카테고리 보관물: IT

GitLab CE install

2024년 12월 17일 Jason 댓글 남기기

자가 관리 설치형 공개용 GitLab 설치 과정 입니다.

OS : Ubuntu 22.04.3 LTS
GitLab : CE 17.6.2

OS update 및 의존성 있는 Package 설치

test@test:~$ sudo apt-get update
[sudo] password for ubuntuadm:
Hit:1 http://kr.archive.ubuntu.com/ubuntu jammy InRelease
Get:2 http://kr.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB]
Get:3 http://kr.archive.ubuntu.com/ubuntu jammy-backports InRelease [127 kB]
Get:4 http://kr.archive.ubuntu.com/ubuntu jammy-security InRelease [129 kB]
Fetched 384 kB in 5s (73.5 kB/s)
Reading package lists... Done
test@test:~$ sudo apt-get install -y curl openssh-server ca-certificates tzdata perl
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
ca-certificates is already the newest version (20240203~22.04.1).
ca-certificates set to manually installed.
curl is already the newest version (7.81.0-1ubuntu1.19).
curl set to manually installed.
openssh-server is already the newest version (1:8.9p1-3ubuntu0.10).
perl is already the newest version (5.34.0-3ubuntu1.3).
perl set to manually installed.
The following packages will be upgraded:
  tzdata
1 upgraded, 0 newly installed, 0 to remove and 84 not upgraded.
Need to get 349 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://kr.archive.ubuntu.com/ubuntu jammy-updates/main amd64 tzdata all 2024a-0ubuntu0.22.04.1 [349 kB]
Fetched 349 kB in 2s (186 kB/s)
Preconfiguring packages ...
(Reading database ... 110165 files and directories currently installed.)
Preparing to unpack .../tzdata_2024a-0ubuntu0.22.04.1_all.deb ...
Unpacking tzdata (2024a-0ubuntu0.22.04.1) over (2024a-0ubuntu0.22.04) ...
Setting up tzdata (2024a-0ubuntu0.22.04.1) ...

Current default time zone: 'Etc/UTC'
Local time is now:      Mon Dec 16 12:42:29 UTC 2024.
Universal Time is now:  Mon Dec 16 12:42:29 UTC 2024.
Run 'dpkg-reconfigure tzdata' if you wish to change it.

Scanning processes...
Scanning candidates...
Scanning linux images...

Restarting services...
 /etc/needrestart/restart.d/systemd-manager
 systemctl restart cron.service irqbalance.service multipathd.service open-vm-tools.service packagekit.service polkit.service rsyslog.service ssh.service systemd-journald.service systemd-networkd.service systemd-resolved.service systemd-timesyncd.service systemd-udevd.service udisks2.service upower.service vgauth.service
Service restarts being deferred:
 systemctl restart ModemManager.service
 /etc/needrestart/restart.d/dbus.service
 systemctl restart networkd-dispatcher.service
 systemctl restart systemd-logind.service
 systemctl restart unattended-upgrades.service
 systemctl restart user@1000.service

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.

2. sendmail 설치(선택)

test@test:~$ sudo apt-get install -y postfix
[sudo] password for ubuntuadm:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  ssl-cert
Suggested packages:
  procmail postfix-mysql postfix-pgsql postfix-ldap postfix-pcre postfix-lmdb postfix-sqlite sasl2-bin | dovecot-common resolvconf postfix-cdb mail-reader
  postfix-mta-sts-resolver postfix-doc
The following NEW packages will be installed:
  postfix ssl-cert
0 upgraded, 2 newly installed, 0 to remove and 84 not upgraded.
Need to get 1,265 kB of archives.
After this operation, 4,248 kB of additional disk space will be used.
Get:1 http://kr.archive.ubuntu.com/ubuntu jammy/main amd64 ssl-cert all 1.1.2 [17.4 kB]
Get:2 http://kr.archive.ubuntu.com/ubuntu jammy-updates/main amd64 postfix amd64 3.6.4-1ubuntu1.3 [1,248 kB]
Fetched 1,265 kB in 3s (418 kB/s)
Preconfiguring packages ...
Selecting previously unselected package ssl-cert.
(Reading database ... 110165 files and directories currently installed.)
Preparing to unpack .../ssl-cert_1.1.2_all.deb ...
Unpacking ssl-cert (1.1.2) ...
Selecting previously unselected package postfix.
Preparing to unpack .../postfix_3.6.4-1ubuntu1.3_amd64.deb ...
Unpacking postfix (3.6.4-1ubuntu1.3) ...
Setting up ssl-cert (1.1.2) ...
Setting up postfix (3.6.4-1ubuntu1.3) ...
Adding group `postfix' (GID 120) ...
Done.
Adding system user `postfix' (UID 114) ...
Adding new user `postfix' (UID 114) with group `postfix' ...
Not creating home directory `/var/spool/postfix'.
Creating /etc/postfix/dynamicmaps.cf
Adding group `postdrop' (GID 121) ...
Done.
/etc/aliases does not exist, creating it.

