Centos6.7 minimal安裝GitLab8.3.4配置LDAP、發郵件以及升級到GitLab8.5.4

建議使用非root賬戶安裝，先同步系統時間：

ntpdate cn.pool.ntp.org

1、創建用戶gitlab

注意：centos下，adduser和useradd的命令效果是一樣的，但ubunut下，useradd只創建用戶不生成用戶主目錄，adduser會用向導提示你一步步創建一個完整的用戶：

[gitlab@localhost ~]$ su root
Password:
[root@localhost gitlab]# cd ~
[root@localhost ~]# passwd gitlab
Changing password for user gitlab.
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]# su gitlab
[gitlab@localhost root]$ cd ~
[gitlab@localhost ~]$

 

 

2、安裝gitlab

訪問 https://about.gitlab.com/downloads/#centos6：

 

按照第一步安裝必要的依賴。如果你不想用sendmail或者postfix作為發送郵件的服務端，你可以不安裝postfix，而使用內置的smtp配置第三方的郵箱即可，或者是你的企業郵箱：

1. Install and configure the necessary dependencies

sudo yum install curl openssh-server openssh-clients postfix cronie
sudo service postfix start
sudo chkconfig postfix on
sudo lokkit -s http -s ssh

 

 

第二步我使用的是下載rpm包的方式安裝，而不是使用官方的腳本：

2. Add the GitLab package server and install the package

rpm包到這里下載，https://packages.gitlab.com/gitlab/gitlab-ce

包很大比較慢，不建議使用wget或者curl，建議下載到本地再上傳到服務器。

下載完成后，

sudo rpm -i gitlab-ce-8.5.4-ce.0.el6.x86_64.rpm

 

3、配置LDAP認證

編輯配置文件。注意，最后那個EOS的注釋要取消掉：

sudo vim /etc/gitlab/gitlab.rb

## For setting up LDAP
## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#setting-up-ldap-sign-in
## Be careful not to break the identation in the ldap_servers block. It is in
## yaml format and the spaces must be retained. Using tabs will not work.

 gitlab_rails['ldap_enabled'] = true
 gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
   main: # 'main' is the GitLab 'provider ID' of this LDAP server
     label: 'LDAP'
     host: '192.168.100.100'
     port: 389
     uid: 'sAMAccountName'
     method: 'plain' # "tls" or "ssl" or "plain"
     bind_dn: 'cn=your_ldap_name,ou=your_ou_name,dc=your_2nd_domain,dc=your_1st_domain'
     password: 'yourpassword'
     active_directory: true
     allow_username_or_email_login: false
     block_auto_created_users: false
     base: 'dc=tima,dc=local'
     user_filter: ''
#     ## EE only
#     group_base: ''
#     admin_group: ''
#     sync_ssh_keys: false
#
#   secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
#     port: 389
#     uid: 'sAMAccountName'
#     method: 'plain' # "tls" or "ssl" or "plain"
#     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
#     password: '_the_password_of_the_bind_user'
#     active_directory: true
#     allow_username_or_email_login: false
#     block_auto_created_users: false
#     base: ''
#     user_filter: ''
#     ## EE only
#     group_base: ''
#     admin_group: ''
#     sync_ssh_keys: false
 EOS

 

 

4、取消用戶注冊功能

注意：由於大家呼聲很高，似乎從7.7版開始，gitlab默認啟用了用戶注冊功能，並且在 /etc/gitlab/gitlab.rb 中找不到

#gitlabrails['gitlabsignup_enabled'] = false

#gitlabrails[

'signinenabled'] = false

配置部分了，但是可以登錄root賬戶在GUI下的Admin Area 中配置，如下：

 

5、配置發送郵件功能

郵件發送其實不必要用到postfix或sendmail，所以我是先停掉了postfix，以免配置過程中的錯誤日志產生誤導：

sudo service postfix status
sudo service postfix stop
sudo service postfix disable
sudo chkconfig postfix off
sudo chkconfig

編輯配置文件：

sudo vim /etc/gitlab/gitlab.rb

取消注釋並修改：

################################
# GitLab email server settings #
################################
# see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/smtp.md#smtp-settings
# Use smtp instead of sendmail/postfix.

 gitlab_rails['smtp_enable'] = true
 gitlab_rails['smtp_address'] = "smtp.yourdomain.com"
 gitlab_rails['smtp_port'] = 25 #465 for SSL
 gitlab_rails['smtp_user_name'] = "your_mail_sender_name"
 gitlab_rails['smtp_password'] = "your_password"
 gitlab_rails['smtp_domain'] = "smtp.yourdomain.com"
 gitlab_rails['smtp_authentication'] = "login"
 gitlab_rails['smtp_enable_starttls_auto'] = true
 gitlab_rails['smtp_tls'] = false
 gitlab_rails['smtp_openssl_verify_mode'] = 'none' # Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert', see http://api.rubyonrails.org/classes/ActionMailer/Base.html
# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"

