Home | panticz.de

GitLab: LFS on S3

Configure GitLab
...
gitlab_rails['lfs_enabled'] = true
gitlab_rails['lfs_object_store_enabled'] = true
gitlab_rails['lfs_object_store_proxy_download'] = true
gitlab_rails['lfs_object_store_remote_directory'] = "lfs"
gitlab_rails['lfs_object_store_connection'] = {
'provider' => 'AWS',
'aws_access_key_id' => 'KEY123',
'aws_secret_access_key' => 'PASS1234',
'endpoint' => 'https://s3.example.com',
}

gitlab-ctl reconfigure

Install (on client)
apt-get install -y git git-lfs

# create LFS testfile

Read more about GitLab: LFS on S3

GitLab: Artifacts on S3

Create bucket
s3cmd mb s3://artifacts

Configure GitLab
/etc/gitlab/gitlab.rb
...
nginx['client_max_body_size'] = '1024m'
gitlab_rails['artifacts_enabled'] = true
gitlab_rails['artifacts_object_store_enabled'] = true
gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts"
gitlab_rails['artifacts_object_store_connection'] = {
'provider' => 'AWS',
'region' => 'us-west-1',
'aws_access_key_id' => 'KEY1234',
'aws_secret_access_key' => 'PASS1234
'endpoint' => 'https://s3.example.com'
}

gitlab-ctl reconfigure

Read more about GitLab: Artifacts on S3

S3 storage under Linux / Ubuntu

Install
sudo apt install -y s3fs

Configuration
# cat ~/.passwd-s3fs
AWS Access Key ID:AWS Secret Access Key

Mount
s3fs backup /media/backup -o url=https://s3.example.com,allow_other,umask=0000
# -o passwd_file=/etc/passwd-s3fs
# -o use_cache=/tmp/cache

/etc/fstab
mybucket1.mydomain.org /mnt/mybucket1 fuse.s3fs _netdev,allow_other,passwd_file=/home/ftpuser/.passwd-aws-s3fs,default_acl=public-read,uid=1001,gid=65534 0 0

Links
https://gridscale.io/community/tutorials/s3-fuse-ubuntu/

Read more about S3 storage under Linux / Ubuntu

php-fpm under Nginx

Install
sudo apt install -y php-fpm nginx #mariadb-server php-mysql php-gd php-curl

Configure php-fpm
# /etc/php/7.2/fpm/pool.d/www.conf
[www]
user = www-data
group = www-data
listen = /run/php/php7.2-fpm.sock
;listen = 127.0.0.1:9000
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3

Configure Nginx
# /etc/nginx/sites-enabled/default
server {
...
# pass PHP scripts to FastCGI server
location ~ \.php$ {

Read more about php-fpm under Nginx

Vault

Install
wget https://releases.hashicorp.com/vault/0.11.5/vault_0.11.5_linux_amd64.zip -P /tmp/
apt install -y unzip
unzip -d /usr/sbin /tmp/vault_0.11.5_linux_amd64.zip
vault -autocomplete-install

Linux
https://learn.hashicorp.com/vault/

Read more about Vault

Duplicity with S3

Install
sudo apt install -y duplicity python-boto

SSH
duplicity incr --log-file /tmp/duplicity.log /etc/ scp://foo@10.0.1.123//media/etc

S3
vi ~/.boto
[Credentials]
aws_access_key_id = KEY_ID
aws_secret_access_key = SECRET_ACCESS_KEY

# create backup to s3
duplicity full --log-file /tmp/duplicity.log /etc/ s3://s3.example.com/backup/host.examp.eocm/etc/

duplicity list-current-files s3+http://bucket/folder

WebDav
export FTP_PASSWORD="pass1234"

Read more about Duplicity with S3

GitLab registry with S3 storage

Configure CEPH
touch /tmp/placeholder
s3cmd mb s3://gitlab
s3cmd put /tmp/placeholder s3://gitlab
s3cmd ls s3://gitlab
s3cmd du s3://gitlab

Configure GitLab
# /etc/gitlab/gitlab.rb
...
registry_external_url 'https://registry.example.com'
registry_nginx['enable'] = true
registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/registry.example.com.crt"
registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/registry.example.com.key"
#registry['log_level'] = "debug"
#registry['storage_delete_enabled'] = true
...
registry['storage'] = {

Read more about GitLab registry with S3 storage

cloud-image-utils

sudo apt install -y qemu-kvm cloud-image-utils
wget https://cloud-images.ubuntu.com/releases/18.04/release/ubuntu-18.04-server-cloudimg-amd64.img

# cat seed
#cloud-config
password: ubuntu
chpasswd: { expire: False }
ssh_pwauth: True
ssh_import_id: ${USER}

cloud-localds seed.img seed
sudo kvm-spice -m 2048 -drive file=ubuntu-18.04-server-cloudimg-amd64.img,if=virtio,cache=writeback -cdrom seed.img -net nic,model=virtio -net user,hostfwd=tcp::222-:22
# -balloon virtio

# login credentials:
user: ubuntu
pass: ubuntu

ssh ubuntu@localhost:2222

Read more about cloud-image-utils

LXD: Create container with profile (connect to VLAN)

create profile
lxc profile copy default mgmt-dev
# lxc profile list
lxc profile device set mgmt-dev eth0 nictype macvlan
lxc profile device set mgmt-dev eth0 parent mgmt-dev-v4432
lxc profile show mgmt-dev

create container with profile
lxc launch ubuntu:18.04 bionic-mgmt-dev -p mgmt-dev
lxc ls

Enable container nesting
lxc config set bionic-mgmt-dev security.nesting true

Configure IP
cat < /var/lib/lxd/containers/bionic-mgmt-dev/rootfs/etc/netplan/50-cloud-init.yaml
network:
version: 2

Read more about LXD: Create container with profile (connect to VLAN)

Ubuntu: Instlal lldpd (Link Layer Discovery Protocol)

sudo apt-add-repository universe
sudo apt install -y lldpd

# optional: enable Cisco CDP protocol
cat < /etc/default/lldpd
DAEMON_ARGS="-c"
EOF
service lldpd restart

# get info
lldpctl

Read more about Ubuntu: Instlal lldpd (Link Layer Discovery Protocol)

Subscribe to