Major update of rollout for 160_gitlab_ci

Author: nicholasdille

150_gitlab/001_quickstart/gitlab.demo

@@ -6,7 +6,7 @@ docker run -d --name gitlab \
     --volume gitlab_logs:/var/log/gitlab \
     --volume gitlab_data:/var/opt/gitlab \
     --publish 80:80 \
-    gitlab/gitlab-ee:17.5.0-ee.0
+    gitlab/gitlab-ee:17.5.1-ee.0
 
 # Wait for container to finish starting
 while docker container inspect gitlab \

150_gitlab/100_reverse_proxy/compose.tls.yml

@@ -57,7 +57,7 @@ services:
 
   # https://docs.gitlab.com/ee/install/docker.html
   gitlab:
-    image: gitlab/gitlab-ee:17.5.0-ee.0
+    image: gitlab/gitlab-ee:17.5.1-ee.0
     environment:
       # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template
       GITLAB_OMNIBUS_CONFIG: |

150_gitlab/100_reverse_proxy/compose.yml

@@ -43,7 +43,7 @@ services:
 
   # https://docs.gitlab.com/ee/install/docker.html
   gitlab:
-    image: gitlab/gitlab-ee:17.5.0-ee.0
+    image: gitlab/gitlab-ee:17.5.1-ee.0
     environment:
       # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template
       GITLAB_OMNIBUS_CONFIG: |

150_gitlab/180_components/compose.yml

@@ -17,7 +17,7 @@ volumes:
 services:
 
   gitlab:
-    image: gitlab/gitlab-ee:17.5.0-ee.0
+    image: gitlab/gitlab-ee:17.5.1-ee.0
     environment:
       # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template
       GITLAB_OMNIBUS_CONFIG: |
@@ -73,7 +73,7 @@ services:
       traefik.tcp.routers.ssh.service: ssh
 
   db:
-    image: gitlab/gitlab-ee:17.5.0-ee.0
+    image: gitlab/gitlab-ee:17.5.1-ee.0
     environment:
       # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template
       GITLAB_OMNIBUS_CONFIG: |
@@ -110,7 +110,7 @@ services:
     - postgres-log:/var/log/gitlab
 
   redis:
-    image: gitlab/gitlab-ee:17.5.0-ee.0
+    image: gitlab/gitlab-ee:17.5.1-ee.0
     environment:
       # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template
       GITLAB_OMNIBUS_CONFIG: |
@@ -137,7 +137,7 @@ services:
     - redis-log:/var/log/gitlab
 
   gitaly:
-    image: gitlab/gitlab-ee:17.5.0-ee.0
+    image: gitlab/gitlab-ee:17.5.1-ee.0
     environment:
       # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template
       GITLAB_OMNIBUS_CONFIG: |

150_gitlab/180_components/docker-compose.yaml

@@ -55,7 +55,7 @@ services:
 
   # https://docs.gitlab.com/ee/install/docker.html
   redis:
-    image: gitlab/gitlab-ee:17.5.0-ee.0
+    image: gitlab/gitlab-ee:17.5.1-ee.0
     environment:
       # https://gitlab.com/gitlab-org/omnibus-gitlab/-/blob/16.1.2+ee.0/files/gitlab-config-template/gitlab.rb.template#L1383
       GITLAB_OMNIBUS_CONFIG: |
@@ -80,7 +80,7 @@ services:
 
   # https://docs.gitlab.com/ee/install/docker.html
   postgres:
-    image: gitlab/gitlab-ee:17.5.0-ee.0
+    image: gitlab/gitlab-ee:17.5.1-ee.0
     environment:
       # https://gitlab.com/gitlab-org/omnibus-gitlab/-/blob/16.1.2+ee.0/files/gitlab-config-template/gitlab.rb.template#L1229
       GITLAB_OMNIBUS_CONFIG: |
@@ -124,7 +124,7 @@ services:
 
   # https://docs.gitlab.com/ee/install/docker.html
   gitaly:
-    image: gitlab/gitlab-ee:17.5.0-ee.0
+    image: gitlab/gitlab-ee:17.5.1-ee.0
     environment:
       # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template
       GITLAB_OMNIBUS_CONFIG: |
@@ -181,7 +181,7 @@ services:
 
