Podman
Info
This method is supported by Plumber community.
This page describes how to set up a self-managed instance of Plumber using podman, for both production servers and local testing.
💻 Requirements
- GitLab instance version >=17.7
- The system requires a Linux server running in 🕸 podman containers. Specifications:
- OS: Ubuntu or Debian
- Hardware
- CPU x86_64/amd64 with at least 2 cores
- 4 GB RAM
- 250 GB of storage for Plumber
- Network
- Users must be able to reach the Plumber server on TCP ports 80 and 443
- The Plumber server must be able to access internet
- The Plumber server must be able to communicate with GitLab instance
- The installation process requires write access to the DNS Zone to set up Plumber domain
- Installed software
Docker hub registry must be resolved by podman in file /etc/containers/registries.conf:
unqualified-search-registries = ["docker.io"]🛠️ Installation
📥 Setup your environment
Clone the repository on your server
Terminal window git clone https://github.com/getplumber/platform.git plumber-platformcd plumber-platformCreate your configuration file
Terminal window cp .env.example .env📋 Configure Organization
In your
.envfile:If you want to connect Plumber to a specific GitLab group only: add the path of the group in
ORGANIZATIONvariable (to run the onboarding, you must be at least Maintainer in this group).env ORGANIZATION="<group-path>"If you want to connect Plumber to the whole GitLab instance: let the
ORGANIZATIONvariable empty (to run the onboarding, you must be a GitLab instance Admin).env ORGANIZATION=""
📄 Configure Domain name
Edit the
.envfile by updating value ofDOMAIN_NAMEandJOBS_GITLAB_URLvariables.env DOMAIN_NAME="<plumber_domain_name>"JOBS_GITLAB_URL="https://<url_of_your_gitlab_instance>"Example DOMAIN_NAME="plumber.mydomain.com"JOBS_GITLAB_URL="https://gitlab.mydomain.com"Create DNS record:
- Name:
<plumber_domain_name> - Type:
A - Content:
<your-server-public-ip>
Info
A certificate will be auto-generated using Let’s encrypt at the application launch.
- Name:
🦊 Configure GitLab OIDC
Plumber uses GitLab as an OAuth2 provider to authenticate users.
Create an application on your GitLab instance. Choose any group, then navigate to
Settings > Applications.Create an application with the following information:
- Name:
Plumber - Redirect URI:
https://<plumber_domain_name>/api/auth/gitlab/callback - Confidential:
true(keep the box checked) - Scopes:
api
Click on
Save Application, then copy the credentials into your.envfile:.env GITLAB_OAUTH2_CLIENT_ID="<application-id>"GITLAB_OAUTH2_CLIENT_SECRET="<application-secret>"- Name:
🔐 Generate secrets
Generate random secrets for all components:
Terminal window sed -i "s/REPLACE_ME_BY_SECRET_KEY/$(openssl rand -hex 32)/g" .envsed -i "s/REPLACE_ME_BY_JOBS_DB_PASSWORD/$(openssl rand -hex 16)/g" .envsed -i "s/REPLACE_ME_BY_JOBS_REDIS_PASSWORD/$(openssl rand -hex 16)/g" .env📋 (Optional) Add your custom CA
If your GitLab instance is using a TLS certificate signed with your own Certificate authority (CA), add the CA certificate file in the appropriate directory.
📄 Prepare podman for launch
Generate podman network:
Terminal window podman network create intranetGenerate podman socket:
Terminal window systemctl --user start podman.socketsystemctl --user enable podman.socketIf you encounter the error Failed to connect to bus: No medium found, use these commands with your user as sudoer:
Terminal window sudo loginctl enable-linger <your_local_user>sudo systemctl --user -M <your_local_user>@ start podman.socketsudo systemctl --user -M <your_local_user>@ enable podman.socketGenerate podman config files:
Terminal window set -a; source .env; set +aexport uid=$(id -u)envsubst < podman.yml.example > podman.ymlenvsubst < configmap.yml.example > configmap.ymlAllow port 80 and above in system for local user:
Add this line to /etc/sysctl.conf as sudo user or root:
net.ipv4.ip_unprivileged_port_start=80Restart sysctl:
Terminal window sudo systemctl restart systemd-sysctl🚀 Launch the application
Terminal window podman play kube podman.yml --configmap configmap.yml --network intranetInfo
If you need to reconfigure and relaunch:
Terminal window podman play kube podman.yml --replace --configmap configmap.yml --network intranet
🦊 Create GitLab Application
On your GitLab instance, open the
Applicationspage:Your picture > Preferences > Applications(example: gitlab.com)Create an application with the following information:
- Name:
Plumber - Redirect URI:
http://localhost:3001/api/auth/gitlab/callback - Confidential:
true(keep the box checked) - Scopes:
api
Click on
