brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(gitlab): install gitlab's omnibus package in a ec2 instance

Browse Source
This commit is contained in:
Michele Cereda
2024-04-21 00:47:47 +02:00
parent a43eb84589
commit 20b718532b
7 changed files with 103 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
knowledge base/cloud computing/aws/ec2.md
View File

@@ -29,8 +29,13 @@ aws ec2 describe-instances --output text \
'Name=instance-state-name,Values=running' \ 'Name=instance-state-name,Values=running' \
| xargs -ot aws ssm start-session --target | xargs -ot aws ssm start-session --target
# Describe images by ID. # Show images details.
aws ec2 describe-images --image-ids 'ami-8b8c57f8' aws ec2 describe-images --image-ids 'ami-8b8c57f8'
aws ec2 describe-images --filters \
'Name=name,Values=["al2023-ami-*"]' \
'Name=owner-alias,Values=["amazon"]' \
'Name=architecture,Values=["arm64","x86_64"]' \
'Name=block-device-mapping.volume-type,Values=["gp3"]'
``` ```
</details> </details>
@@ -48,6 +53,8 @@ See [EBS].
### Sources ### Sources
- [Using instance profiles] - [Using instance profiles]
- [DescribeImages] API
- [`describe-images`][describe-images] CLI subcommand
<!-- <!--
References References
@@ -60,6 +67,8 @@ See [EBS].
<!-- Files --> <!-- Files -->
<!-- Upstream --> <!-- Upstream -->
[describe-images]: https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-images.html
[describeimages]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImages.html
[using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html [using instance profiles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
<!-- Others --> <!-- Others -->

36
knowledge base/cloud computing/aws/ssm.md
View File

@@ -8,10 +8,30 @@
## TL;DR ## TL;DR
<details>
<summary>Requirements</summary>
- The IAM instance profile must have the correct permissions.<br/>
FIXME: specify.
- One's instance's security group and VPC must allow HTTPS outbound traffic on port 443 to the Systems Manager's
endpoints:
- `ssm.eu-west-1.amazonaws.com`
- `ec2messages.eu-west-1.amazonaws.com`
- `ssmmessages.eu-west-1.amazonaws.com`
If the VPC does not have internet access, one must have enabled VPC endpoints to allow that outbound traffic from the
instance.
- Also see <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect-with-ec2-instance-connect-endpoint.html>
</details>
<details> <details>
<summary>Usage</summary> <summary>Usage</summary>
```sh ```sh
# Get connection statuses.
aws ssm get-connection-status --target 'instance-id'
# Start sessions. # Start sessions.
aws ssm start-session --target 'instance-id' aws ssm start-session --target 'instance-id'
@@ -23,14 +43,23 @@ aws ssm start-session \
``` ```
</details> </details>
<details> <details>
<summary>Real world use cases</summary> <summary>Real world use cases</summary>
```sh
# Connect to instances if they are available.
instance_id='i-08fc83ad07487d72f' \
&& eval $(aws ssm get-connection-status --target "$instance_id" --query "Status=='connected'" --output text) \
&& aws ssm start-session --target "$instance_id" \
|| (echo "instance ${instance_id} not available" >&2 && false)
```
</details> </details>
## Gotchas ## Gotchas
- SSM starts shell sessions under `/usr/bin` ([source][how can i change the session manager shell to bash on ec2 linux instances?]): - SSM starts shell sessions under `/usr/bin`
([source][how can i change the session manager shell to bash on ec2 linux instances?]):
> **Other shell profile configuration options**<br/> > **Other shell profile configuration options**<br/>
> By default, Session Manager starts in the "/usr/bin" directory. > By default, Session Manager starts in the "/usr/bin" directory.
@@ -38,7 +67,8 @@ aws ssm start-session \
## Integrate with Ansible ## Integrate with Ansible
Create a dynamic inventory named `aws_ec2.yml`.<br/> Create a dynamic inventory named `aws_ec2.yml`.<br/>
It needs to be named like that to be found by the ['community.aws.aws_ssm' connection plugin][community.aws.aws_ssm connection]. It needs to be named like that to be found by the
['community.aws.aws_ssm' connection plugin][community.aws.aws_ssm connection].
```yml ```yml
# File: 'aws_ec2.yml'. # File: 'aws_ec2.yml'.

