Cool Solution - GitLab

From Univention Wiki

Jump to: navigation, search
Produktlogo UCS Version 4.1

Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.

Also regard the legal notes at Terms of Service.

Gitlab is an open source repository management tool. It comes as both a community and enterprise edition. Getting either of them to run on UCS as well as integrating them with UCS is fast and easy.

Installation

Gitlab uses sudo. Please make sure it is installed before proceeding.

univention-install sudo

Using the scripts provided by Gitlab, installation becomes a breeze. The only care has to be taken to specify the underlying Debian system.

Community Edition

For the Community Edition, the installation works the following:

wget https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh
chmod +x ./script.deb.sh
os=Debian dist=7 ./script.deb.sh

Afterward, the respective packages can be installed through the package management system

apt-get install gitlab-ce

Enterprise Edition

The only difference for the enterprise edition is path of the script and the name of the install package.

wget https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh
chmod +x ./script.deb.sh
os=Debian dist=7 ./script.deb.sh
apt-get install gitlab-ee

Configuration

Most of the configuration is fine for usage with UCS. However, as the standard HTTP ports are already in use by the management console, another port for the web interface and the LDAP server need to be configured. For this, you will need the LDAP server name and the LDAP base. You can find the name with the command

ucr get ldap/server/name

While the following command gives you the ldap/base

ucr get ldap/base

To get the machine password issue the command,

cat /etc/machine.secret
On the command line open
/etc/gitlab/gitlab.rb
with your favourite editor. On the very top you see an entry starting with
external_url

Here append your port number to the hostname, for example, 8000.

Then find the line

# gitlab_rails['ldap_enabled'] = false

and just above it enter the following code block

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
  main:
    label: 'LDAP'
    sync_time:
    host: '<ldap/server/name>'
    port: 7389
    uid: 'uid'
    method: "tls" # "tls" or "ssl" or "plain"
    bind_dn: "<ldap/binddn>"
    password: "</etc/machine.secret>"
    active_directory: false
    allow_username_or_email_login: false
    base: "cn=users,<ldap/base>"
    user_filter: "(objectClass=organizationalPerson)"
    block_auto_created_users: false
    attributes:
      username: 'uid'
      email: 'mailPrimaryAddress'  
      cn: 'displayName'
      first_name: 'givenName'
      last_name: 'sn'
EOS

Reconfigure gitlab with

gitlab-ctl reconfigure

and then you can start gitlab

gitlab-ctl start

Professional Edition

The Professional Edition offers Kerberos integration and multiple LDAP. Both work with UCS. To configure multiple LDAP servers add the second server in the block above before the EOS

  backup:
    label: 'LDAP'
    sync_time:
    host: '<name of the ldap backup>'
    port: 7389
    uid: 'uid'
    method: "tls" # "tls" or "ssl" or "plain"
    bind_dn: "<ldap/binddn>"
    password: "</etc/machine.secret>"
    active_directory: false
    allow_username_or_email_login: false
    base: "cn=users,<ldap/base>"
    user_filter: "(objectClass=organizationalPerson)"
    block_auto_created_users: false
    attributes:
      username: 'uid'
      email: 'mailPrimaryAddress'  
      cn: 'displayName'
      first_name: 'givenName'
      last_name: 'sn'
Personal tools