Save Application. Keep this GitLab tab open, theApplication IDandSecretwill be used in the configuration step.- Name:
📥 Setup your environment
Clone the repository locally
Terminal window git clone https://github.com/getplumber/platform.git plumber-platformcd plumber-platformCreate your configuration file
Terminal window cp .env.local.example .env📚 Update the configuration
Edit the
.envfile:Copy/paste the
Application IDand theSecretfrom the GitLab application you just created.env GITLAB_OAUTH2_CLIENT_ID="<application-id>"GITLAB_OAUTH2_CLIENT_SECRET="<application-secret>"Replace
<your-gitlab-url>by domain of your GitLab server.env JOBS_GITLAB_URL="https://<your-gitlab-url>"If you want to connect Plumber to a specific GitLab group only: add the path of the group in
ORGANIZATIONvariable.env ORGANIZATION="<group-path>"If you want to connect Plumber to the whole GitLab instance: let the
ORGANIZATIONvariable empty.env ORGANIZATION=""
Run the following commands to generate random secrets for all components:
Terminal window sed -i "s/REPLACE_ME_BY_SECRET_KEY/$(openssl rand -hex 32)/g" .envsed -i "s/REPLACE_ME_BY_JOBS_DB_PASSWORD/$(openssl rand -hex 16)/g" .envsed -i "s/REPLACE_ME_BY_JOBS_REDIS_PASSWORD/$(openssl rand -hex 16)/g" .env📄 Prepare podman for launch
Generate podman network:
Terminal window podman network create intranetGenerate podman socket:
Terminal window systemctl --user start podman.socketsystemctl --user enable podman.socketGenerate podman config files:
Terminal window set -a; source .env; set +aexport uid=$(id -u)envsubst < podman.local.yml.example > podman.ymlenvsubst < configmap.local.yml.example > configmap.yml🚀 Launch Plumber!
Start Plumber
Terminal window podman play kube podman.yml --configmap configmap.yml --network intranetOpen your Plumber test instance 👉 click here 🎉
⏫ Update
Navigate to the location of your
platformgit repositoryUpdate it
Terminal window git pullOpen the
.env.examplefile and copy the values ofFRONTEND_IMAGE_TAGandBACKEND_IMAGE_TAGvariablesEdit the
.envfile by updating those values.env FRONTEND_IMAGE_TAG="<new frontend version>"BACKEND_IMAGE_TAG="<new backend version>"Regenerate config files and restart
Terminal window set -a; source .env; set +aexport uid=$(id -u)envsubst < podman.yml.example > podman.ymlenvsubst < configmap.yml.example > configmap.ymlpodman play kube podman.yml --replace --configmap configmap.yml --network intranetYou have successfully updated Plumber 🎉
Navigate to the location of your
platformgit repositoryUpdate it
Terminal window git pullOpen the
.env.local.examplefile and copy the values ofFRONTEND_IMAGE_TAGandBACKEND_IMAGE_TAGvariablesEdit the
.envfile by updating those values.env FRONTEND_IMAGE_TAG="<new frontend version>"BACKEND_IMAGE_TAG="<new backend version>"Update local yaml files and restart
Terminal window set -a; source .env; set +aexport uid=$(id -u)envsubst < podman.local.yml.example > podman.ymlenvsubst < configmap.local.yml.example > configmap.ymlpodman play kube podman.yml --replace --configmap configmap.yml --network intranetYou have successfully updated Plumber 🎉
🔄 Backup and restore
Data required to fully backup and restore a Plumber system are the following:
- Configuration file:
.env - Databases:
- PostgreSQL database of Jobs service
- Files data:
- File storing data about certificate for Traefik service
All these data can be easily backup and restored using 2 scripts from the installation git repository:
scripts/backup_podman.shscripts/restore_podman.sh
💽 Backup
To backup the system, go to your installation git repository and run the following command:
./scripts/backup_podman.sh 13The script will create a backups directory and create a backup archive inside it prefixed with the date (backup_plumber-$DATE)
Info
You can use a cron job to perform regular backups. Here is a cron job that launch a backup every day at 2am:
0 2 * * * /plumber-platform/scripts/backup_podman.sh 13It can be added to your crontab with the command crontab -e. Check more information about cron jobs here.
🛳️ Restore
To restore a backup from scratch on a new system, follow this process:
Be sure that your new system is compliant with requirements
Copy the backup file on your new server
Clone the installation repository
Terminal window git clone https://github.com/getplumber/platform.git plumber-platformcd plumber-platformIf the IP address of your server changed from your previous installation, update your DNS records
Launch the restore script
Terminal window ./scripts/restore_podman.sh 13 <path_to_your_backup_file>
Danger
Did you encounter a problem during the restore process ? See the troubleshooting section.