​ Guide: https://docs.elastx.cloud/docs/openstack-iaas/guides/getting_started/ ​

• Install Openstack-CLI: pip install python-openstackclient
• Go to -> openstack web -> API Access -> Download RC File
• Run RC-file: . chasacademy-<lastname>-openrc.sh
• Headover to your CLI and type: openstack ​

• Create network: network create <networkname>
• Create subnet: subnet create --network <networkname> --dns-nameserver 4.4.4.4 --subnet-range 10.42.10.0/24 cli-subnet
• Create router (make sure to delete existing routers and release floating IP): router create --external-gateway elx-public1 cli-router
• Add subnet to router: router add subnet <routername> <subnetname> ​

• Create keypair: keypair create --type ssh <keypairname>
• Create .pem-file in pwd: vim <name>.pem
• Change permissions on file: chmod 600 <name>.pem ​

• Create security group: security group create <securitygroupname>
• Add Rule for Port 22: security group rule create --remote-ip 0.0.0.0/0 --dst-port 22 --protocol tcp <securitygroupname>
• Add HTTP to instance sec rules
• Check that rule was added succesfully: security group rule list <securitygroupname>
• (You can also add ping possibility if neccessary: security group rule create --remote-ip 0.0.0.0/0 --protocol icmp <securitygroupname>) ​

• Use at least a flavor with minimal 4gb ram
• List image: image list
• Create instance from image: server create --network <networkname> --flavor <flavorname> --image <imagename> --key-name <keypairname> <instancename>
• Remove default security group from instance: server remove security group <instancename> default
• Add correct security group to instance: server add security group <instancename> <securitygroupname>
• Create floating IP: floating ip create elx-public1
• Add floating IP to instance: `server add floating ip gitlab-selfhosted 217.61.247.239``
• Try SSH-ing into server: ssh -i <keyname>.pem <imageversion>@<floatingip

sudo apt-get update
sudo apt upgrade
sudo apt-get install -y curl openssh-server ca-certificates tzdata perl
sudo apt-get install -y postfix
choose no config
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash
sudo EXTERNAL_URL="http://<local ip of instance>" apt-get install gitlab-ee

http://floating ip

username (unless other given); root

password :sudo cat /etc/gitlab/initial_root_password

##Hardening:

• sudo ufw enable
• sudo ufw allow 80
• sudo ufw allow 443

• Add a new server / instance
• sudo apt update && apt upgrade

• curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh" | sudo bash

• sudo apt-get install gitlab-runner

• apt-cache madison gitlab-runner

• See version: sudo gitlab-runner -version

• sudo gitlab-runner status, change status to (start, stop, restart) to do what you need to do.

• cd /home -> ls -> output: gitlab-runner ubuntu

• sudo visudo

• User privilege specification root ALL=(ALL:ALL) ALL (line to add) gitlab-runner ALL=(ALL:ALL) ALL

• includedir /etc/sudoers.d (line to add) gitlab-runner ALL=(ALL) NOPASSWD: ALL

• Go to your gitlab instance UI and login if not.

• Click on your project and select Settings

• Navigate to Settings and click on CI/CD inside this click on Expand of Runners section

• Copy GitLab server URL and Registration Token under "Set up specific Runner automatically"-section

• sudo gitlab-runner register --url <http://your 10. IP-address> --registration-token $REGISTRATION_TOKEN

• No you will get prompted with a choice, I choose "shell".

• Click on project settings -> CI/CD -> runners
• Now "Available specific runners" should have appeared. click on the small pencil ( edit ) left of "remove runner"
• Make sure you don't have any tags (tags will make your pipeline only trigger if tagged with that specific tag)
• Check box "Run untagged jobs".

• Add a .gitlab-ci.yml file and test that your pipeline runs!

​ To register Gitlab runners https://www.fosstechnix.com/how-to-install-gitlab-runner-on-ubuntu/