Getting started with Managed Service for GitLab
To get started with the service:
- Create an instance.
- Set up a working environment.
- Add SSH keys to GitLab.
- Start using the repository.
Warning
To start working with Managed Service for GitLab, check this guide on how to migrate your projects from a GitLab custom installation to the service.
For more information about the differences between Managed Service for GitLab and the GitLab Community Edition custom installation, see the Service advantages over a GitLab custom installation section.
Getting started
-
Go to the management console
and log in to Yandex Cloud or sign up if not signed up yet. -
If you do not have a folder yet, create one:
-
In the management console
, select the appropriate cloud in the list on the left. -
At the top right, click
Create folder. -
Enter the folder name. The naming requirements are as follows:
- The name must be from 3 to 63 characters long.
- It may contain lowercase Latin letters, numbers, and hyphens.
- The first character must be a letter and the last character cannot be a hyphen.
-
(Optional) Enter a description of the folder.
-
Select Create a default network. This will create a network with subnets in each availability zone. Within this network, a default security group will be created, inside which all network traffic is allowed.
-
Click Create.
-
-
Make sure your account has the vpc.user role and the gitlab.editor role or higher for creating an instance.
Create an instance
Warning
Once an instance is created, you cannot change its resource configuration, i.e., instance type, disk size, and availability zone.
-
In the management console, select the folder where you want to create a GitLab instance.
-
Select Managed Service for GitLab.
-
Click Create instance.
-
Under General information:
-
Enter the instance name. It must be unique throughout Yandex Cloud.
- The name must be from 3 to 63 characters long.
- It may contain lowercase Latin letters, numbers, and hyphens.
- The first character must be a letter and the last character cannot be a hyphen.
-
(Optional) Enter a description of the instance.
-
-
Under Configuration:
-
Select the instance type.
-
Specify the subnet where the instance will be hosted. Currently, you cannot select a subnet with the
192.168.0.0/24
address range due to Yandex Cloud technical restrictions.The default security group for the selected network will be used for the instance. If you cannot open the GitLab web interface after creating the instance, create a separate security group and configure it so that the rules allow incoming traffic from the required ports and IP addresses.
-
Select the disk size.
-
Specify the instance domain name: the required DNS records for this domain name will be automatically created in
.gitlab.yandexcloud.net
.The domain name must be unique throughout Yandex Cloud.
- Its length must be between 5 and 50 characters.
- It may contain lowercase Latin letters, numbers, and hyphens.
- It must not start or end with a dash character.
-
Set up the retention period for automatic backups (in days).
-
(Optional) Enable code approval rules. To do this, select the appropriate configuration for approval rules.
Note
The configuration you select affects the cost of using the instance's computing resources.
-
-
Under Administrator data, specify:
- Email: Email address of the GitLab instance administrator. This mailbox will receive an email with a link for creating a password.
- Login: Administrator login.
-
Click Create.
-
Wait for the instance to get ready: its status on the Managed Service for GitLab dashboard will change to Running. This may take some time.
Note
When you create an instance in Managed Service for GitLab, it automatically generates an SSL certificate. No additional configuration for using HTTPS is required.
Set up a working environment
-
Activate the Managed Service for GitLab instance:
- Follow the link you received in your administrator mailbox after creating the instance.
- Change the administrator password.
- Log in using the administrator username and password.
-
(Optional) Create a group
to host the repository project.If there are several projects, you might want to group users together. This will allow you to:
- Grant rights for specific projects to each group.
- View issues and merge requests by group.
- View analytics on group's activities.
For more information, see the GitLab documentation
. -
Create an empty project
to host the repository. -
Create users and add them to a group or project with the
Maintainer
orOwner
role.You can only add your team members to a group or project by creating GitLab accounts for them.
Add SSH keys to GitLab
-
Create a pair of public and private SSH keys for the GitLab account:
Linux/macOSWindows 10/11Windows 7/8-
Open the terminal.
