Gitlab in unprivileged LXC (Proxmox).

• Install Debian Buster container
• Install gitlab repo

• Create additional mount point for Gitlab runtime (database, artifacts, lfs, pages) (to SSD/NVM disks)
  • 100GB (thin provisioning) for /var/opt/gitlab
• Create additional mount point for Gitlab repos (to SSD/NVM disks)
  • 200GB (thin provisioning) for /home/git-data
• Configure mail agent: Relay to external SMTP server

STDERR: sysctl: setting key "kernel.sem": Read-only file system
---- End output of sysctl -e -p /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.sem.conf ----

Failed to modify kernel parameters with sysctl

Gitlab installator puts own sysctl settings:

# ls -l /etc/sysctl.d
total 11
lrwxrwxrwx 1 root root  58 lip  9 16:24 90-omnibus-gitlab-kernel.sem.conf -> /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.sem.conf
lrwxrwxrwx 1 root root  61 lip  9 06:36 90-omnibus-gitlab-kernel.shmall.conf -> /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.shmall.conf
lrwxrwxrwx 1 root root  61 lip  9 05:53 90-omnibus-gitlab-kernel.shmmax.conf -> /opt/gitlab/embedded/etc/90-omnibus-gitlab-kernel.shmmax.conf
lrwxrwxrwx 1 root root  14 kwi 27 17:02 99-sysctl.conf -> ../sysctl.conf
-rw-r--r-- 1 root root 324 maj 31  2018 protect-links.conf
-rw-r--r-- 1 root root 639 maj 31  2018 README.sysctl

Problem is located in RO /sys filesystem, not in values itself. Host already has huge values set, enough to run Gitlab:

# sysctl kernel.shmmax
kernel.shmmax = 18446744073692774399

Solution is to configure gitlab again and again, to skip installator part. Gitlab reconfigure will detect that LXC host has correct variable:

dpkg --configure -a
gitlab-ctl reconfigure

Some LXC configuration trick (can work with privileged containers)

lxc.apparmor.profile: unconfined
lxc.mount.auto: sys:rw