When getting an error like:
The following signatures were invalid: EXPKEYSIG 3F01618A51312F3F GitLab B.V. (package repository signing key) <packages@gitlab.com>
This means the GPG key has been expired and must be renewed.
The easiest is to use a gitlab.sources file with a embedded GPG-key by running the next command.
Renew the GPG-file.
wget -qO- https://packages.gitlab.com/gpg.key | gpg --dearmor -o /etc/apt/trusted.gpg.d/omnibus_gitlab.gpg
Create the sources file for GitLab service.
cat <<EOD > /etc/apt/sources.list.d/gitlab.sources
Types: deb deb-src
Architectures: $(dpkg --print-architecture)
URIs: https://packages.gitlab.com/gitlab/gitlab-ce/$(lsb_release -is | tr '[:upper:]' '[:lower:]')/
Suites: $(lsb_release -cs)
Components: main
Signed-By: /etc/apt/trusted.gpg.d/omnibus_gitlab.gpg
EOD
Create the sources file for GitLab-Runner service.
cat <<EOD > /etc/apt/sources.list.d/gitlab-runner.sources
Types: deb deb-src
Architectures: $(dpkg --print-architecture)
URIs: https://packages.gitlab.com/gitlab/gitlab-ce/$(lsb_release -is | tr '[:upper:]' '[:lower:]')/
Suites: $(lsb_release -cs)
Components: main
Signed-By: /etc/apt/trusted.gpg.d/omnibus_gitlab.gpg
EOD
apt-get install lxc
ls -la /usr/share/lxc/templates/
lxc-create -n <container-name> -t download
lxc-create -n <container-name> -t debian
Add these lines to the configuration file at /var/lib/lxc/<container-name>/config
Enable auto start of this container.
lxc.start.auto = 1
Delay start this container 30 seconds from when the host starts.
lxc.start.delay = 30
The followng lines need kernel options "cgroup_enable=memory swapaccount=1".
Limit memory to 512M
lxc.cgroup.memory.limit_in_bytes = 1G
Total usage or memory + swap to 1G. Note the second setting is for overall memory + swap, not just swap usage.
lxc.cgroup.memory.memsw.limit_in_bytes = 2G
Set the GRUB_CMDLINE_LINUX value as follows in file /etc/default/grub file.'
GRUB_CMDLINE_LINUX = "cgroup_enable=memory swapaccount=1"
Execute the following commands.
update grub using.
update-grub
Grab hold of the root console.
lxc-attach -n <container-name>
Install GitLab needed packages
apt-get install wget openssh-server ca-certificates postfix systemd-cron
Get the script to install the gitlab package
Get the script
wget "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh"
Execute the script
bash script.deb.sh
Actually install the package since it is available now.
apt-get install gitlab-ce
Reconfigure after failure.
gitlab-ctl reconfigure
Probably already fixed...
I modified /opt/gitlab/embedded/cookbooks/gitlab/definitions/sysctl.rb like that:
# Load the settings right away
execute "load sysctl conf" do
#command "cat /etc/sysctl.conf /etc/sysctl.d/*.conf | sysctl -e -p -"
action :nothing
end
Fix nginx problem "422 The change you requested was rejected."
This fix will be un done when gitlab-ctl reconfigure is called.
Update: It Seems to be fixed now (2016-03) and not needed anymore.
Add line
proxy_set_header X-Forwarded-Ssl on;
at 'location / {' section in file /var/opt/gitlab/nginx/conf/gitlab-http.conf
joe /var/opt/gitlab/nginx/conf/gitlab-http.conf
Restart gitlab to make it have effect.
gitlab-ctl restart
Login on website for the first time.
root5iveL!feChange swappiness to 10 from default 60.
See http://en.wikipedia.org/wiki/Swappiness for more details.
sysctl -w vm.swappiness=10
When having the following errors when examining dmesg -w of journalctl --dmesg --follow.
audit: type=1400 audit(????): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=???? comm="(d-logind)" flags="rw, rslave"
In my case this was caused by the GitLab container running Debian bullseye.
To solve this add a rules to allow the mount operation with the following line
to file /etc/apparmor.d/lxc/lxc-default-cgns. There are multiple rules added since fixing the rw, rslave the
next one (rw, rbind) will pop up and so on.
# Added for Debian bookworm nexus3 container which has aparmor audit warnings.
# Allow rslave and rbind mounts for non-specific directories.
mount options=(rw, rslave),
mount options=(rw, rbind),
mount options=(rw, rshared),
mount options=(rw, nosuid),
mount options=(rw, nodev),
mount options=(rw, noexec),
Run next command to make it have effect.
systemctl restart apparmor