Environment

This vagrant environment configures a basic GitLab Community Edition installation using the Omnibus GitLab package.

After launching this environment, you can test GitLab CI by launching the rgl/gitlab-ci-vagrant environment.

Nginx (HTTP/2 enabled) is configured with a self-signed certificate at:

https://gitlab.example.com/

PostgreSQL is configured to allow (and trust) any connection from the host. For example, you can use pgAdmin III with these settings:

Host: gitlab.example.com
Port: 5432
Maintenance DB: postgres
Username: gitlab-psql

GitLab is also configured to use the optional ldaps://dc.example.com Active Directory LDAP endpoint as configured by rgl/windows-domain-controller-vagrant.

Some example repositories are automatically installed, if you do not want that, comment the line that calls create-example-repositories.sh inside the provision.sh file before running vagrant up.

Email notifications are sent to a local mailpit SMTP server running at localhost:1025 and you can browse them at http://gitlab.example.com:8025.

Prometheus is available at http://gitlab.example.com:9090/.

Usage

Install the Ubuntu 22.04 UEFI Base Box.

Start the environment:

vagrant up --no-destroy-on-error

Configure your host system to resolve the gitlab.example.com and vault.gitlab.example.com domains to this vagrant environment IP address, e.g.:

sudo tee -a /etc/hosts <<'EOF'
10.10.9.99 gitlab.example.com
10.10.9.99 vault.gitlab.example.com
EOF

Sign In into GitLab using the root username and the HeyH0Password password at:

https://gitlab.example.com/users/sign_in

When using the default LDAP settings you can also login with LDAP credentials as the following users:

Username	Password
john.doe	HeyH0Password
jane.doe	HeyH0Password

After login, you should add your public SSH key, for that open the SSH Keys page at:

https://gitlab.example.com/-/user_settings/ssh_keys

Add a new SSH key with your SSH public key, for that, just copy the contents of your id_rsa.pub file. Get its contents with, e.g.:

cat ~/.ssh/id_rsa.pub

Create a new repository named hello at:

https://gitlab.example.com/projects/new

You can now clone that repository with SSH or HTTPS:

git clone git@gitlab.example.com:root/hello.git
git clone https://root@gitlab.example.com/root/hello.git

NB This vagrant environment certificates are signed by a private CA, as such, to prevent TLS verification errors, you must trust it by importing its certificate from the tmp/gitlab-ca/gitlab-ca-crt.pem file, or, not recommended, temporarily, disable all the certificate verifications, by setting the GIT_SSL_NO_VERIFY environment variable with export GIT_SSL_NO_VERIFY=true.

Make some changes to the cloned repository and push them:

cd hello
echo '# Hello World' >> README.md
git add README.md
git commit -m 'some change'
git push

List this repository dependencies (and which have newer versions):

GITHUB_COM_TOKEN='YOUR_GITHUB_PERSONAL_TOKEN' ./renovate.sh

Hyper-V

Create the required virtual switches:

# NB HYPERV_SWITCH_NAME should be created as described in
#    https://github.com/rgl/ubuntu-vagrant.
export HYPERV_SWITCH_NAME='Vagrant'
pwsh -NoLogo -NoProfile -ExecutionPolicy Bypass <<'EOF'
@(
  @{Name='gitlab'; IpAddress='10.10.9.1'}
) | ForEach-Object {
  $switchName = $_.Name
  $switchIpAddress = $_.IpAddress
  $networkAdapterName = "vEthernet ($switchName)"
  $networkAdapterIpAddress = $switchIpAddress
  $networkAdapterIpPrefixLength = 24

  # create the vSwitch.
  New-VMSwitch -Name $switchName -SwitchType Internal | Out-Null

  # assign it an host IP address.
  $networkAdapter = Get-NetAdapter $networkAdapterName
  $networkAdapter | New-NetIPAddress `
      -IPAddress $networkAdapterIpAddress `
      -PrefixLength $networkAdapterIpPrefixLength `
      | Out-Null
}

# remove all virtual switches from the windows firewall.
Set-NetFirewallProfile `
    -DisabledInterfaceAliases (
            Get-NetAdapter -name "vEthernet*" | Where-Object {$_.ifIndex}
        ).InterfaceAlias
EOF

Git Large File Storage (LFS)

You can also use Git Large File Storage (LFS). As this is an external Git plugin, you need to install git-lfs before you continue.