Postfix (main.cf) was not set up.  Start with
  cp /usr/share/postfix/main.cf.debian /etc/postfix/main.cf
.  If you need to make changes, edit /etc/postfix/main.cf (and others) as
needed.  To view Postfix configuration values, see postconf(1).

After modifying main.cf, be sure to run 'systemctl reload postfix'.

Created symlink /etc/systemd/system/multi-user.target.wants/postfix.service → /lib/systemd/system/postfix.service.
Processing triggers for ufw (0.36.1-4ubuntu0.1) ...
Processing triggers for man-db (2.10.2-1) ...
Processing triggers for rsyslog (8.2112.0-2ubuntu2.2) ...
Scanning processes...
Scanning candidates...
Scanning linux images...

Restarting services...
Service restarts being deferred:
 /etc/needrestart/restart.d/dbus.service
 systemctl restart networkd-dispatcher.service
 systemctl restart systemd-logind.service
 systemctl restart unattended-upgrades.service
 systemctl restart user@1000.service

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.

3. GitLab 저장소 추가 및 Package 설치

test@test:~$ curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  6865  100  6865    0     0  20676      0 --:--:-- --:--:-- --:--:-- 20740
Detected operating system as Ubuntu/jammy.
Checking for curl...
Detected curl...
Checking for gpg...
Detected gpg...
Running apt-get update... done.
Installing apt-transport-https... done.
Installing /etc/apt/sources.list.d/gitlab_gitlab-ce.list...done.
Importing packagecloud gpg key... done.
Running apt-get update... done.

The repository is setup! You can now install packages.
test@test:~$ sudo EXTERNAL_URL="https://gitlab.example.com" apt-get install gitlab-ce
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  gitlab-ce
0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded.
Need to get 1,362 MB of archives.
After this operation, 3,666 MB of additional disk space will be used.
Get:1 https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu jammy/main amd64 gitlab-ce amd64 17.6.2-ce.0 [1,362 MB]
Fetched 1,362 MB in 16s (84.2 MB/s)
Selecting previously unselected package gitlab-ce.
(Reading database ... 110380 files and directories currently installed.)
Preparing to unpack .../gitlab-ce_17.6.2-ce.0_amd64.deb ...
Unpacking gitlab-ce (17.6.2-ce.0) ...
Setting up gitlab-ce (17.6.2-ce.0) ...
[2024-12-16T13:17:55+00:00] INFO: Started Cinc Zero at chefzero://localhost:1 with repository at /opt/gitlab/embedded (One version per cookbook)
Cinc Client, version 18.3.0
Patents: https://www.chef.io/patents
Infra Phase starting
.......

4. /etc/gitlab/gitlab.rb 수정 및 서비스 재기동

vi /etc/gitlab/gitlab.rb
external_url 'http://192.168.0.100:8081' # 'https://gitlab.example.com' 부분 수정

test@test:~$ sudo gitlab-ctl reconfigure
[2024-12-16T13:32:13+00:00] INFO: Started Cinc Zero at chefzero://localhost:1 with repository at /opt/gitlab/embedded (One version per cookbook)
Cinc Client, version 18.3.0
Patents: https://www.chef.io/patents
Infra Phase starting
[2024-12-16T13:32:13+00:00] INFO: *** Cinc Client 18.3.0 ***
[2024-12-16T13:32:13+00:00] INFO: Platform: x86_64-linux
[2024-12-16T13:32:13+00:00] INFO: Cinc-client pid: 793651
/opt/gitlab/embedded/lib/ruby/gems/3.2.0/gems/ffi-yajl-2.6.0/lib/ffi_yajl/encoder.rb:42: warning: undefining the allocator of T_DATA class FFI_Yajl::Ext::Encoder::YajlGen
[2024-12-16T13:32:14+00:00] INFO: Setting the run_list to ["recipe[gitlab]"] from CLI options
[2024-12-16T13:32:14+00:00] INFO: Run List is [recipe[gitlab]]
[2024-12-16T13:32:14+00:00] INFO: Run List expands to [gitlab]
[2024-12-16T13:32:14+00:00] INFO: Starting Cinc Client Run for gitlab-ce
[2024-12-16T13:32:14+00:00] INFO: Running start handlers
[2024-12-16T13:32:14+00:00] INFO: Start handlers complete.
Resolving cookbooks for run list: ["gitlab"]
[2024-12-16T13:32:15+00:00] INFO: Loading cookbooks [gitlab@0.0.1, package@0.1.0, logrotate@0.1.0, postgresql@0.1.0, redis@0.1.0, monitoring@0.1.0, registry@0.1.0, mattermost@0.1.0, consul@0.1.0, gitaly@0.1.0, praefect@0.1.0, gitlab-kas@0.1.0, gitlab-pages@0.1.0, letsencrypt@0.1.0, nginx@0.1.0, runit@5.1.7, acme@4.1.6, crond@0.1.0]
Synchronizing cookbooks:
  - gitlab (0.0.1)
  - logrotate (0.1.0)
  - postgresql (0.1.0)
  - package (0.1.0)
  - redis (0.1.0)
  - registry (0.1.0)
  - consul (0.1.0)
  - monitoring (0.1.0)
  - gitaly (0.1.0)
  - nginx (0.1.0)
  - letsencrypt (0.1.0)
  - mattermost (0.1.0)
  - runit (5.1.7)
  - praefect (0.1.0)
  - gitlab-kas (0.1.0)
  - gitlab-pages (0.1.0)
  - acme (4.1.6)
  - crond (0.1.0)
Installing cookbook gem dependencies:
Compiling cookbooks...

