GitLab Setup

Module Objective

  • Setting up a GitLab server

  • Creating users

  • Pushing and Pulling repositories from our private instance

  • Creating build pipelines to test for failures

Prerequisites

Minimum:
- 4GB RAM
- 50GB Disk Space
- Virtualisation Software (VMWare or VirtualBox)
- Linux Server (We will be using Ubuntu 22.04 for our lab)
    - https://ubuntu.com/download/server

Network Setup (OPTIONAL)

Section Objective

  • Create a segregated network for private connections

This section goes over how to set up a Host-Only network if you want to access the server from a virtual machine that is not connected to NAT.

On the Virtual Network Editor, click on Add Network -> OK then select the Host-Only option. You can rename it if you would like.

VMWare Network Editor

After you're done with the network configuration, click on your Ubuntu Server VM and click on VM -> Settings

VMWare Settings

and add your network

Adding a Network Adapter
Selecting our custom network adapter

GitLab Installation

Section Objective

  • Setting up a GitLab instance

  • Setting up runners to compile projects

Before starting this section, have a Linux server up and ready. The script below will install GitLab, Docker, and some quality-of-life tools such as Vim and ohmyzsh (you can remove these from the script if you do not want them).

Download the script then run the following commands:

chmod +x install_gitlab.sh
sudo ./install_gitlab.sh <IP ADDRESS> # Don't set it as localhost/127.0.0.1
https://github.com/Securescape/Offensive-Development/blob/main/Install%20Scripts/install_gitlab.sh
#!/bin/bash
##################
# Install GitLab #
##################

if [ $1 -eq 0 ]
 then
   echo "USAGE: ./install_gitlab.sh <HOST_ADDRESS>"
   echo "./install_gitlab.sh "
fi

sudo apt update
sudo apt install -y curl openssh-server ca-certificates tzdata perl
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash
sudo EXTERNAL_URL="http://$1" apt install gitlab-ee


#####################
# Setting Up Docker #
#####################

# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
 "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
 $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
 sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

#################
# Miscellaneous #
#################

# Quality of Life stuff
sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
git clone --depth=1 https://github.com/amix/vimrc.git ~/.vim_runtime
sh ~/.vim_runtime/install_awesome_vimrc.sh
echo "[!] SSH into your VM for the best experience."

sudo cat /etc/gitlab/initial_root_password # Get GitLab Password

Once the installation is complete, you should be able to open the GitLab web page from your host/Window VM at the selected IP Address

GitLab creates a random root password which you can get by running the command below

sudo cat /etc/gitlab/initial_root_password

Use this to log in to the web console

Logging into our GitLab webpage

OPTIONAL - Adding an SSL Certificate

If you are implementing this in an organisation environment, setting up a TLS certificate is advisable to encrypt the traffic going to and from the server. We will not go through this in this blog, but you can easily find it on the GitLab documentation below.

GitLab SSL Installation for Linux

Adding a Runner

Section Objectives

  • Create a Runner instance

  • Register the runner to the GitLab server

A runner is a program that runs on your server. It compiles and builds projects depending on the language it's using. We will need to create a runner for each language we use in our project, though multiple projects can use the same runner making it handy for multiple build pipelines.

Below are a couple of languages that you can have a runner use, there are a lot more though.

Installing a runner

To install a runner, we first need to get the dependencies, we've made this simpler by providing the script below:

https://github.com/Securescape/Offensive-Development/blob/main/Install%20Scripts/install_runner.sh
#!/bin/bash
###########################
# Gitlab Runner Installer #
###########################

curl -LJO "https://gitlab-runner-downloads.s3.amazonaws.com/latest/deb/gitlab-runner_amd64.deb"
sudo apt install git
sudo dpkg -i gitlab-runner_amd64.deb
sudo systemctl status gitlab-runner
sudo gitlab-runner register

Download it then execute it. After installation is complete, you will be met with a prompt - keep this open as we move on to the next step.

Getting a Token

Each runner we create requires a unique token which we can generate from the Runners tab, under CI/CD.

CI/CD Runners Page

Click on New Instance Runner -> Linux -> Create runner to open the runner config settings

Runner config
Runner token
Example Prompt
Enter the GitLab instance URL (for example, https://gitlab.com/):
http://192.168.8.142

Enter the registration token:
glrt-5yE22sixYMxP5jW4FLpq
Verifying runner... is valid    
                    runner=5yE22sixY
Enter a name for the runner. This is stored only in the local config.toml file:
[devops]: golang2

Enter an executor: custom, parallels, kubernetes, docker-autoscaler, instance, shell, ssh, virtualbox, docker, docker-windows, docker+machine:
docker

Enter the default Docker image (for example, ruby:2.7):
golang:1.22

Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

Copy the token, then go back to your terminal. Enter your GitLab server IP, then your runner's token, name your runner (you can give it the same name as the UI one), type docker for the executor, and then the language of your choice. Since I'll be using Go for this demo, use golang:1.22

Once you are done, type in sudo gitlab-runner run to generate a callback to the server. This will register it for later use.

TL;DR Steps
  1. Open the Runner screen from Dashboard -> Build -> Runner -> New Instance Runner

  2. Create a Linux runner, add tags (optional)

  3. Copy Runner Token

  4. In your terminal, type sudo gitlab-runner register

  5. Enter your GitLab IP address

  6. Enter your runner's token

  7. Enter a name for your runner

  8. Enter docker for the executor

  9. Enter a language you want the runner to compile

  10. Execute sudo gitlab-runner run

Created Runners

Adding Users

Section Objectives

  • Create normal users

  • Add an SSH key for the user

Now that we have the core settings set up, we can start creating users by going to Admin Area -> Users -> New User

Fill in the required details, set the access level as Regular, then click Create User

Before logging out of root, click the Edit button next to the user and give them a username and password. You can optionally set up SMTP to send a password reset link instead.

Editting the user
Password Change Section
GitLab SMTP Setup

Once the password has been set, log in to your user, go to Edit Profile -> SSH Keys and add a new SSH key. This will let you push and pull private repositories from this user. We will also do this for our Windows VM to connect our private GitLab repositories to TeamCity.

You can create one by running ssh-keygen if you do not have a copy or want a separate key for the server. SSH keys can be found in /home/$USER/.ssh/SSH_KEY_NAME.pub

Adding an SSH Key

Last updated

Was this helpful?