Support gitlab as an OOTB git hosting service

[jstrachan]

[dosire]

This would be awesome!

The official Docker image is available on https://hub.docker.com/r/gitlab/gitlab-ce/

Please let me know how we can help.

[jstrachan]

I've raised this issue to try make the gitlab docker image more configurable via environment variables: https://gitlab.com/gitlab-org/gitlab-ce/issues/3519

which will make it a bit easier to reuse from fabric8

[dosire]

Thanks, I responded in that issue.

[akram]

I tested the merge request https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/575/diffs and it is working well for example to set smtp server settings.

This is what I did: Adding an env GITLAB_OMNIBUS_CONFIG in my gitlab OpenShift template and the corresponding parameter.

Then when instantiating it, I set the following value for the parameter:

 gitlab_rails['smtp_enable'] = true ; gitlab_rails['smtp_address'] = "smtp.gmail.com";  gitlab_rails['smtp_port'] = 587 ; gitlab_rails['smtp_user_name'] = "[email protected]";  gitlab_rails['smtp_password'] = "mypassword";  gitlab_rails['smtp_domain'] = "smtp.gmail.com" ; gitlab_rails['smtp_authentication'] = "login" ; gitlab_rails['smtp_enable_starttls_auto'] = true  ;gitlab_rails['smtp_tls'] = false;  gitlab_rails['smtp_openssl_verify_mode'] = 'peer'

And it works ok.

Other major issue now, is OpenShift persistent volume when using NFS as a backend: User and right permissions are nobody:nobody / 777 which is not valid for gitlab. We need a way to work with it.

[dosire]

@tmaczukin any idea's how to help jstrachan and about the permission issue?

[eliranGL]

@tmaczukin I think the best person for this is @twk3. DJ, can you please look into this and see if you can help @jstrachan?

[twk3]

I ran into the same issue. Right now we suggest setting not_root_squash for your nfs mounts. http://docs.gitlab.com/ce/administration/high_availability/nfs.html#required-nfs-server-features

[eliranGL]

@jstrachan please let me know if you need any further help on this.

[eliranGL]

@jstrachan any updates on this? can we help somehow?

[twk3]

In GitLab 8.12, which will come out later this month, we've made some changes that make using root_squash possible on the storage directories.

It doesn't work if you mount all of /var/opt/gitlab, but you can mount the repos, uploads, builds, and shared paths separately, or configure gitlab to look for them on a seperate mounted location (outside of /var/opt/gitlab), then GitLab will still work with root_squash enabled on those mounts. https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management

[eliranGL]

@jstrachan have you had a chance to review the changes @twk3 detailed? can we help somehow?

[eliranGL]

Update from @jstrachan: we're waiting on some upstream work on keycloak (the SSO provider); once that's sorted we should be able to move to keycloak as the SSO provider for fabric8 for the fabric8 console, for gitlab, jenkins and nexus. So it's not a gitlab thing we're blocked on really; so far that's all working fine.

[nick4fake]

@eliranGL , @jstrachan Is there anything to help with?

[eliranGL]

@jstrachan any updates on the keycloack upstream?

[jstrachan]

So we have a KeyCloak now, so would love to try update our gitlab image to use it for SSO.

Instructions to install it here until we get the release out https://github.com/fabric8io/fabric8-platform/blob/master/README.md#v-4x-pre-release-development

[jstrachan]

@eliranGL @nick4fake either of you ever seen a way to configure gitlab to use a KeyCloak server for its authentication?

[eliranGL]

@jstrachan Through SMAL it may be possible. Have a look at these: https://gitlab.com/gitlab-org/gitlab-ce/issues/23255 https://gitlab.com/gitlab-org/gitlab-ce/issues/15172

[eliranGL]

@jstrachan any updates on this?

[jstrachan]

@eliranGL we've not yet managed to find a way to run gitlab reliably on OpenShfit with out the 'RunAsAnyUser' feature being enabled nor get it working with KC; so we're a bit stuck until we figure that out. I hope to get more time in a couple of weeks to try again to figure out how to do it

[eliranGL]

@jstrachan we're working on splitting our container up which will help resolve that. https://gitlab.com/charts/charts.gitlab.io/issues/14

[rawlingsj]

FWIW I started on a gitlab app for the new look fabric8-platform but there's still some work for me to do there. https://github.com/rawlingsj/fabric8-platform/tree/gitlab/apps/gitlab/src/main/fabric8

The aim is to avoid ANY manual config changes which we can hopefully automate with the help of fabric8 update-controller. Once https://gitlab.com/charts/charts.gitlab.io/issues/14 is done I can update my branch and get gitlab included as a fabric8 app.

[cforce]

Is/How is authentification and authorizaton integrated?

[jstrachan]

fabric8 4.x comes with an integrated KeyCloak server for SSO - though we've not been able to integrate it with gitlab yet

[wandergeek]

Hey guys, any update on this? Really keen to use our existing gitlab installation with this incredible project!

[eliranGL]

Our cloud native chart (microservices) is now available: https://docs.gitlab.com/ee/install/kubernetes/gitlab_chart.html can we see if we can make this happen?