Many know the problem, that the templates you have in your VMware environment were once built and never updated. So you end up with an 3 year old Windows Server 2019 template, which you always have to patch first, before you can bring it to production.
BUT THIS HAS COME TO AN END!
I developed a solution, with which VMware vSphere templates can be automated, so they get created every month from scratch, while you’re asleep!
How? With the help of tools like Gitlab CE, Docker and Packer.
This blogseries is split into 3 parts. Read the others to get all the information.
Blogseries Overview
- Part 1: Installation of GitLab CE
- Part 2: Configuring GitLab Runner with Docker executor
- Part 3: Configuring CI Pipeline with Packer Templates
Installation of GitLab CE
To automate our VMware templates, we first need the heart of the automation process: the GitLab CE instance.
GitLab is mainly used as a code repository for developers. We also use it to store our code – the code of our packer configuration files – but we also use it for the CI/CD pipelines, to schedule our VMware template generation.
To build our GitLab Server, we need a Linux host, like Ubuntu or Debian.
Hardware specifications of that server are relatively small:
- 2 vCPU
- 8GB RAM
- 40GB vDisk
After following the installation wizard, you can now configure the Linux Server as your GitLab Server.
First, we will install the prerequisites of GitLab:
sudo apt update && apt upgrade -y
sudo apt install -y curl openssh-server ca-certificates tzdata perlIf you want to setup email alerts, feel free to install postfix (or sendmail) as well:
sudo apt install -y postfix
sudo apt install -y sendmailNext, we will add the GitLab Repository to our system:
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bashAnd now the installation of GitLab CE itself:
# with secure HTTP
sudo EXTERNAL_URL="https://gitlab.domain.com" apt install gitlab-ce
# without secure HTTP
sudo EXTERNAL_URL="http://gitlab.domain.com" apt install gitlab-ceConfiguring GitLab CE Instance
As soon as the install finishes, we will have to edit the GitLab Config file to work, how we would like it to work:
nano /etc/gitlab/gitlab.rbCaution: Please take care modifying the gitlab.rb file
Tip: do a quick search with the keystroke Ctrl+W and search for “nginx“.
Here you can modify the following lines to configure your nginx reverse proxy as you need it:
nginx['enable'] = true
nginx['client_max_body_size'] = '20m'
nginx['redirect_http_to_https'] = true
nginx['redirect_http_to_https_port'] = 80
##! Most root CA's are included by default
# nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"
##! enable/disable 2-way SSL client authentication
# nginx['ssl_verify_client'] = "off"
##! if ssl_verify_client on, verification depth in the client certificates chain
# nginx['ssl_verify_depth'] = "1"
nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
# nginx['ssl_ciphers'] = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA$
# nginx['ssl_prefer_server_ciphers'] = "off"
##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
##! https://cipherli.st/**
nginx['ssl_protocols'] = "TLSv1.2 TLSv1.3"
##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
nginx['ssl_session_cache'] = "shared:SSL:10m"As you see in the configuration, if we configured HTTPS, we need to put our SSL certificate in the following folder:
/etc/gitlab/ssl/You can name these files, as you would like to. In this example, the files must be named as your external GitLab URL (gitlab.domain.com.crt & gitlab.domain.com.key)
If you want to upload larger files to GitLab, you can also modify the “client_max_body_size”:
nginx['client_max_body_size'] = '100m'If you use GitLab exclusive internally, you can also disable LetsEncrypt in the gitlab.rb file, so it won’t try to generate a public certificate for you:
letsencrypt['enable'] = falseAfter setting everything in the gitlab.rb file, we need to reapply the modified settings to the running instance:
gitlab-ctl reconfigureWrap up
In this part we’ve laid out the foundation by installing and configuring our GitLab CE instance.
This will enable us to further automate our infrastructure in the following parts!