然后reconfigure：

sudo gitlab-ctl reconfigure

同時可能需要檢查以下兩個配置文件是否與你配置的信息一致：

sudo vim /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml

sudo vim /opt/gitlab/embedded/service/gitlab-rails/config/initializers/smtp_settings.rb

SecureCRT另開session觀察日志輸出：

sudo tail -f /var/log/gitlab/gitlab-rails/production.log

 

測試郵件推送功能是否正常：

使用ldap賬戶登錄到gitlab，創建一個項目如pythonweb，這時候默認的group是你的用戶名，如果你想用別的項目，可以點擊Create a group，添加一個group，創建完成后我的git路徑是：

git@172.16.224.246:openstack/pythonweb.git

第一次配的時候應該是

git@localhost:openstack/pythonweb.git

 

這里的localhost是不合理的，別人提交代碼的時還得修改成ip或者域名，這個可以在配置文件里修改默認值：

sudo vim /etc/gitlab/gitlab.rb

在最頂部修改如下：

## Url on which GitLab will be reachable.
external_url 'http://172.16.224.246'  #這里是ip地址或者域名

 

回到gitlab界面，點擊左下角的settings--services--Emails on push, 勾選Active，Recipients填寫本項目更新需要推送知曉的人員，多個用空格或者逗號隔開：

 

本機添加git目錄並push到遠程主機：

我在windows下，使用cygwin，cygwin配置可以參考：

https://xstarcd.github.io/wiki/cygwin/index.html（我同事）

http://www.cnblogs.com/astwish/articles/3700459.html

git使方法推薦廖雪峰老師的git教程。

 

第一次提交項目前會要求添加SSH key，點擊add an SSH key，可以添加自己的公鑰到（公鑰可以有多個）：

 

本機生成SSH key，並復制藍底部分到上面的key框中：

$

ssh-keygen -t rsa -C valiant.jiang@timanetworks.com

#email要填你登錄gitlab的ldap關聯的email
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ONE/.ssh/id_rsa):
/home/ONE/.ssh/id_rsa already exists.
Overwrite (y/n)? n #我是no 因為已經有了不想再改

ONE@DESKTOP-BGP4M01 ~$ 

cat ~/.ssh/id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0V2KJgXp3O0p/5pE2apMJLg9W9ePQF8cOFUo03nEIX6IRjrHGmZjMX8napr9lJRU676pgJhekW/gbyn1DuSyBxurPe65vr/MpQMCMq/Pd00tA/z3irT5DIvfhLb+xhaTMJcT7UIBNvSjw4pUb2la3cKJzkbV01RzbESoNnpEqtnZsVY8Ys1WNHzRkgxO+EGQphf9HdEanRxOoIUKmOKtVUA8oiCpz0z6yyWnNFYnL6OMeviYiJ26n7eKTV5pqUmQtbzc3sKNTXsi+1Cw+3l1/l8Mbro2o6NGQP4lNfJGjFU6Q3t/uV4l+mpP11r0cqfzjF4gegxk0G9NiIomgAHmp valiant.jiang@timanetworks.com

ONE@DESKTOP-BGP4M01 ~$

 

按照project頁面的提示，設置全局的免密鑰代碼提交賬戶：

 

git config --global user.name "Valiant Jiang"

git config --global user.email valiant.jiang@timanetworks.com

git clone git@172.16.224.246:openstack/pythonweb.git
cd pythonweb
touch README.md
git add README.md
git commit -m "add README"
git push -u origin master

做完這一步，應該就可以收到系統發給你的push報告郵件了：

 

 

 

6、升級到最新穩定版

針對不同的安裝方式，GitLab官方提供了不同的升級方法，我們是手動安裝的omnibus包，所以用下面的鏈接升級：

 

 

 

https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/update/README.md#updating-from-gitlab-66-and-higher-to-the-latest-version

Updating from GitLab 6.6 and higher to the latest version

The procedure can also be used to upgrade from a CE omnibus package to an EE omnibus package.

First, download the latest CE or EE (license key required) package to your GitLab server.

Stop services but leave postgresql running for the database migrations and create a backup

sudo gitlab-ctl stop unicorn
sudo gitlab-ctl stop sidekiq
sudo gitlab-ctl stop nginx
sudo gitlab-rake gitlab:backup:create

Install the latest package

# Ubuntu/Debian:
sudo dpkg -i gitlab_x.x.x-omnibus.xxx.deb

# CentOS:
sudo rpm -Uvh gitlab-x.x.x_xxx.rpm

Reconfigure GitLab (includes running database migrations) and restart all services

sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart

Done!

Trouble? Check status details

sudo gitlab-ctl status
sudo gitlab-rake gitlab:check SANITIZE=true

 

 

7、實用鏈接

log文件詳解：http://doc.gitlab.com/ee/logs/logs.html

ldap配置：http://doc.gitlab.com/ce/integration/ldap.html

smtp配置：http://doc.gitlab.com/omnibus/settings/smtp.html

各版本升級地址：https://about.gitlab.com/update/

本次升級地址：https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/update/README.md#updating-from-gitlab-66-and-higher-to-the-latest-version