Running with Ruby

Tag: GitLab (page 1 of 3)

Synology DMS 6 + Gitlab Docker + Gmail

When you’ll setup your Gitlab instance using Synology DMS 6.0 UI, despite the fact that you’ve provided all the Gmail credentials, you will notice that it does not send any emails. You probably end up with a message similar to this one when:

EOFError: end of file reached

It may sound a bit enigmatic, but in general it means that your Gmail setup is wrong. Unfortunately you cannot change it using the UI. Fixing this requires a SSH connection.

Warning: I’m not responsible for any damages or injury, including but not limited to special or consequential damages, that result from your use of this instruction.

Stop your Gitlab using DMS UI

First, you need to stop your Gitlab instance via DMS UI:

  1. So to Package Manager
  2. Select Gitlab
  3. Select “Actions”
  4. Click on the “Stop” button

gitlab

Change your synology_gitlab.config via SSH

This one is a bit harder. Here are the th ings you need to know before you start:

  • How to log in via SSH into admin account
  • How to install (if you don’t have) vim (or any other console text editor)
  • How to navigate in a Linux shell

So, if you know this things, you are ready to go!

  1. Log in into your Synology server via SSH as admin user
  2. Become a root (sudo su + password)
  3. Go to /usr/syno/etc/packages/Docker (cd /usr/syno/etc/packages/Docker)
  4. Edit synology_gitlab.config (vim synology_gitlab.config)
  5. Replace or add given config options into the env_variables section
  6. Save the file

Those are the options you need to set:

{
  "key":"SMTP_ENABLED",
  "value":"true"
},
{
  "key":"SMTP_DOMAIN",
  "value":"www.gmail.com"
},
{
  "key":"SMTP_HOST",
  "value":"smtp.gmail.com"
},
{
  "key":"SMTP_PORT",
  "value":"587"
},
{
  "key":"SMTP_USER",
  "value":"your user name"
},
{
  "key":"SMTP_PASS",
  "value":"your password"
},
{
  "key":"SMTP_OPENSSL_VERIFY_MODE",
  "value":"none"
},
{
  "key":"SMTP_AUTHENTICATION",
  "value":"login"
},
{
  "key":"SMTP_STARTTLS",
  "value":"true"
}

The whole file should look more or less like that:

{
  "cap_add":[

  ],
  "cap_drop":[

  ],
  "cmd":"",
  "cpu_priority":0,
  "ddsm_bind_share":"",
  "devices":[

  ],
  "enable_publish_all_ports":false,
  "enabled":true,
  "env_variables":[
    {
      "key":"GITLAB_HOST",
      "value":"gitdomain"
    },
    {
      "key":"GITLAB_PORT",
      "value":"port"
    },
    {
      "key":"GITLAB_SSH_PORT",
      "value":"port"
    },
    {
      "key":"GITLAB_EMAIL",
      "value":"email"
    },
    {
      "key":"DB_TYPE",
      "value":"mysql"
    },
    {
      "key":"DB_HOST",
      "value":"172.17.0.1"
    },
    {
      "key":"DB_NAME",
      "value":"gitlab"
    },
    {
      "key":"DB_USER",
      "value":"gitlab"
    },
    {
      "key":"DB_PASS",
      "value":"password"
    },
    {
      "key":"GITLAB_SECRETS_DB_KEY_BASE",
      "value":"secret"
    },
    {
      "key":"SMTP_ENABLED",
      "value":"true"
    },
    {
      "key":"SMTP_DOMAIN",
      "value":"www.gmail.com"
    },
    {
      "key":"SMTP_HOST",
      "value":"smtp.gmail.com"
    },
    {
      "key":"SMTP_PORT",
      "value":"587"
    },
    {
      "key":"SMTP_USER",
      "value":"email"
    },
    {
      "key":"SMTP_PASS",
      "value":"password"
    },
    {
      "key":"SMTP_OPENSSL_VERIFY_MODE",
      "value":"none"
    },
    {
      "key":"SMTP_AUTHENTICATION",
      "value":"login"
    },
    {
      "key":"SMTP_STARTTLS",
      "value":"true"
    }
  ],
  "exporting":false,
  "id":"id",
  "image":"sameersbn/gitlab:8.6.2",
  "is_ddsm":false,
  "is_package":true,
  "links":[
    {
      "alias":"redisio",
      "link_container":"synology_gitlab_redis"
    }
  ],
  "memory_limit":0,
  "name":"synology_gitlab",
  "pin":false,
  "port_bindings":[
    {
      "container_port":80,
      "host_port": port,
      "type":"tcp"
    },
    {
      "container_port":22,
      "host_port": port,
      "type":"tcp"
    }
  ],
  "privileged":false,
  "shortcut":{
    "enable_shortcut":false,
    "enable_status_page":false,
    "enable_web_page":false,
    "web_page_url":""
  },
  "volume_bindings":[
    {
      "host_volume_file":"/docker/gitlab",
      "mount_point":"/home/git/data",
      "type":"rw"
    }
  ]
}

Start your Gitlab using DMS UI

Procedure is exactly the same as stopping except the last step: just click on “Run” button instead of “Stop”.

Retry all failed tasks in the Gitlab Sidekiq panel

  1. Log in to your Gitlab admin account
  2. Go to the “Admin area” (right top corner icon) – /admin
  3. Click on “Background jobs” (left bottom corner) – /admin/background_jobs
  4. Go to “Retries”
  5. If you have any, click on “Retry all” to reexecute all the failed tasks

sidekiq

And that’s all! If you didn’t make any mistakes, your Gitlab emails should be sent via provided Gmail account.

Gitlab, Ruby private repository, Docker container and safe way to add SSH key for build process only

Note

This is not a tutorial on how to use Docker with SSH keys and private repositories. This is a solution to a particular safety issue when building Docker containers.

I won’t get into details on how to create a Dockerfile with a SSH key, etc – there’s enough about that in the Internet.

Problem – container stored SSH key

During the Docker build process, we need a SSH key for bundle install. We need it, because we have a Gitlab with private repositories that we want to pull. Since Docker caches this key, it will go to a production environment together with the whole container. It is unsafe. If someone got somehow into the container, he could use this key to get into your repositories.

Solution – during build only, one-time SSH key pair

This issue can be easily solved. To do so, we need to:

  1. Generate SSH key pair
  2. Add it to our Gitlab instance using Gitlab API
  3. Add private key to Docker
  4. Docker b uild (and bundle install)
  5. Remove/revoke our key from Gitlab
  6. Deploy container

There’s still going to be a SSH key in the container, but it won’t be valid. Since it will be valid only during the build process (which happens on the CI), there’s no risk. The key gets revoked before we deploy container.

Code

For Gitlab API communication we will be using Gitlab API gem.

require 'gitlab'
require 'fileutils'

# I assume you have this script in the same place where your Dockerfile

# You can find your private token on the account page of your gitlab user
Gitlab.configure do |config|
  config.endpoint = 'http://your-gitlab/api/v3'
  config.private_token  = 'deploy/docker gitlab user private token'
end

# Add this if you use self signed SSL cert with Gitlab
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

'ssh-keygen -q -t rsa -f ./id_rsa -N ""'

key = Gitlab.create_ssh_key("docker-#{Time.now.to_s}", File.read('./id_rsa.pub'))

# Note that you should provide some sort of failover to remove key if build fails
system('docker build .')

Gitlab.delete_ssh_key(key.id)

FileUtils.rm('./id_rsa')
FileUtils.rm('./id_rsa.pub')
Olderposts

Copyright © 2018 Running with Ruby

Theme by Anders NorenUp ↑