......

[2024-12-16T13:36:12+00:00] INFO: file[Prometheus config] sending run action to execute[reload prometheus] (delayed)
  * execute[reload prometheus] action run[2024-12-16T13:36:12+00:00] INFO: execute[reload prometheus] ran successfully

    - execute /opt/gitlab/bin/gitlab-ctl hup prometheus
[2024-12-16T13:36:12+00:00] INFO: env_dir[/opt/gitlab/etc/alertmanager/env] sending restart action to runit_service[alertmanager] (delayed)
Recipe: monitoring::alertmanager
  * runit_service[alertmanager] action restart (up to date)
[2024-12-16T13:36:13+00:00] INFO: env_dir[/opt/gitlab/etc/postgres-exporter/env] sending restart action to runit_service[postgres-exporter] (delayed)
Recipe: monitoring::postgres-exporter
  * runit_service[postgres-exporter] action restart (up to date)
[2024-12-16T13:36:13+00:00] INFO: Cinc Client Run complete in 98.699695509 seconds

Running handlers:
[2024-12-16T13:36:13+00:00] INFO: Running report handlers
Running handlers complete
[2024-12-16T13:36:13+00:00] INFO: Report handlers complete
Infra Phase complete, 157/1128 resources updated in 01 minutes 39 seconds
gitlab Reconfigured!

5. 임시 비밀번호 확인, 24시간 이후 삭제됨

sudo cat /etc/gitlab/initial_root_password

6. 브라우저 접근 확인 및 로그인 후 Edit profile > Password 통해 임시 비밀번호 변경

K8S

Kubernetes 기본 설치(Version 1.28)

2023년 12월 20일 Jason 댓글 남기기

구성 내역

Kubernetes 1.28.2
Ubuntu 22.04.3 LTS
Container : cri-dockerd
CNI : calico
구성용 계정 : ubuntuadm
Master node : k8s-master-01
Worker node : k8s-worker-01 ~ 02

구성전 모든 노드의 swap은 off 처리…

[공통]

cri-docker 설치 시작

curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo systemctl enable –now docker && sudo systemctl status docker –no-pager
sudo usermod -aG docker ubuntuadm
sudo docker container ls

cri-docker Install
VER=$(curl -s https://api.github.com/repos/Mirantis/cri-dockerd/releases/latest|grep tag_name | cut -d ‘”‘ -f 4|sed ‘s/v//g’)
echo $VER
wget https://github.com/Mirantis/cri-dockerd/releases/download/v${VER}/cri-dockerd-${VER}.amd64.tgz
tar xvf cri-dockerd-${VER}.amd64.tgz
sudo mv cri-dockerd/cri-dockerd /usr/local/bin/

cri-docker Version Check
cri-dockerd –version

wget https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.service
wget https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.socket
sudo mv cri-docker.socket cri-docker.service /etc/systemd/system/
sudo sed -i -e ‘s,/usr/bin/cri-dockerd,/usr/local/bin/cri-dockerd,’ /etc/systemd/system/cri-docker.service

sudo systemctl daemon-reload
sudo systemctl enable cri-docker.service
sudo systemctl enable –now cri-docker.socket

cri-docker Active Check
sudo systemctl restart docker && sudo systemctl restart cri-docker
sudo systemctl status cri-docker.socket –no-pager

Docker cgroup Change Require to Systemd
sudo mkdir /etc/docker
cat <<EOF | sudo tee /etc/docker/daemon.json
{
“exec-opts”: [“native.cgroupdriver=systemd”],
“log-driver”: “json-file”,
“log-opts”: {
“max-size”: “100m”
},
“storage-driver”: “overlay2”
}
EOF

sudo systemctl restart docker && sudo systemctl restart cri-docker
sudo docker info | grep Cgroup

