GitLab Setup

Module Objective

Setting up a GitLab server
Creating users
Pushing and Pulling repositories from our private instance
Creating build pipelines to test for failures

Prerequisites

Minimum:
- 4GB RAM
- 50GB Disk Space
- Virtualisation Software (VMWare or VirtualBox)
- Linux Server (We will be using Ubuntu 22.04 for our lab)
    - https://ubuntu.com/download/server

Network Setup (OPTIONAL)

Section Objective

Create a segregated network for private connections

This section goes over how to set up a Host-Only network if you want to access the server from a virtual machine that is not connected to NAT.

On the Virtual Network Editor, click on Add Network -> OK then select the Host-Only option. You can rename it if you would like.

After you're done with the network configuration, click on your Ubuntu Server VM and click on VM -> Settings

and add your network

GitLab Installation

Section Objective

Setting up a GitLab instance
Setting up runners to compile projects

If you don't see an IP Address, then try running sudo dhclient <INTERFACE>

Before starting this section, have a Linux server up and ready. The script below will install GitLab, Docker, and some quality-of-life tools such as Vim and ohmyzsh (you can remove these from the script if you do not want them).

Download the script then run the following commands:

chmod +x install_gitlab.sh
sudo ./install_gitlab.sh <IP ADDRESS> # Don't set it as localhost/127.0.0.1

https://github.com/Securescape/Offensive-Development/blob/main/Install%20Scripts/install_gitlab.sh

#!/bin/bash
##################
# Install GitLab #
##################

if [ $1 -eq 0 ]
 then
   echo "USAGE: ./install_gitlab.sh <HOST_ADDRESS>"
   echo "./install_gitlab.sh "
fi

sudo apt update
sudo apt install -y curl openssh-server ca-certificates tzdata perl
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash
sudo EXTERNAL_URL="http://$1" apt install gitlab-ee


#####################
# Setting Up Docker #
#####################

# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
 "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
 $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
 sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

#################
# Miscellaneous #
#################

# Quality of Life stuff
sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
git clone --depth=1 https://github.com/amix/vimrc.git ~/.vim_runtime
sh ~/.vim_runtime/install_awesome_vimrc.sh
echo "[!] SSH into your VM for the best experience."

sudo cat /etc/gitlab/initial_root_password # Get GitLab Password

Once the installation is complete, you should be able to open the GitLab web page from your host/Window VM at the selected IP Address

GitLab creates a random root password which you can get by running the command below

sudo cat /etc/gitlab/initial_root_password

Use this to log in to the web console

Make sure to save or change the root password, as it will be deleted from the server files after logging in.

OPTIONAL - Adding an SSL Certificate

If you are implementing this in an organisation environment, setting up a TLS certificate is advisable to encrypt the traffic going to and from the server. We will not go through this in this blog, but you can easily find it on the GitLab documentation below.

Adding a Runner

Section Objectives

Create a Runner instance
Register the runner to the GitLab server

A runner is a program that runs on your server. It compiles and builds projects depending on the language it's using. We will need to create a runner for each language we use in our project, though multiple projects can use the same runner making it handy for multiple build pipelines.

Below are a couple of languages that you can have a runner use, there are a lot more though.

Runner Languages

Golang: https://hub.docker.com/_/golang
Python: https://hub.docker.com/_/python
C#: https://hub.docker.com/_/microsoft-dotnet-sdk/
C: https://hub.docker.com/_/gcc
Rust: https://hub.docker.com/_/rust

...

Installing a runner

To install a runner, we first need to get the dependencies, we've made this simpler by providing the script below:

https://github.com/Securescape/Offensive-Development/blob/main/Install%20Scripts/install_runner.sh

#!/bin/bash
###########################
# Gitlab Runner Installer #
###########################

curl -LJO "https://gitlab-runner-downloads.s3.amazonaws.com/latest/deb/gitlab-runner_amd64.deb"
sudo apt install git
sudo dpkg -i gitlab-runner_amd64.deb
sudo systemctl status gitlab-runner
sudo gitlab-runner register

Download it then execute it. After installation is complete, you will be met with a prompt - keep this open as we move on to the next step.

Getting a Token

Each runner we create requires a unique token which we can generate from the Runners tab, under CI/CD.

Click on New Instance Runner -> Linux -> Create runner to open the runner config settings

Example Prompt

Enter the GitLab instance URL (for example, https://gitlab.com/):
http://192.168.8.142

Enter the registration token:
glrt-5yE22sixYMxP5jW4FLpq
Verifying runner... is valid    
                    runner=5yE22sixY
Enter a name for the runner. This is stored only in the local config.toml file:
[devops]: golang2

Enter an executor: custom, parallels, kubernetes, docker-autoscaler, instance, shell, ssh, virtualbox, docker, docker-windows, docker+machine:
docker

Enter the default Docker image (for example, ruby:2.7):
golang:1.22

Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

Copy the token, then go back to your terminal. Enter your GitLab server IP, then your runner's token, name your runner (you can give it the same name as the UI one), type docker for the executor, and then the language of your choice. Since I'll be using Go for this demo, use golang:1.22

Once you are done, type in sudo gitlab-runner run to generate a callback to the server. This will register it for later use.

Make sure to run the command as sudo

sudo gitlab-runner ...

TL;DR Steps

Open the Runner screen from Dashboard -> Build -> Runner -> New Instance Runner
Create a Linux runner, add tags (optional)
Copy Runner Token
In your terminal, type sudo gitlab-runner register
Enter your GitLab IP address
Enter your runner's token
Enter a name for your runner
Enter docker for the executor
Enter a language you want the runner to compile
Execute sudo gitlab-runner run

Adding Users

Section Objectives

Create normal users
Add an SSH key for the user

Now that we have the core settings set up, we can start creating users by going to Admin Area -> Users -> New User

Fill in the required details, set the access level as Regular, then click Create User

Before logging out of root, click the Edit button next to the user and give them a username and password. You can optionally set up SMTP to send a password reset link instead.

Once the password has been set, log in to your user, go to Edit Profile -> SSH Keys and add a new SSH key. This will let you push and pull private repositories from this user. We will also do this for our Windows VM to connect our private GitLab repositories to TeamCity.

You can create one by running ssh-keygen if you do not have a copy or want a separate key for the server. SSH keys can be found in /home/$USER/.ssh/SSH_KEY_NAME.pub

PreviousGitLab NextSimple Calculator Project

Last updated 1 year ago

Was this helpful?