4
knowledge base/gitlab.md
View File

@@ -79,6 +79,10 @@ sudo gitlab-backup create BACKUP='prefix_override' STRATEGY='copy'
# See https://docs.gitlab.com/ee/administration/backup_restore/backup_gitlab.html#excluding-specific-data-from-the-backup # See https://docs.gitlab.com/ee/administration/backup_restore/backup_gitlab.html#excluding-specific-data-from-the-backup
sudo gitlab-backup create … \ sudo gitlab-backup create … \
SKIP='db,repositories,uploads,builds,artifacts,pages,lfs,terraform_state,registry,packages,ci_secure_files' SKIP='db,repositories,uploads,builds,artifacts,pages,lfs,terraform_state,registry,packages,ci_secure_files'
# Package upgrade.
sudo yum check-update
tmux new-session -A -s 'gitlab-upgrade' "sudo yum update 'gitlab-ee'"
``` ```
</details> </details>

3
knowledge base/systemd.md
View File

@@ -46,6 +46,9 @@ systemctl --user disable --now 'davmail.service'
# Check a service is currently active. # Check a service is currently active.
systemctl is-active 'wpa_supplicant.service' systemctl is-active 'wpa_supplicant.service'
# Check a service is currently enabled.
systemctl is-enabled 'wpa_supplicant.service'
# Reboot the system. # Reboot the system.
systemctl reboot systemctl reboot

47
snippets/gitlab.omnibus.install.sh Normal file
View File

@@ -0,0 +1,47 @@
#!sh
# Instance OS: AmazonLinux 2023
# Instance size: t4g.xlarge
# Source: https://about.gitlab.com/install/#amazonlinux-2023
sudo systemctl is-active sshd.service
sudo systemctl is-enabled sshd.service
sudo systemctl enable --now 'sshd.service'
# Firewalld was not available on the instance
# ---
# sudo systemctl enable --now 'firewalld.service'
# sudo firewall-cmd --permanent --add-service=http
# sudo firewall-cmd --permanent --add-service=https
# sudo systemctl reload firewalld.service
# Can be avoided if emails are not used.
sudo dnf -y install 'postfix'
sudo systemctl enable --now 'postfix.service'
# Should have been `curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh | bash`, but
# blindly installing stuff from the Internet just sucks.
# Soooo, following their script…
source '/etc/os-release'
os="${ID}"
dist="${VERSION_ID}"
base_url='https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/config_file.repo'
curl -sSf "${base_url}?os=${os}&dist=${dist}&source=script" | sudo tee '/etc/yum.repos.d/gitlab_gitlab-ee.repo'
dnf -q makecache -y --disablerepo='*' --enablerepo='gitlab_gitlab-ee'
dnf -q makecache -y --disablerepo='*' --enablerepo='gitlab_gitlab-ee-source'
# For 'https://…' URLs, the package will automatically request a certificate with Let's Encrypt during installation.
# This requires inbound HTTP access and a valid hostname. You can also use your own certificate.
# To avoid this, just use 'http://…' without the final 's'.
sudo EXTERNAL_URL="http://ip-172-31-73-256.eu-south-2.compute.internal" dnf install -y 'gitlab-ee'
# File automatically removed after 24h.
sudo cat '/etc/gitlab/initial_root_password'
# Should one need to tune the configuration.
sudo dnf -y install 'vim'
sudo vim '/etc/gitlab/gitlab.rb'
sudo gitlab-ctl check-config
sudo gitlab-ctl reconfigure
xdg-open 'http://ip-172-31-73-256.eu-south-2.compute.internal'

6
snippets/gitlab.omnibus.reconfigure.sh Normal file
View File

@@ -0,0 +1,6 @@
#!sh
sudo vim '/etc/gitlab/gitlab.rb'
sudo gitlab-ctl check-config
sudo gitlab-ctl diff-config # if one really needs to
sudo gitlab-ctl reconfigure

0
snippets/gitlab.sh → snippets/gitlab.omnibus.upgrade.sh
View File