   # https://docs.gitlab.com/ee/install/docker.html
   application:
-    image: gitlab/gitlab-ee:17.5.0-ee.0
+    image: gitlab/gitlab-ee:17.5.1-ee.0
     environment:
       GITLAB_SKIP_UNMIGRATED_DATA_CHECK: true
       # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template
@@ -234,7 +234,7 @@ services:
 
   # https://docs.gitlab.com/ee/install/docker.html
   pages:
-    image: gitlab/gitlab-ee:17.5.0-ee.0
+    image: gitlab/gitlab-ee:17.5.1-ee.0
     environment:
       # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template
       GITLAB_OMNIBUS_CONFIG: |
@@ -261,7 +261,7 @@ services:
 
   # https://docs.gitlab.com/ee/install/docker.html
   monitoring:
-    image: gitlab/gitlab-ee:17.5.0-ee.0
+    image: gitlab/gitlab-ee:17.5.1-ee.0
     environment:
       # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template
       GITLAB_OMNIBUS_CONFIG: |

150_gitlab/bootstrap.sh

@@ -3,5 +3,5 @@
 uniget update
 uniget install glab
 
-docker pull gitlab/gitlab-ee:17.5.0-ee.0
-docker pull gitlab/gitlab-ee:17.5.1-ee.0
+docker pull gitlab/gitlab-ee:17.5.1-ee.0
+docker pull gitlab/gitlab-ee:17.5.2-ee.0

160_gitlab_ci/000_rollout/README.md

@@ -25,6 +25,112 @@ make apply
 
 ## Bootstrap services
 
+Checkout the next directories called `../00?_*` and follow the instructions
+
+## Testing
+
+View GitLab:
+
+```shell
+ssh gitlab env -C /root/container-slides/160_gitlab_ci/001_server docker-compose ps -a
+```
+
+View GitLab Runner:
+
+```shell
+ssh gitlab env -C /root/container-slides/160_gitlab_ci/002_runner docker-compose ps -a
+```
+
+View instances of Visual Studio Code:
+
+```shell
+ssh vscode env -C /root/container-slides/160_gitlab_ci/003_vscode docker-compose ps -a --format "table {{.ID}}\t{{.Name}}\t{{.State}}"
+```
+
+Test DNS resolution:
+
+```shell
+dig +short code.inmylab.de
+dig +short gitlab.inmylab.de
+dig +short vscode.inmylab.de
+dig +short grafana.inmylab.de
+```
+
+Test endpoints:
+
+```shell
+curl -sSI https://code.inmylab.de/
+curl -sSI https://gitlab.inmylab.de/
+curl -sSI https://grafana.inmylab.de/
+seq 0 20 | xargs -I{} curl -sSI https://seat{}.vscode.inmylab.de
+seq 0 20 | xargs -I{} curl -sSI https://code.inmylab.de/seat{}/
+```
+
+List runners:
+
+```shell
+curl -sSLfH "Private-Token: $(jq -r '.gitlab_admin_token' seats.json)" https://gitlab.inmylab.de/api/v4/runners/all?type=instance_type | jq .
+```
+
+Test authentication for code.inmylab.de:
+
+```shell
+seq 0 20 \
+| while read -r INDEX; do
+    CODE="$( jq -r --arg index ${INDEX} '.seats[$index | tonumber].code' seats.json )"
+    AUTH="$( echo -n "seat${INDEX}:${CODE}" | base64 -w0 )"
+    curl -sSIH "Authorization: Basic ${AUTH}" https://code.inmylab.de/seat${INDEX}/
+done
+```
+
+Test authentication for vscode.inmylab.de:
+
+```shell
+seq 0 20 \
+| while read -r INDEX; do
+    PASS="$( jq -r --arg index ${INDEX} '.seats[$index | tonumber].password' seats.json )"
+    AUTH="$( echo -n "seat${INDEX}:${PASS}" | base64 -w0 )"
+    curl -sSIH "Authorization: Basic ${AUTH}" https://seat${INDEX}.vscode.inmylab.de/
+done
+```
+
+Test PAT for gitlab.inmylab.de:
+
+```shell
+seq 0 20 | while read -r INDEX; do
+    PAT="$( jq -r --arg index ${INDEX} '.[$index | tonumber]' ../001_server/personal_access_tokens.json )"
+    curl -sSH "Private-Token: ${PAT}" https://gitlab.inmylab.de/api/v4/user \
+    | jq -r .username
+done
+```
+
+Block all users:
+
+```shell
+seq 0 20 | while read -r INDEX; do
+    PAT="$( jq -r '.gitlab_admin_token' seats.json )"
+    USER_ID="$( curl -sSH "Private-Token: ${PAT}" https://gitlab.inmylab.de/api/v4/users?username=seat${INDEX} | jq -r .[0].id )"
+    curl -sSH "Private-Token: ${PAT}" -X POST https://gitlab.inmylab.de/api/v4/users/${USER_ID}/block
+done
+```
+
+Unblock all users:
+
+```shell
+seq 0 20 | while read -r INDEX; do
+    PAT="$( jq -r '.gitlab_admin_token' seats.json )"
+    USER_ID="$( curl -sSH "Private-Token: ${PAT}" https://gitlab.inmylab.de/api/v4/users?username=seat${INDEX} | jq -r .[0].id )"
+    curl -sSH "Private-Token: ${PAT}" -X POST https://gitlab.inmylab.de/api/v4/users/${USER_ID}/unblock
+done
+```
+
+Fetch last activity:
+
 ```shell
-bash bootstrap.sh
+seq 0 20 | while read -r INDEX; do
+    PAT="$( jq -r '.gitlab_admin_token' seats.json )"
+    USER_ID="$( curl -sSH "Private-Token: ${PAT}" https://gitlab.inmylab.de/api/v4/users?username=seat${INDEX} | jq -r .[0].id )"
+    curl -sSH "Private-Token: ${PAT}" https://gitlab.inmylab.de/api/v4/users/${USER_ID} \
+    | jq -r '"last_sign_in_at: \(.last_sign_in_at)\nlast_activity_on: \(.last_activity_on)\nsign_in_count: \(.sign_in_count)"'
+done
 ```

