meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
git:gitlab:lxc [2020/07/09 08:54] – created niziakgit:gitlab:lxc [2023/02/13 12:49] (current) – ↷ Links adapted because of a move operation niziak
Line 1: Line 1:
 ====== Gitlab in LXC ====== ====== Gitlab in LXC ======
  
-Gitlab in unprivileged LXC.+Gitlab in unprivileged LXC (Proxmox).
  
 ===== Installation ===== ===== Installation =====
   * Install Debian Buster container   * Install Debian Buster container
 +  * Install gitlab repo
 +
 +  * Create additional mount point for Gitlab runtime (database, artifacts, lfs, pages) (to SSD/NVM disks)
 +    * 100GB (thin provisioning) for ''/var/opt/gitlab''
 +  * Create additional mount point for Gitlab repos (to SSD/NVM disks)
 +    * 200GB (thin provisioning) for ''/home/git-data'' 
 +  * Configure mail agent: [[linux:mail:postfix:relay_to_external_smtp]]
 +
 +====== Issues ======
 +
 +===== setting key "kernel.sem": Read-only file system =====
 +<code>
 +STDERR: sysctl: setting key "kernel.sem": Read-only file system
 +---- End output of sysctl -e -p /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.sem.conf ----
 +</code>
 +
 +[[https://docs.gitlab.com/omnibus/common_installation_problems/#failed-to-modify-kernel-parameters-with-sysctl|Failed to modify kernel parameters with sysctl]]
 +
 +Gitlab installator puts own sysctl settings:
 +<code bash>
 +# ls -l /etc/sysctl.d
 +total 11
 +lrwxrwxrwx 1 root root  58 lip  9 16:24 90-omnibus-gitlab-kernel.sem.conf -> /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.sem.conf
 +lrwxrwxrwx 1 root root  61 lip  9 06:36 90-omnibus-gitlab-kernel.shmall.conf -> /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.shmall.conf
 +lrwxrwxrwx 1 root root  61 lip  9 05:53 90-omnibus-gitlab-kernel.shmmax.conf -> /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.shmmax.conf
 +lrwxrwxrwx 1 root root  14 kwi 27 17:02 99-sysctl.conf -> ../sysctl.conf
 +-rw-r--r-- 1 root root 324 maj 31  2018 protect-links.conf
 +-rw-r--r-- 1 root root 639 maj 31  2018 README.sysctl
 +</code>
 +
 +
 +Problem is located in RO /sys filesystem, not in values itself. Host already has huge values set, enough to run Gitlab:
 +<code bah>
 +# sysctl kernel.shmmax
 +kernel.shmmax = 18446744073692774399
 +</code>
 +
 +Solution is to configure gitlab again and again, to skip installator part. Gitlab reconfigure will detect that LXC host has correct variable:
 +<code bash>
 +dpkg --configure -a
 +gitlab-ctl reconfigure
 +</code>
 +
 +Some LXC configuration trick (can work with privileged containers)
 +
 +<file /etc/pve/nodes/pve3/lxc/201.conf>
 +lxc.apparmor.profile: unconfined
 +lxc.mount.auto: sys:rw
 +</file>
 +
 +