Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Construction and use of drone based on gitlab

2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/03 Report--

Docker-based CI/CD tool Drone all the compilation and testing processes are carried out in the Docker container.

Developers only need to include the .drone.yml file in the project, push the code to the git repository, and Drone can compile, test, and release automatically.

This section uses GitLab+ Drone to demonstrate the workflow of Drone.

Environment: CentOS Linux release 7.6.1810

Gitlab Service address: 192.168.25.135

Drone service address: 192.168.25.132

Deploy the gitlab service at 192.168.25.135:

1. Installation dependency

Sudo yum install-y curl policycoreutils-python openssh-serversudo systemctl enable sshdsudo systemctl start sshd

2. Turn on firewall access control (turn off firewall, negligible)

Sudo firewall-cmd-permanent-add-service=httpsudo firewall-cmd-permanent-add-service=httpssudo systemctl reload firewalld

3. Install mail service (on-demand configuration)

Sudo yum install postfixsudo systemctl enable postfixsudo systemctl start postfix

4. Configure the yum repository of gitlab

Curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh | sudo bash

5. Yum installs gitlab service

When installing, fill in the contents of EXTERNAL_URL to the address that your gitlab is going to configure (use http://192.168.25.135 because the virtual machine is used at this time and the domain name is not configured)

Sudo EXTERNAL_URL= "http://192.168.25.135" yum install-y gitlab-ee

6. Gitlab configuration file: / etc/gitlab/gitlab.rb (EXTERNAL_URL and other configurations can be modified)

Perform an update after modifying the configuration file:

Gitlab-ctl reconfigure

Gitlab project directory: / var/opt/gitlab

Gitlab service name: gitlab-runsvdir

Start, stop, restart services:

Systemctl (start | stop | restart | status) gitlab-runsvdirgitlab-ctl (start | stop | restart | status)

7. Change the administrator's default password

# gitlab-rails console production / / enter the gitlab management console irb (main): 001main 0 > u=User.where (id:1). First / / find the account (User.all can view all users) irb (main): 002main 0 > u.passwordpasswordkeeper 12345678'/ / set the password to 12345678irb (main): 003irb 0 > u.passwordpasswordaccountationalizationpassword 12345678' / / reconfirm password irb (main): 004main 0 > u.save! / Save Irb (main): 005 0 > exit / / exit the current setting process

Reference: https://about.gitlab.com/install/ (how all systems are installed)

Deploy the drone service at 192.168.25.132:

1. Create an authentication on gitlab. User-setting-Applications

Enter the name (name), callback address (Redirect URI), and check api and read_user permissions.

2. Create and copy Application ID and Secret

3. Generate a verification secret for use between drone server and agent

$openssl rand-hex 164f3b7f51e3dd678c08cf2d0675c66760

4. Download drone server image

Docker pull drone/drone:1

5. Start the service

Docker run\-- volume=/var/lib/drone:/data\-- env=DRONE_AGENTS_ENABLED=true\ / / whether to allow agent-- env=DRONE_GITLAB_SERVER= http://192.168.25.135\ / / gitlab address-- application ID created on env=DRONE_GITLAB_CLIENT_ID=$ {DRONE_GITLAB_CLIENT_ID}\ / / gitlab-- env=DRONE_GITLAB_CLIENT_SECRET=$ {DRONE_GITLAB_CLIENT_SECRET}\ / / gitlab The secret corresponding to the application ID-- env=DRONE_RPC_SECRET=$ {DRONE_RPC_SECRET}\ / is used for verification with drone agent That is, the secret generated by the command in 3-- env=DRONE_SERVER_HOST=$ {DRONE_SERVER_HOST}\ / / drone-server address-- env=DRONE_SERVER_PROTO=$ {DRONE_SERVER_PROTO}\ / / drone-server access protocol If ssl or acme is configured, this field defaults to https-- publish=80:80\-- publish=443:443\-- restart=always\-- detach=true\-- name=drone\ drone/drone:1

Example:

