Know GitLab CI
What is GitLab CI?

advantage

  • GitLab CI is included in GitLab by default and our code is hosted using GitLab so it can be easily integrated

  • The front-end interface of GitLab CI is beautiful and easy to be accepted

  • Includes real-time build logs for easy tracking

  • Using C/S architecture, horizontal expansion can be carried out, and performance will not be affected

  • With YAML configuration, anyone can easily use it

The key concept

Pipeline


Stages

  • All Stages are performed sequentially, that is, when one Stage is complete, the next Stage begins

  • If any Stage fails, subsequent Stages will never be executed and pipelines fail

  • A Pipeline is not successful until all Stages are completed

Jobs

  • Jobs in the same Stage execute in parallel

  • If any Job fails, Stage fails, Pipeline fails

  • The Stage succeeds when Jobs in the same Stage all execute successfully

GitLab Runner

registered

docker run --rm -t -i -v /path/to/config:/etc/gitlab-runner --name gitlab-runner gitlab/gitlab-runner register \  --executor "docker" \  --docker-image alpine:3 \  --url "https://gitlab.com/" \  --registration-token "PROJECT_REGISTRATION_TOKEN" \  --description "docker-runner" \  --tag-list "dev" \  --run-untagged \  --locked="true"Copy the code
sudo gitlab-runner register \  --non-interactive \  --url "https://gitlab.com/" \  --registration-token "PROJECT_REGISTRATION_TOKEN" \  --executor "docker" \  --docker-image alpine:3 \  --description "docker-runner" \  --tag-list "docker,aws" \  --run-untagged \  --locked="false" \Copy the code


type

  • Shared: Runner runs jobs from all unassigned projects

  • Group: Runner runs jobs from all unassigned projects in its Group

  • Specific: Runner runs jobs from assigned projects

  • Locked: Runner cannot be assigned to other projects

  • Paused: Runner will not receive any new jobs

configuration 

concurrent = 1check_interval = 0Copy the code

Global configuration

  • Concurrent: Indicates the number of concurrent operations. 0 indicates no limit.

  • Sentry_dsn: associates with the Sentry to collect exceptions to the Sentry.

  • Listen_address: metrics exposed for monitoring by Prometheus.

Executor

  • Shell

  • Docker

  • Docker Machine AND Docker Machine SSH (Autoscaling)

  • Parallels

  • VirtualBox

  • SSH

  • Kubernetes (recommended)

An overview of the 

sudo docker run --rm -ti -v /var/run/docker.sock:/var/run/docker.sock taobeier/docker /bin/shCopy the code

How to implement

  • Create groups and users and add users to the group. Use the groupadd and useradd commands.

  • Update the subuid and subgid files to configure the new users and groups to the /etc/subgid and /etc/subuid files. Subuid and subgid specify the subordinate ids that users are allowed to use.

  • Mount /sys/kernel/security as securityfs. You can run the mountpoint command to test this. If mountpoint /sys/kernel/security is not a mountpoint, Then use mount -t securityfs none /sys/kernel/security to mount it. If the mount fails, check whether SELinux or AppArmor prevents this behavior. For details on Security issues, see Linux Security Modules (LSM).

  • Then allow the dockerd command to start the daemon. Dockerd – host = Unix: / / / var/run/docker. The sock – host = TCP: / / 0.0.0.0:2375 can be docker daemon listening to port 2375.


A simple approach

The Runner practice 

[[runners]] name = "docker" url = "https://gitlab.example.com/" token = "TOKEN" limit = 0 executor = "docker" builds_dir = = = "" shell" "environment [ENV =" value ", "LC_ALL = en_US. Utf-8"] clone_url = "http://172.17.0.4"Copy the code
[runners. Docker] host = "" hostname = "" tls_cert_path = "/home/tao/certs" image = "docker" DNS = ["8.8.8.8"] privileged  = false userns_mode = "host" devices = ["/dev/net/tun"] disable_cache = false wait_for_services_timeout = 30 cache_dir Volumes = ["/data", "/home/project/cache"] extra_hosts = ["other-host:127.0.0.1"] services = ["mongo", "redis:3"] allowed_images = ["go:*", "python:*", "java:*"]Copy the code
image: registry.docker-cn.com/taobeier/dockervariables: DOCKER_DRIVER: Overlay2 # overlay2 is best bug need kernel >= 4.2services: - name: registry.docker-cn.com/taobeier/docker:stable-dind alias: dockerstages: - build - deploybuild_and_test: stage: build tags: - build script: # # change repo - sed - I "s/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g '/ etc/apk / # repositories using default official source apk takes 7 min 30s. 18s-ping -c 1 docker-ping -c 1 Registry.docker-cn.com __taobeier__docker-ipaddr-apk add --no-cache py-pip # Use default time 1 min 15s. Modified took 43 s - PIP install -i https://mirrors.ustc.edu.cn/pypi/web/simple docker - compose - docker - compose the up - d - docker-compose run --rm web pytest -s -v tests/test_session.pydeploy: image: "registry.docker-cn.com/library/centos" stage: deploy tags: - deploy script: # install ssh client - 'ssh-agent || (yum install -y openssh-clients)' # run ssh-agent - eval $(ssh-agent -s) - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null # create ssh dir - mkdir -p ~/.ssh - chmod 700 ~/.ssh # use ssh-keyscan to get key - ssh-keyscan -p $SSH_PORT $DEPLOY_HOST >> ~/.ssh/known_hosts - chmod 644 ~/.ssh/known_hosts # - ssh -p $SSH_PORT $DEPLOY_USER@$DEPLOY_HOST ls - rm -rf .git - scp -r -P $SSH_PORT . $DEPLOY_USER@$DEPLOY_HOST:~/we/Copy the code

How does Docker Executor work

  • Create a Service container (image already configured in the Service)

  • Create cache containers (to store volumes already configured in config.toml and dockerfiles to build mirrors)

  • Create build containers and link all service containers

  • Start the build container and send the Job script to the container

  • Execute the script of job

  • Check out code: /builds/group-name/project-name/

  • Perform the steps defined in.gitlab-ci.yml

  • Check the status code after the script is executed. If the status code is not 0, the build fails

  • Remove build and Service containers

Private Mirror source 

{     "auths": {         "registry.example.com": {             "auth": "5oiR5piv5byg5pmL5rab"         }     } }Copy the code

Services: - name: registry.docker-cn.com/taobeier/docker:stable-dindCopy the code
The variables: DOCKER_HOST: "tcp://registry.docker-cn.com __taobeier__docker: 2375"Copy the code
services:            - name: registry.docker-cn.com/taobeier/docker:stable-dind             alias: dockerCopy the code