自主搭建的Gitlab接入猪齿鱼操作参考指南:
- 添加Oauth2认证配置
wget -O /opt/gitlab/embedded/service/gitlab-rails/config/initializers/customize_oauth.rb https://raw.githubusercontent.com/TimeBye/gitlab-ce-work-with-mysql/11.6.4-ce.0/customize_oauth.rb
- 在
gitlab.rb
文件中添加Oauth2认证配置,注意替换下面域名
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['oauth2_generic']
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'oauth2_generic'
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_providers'] = [
{
'name' => 'oauth2_generic',
'app_id' => 'gitlab',
'app_secret' => 'secret',
'args' => {
client_options: {
# 注意替换下面域名
'site' => 'http://api.example.choerodon.io',
'user_info_url' => '/oauth/api/user',
'authorize_url'=> '/oauth/oauth/authorize',
'token_url'=> '/oauth/oauth/token'
},
user_response_structure: {
root_path: ['userAuthentication','principal'],
id_path: ['userAuthentication','principal','userId'],
attributes: {
nickname: 'username',
name: 'username',
email: 'email'
}
},
name: 'oauth2_generic',
strategy_class: "OmniAuth::Strategies::ChoerodonOAuth2Generic",
# 注意替换下面域名
redirect_url: "https://gitlab.example.choerodon.io/users/auth/oauth2_generic/callback"
}
}
]
- 添加Gitlab Client
- 在Choerodon的
iam-service
数据库oauth_client
表执行下面语句添加client
-
在执行里面前请根据实际情况修改参数
-
记得修改 http://gitlab.example.choerodon.io
的地址为实际的gitlab地址
INSERT INTO iam_service.oauth_client(name,organization_id,resource_ids,secret,scope,
authorized_grant_types,web_server_redirect_uri,access_token_validity,refresh_token_validity,
additional_information,auto_approve,object_version_number,created_by,creation_date,
last_updated_by,last_update_date) VALUES ('gitlab',1,'default','secret','default',
'password,implicit,client_credentials,authorization_code,refresh_token',
'http://gitlab.example.choerodon.io',3600,3600,'{}','default',1,0,NOW(),0,NOW());
-
添加管理员用户关联
执行完添加管理员用户关联步骤前请不要去Gitlab界面进行登录操作
在gitlab数据库的identities
表执行下面语句进行用户关联
INSERT INTO gitlabhq_production.identities(extern_uid, provider, user_id, created_at, updated_at)
VALUES ('1', 'oauth2_generic', 1, NOW(), NOW());"