20230102:22 - GitLab CE install

Goals

I'm attending a GitLab community lunch in February, where the focus of conversation is going to be around GitLab CE. While normally we work in GitLab EE, and the unregistered EE is functionally the same as CE, it would be nice to have a CE setup "just because". Also some community members require only open source, so the EE is not an option.

Also, it'd be nice if I did this at least once.

Setting up build/test/run apparatus

• Need a VM on the Internet. Will use a GCloud compute instance, because that's what I know
• Will install on Ubuntu 20.04 LTS, since this is known to work for Sandbox

1. Create a Compute Instance in GCP. I went with an e2-standard-2 which has 2 vCPU and 8GB RAM.
2. Specify the image as Ubuntu 20.04 LTS x86-64
3. Allow HTTP and HTTPS protocol access
4. From the GCloud Console, connect and add my public SSH key:

   curl -L https://gitlab.com/mlockhart.keys >> ~/.ssh/authorized_keys

5. Add DNS record (I added an A-record in my personal milohax.net domain: gitlab-ce.milohax.net)
   • note that every time the VM is stopped, the IP address is released, so this will need to be updated
6. verify SSH connection: mlockhart@gitlab-ce.milohax.net

Experiment Procedures

Update package database and install GitLab dependencies

sudo bash
apt update
apt upgrade -p
apt install -y ca-certificates curl openssh-server tzdata

Configure Postfix Send-Only SMTP

hostnamectl set-hostname gitlab-ce.milohax.net --static

apt-get update
apt install postfix mailutils
sed -i 's:inet_interfaces = all:inet_interfaces = loopback-only:g' /etc/postfix/main.cf
systemctl restart postfix
echo "TEST Send-Only Server" | mail -s "Postfix Testing" mlockhart@gitlab.com

Add the GitLab CE package repository

curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash

Install GitLab CE on Ubuntu 20.04 LTE

apt update
apt install gitlab-ce

Edit the external_url:

sed -i "s|external_url 'http://gitlab.example.com'|external_url 'http://gitlab-ce.milohax.net'|g" /etc/gitlab/gitlab.rb
gitlab-ctl reconfigure

Check status

gitlab-ctl status

Connect to Web UI for first time

1. get the initial root password from /etc/gitlab/initial_root_password
2. Login as root to http://gitlab-ce.milohax.net
3. Change the root password
4. Login again with the new password
5. Disable sign-up to prevent random new accounts

Add TLS with Let's Encrypt

1. Edit /etc/gitlab/gitlab.rb (see comment)

2. Also make sure the external_url is changed to use https

3. gitlab-ctl reconfigure

4. Validate reloading http://gitlab-ce.milohax.net should 301 redirect to https (see comment)

5. Validate certificate:

   

Outcomes

Static IP

To avoid having to change the DNS A-record each time that the server is terminated/restarted, you can promote the external IP to a static IP reservation:

gcloud compute addresses create gitlab-ce \
  --addresses=INSTANCE_EXTERNAL_IP_ADDRESS \
  --region=us-central1

• the address_name, gitlab-ce above, is local to the current GCP project
• the region must be the same as that running the VM (global IP addresses are different beasts, and if you don't know what one is, you don't need it)

One is charged for the static IP reservation, of course, so to release this reservation once the address is no longer needed (after totally deleting the cloud VM instance):

gcloud compute addresses delete gitlab-ce

Conclusions

Following the above steps leads to an installed GitLab CE on Ubuntu, with TLS, and enabled in SystemD

It appears to work almost exactly like GitLab EE Omnibus, which is great because a stated goal in GitLab's stewardship is that the CE experience should be as good as the EE one.

After some experimentation with this VM, I decided to try to upgrade it (apt-get update && agt-get upgrade gitlab-ce). It turns out that the 10GB default root volume is not large enough. Allocate a larger one when creating the VM from scratch.

---