Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
246df81d
Commit
246df81d
authored
Mar 25, 2020
by
Lucas Charles
Committed by
Achilleas Pipinellis
Mar 25, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add example scripts for side-loading airgapped docker images
Related to
https://gitlab.com/gitlab-org/gitlab/issues/11520
parent
af166524
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
58 additions
and
0 deletions
+58
-0
doc/topics/airgap/index.md
doc/topics/airgap/index.md
+58
-0
No files found.
doc/topics/airgap/index.md
View file @
246df81d
...
@@ -13,3 +13,61 @@ If you plan to deploy a GitLab instance on a physically-isolated and offline net
...
@@ -13,3 +13,61 @@ If you plan to deploy a GitLab instance on a physically-isolated and offline net
Follow these best practices to use GitLab's features in an offline environment:
Follow these best practices to use GitLab's features in an offline environment:
-
[
Operating the GitLab Secure scanners in an offline environment
](
../../user/application_security/offline_deployments/index.md
)
.
-
[
Operating the GitLab Secure scanners in an offline environment
](
../../user/application_security/offline_deployments/index.md
)
.
## Loading Docker images onto your air-gapped host
To use many GitLab features, including
[
security scans
](
../../user/application_security/index.md#working-in-an-offline-environment
)
and
[
Auto Devops
](
../autodevops/
)
, the GitLab Runner must be able to fetch the
relevant Docker images.
The process for making these images available without direct access to the public internet
involves downloading the images then packaging and transferring them to the air-gapped host.
Here's an example of such a transfer:
1.
Download Docker images from public internet.
1.
Package Docker images as tar archives.
1.
Transfer images to air-gapped environment.
1.
Load transferred images into air-gapped Docker registry.
### Example image packager script
```
sh
#!/bin/bash
set
-ux
# Specify needed analyzer images
analyzers
=
${
SAST_ANALYZERS
:-
"bandit eslint gosec"
}
gitlab
=
registry.gitlab.com/gitlab-org/security-products/analyzers/
for
i
in
"
${
analyzers
[@]
}
"
do
tarname
=
"
${
i
}
_2.tar"
docker pull
$gitlab$i
:2
docker save
$gitlab$i
:2
-o
./analyzers/
${
tarname
}
chmod
+r ./analyzers/
${
tarname
}
done
```
### Example image loader script
This example loads the images from a bastion host to an air-gapped host. In certain configurations,
physical media may be needed for such a transfer:
```
sh
#!/bin/bash
set
-ux
# Specify needed analyzer images
analyzers
=
${
SAST_ANALYZERS
:-
"bandit eslint gosec"
}
registry
=
$GITLAB_HOST
:4567
for
i
in
"
${
analyzers
[@]
}
"
do
tarname
=
"
${
i
}
_2.tar"
scp ./analyzers/
${
tarname
}
${
GITLAB_HOST
}
:~/
${
tarname
}
ssh
$GITLAB_HOST
"sudo docker load -i
${
tarname
}
"
ssh
$GITLAB_HOST
"sudo docker tag
$(
sudo
docker images |
grep
$i
|
awk
'{print $3}'
)
${
registry
}
/analyzers/
${
i
}
:2"
ssh
$GITLAB_HOST
"sudo docker push
${
registry
}
/analyzers/
${
i
}
:2"
done
```
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment