====== Gitlab in LXC ======
Gitlab in unprivileged LXC (Proxmox).
===== Installation =====
* Install Debian Buster container
* Install gitlab repo
* Create additional mount point for Gitlab runtime (database, artifacts, lfs, pages) (to SSD/NVM disks)
* 100GB (thin provisioning) for ''/var/opt/gitlab''
* Create additional mount point for Gitlab repos (to SSD/NVM disks)
* 200GB (thin provisioning) for ''/home/git-data''
* Configure mail agent: [[linux:mail:postfix:relay_to_external_smtp]]
====== Issues ======
===== setting key "kernel.sem": Read-only file system =====
STDERR: sysctl: setting key "kernel.sem": Read-only file system
---- End output of sysctl -e -p /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.sem.conf ----
[[https://docs.gitlab.com/omnibus/common_installation_problems/#failed-to-modify-kernel-parameters-with-sysctl|Failed to modify kernel parameters with sysctl]]
Gitlab installator puts own sysctl settings:
# ls -l /etc/sysctl.d
total 11
lrwxrwxrwx 1 root root 58 lip 9 16:24 90-omnibus-gitlab-kernel.sem.conf -> /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.sem.conf
lrwxrwxrwx 1 root root 61 lip 9 06:36 90-omnibus-gitlab-kernel.shmall.conf -> /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.shmall.conf
lrwxrwxrwx 1 root root 61 lip 9 05:53 90-omnibus-gitlab-kernel.shmmax.conf -> /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.shmmax.conf
lrwxrwxrwx 1 root root 14 kwi 27 17:02 99-sysctl.conf -> ../sysctl.conf
-rw-r--r-- 1 root root 324 maj 31 2018 protect-links.conf
-rw-r--r-- 1 root root 639 maj 31 2018 README.sysctl
Problem is located in RO /sys filesystem, not in values itself. Host already has huge values set, enough to run Gitlab:
# sysctl kernel.shmmax
kernel.shmmax = 18446744073692774399
Solution is to configure gitlab again and again, to skip installator part. Gitlab reconfigure will detect that LXC host has correct variable:
dpkg --configure -a
gitlab-ctl reconfigure
Some LXC configuration trick (can work with privileged containers)
lxc.apparmor.profile: unconfined
lxc.mount.auto: sys:rw