- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
使用 Docker 和 Compose,我试图将 Gitlab 与作为另一个服务运行的外部注册表配对。我正在使用 Traefik 这样做。为了配对 Gitlab 和 Registry 服务,我需要 Gitlab 在 /var/opt/gitlab/gitlab-rails/etc/gitlab-registry.key
创建一个 key ,但我可以在启动期间在日志中看到它没有发生......我怀疑我没有设置我需要的所有环境变量?
docker-compose.yml
version: "3.7"
services:
traefik:
container_name: traefik
image: "traefik:v2.2.0"
hostname: "traefik.${WEBSITE}"
restart: always
ports:
- "443:443"
- "5000:5000"
command: --configFile=/config/traefik.toml
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./traefik:/config:ro"
- "/certs/letsencrypt/acme.json:/letsencrypt/acme.json"
gitlab:
container_name: gitlab
image: gitlab/gitlab-ce:latest
hostname: "git.${WEBSITE}"
restart: always
depends_on:
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.git.tls=true"
- "traefik.http.routers.git.tls.certresolver=letsencrypt"
- "traefik.http.routers.git.entrypoints=web"
- "traefik.http.routers.git.rule=host(`git.${WEBSITE}`)"
- "traefik.http.routers.git.service=git"
- "traefik.http.services.git.loadbalancer.server.port=80"
ports:
- "22:22"
environment:
gitlab_omnibus_config: |
gitlab_rails['gitlab_shell_ssh_port'] = 22
external_url "https://git.${WEBSITE}"
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['http2_enabled'] = true
nginx['proxy_set_headers'] = {
"host" => "$$http_host",
"x-real-ip" => "$$remote_addr",
"x-forwarded-for" => "$$proxy_add_x_forwarded_for",
"x-forwarded-proto" => "https",
"x-forwarded-ssl" => "on"
}
# Registry settings
registry['enable'] = false
gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_host'] = "registry.${WEBSITE}"
gitlab_rails['registry_port'] = "5000"
gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
gitlab_rails['registry_key'] = "/var/opt/gitlab/gitlab-rails/etc/certificate.key"
gitlab_rails['registry_api_url'] = "https://registry.${WEBSITE}:5000"
gitlab_rails['registry_issuer'] = "gitlab-issuer"
registry:
container_name: registry
image: registry:2.7
hostname: "registry.${WEBSITE}"
restart: always
depends_on:
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.registry.tls=true"
- "traefik.http.routers.registry.tls.certresolver=letsencrypt"
- "traefik.http.routers.registry.entrypoints=registry"
- "traefik.http.routers.registry.rule=Host(`registry.${WEBSITE}`)"
volumes:
- "/data/registry:/registry"
- "/certs:/certs"
environment:
REGISTRY_LOG_LEVEL: debug
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /registry
REGISTRY_STORAGE_DELETE_ENABLED: 'true'
# REGISTRY_AUTH_TOKEN_REALM: "https://git.${WEBSITE}/jwt/auth" # <--- requires gitlab-registry.key
# REGISTRY_AUTH_TOKEN_SERVICE: container_registry # <--- requires gitlab-registry.key
# REGISTRY_AUTH_TOKEN_ISSUER: gitlab-issuer # <--- requires gitlab-registry.key
# REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: /certs/gitlab-registry.crt # <--- requires gitlab-registry.key
[entryPoints]
[entryPoints.web]
address = ":443"
[entryPoints.registry]
address = ":5000"
[providers]
[providers.docker]
exposedByDefault = false
[certificatesResolvers]
[certificatesResolvers.letsencrypt.acme]
email = "noreply@example.com"
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
storage = "/letsencrypt/acme.json"
[certificatesResolvers.letsencrypt.acme.tlsChallenge]
docker-compose up -d
启动此 Docker 容器后,我可以在
https://git.[WEBSITE] 很好地访问 Gitlab .我也可以使用
curl -k -X GET https://registry.[WEBSITE]:5000/v2/_catalog
访问容器目录(除非我注释掉 REGISTRY_AUTH 环境变量块)。
sudo docker logs -f gitlab
查看):
...
...
* storage_directory[/var/opt/gitlab/backups] action create
* ruby_block[directory resource: /var/opt/gitlab/backups] action run (skipped due to not_if)
(up to date)
* directory[/var/opt/gitlab/gitlab-rails] action create (up to date)
* directory[/var/opt/gitlab/gitlab-ci] action create (up to date)
* file[/var/opt/gitlab/gitlab-rails/etc/gitlab-registry.key] action create (skipped due to only_if)
* template[/opt/gitlab/etc/gitlab-rails/gitlab-rails-rc] action create
- create new file /opt/gitlab/etc/gitlab-rails/gitlab-rails-rc
- update content in file /opt/gitlab/etc/gitlab-rails/gitlab-rails-rc from none to 7b16c8
--- /opt/gitlab/etc/gitlab-rails/gitlab-rails-rc 2020-04-21 02:11:21.628290241 +0000
+++ /opt/gitlab/etc/gitlab-rails/.chef-gitlab-rails-rc20200421-31-y0rbxu 2020-04-21 02:11:21.628290241 +0000
@@ -1 +1,6 @@
+gitlab_user='git'
+gitlab_group='git'
+registry_dir=''
+registry_user='registry'
+registry_group='registry'
* file[/opt/gitlab/embedded/service/gitlab-rails/.secret] action delete (up to date)
* file[/var/opt/gitlab/gitlab-rails/etc/secret] action delete (up to date)
...
...
最佳答案
从 Gitlab 问题来看,在您进行配置之前,似乎某些服务没有正确启动。查看此线程:https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/4257#note_171862038 .
关于docker - 为什么 gitlab-registry.key 是 "skipped due to only_if"?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61415412/
问题: 我有一个 chef 语句,它应该只在属性为“true”时运行。但它每次都会运行。 预期行为:当 default[:QuickBase_Legacy_Stack][:dotNetFx4_Inst
我不确定我是否理解 Chef 条件执行。 我想根据 Postgresql 中是否存在数据库来做一些条件执行 所以这是我的例子 execute "add_db" do cwd "/tmp" us
我对 Chef 资源模型中 only_if 和 not_if 的逻辑顺序感到困惑。 在以下示例中,假设一个名为 /tmp/foo 的文件包含单词 bar: execute "rm /tmp/foo"
我目前正在编写一个简单的脚本来在 Chef 部署期间处理属性文件。我正在使用 chef-apply script.rb 执行以下代码 class_path = '/var/lib/tomcat/web
我想include_recipe only_if满足某些条件。以下代码不会引发任何错误,但也不关心 only_if 条件,因此在任何情况下都会执行: include_recipe "cubrid" d
使用 Docker 和 Compose,我试图将 Gitlab 与作为另一个服务运行的外部注册表配对。我正在使用 Traefik 这样做。为了配对 Gitlab 和 Registry 服务,我需要 G
我正在运行这个简单的配方 block 以在 IIS 中创建 Web 应用 powershell_script "create_site_my_site" do code "New-webapp
我是一名优秀的程序员,十分优秀!