-
Use the
ssh-keygen
command to create a new key:ssh-keygen -t ed25519 -C "<optional_comment>"
You can specify an empty string in the
-C
parameter to avoid adding a comment, or you may not specify the-C
parameter at all: in this case, a default comment will be added.After running this command, you will be prompted to specify the name and path to the key files, as well as enter the password for the private key. If you only specify the name, the key pair will be created in the current directory. The public key will be saved in a file with the
.pub
extension, while the private key, in a file without extension.By default, the command prompts you to save the key under the
id_ed25519
name in the following directory:/home/<username>/.ssh
. If there is already an SSH key namedid_ed25519
in this directory, you may accidentally overwrite it and lose access to the resources it is used in. Therefore, you may want to use unique names for all SSH keys.
If you do not have OpenSSH
installed yet, follow this guide to install it.-
Run
cmd.exe
orpowershell.exe
(make sure to update PowerShell before doing so). -
Use the
ssh-keygen
command to create a new key:ssh-keygen -t ed25519 -C "<optional_comment>"
You can specify an empty string in the
-C
parameter to avoid adding a comment, or you may not specify the-C
parameter at all: in this case, a default comment will be added.After running this command, you will be prompted to specify the name and path to the key files, as well as enter the password for the private key. If you only specify the name, the key pair will be created in the current directory. The public key will be saved in a file with the
.pub
extension, while the private key, in a file without extension.By default, the command prompts you to save the key under the
id_ed25519
name in the following directory:C:\Users\<username>/.ssh
. If there is already an SSH key namedid_ed25519
in this directory, you may accidentally overwrite it and lose access to the resources it is used in. Therefore, you may want to use unique names for all SSH keys.
Create keys using the PuTTY app:
-
Download
and install PuTTY. -
Make sure the directory where you installed PuTTY is included in
PATH
:- Right-click My computer. Click Properties.
- In the window that opens, select Additional system parameters, then Environment variables (located in the lower part of the window).
- Under System variables, find
PATH
and click Edit. - In the Variable value field, append the path to the directory where you installed PuTTY.
-
Launch the PuTTYgen app.
-
Select EdDSA as the pair type to generate. Click Generate and move the cursor in the field above it until key creation is complete.
-
In Key passphrase, enter a strong password. Enter it again in the field below.
-
Click Save private key and save the private key. Do not share its key phrase with anyone.
-
Click Save public key and save the public key in the following file:
<key_name>.pub
.
-
-
Launch the SSH agent:
Linux/MacOSWindows-
Run this command:
ssh-agent -s
-
For the SSH agent to start on login, add the launch command to the
~/.profile
file:ssh-agent -s
- Open the Start button context menu.
- Select Computer Management.
- Go to Services and Applications → Services.
- Open the context menu of the SSH agent service and select Properties.
- On the Main tab, change the startup type from Off to Automatic.
- Click OK and start the service.
-
-
Add a key to the SSH agent:
ssh-add <path_to_private_key>
-
Assign a public SSH key
to the GitLab account. -
Check that you can connect to GitLab:
ssh -T git@<GitLab_instance_domain>
Example:
ssh -T git@example.gitlab.yandexcloud.net
If connecting for the first time, you will get this or similar message:
The authenticity of host 'gitlab.example.com (35.231.145.151)' can't be established. ECDSA key fingerprint is SHA256:HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'gitlab.example.com' (ECDSA) to the list of known hosts.
Type
yes
and press Enter.If it is not your first time, you will get this upon a successful connection:
Welcome to GitLab, @<login>!
In case of an error, run the connection in Verbose mode to get the logs:
ssh -Tvvv git@<GitLab_instance_domain>
Ask each member of your group or project to create an SSH key pair this way and assign the public key to their account in GitLab.
Start using the repository
To start working with a local copy of your repository using the account you created, follow the steps below on your local computer:
-
Clone the repository
using the SSH protocol.What to do if you get the
Permission denied (publickey)
errorWhen cloning, you may get this error:
Cloning into '<project_name>'... git@<GitLab_instance_domain>: Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access permissions and the repository exists.
If you get this error:
-
Create and open a configuration file to set up SSH keys:
nano ~/.ssh/config
-
Add content to it:
Host <GitLab_instance_domain> IdentityFile <path_to_private_key>
In the
IdentityFile
parameter, specify the absolute path to the private key you created for the GitLab project. -
Save the file.
-
Clone the repository again via SSH.
-
-
Go to the directory containing the repository:
cd <project_name>
-
Make changes to the repository files.
-
Index and apply the changes
in the local repository:git add . && git commit -m "<commit_name>"
-
Push changes to the remote repository:
git push origin main