano postgresql.conf

Set the following configuration options in the postgresql.conf file

listen_addresses = 'localhost,192.168.0.115'
port=5432
wal_level = replica
max_wal_senders = 1
archive_mode = on
archive_command = 'cd .'
hot_standby = on

Master configuration

Create and copy ssh public key to slave like above.

# su - postgres
$ ssh-keygen

Now copy /var/lib/postgresql/.ssh/id_rsa.pub to slave postgres users' /var/lib/postgresql/.ssh/authorized_keys

Create postgresql user for replication.

$ psql -c "CREATE USER rep REPLICATION LOGIN CONNECTION LIMIT 1 ENCRYPTED PASSWORD 'yourpassword';"

Allow slave to connect to master using the user just created.

$ cd /etc/postgresql/11/main
$ nano pg_hba.conf

Add below line to allow rep user to get access to the server

host    replication     rep     62.210.83.200/32   md5

Next , open the postgres configuration file

nano postgresql.conf

Set the following configuration options in the postgresql.conf file

listen_addresses = 'localhost,213.167.243.152'
port=5432
wal_level = replica
max_wal_senders = 1
archive_mode = on
archive_command = 'cd .'
hot_standby = on

Now, to activate your changes, reload the postgresql server

# systemctl reload postgresql@11-main

You may need to restart it via systemd,

# systemctl restart postgresql

Open 5432 port in the firewall

# ufw allow from 62.210.83.200 to any port 5432 proto tcp

Slave Configuration: Step 2

Copy data from master and create recovery.conf

$ pg_basebackup -h git.fosscommunity.in -D /var/lib/postgresql/11/main/ -P -U rep --wal-method=fetch  -R

Start the slave server

# systemctl start postgresql@11-main

Replication Status

On master server ,

$ ps -ef | grep sender
$ psql -c "select * from pg_stat_activity where usename='rep';"

On slave server,

$ ps -ef | grep receiver