meta data for this page
Gitlab in LXC
Gitlab in unprivileged LXC (Proxmox).
Installation
- Install Debian Buster container
- Install gitlab repo
- Create additional mount point for Gitlab runtime (database, artifacts, lfs, pages) (to SSD/NVM disks)
- 100GB (thin provisioning) for
/var/opt/gitlab
- Create additional mount point for Gitlab repos (to SSD/NVM disks)
- 200GB (thin provisioning) for
/home/git-data
- Configure mail agent: Relay to external SMTP server
Issues
setting key "kernel.sem": Read-only file system
STDERR: sysctl: setting key "kernel.sem": Read-only file system ---- End output of sysctl -e -p /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.sem.conf ----
Failed to modify kernel parameters with sysctl
Gitlab installator puts own sysctl settings:
# ls -l /etc/sysctl.d total 11 lrwxrwxrwx 1 root root 58 lip 9 16:24 90-omnibus-gitlab-kernel.sem.conf -> /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.sem.conf lrwxrwxrwx 1 root root 61 lip 9 06:36 90-omnibus-gitlab-kernel.shmall.conf -> /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.shmall.conf lrwxrwxrwx 1 root root 61 lip 9 05:53 90-omnibus-gitlab-kernel.shmmax.conf -> /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.shmmax.conf lrwxrwxrwx 1 root root 14 kwi 27 17:02 99-sysctl.conf -> ../sysctl.conf -rw-r--r-- 1 root root 324 maj 31 2018 protect-links.conf -rw-r--r-- 1 root root 639 maj 31 2018 README.sysctl
Problem is located in RO /sys filesystem, not in values itself. Host already has huge values set, enough to run Gitlab:
# sysctl kernel.shmmax kernel.shmmax = 18446744073692774399
Solution is to configure gitlab again and again, to skip installator part. Gitlab reconfigure will detect that LXC host has correct variable:
dpkg --configure -a gitlab-ctl reconfigure
Some LXC configuration trick (can work with privileged containers)
lxc.apparmor.profile: unconfined lxc.mount.auto: sys:rw