Docker run\-- volume=/var/lib/drone:/data\-- env=DRONE_AGENTS_ENABLED=true\-- env=DRONE_GITLAB_SERVER= http://192.168.25.135\-- env=DRONE_GITLAB_CLIENT_ID=fc7611e90bcdb7d3dc19bd0ad5338bffadfe48c1a3a13af6912863745e2894d7\-- env=DRONE_GITLAB_CLIENT_SECRET=8d3ab2adeb18bdd09cd8b9987955e282db0ab35e2efd2f30b7a71f320e5f2ac7\-- env=DRONE_RPC_SECRET=4f3b7f51e3dd678c08cf2d0675c66760\-- env=DRONE_SERVER_HOST=192.168.25.132\-- env=DRONE_SERVER_PROTO=http\-- env=DRONE_TLS_AUTOCERT=false\-- env=DRONE_LOGS_DEBUG=true\ / / opened the debug log Easy to debug-publish=80:80\-- publish=443:443\-- restart=always\-- detach=true\-- name=drone\ drone/drone:1

6. Access http://192.168.25.132 and automatically jump to gitlab authorization.

Synchronous warehouse

activation

Reference: https://docs.drone.io/installation/overview/

Deploy the docker runner service on 192.168.25.132

Docker pull drone/drone-runner-docker:1$ docker run-d\-v / var/run/docker.sock:/var/run/docker.sock\-e DRONE_RPC_PROTO=https\ / / drone server communication protocol-e DRONE_RPC_HOST=drone.company.com\ / / drone server address-e DRONE_RPC_SECRET=super-duper-secret\ / / secret-e DRONE_RUNNER_CAPACITY=2\ / / set the number of concurrency configured when drone server starts The default is 2-e DRONE_RUNNER_NAME=$ {HOSTNAME}\-p 3000 name runner 3000\-- restart always\-- name runner\ drone/drone-runner-docker:1

For example:

Docker run-d\-v / var/run/docker.sock:/var/run/docker.sock\-e DRONE_RPC_PROTO=http\-e DRONE_RPC_HOST=192.168.25.132\-e DRONE_RPC_SECRET=4f3b7f51e3dd678c08cf2d0675c66760\-e DRONE_RUNNER_CAPACITY=2\-e DRONE_RUNNER_NAME=192.168.25.132\-p 3000DRONE_RPC_HOST=192.168.25.132 3000\-- restart always\-- name runner drone/agent:1

Encountered a problem:

1. The warehouse cannot be activated.

Log error report

{"admin": false, "level": "debug", "msg": "api: sync repository permissions", "name": "456", "namespace": "liyang", "read": true, "request-id": "1UC2for9ub8hMZeIbmCtD2uKb7A", "time": "2019-11-27T09:19:22Z", "user.login": "liyang", "write": false} {"admin": false, "level": "debug", "msg": "api: repository permissions synchronized", "name": "456" "namespace": "liyang", "read": true, "request-id": "1UC2fuYsMFEy2USt6v0bOCpNC3o", "time": "2019-11-27T09:19:22Z", "user.login": "liyang", "write": false}

Query gitlab access Log

192.168.25.132-[27/Nov/2019:17:19:26 + 0800] "POST / api/v4/projects/abcd%2F456/hooks?merge_requests_events=true&push_events=true&tag_push_events=true&token=V3zqKtE9ZWaoeTxAlbqnW55FHp9NY79H&url=http%3A%2F%2F192.168.25.132%2Fhook HTTP/1.1" 422 29 "Go-http-client193"

After searching, this problem is a gitlab LAN access configuration problem.

Solution: log in to setting-network-Outbound requests using the administrator account

Expand- check Allow requests to the local network from web hooks and services

Reference: https://discourse.drone.io/t/error-activating-gitlab-repository/3153

Https://gitlab.com/gitlab-org/gitlab-foss/issues/55605

Https://discourse.drone.io/c/general-discussion

Https://gitlab.com/gitlab-org/gitlab-foss/issues?state=all

Problem 2:Project settings has no Trusted option

Protected-If Enabled, blocks pipeline if the yaml signature cannot be verified.

Trusted-Enables privileged capabilities: an ability to start privileged containers and mount host machine volumes.

Solution: add options at startup

-- env=DRONE_USER_CREATE=username:abcd,admin:true\

Reference: https://discourse.drone.io/t/the-repositories-setting-does-not-have-trusted/6093

Https://docs.drone.io/manage/user/

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report