Skip to content

GitLab App

About

GitLab is the complete DevOps platform.

Custom gitlab.yml

GitLab is customized using GitLab's admin interface. Some options can ony be changed in gitlab.yml. For such situations, use the File Manager and modify /app/data/gitlab.yml and restart the app.

Disabling registration

By default, GitLab allows external people to sign up. This can be disabled to restrict use only to Cloudron users as follows:

GitLab > Admin area > Settings > Features > remove the check mark "Sign-up enabled"

GitLab Runner for CI

GitLab CI involves installing one or more GitLab Runners. These runners carry out tasks as instructed by the main GitLab installation. When installing a runner, you have to select the project tags to which the runner will respond and the type of tasks ("executor") it can carry out. For example, there is a Shell executor, Docker execuctor etc.

Once GitLab runner is installed, you have to add the runner in GitLab. When adding the runner in GitLab, you can decide how GitLab schedules tasks in the runner ie. if the runner is exclusive to a project ('Specific Runner') or shared between projects ('Shared Runner) or specific to a group ('Group Runner').

Cloudron's GitLab package can be used with GitLab Runner as follows.

  • First create a new server and install GitLab Runner on it following the instructions at GitLab docs. In short:
    # For ubuntu
    curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh | sudo bash
    sudo apt-get install gitlab-runner
  • Get the token listed in GitLab under https://<gitlab.example.com>/admin/runners (under shared runners section).

  • Register the runner with the token from the above step

    root@localhost:~# sudo gitlab-runner register
    Running in system-mode.                            

    Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
    https://gitlab.cloudron.xyz
    Please enter the gitlab-ci token for this runner:
    xzdZgdsXq5uSFCyAK7pP
    Please enter the gitlab-ci description for this runner:
    [localhost]: Shell Jobs Runner
    Please enter the gitlab-ci tags for this runner (comma separated):

    Whether to lock the Runner to current project [true/false]:
    [true]: false
    Registering runner... succeeded                     runner=xzdZgdsX
    Please enter the executor: docker, docker-ssh, shell, ssh, virtualbox, docker-ssh+machine, parallels, docker+machine, kubernetes:
    shell
    Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded! 
  • The Runner should now be listed under https://<gitlab.example.com>/admin/runners.

  • Now push a .gitlab-ci.yml to your project to start using the runner.

Reset Admin Password

To reset the admin password, run the following commands using the Web terminal:

# su - git  
$ cd gitlab
$ bundle exec rails c -e production # (takes about 10 sec to bring up rails terminal)
=> user = User.where(id: 1).first
=> user.password = 'NEW_PASS'
=> user.password_confirmation = 'NEW_PASS'
=> user.save
=> exit

App Settings

There are various other settings GitLab supports via gitlab.rb. On Cloudron those are specified in /app/data/gitlab.yml. The upstream docs are referring to the key style of gitlab.rb and the mapping of keys for the yml file are described here.

Incoming Email

GitLab has several features based on receiving incoming email messages - Reply by Email, New issue by email, New merge request by email and Service Desk. See the docs for more information.

On Cloudron, you can configure the inbox to use in the Email section of the app. When configured, Cloudron will configure GitLab to use Email sub-addressing.

Careful about the incoming email domain

GitLab recommends using a subdomain for incoming email in their security note. On Cloudron, you can add the subdomain in the Domains view, enable email server for the subdomain and then select a subdomain email address.

To set a custom address for Service Desk, add a mailbox in Cloudron and add service_desk_email key in /app/data/gitlab.yml as mentioned here:

production: &base
  ... other configs ...

  service_desk_email:
    enabled: true
    address: "project_contact+%{key}@example.com"
    user: "project_contact@example.com"
    password: "[REDACTED]"
    host: "my.cloudrondomain.com"
    port: 993
    ssl: true
    start_tls: false
    log_path: "log/mailroom.log"
    mailbox: "inbox"
    idle_timeout: 60
    expunge_deleted: true

Be sure to restart GitLab after making the above change.

Migration to Cloudron

This guide aims to assist in migrating an already running Gitlab into the Gitlab Cloudron app.

If you have any problems please do not delay and seek help in the Forum.

This guide got written for a migration from a Gitlab installation via Omnibus.

Make sure both Gitlab instances are running the same version! Before continuing to the next step!

The backup Rake task GitLab provides does not store your configuration files. The primary reason for this is that your database contains items including encrypted information for two-factor authentication and the CI/CD secure variables. Storing encrypted information in the same location as its key defeats the purpose of using encryption in the first place.

At the very minimum, you must backup:

For Omnibus:

  • /etc/gitlab/gitlab-secrets.json
  • /etc/gitlab/gitlab.rb

For installation from source:

  • /home/git/gitlab/config/secrets.yml
  • /home/git/gitlab/config/gitlab.yml

NOTE! Since we are switching from Omnibus TO a source installation (The Cloudron Gitlab app is a source installation) we will need to convert the gitlab-secrets.json to secrets.yml.

Also in the converted secrets.yml you will need to change gitlab_rails: to production: - otherwise gitlab will generate new secrets for rails.