NB git-lfs needs to be on your PATH. Normally the installer configures your system PATH, but you still need to restart your shell or Git Client application for it to pick it up.

Give it a try by cloning the example repository (created by create-example-repositories.sh):

git clone https://root:HeyH0Password@gitlab.example.com/example/use-git-lfs.git

NB git-lfs always uses an https endpoint (even when you clone with ssh).

Lets get familiar with git-lfs by running some commands.

See the available lfs commands:

git lfs

Which file patterns are currently being tracked:

git lfs track

NB do not forget, only the tracked files are put outside the git repository. So don't forget to track. e.g., with git lfs track "*.iso".

See which files are actually tracked:

git lfs ls-files

See the git-lfs environment:

git lfs env

For more information read the tutorial and the documentation.

Troubleshoot

Watch the logs:

sudo su -l
tail -f /var/log/gitlab/gitlab-rails/*.log

Do a self-check:

sudo gitlab-rake --trace gitlab:env:info
sudo gitlab-rake --trace gitlab:check SANITIZE=true

Monitorization

By default Prometheus is configured to scrap the metric targets every 15 seconds and to store them for 15 days.

You can see the current targets at:

http://gitlab.example.com:9090/targets

WARNING prometheus is configured to listen at 0.0.0.0, you probably want to change this.

Command Line Interface

GitLab has an API which can be used from different applications, one of those, is the gitlab cli application, which is already installed in the vagrant environment (see provision-gitlab-cli.sh) and can be used as:

vagrant ssh
sudo su -l

# list all users.
gitlab -o yaml -f id,name,email user list --get-all

# list all groups and projects.
gitlab -o yaml -f id,visibility,full_path,web_url group list --get-all
gitlab -o yaml -f id,visibility,tag_list,path_with_namespace,web_url project list --get-all

# list all the projects protected branches, tags, members.
gitlab -o json -f id,visibility,tag_list,web_url project list --get-all >projects.json
jq '.[].id' projects.json | xargs -L1 gitlab project-protected-branch list --get-all --project-id
jq '.[].id' projects.json | xargs -L1 gitlab project-protected-tag list --get-all --project-id
jq '.[].id' projects.json | xargs -L1 gitlab project-member list --get-all --project-id

Python Interface

python-gitlab is also available as the gitlab python library, which can be used as:

import gitlab

gl = gitlab.Gitlab.from_config()

# list all users.
for user in gl.users.list(all=True):
    print(f'{user.id}\t{user.name}\t{user.email}')

# list all groups and projects.
for group in gl.groups.list(all=True):
    print(f'{group.id}\t{group.visibility}\t{group.full_path}\t{group.web_url}')
for project in gl.projects.list(all=True):
    print(f'{project.id}\t{project.visibility}\t{project.tag_list}\t{project.path_with_namespace}\t{project.web_url}')

# list project protected branches.
for project in gl.projects.list(all=True):
    has_i = False
    for i in project.protectedbranches.list(all=True):
        print(f'{project.web_url}\t{i.name}')
        has_i = True
    if not has_i:
        print(project.web_url)

# list project members.
# NB these members do not include the ones added to the group.
for project in gl.projects.list(all=True):
    has_member = False
    for member in project.members.list(all=True):
        # NB the member object does not contain the email attribute, so we also fetch the user.
        user = gl.users.get(id=member.id)
        print(f'{project.web_url}\t{user.username}\t{user.email}')
        has_member = True
    if not has_member:
        print(project.web_url)

# see more examples at https://python-gitlab.readthedocs.io/en/stable/api-objects.html

Also check the set-example-groups-users.py script to see how you could add users to all groups.