환경 설정

Kernel Forwarding
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

sudo sysctl –system

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

sudo modprobe overlay
sudo modprobe br_netfilter

필요한 sysctl 파라미터를 설정하면, 재부팅 후에도 값이 유지된다.
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF

재부팅하지 않고 sysctl 파라미터 적용하기
sudo sysctl –system

Package 설치

sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl

sudo curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg

sudo curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://dl.k8s.io/apt/doc/apt-key.gpg && \
echo “deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main” | sudo tee /etc/apt/sources.list.d/kubernetes.list

sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl

sudo systemctl daemon-reload
sudo systemctl restart kubelet

[Master node]

sudo kubeadm config images pull –cri-socket unix:///run/cri-dockerd.sock
sudo kubeadm init –cri-socket /var/run/cri-dockerd.sock

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

kubectl get nodes -o wide
kubectl get pods -A
kubectl describe node k8s-master-01

Calico CNI 설치
curl https://projectcalico.docs.tigera.io/manifests/calico.yaml -O

curl https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/calico.yaml -O
kubectl apply -f calico.yaml

kubectl get nodes
kubectl get pod –all-namespaces

[worker node]

kubeadm init 실행시 마지막 출력되는 명령어 사용
sudo kubeadm join 192.168.0.101:6443 –token xxxxxxxxxxxx \
–discovery-token-ca-cert-hash sha256:xxxxxxxxxxxx \
–cri-socket /var/run/cri-dockerd.sock

kubectl get nodes

kubectl 명령어 자동 완성

https://kubernetes.io/ko/docs/tasks/tools/included/optional-kubectl-configs-bash-linux/

echo ‘source <(kubectl completion bash)’ >>~/.bashrc
echo ‘alias k=kubectl’ >>~/.bashrc
echo ‘complete -o default -F __start_kubectl k’ >>~/.bashrc

IT, XML

특수 문자(Special Character) 문제(&#65279)

2021년 8월 18일 Jason 댓글 한 개

cvc-complex-type.2.3 오류

09:52:06,504 WARNING [com.hazelcast.web.ClusteredSessionService] (default task-1) Cannot connect to Hazelcast server: cvc-complex-type.2.3: Element 'near-cache' cannot have character [children], because the type's content type is element-only. 
09:52:06,962 WARNING [com.hazelcast.web.HazelcastHttpSession] (default task-1) Unexpected error occurred.: java.lang.NullPointerException 
 at com.hazelcast.web.ClusteredSessionService.updateAttributes(ClusteredSessionService.java:285) 
 at com.hazelcast.web.HazelcastHttpSession.sessionDeferredWrite(HazelcastHttpSession.java:300) 
 at com.hazelcast.web.WebFilter.doFilter(WebFilter.java:303) 
 at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) 
 at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) 
 at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) 
 at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) 
 at io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32) 
 at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) 
 at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) 
 ...

일반적인 오류 해결법

XML 태그 정보 누락 여부 재확인

<?xml version="1.0" encoding="UTF-8" ?>

IDE 문제 – 이클립스 또는 STS 재기동
오타 여부 재확인 – 특수문자의 오기입 또는 오탈자로 인해 발생 가능 합니다.

그게 아니면…..

UTF-8 인코딩의 BOM(Byte Order Mark) 문제….
UTF-8, UTF-16 등의 유니코드 인코딩 방식을 알리기 위한 사인(Signature)으로 사용하기 위한 용도 입니다.
UTF-8은 BOM 없이도 인코딩 인식이 가능하지만 노트패드등의 윈도우 환경의 일부 에디터가 BOM을 자동으로 추가 하게 되며 눈에 보이지 않는 특수 문자(여백 문자)가 추가 되게 됩니다. 이로 인해 UNIX 환경에서 예상치 않은 cvc-complex-type.2.3 오류가 발생할 수 있습니다.

해결 방안

Notepad++, Ultraeditor, EditPlus 등의 에디터를 이용해 ‘UTF-8 without BOM’ (BOM 없는 UTF-8) 으로 저장
개인적으로는 BOM 없는 UTF-8로 저장이 안되어서 태그 앞의 여백 부분을 모두 삭제하여 해결 하였습니다.
윈도우에서 코드를 저장할 때는 항상 인코딩에 주의를 해야할 듯 합니다. 🙂

출처
http://blog.wystan.net/2007/08/18/bom-byte-order-mark-problem

https://ko.wikipedia.org/wiki/%EB%B0%94%EC%9D%B4%ED%8A%B8_%EC%88%9C%EC%84%9C_%ED%91%9C%EC%8B%9D

IT Garage