gitlab | runner | ci/cd ansible | ci/cd www | ci/cd laravel | ci/cd react | sast
assuming a dedicated system and shell executor
install and register a new runner
wget -O - "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh" | bash apt install gitlab-runner # enabled already systemctl status gitlab-runner
notice the gitlab-runner user got created
date ls -lF /home/
grab some TOKEN from the gitlab server
SHARED (aka instance runner)
admin area > ci/cd > runners
==> new instance runner
admin area > settings > ci/cd > runners
GROUP (aka group runner)
groups > (choose group) > build / runners
==> new group runner with tag "runner1"
groups > (choose group) > settings / ci/cd > runners
SPECIFIC (aka project runner)
projects > (choose project) > settings > ci/cd / runners
==> new project runner
you can also review all kinds of runners at once from the admin area
admin area > ci/cd > runners
on the runner node
make sure you’ve got name resolution against the gitlab server
host gitlab.domain.tld
eventually fix the route towards its internal IP, in case DNS views aren’t done right
vi /etc/hosts x.x.x.x gitlab.domain.tld
and check that it is reachable
nmap -p 443 gitlab.domain.tld
and proceed AS ROOT, eventhough the jobs will run as user gitlab-runner!
as root
# as provided from the step above gitlab-runner register --url ... --token ... executor: shell
get rid of that one to avoid issues with shell profile loading during CI/CD jobs
as gitlab-runner
cd ~/ mv -i .bash_logout .bash_logout.dist
on the runner node
su - gitlab-runner ssh-keygen -t ed25519 cat .ssh/id_ed25519.pub
now allow that user to reach the target servers e.g. as user runner
some target host
useradd -m -g users -s /bin/bash runner # unlock the freaking user - the right way apt update && apt install pwgen pass=`pwgen -n -y -s -B -1 16 1` echo $pass echo -n unlocking runner user the right way ... echo "runner:$pass" | chpasswd && echo done || echo FAIL unset pass cd /home/runner/ mkdir .ssh/ cat > .ssh/authorized_keys <<EOF THE PUBLIC KEY FROM ABOVE EOF chown -R runner:users .ssh/ chmod 700 .ssh/ chmod 600 .ssh/authorized_keys cp -pi /etc/sudoers /etc/sudoers.dist echo "runner ALL= (ALL) NOPASSWD: ALL" >> /etc/sudoers
and check – take the chance to record target’s host keys
back to the runner system, as gitlab-runner user
vi ~/.ssh/config
host TARGET-SERVER
hostname x.x.x.x
port xxxx
identityfile ~/.ssh/id_ed25519
user runner
ssh TARGET-SERVER
Continuous integration https://en.wikipedia.org/wiki/Continuous_integration
Migrating from Jenkins https://docs.gitlab.com/ee/ci/migration/jenkins.html
GitLab CI/CD job token https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html
Install GitLab Runner https://docs.gitlab.com/runner/install/
Registering runners https://docs.gitlab.com/runner/register/
Install GitLab Runner using the official GitLab repositories https://docs.gitlab.com/runner/install/linux-repository.html
The scope of runners https://docs.gitlab.com/ee/ci/runners/runners_scope.html
GitLab Runner commands https://docs.gitlab.com/runner/commands/
Un-register gitlab-runner on Ubuntu not working https://stackoverflow.com/questions/62977329/un-register-gitlab-runner-on-ubuntu-not-working
Unregister gitlab runner https://gist.github.com/zinovyev/25f7d6095ef4cb8bfc2213e54901f6a5
GitLab Token overview https://docs.gitlab.com/ee/security/token_overview.html
A Brief History of DevOps, Part III: Automated Testing and Continuous Integration https://circleci.com/blog/a-brief-history-of-devops-part-iii-automated-testing-and-continuous-integration/
Getting started with continuous integration for Nest.js APIs https://circleci.com/blog/getting-started-with-nestjs-and-automatic-testing/
https://www.cyberciti.biz/faq/generating-random-password/
https://docs.gitlab.com/runner/shells/#shell-profile-loading