160_gitlab_ci/000_rollout/bootstrap.sh

@@ -13,6 +13,7 @@ locals {
   traefik_version = "3.1.6"
   code_server_version = "4.93.1"
   nginx_version = "1.27.2"
+  grafana_version = "11.3.1"
 }
 
 source "hcloud" "gitlab" {
@@ -42,7 +43,8 @@ build {
         "docker pull traefik:${local.traefik_version}",
         "docker pull gitlab/gitlab-runner:v${local.gitlab_runner_version}",
         "docker pull codercom/code-server:${local.code_server_version}",
-        "docker pull nginx:${local.nginx_version}"
+        "docker pull nginx:${local.nginx_version}",
+        "docker pull grafana/grafana:${local.grafana_version}"
     ]	
   }
 }

160_gitlab_ci/000_rollout/gitlab.pkr.hcl

@@ -95,7 +95,8 @@ resource "acme_certificate" "gitlab" {
     "*.dev.webdav.${local.domain}",
     "*.live.webdav.${local.domain}",
     "gitlab.${local.domain}",
-    "*.gitlab.${local.domain}"
+    "*.gitlab.${local.domain}",
+    "grafana.${local.domain}"
   ]
 
   dns_challenge {
@@ -249,6 +250,14 @@ resource "hetznerdns_record" "gitlab" {
   ttl= 120
 }
 
+resource "hetznerdns_record" "grafana" {
+  zone_id = data.hetznerdns_zone.main.id
+  name = "grafana"
+  value = hcloud_server.gitlab.ipv4_address
+  type = "A"
+  ttl= 120
+}
+
 resource "hetznerdns_record" "gitlab_wildcard" {
   zone_id = data.hetznerdns_zone.main.id
   name = "*.gitlab"