Create a backup of your running Gitlab

Gitlab Documentation - Backup and Restore

GitLab 12.2 or later:

bash sudo gitlab-backup create

GitLab 12.1 and earlier:

bash gitlab-rake gitlab:backup:create

If you installed GitLab from source, use the following command: (This is how to do it in Cloudron)

bash sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production

For more examples please visit the official Gitlab Documentation - Backup and Restore

Save the generated file I.e. 1632462433_2021_09_24_14.2.4_gitlab_backup.tar on your local computer.

Change the database owner in the created backup

In the Omnibus version the default user for the database was gitlab in my case.

You need to change this into the PostgreSQL user provided by Cloudron.

Go into the Web terminal of your Cloudron Gitlab app to get the username:

# echoing the single variable
echo $CLOUDRON_POSTGRESQL_USERNAME
userd5499e3cf81b43d093724d69fa223688

# getting all Postgresql variables
printenv | grep -i POSTGRES
CLOUDRON_POSTGRESQL_URL=postgres://userd5499e3cf81b43d093724d69fa223688:ab1569471419f341ed83f18538b275c09c1389fdb248398640d48fdc8847275858aeca488021da55edb460051a2a0595f226602afc7828becd1c17d91f55eee2@postgresql/dbd5499e3cf81b43d093724d69fa223688
CLOUDRON_POSTGRESQL_DATABASE=dbd5499e3cf81b43d093724d69fa223688
CLOUDRON_POSTGRESQL_PASSWORD=ab1569471419f341ed83f18538b275c09c1389fdb248398640d48fdc8847275858aeca488021da55edb460051a2a0595f226602afc7828becd1c17d91f55eee2
CLOUDRON_POSTGRESQL_USERNAME=userd5499e3cf81b43d093724d69fa223688
CLOUDRON_POSTGRESQL_HOST=postgresql
CLOUDRON_POSTGRESQL_PORT=5432

The content of the backup looks like this:

1632462433_2021_09_24_14.2.4_gitlab_backup/
├── artifacts.tar.gz
├── backup_information.yml
├── builds.tar.gz
├── db
   └── database.sql.gz
├── lfs.tar.gz
├── pages.tar.gz
├── repositories
   └── @hashed
└── uploads.tar.gz

Extract the database.sql.gz to edit the database.sql.

We will need to replace all OWNER TO gitlab; strings to OWNER TO userd5499e3cf81b43d093724d69fa223688;.

Save the database.sql and gzip the file back into the database.sql.gz.

Put it back together into the 1632462433_2021_09_24_14.2.4_gitlab_backup.tar.

Example all done in a terminal:

# Move the created backup into a seperate folder for extraction
# Extract the created tar
tar -xf 1632745419_2021_09_27_14.2.4_gitlab_backup.tar

# decompress the gziped database.sql.gz
gzip -d db/database.sql.gz

# replace all `OWNER TO gitlab;` with `OWNER TO OWNER TO userd5499e3cf81b43d093724d69fa223688;`
sed -e 's/OWNER TO gitlab;/OWNER TO userd5499e3cf81b43d093724d69fa223688;/' -i db/database.sql

# compress the `database.sql`
gzip db/database.sql

# Create the new `1632745419_2021_09_27_14.2.4_gitlab_backup.tar`
# You will get a warning since it wont tar it self
tar -cf 1632745419_2021_09_27_14.2.4_gitlab_backup.tar ./
tar: ./1632745419_2021_09_27_14.2.4_gitlab_backup.tar is the archive; not backed up.

Restoring the Backup

  • Upload the new tar to the Gitlab Cloudron app to /app/data/backups/1632745419_2021_09_27_14.2.4_gitlab_backup.tar.
  • Upload the converted secrets.yml to /app/data/secrets.yml
  • Create a snapshot of the running Cloudron Gitlab app (this way we can jump back if something does not work, and you won't need to re-upload the backup)
  • Open the Web terminal of the Cloudron Gitlab app and run the restore
sudo -u git -H GITLAB_ASSUME_YES=1 bundle exec rake --trace gitlab:backup:restore RAILS_ENV=production

Now the restore should start looking something like this:

`/home/git` is not writable.
Bundler will use `/tmp/bundler20210927-435-134v1je435' as your home directory temporarily.
. . .
2021-09-24 06:22:36 +0000 -- done
2021-09-24 06:22:36 +0000 -- Restoring uploads ... 
2021-09-24 06:22:36 +0000 -- done
2021-09-24 06:22:36 +0000 -- Restoring builds ... 
2021-09-24 06:22:36 +0000 -- done
2021-09-24 06:22:36 +0000 -- Restoring artifacts ... 
2021-09-24 06:22:36 +0000 -- done
2021-09-24 06:22:36 +0000 -- Restoring pages ... 
2021-09-24 06:22:36 +0000 -- done
2021-09-24 06:22:36 +0000 -- Restoring lfs objects ... 
2021-09-24 06:22:36 +0000 -- done

Now migrate your custom settings from the gitlab.rb settings into /app/data/gitlab.yml file.

Restart the Cloudron Gitlab app.

Now everything should work as intended.

Migration of Gitlab Users to Cloudron LDAP Users

You might want to link old Gitlab users to the new Cloudron LDAP Users. This is rather simple, just make sure the username of the user is the same as in Cloudron.

Example: Gitlab username is tina.testing so the Cloudron username should also be tina.testing