首先准備實驗環境
| 虛擬機 | 主機名 | IP地址 | 服務 | 系統版本 | 內核版本 |
| Vmware Workstation 14 | gitlab.example.com | 192.168.244.130 | gitlab | CentOS Linux release 7.5.1804 (Core) | 3.10.0-862.el7.x86_64 |
| jenkins.example.com | 192.168.244.131 | jenkis | |||
| ansible.example.com | 192.168.244.132 | asible |
除此之外,還要在宿主機win10系統下的C:\Windows\System32\drivers\etc\hosts文件中添加如下內容
192.168.244.130 gitlab.example.com 192.168.244.131 jenkins.example.com 192.168.244.132 ansible.example.com
關閉防火牆和selinux
[root@gitlab ~]# sed -i "s/enforcing/disabled/" /etc/selinux/config [root@gitlab ~]# systemctl stop firewalld && systemmctl disable firewalld [root@gitlab ~]# reboot [root@gitlab ~]# getenforce Permissive [root@server01 ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1)
安裝postfix並啟動
[root@gitlab ~]# yum install postfix [root@gitlab ~]# systemctl start postfix && systemctl enable postfix
安裝Gitlab組件及gitlab-ce
[root@gitlab ~]# yum install curl policycoreutils openssh-server openssh-clients [root@gitlab ~]# curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash [root@gitlab ~]# yum install -y gitlab-ce
也可以去https://packages.gitlab.com/gitlab/gitlab-ce/packages/el/7/gitlab-ce-10.0.0-ce.0.el7.x86_64.rpm安裝方法。
證書創建與配置加載
[root@gitlab ~]# mkdir -p /etc/gitlab/ssl 創建私有密鑰 [root@gitlab ~]# openssl genrsa -out "/etc/gitlab/ssl/gitlab.example.com.key" 2048 Generating RSA private key, 2048 bit long modulus ...............+++ ...............................................................................+++ e is 65537 (0x10001) 創建私有證書 [root@gitlab ~]# openssl req -new -key "/etc/gitlab/ssl/gitlab.example.com.key" -out "/etc/gitlab/ssl/gitlab.example.com.csr" You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:cn State or Province Name (full name) []:sh Locality Name (eg, city) [Default City]:sh Organization Name (eg, company) [Default Company Ltd]: #輸入空格,然后回車 Organizational Unit Name (eg, section) []: #輸入空格,然后回車 Common Name (eg, your name or your server's hostname) []:gitlab.example.com Email Address []:admin@example.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:123456 An optional company name []: #直接回車 查看 [root@gitlab ~]# ll /etc/gitlab/ssl/ total 8 -rw-r--r-- 1 root root 1066 Jan 2 15:32 gitlab.example.com.csr -rw-r--r-- 1 root root 1679 Jan 2 15:30 gitlab.example.com.key 接下來利用私有密鑰和私有證書創建CRT簽署證書 [root@gitlab ~]# openssl x509 -req -days 365 -in "/etc/gitlab/ssl/gitlab.example.com.csr" -signkey "/etc/gitlab/ssl/gitlab.example.com.key" -out "/etc/gitlab/ssl/gitlab.example.com.crt" Signature ok subject=/C=cn/ST=sh/L=sh/O= /OU= /CN=gitlab.example.com/emailAddress=admin@example.com Getting Private key 查看 [root@gitlab ~]# ll /etc/gitlab/ssl/ total 12 -rw-r--r-- 1 root root 1265 Jan 2 15:39 gitlab.example.com.crt -rw-r--r-- 1 root root 1066 Jan 2 15:32 gitlab.example.com.csr -rw-r--r-- 1 root root 1679 Jan 2 15:30 gitlab.example.com.key 利用openssl命令輸出pem證書 [root@gitlab ~]# openssl dhparam -out /etc/gitlab/ssl/dhparam.pem 2048 Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time ........................................................+................................................................................+.....................................+..................................................................................+..............................................+..................................................................................................................................+..+........................................................................................................................................+..............................................................................................................................................................................+......+..............+.....................................................+.................+.......................................................................................+..+.................................................................................................................................................+..........................................................+.............+.........+...........................................................+........................................................................................................................................................................................................................................+...................................................................................................................................................................................................................................................................................................................++*++* # 這個過程有點久 # 查看生成的證書 [root@gitlab ~]# ll /etc/gitlab/ssl/ total 16 -rw-r--r-- 1 root root 424 Jan 2 15:46 dhparam.pem -rw-r--r-- 1 root root 1265 Jan 2 15:39 gitlab.example.com.crt -rw-r--r-- 1 root root 1066 Jan 2 15:32 gitlab.example.com.csr -rw-r--r-- 1 root root 1679 Jan 2 15:30 gitlab.example.com.key 更改文件權限 [root@gitlab ~]# chmod 600 /etc/gitlab/ssl/* [root@gitlab ~]# ll /etc/gitlab/ssl/ total 16 -rw------- 1 root root 424 Jan 2 15:46 dhparam.pem -rw------- 1 root root 1265 Jan 2 15:39 gitlab.example.com.crt -rw------- 1 root root 1066 Jan 2 15:32 gitlab.example.com.csr -rw------- 1 root root 1679 Jan 2 15:30 gitlab.example.com.key
配置gitlab
[root@gitlab ~]# cp /etc/gitlab/gitlab.rb{,.bak} [root@gitlab ~]# vim /etc/gitlab/gitlab.rb ## 更改如下 13 external_url 'https://gitlab.example.com' 13行左右 952 nginx['redirect_http_to_https'] = true 964 nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.example.com.crt" 965 nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.example.com.key" 979 # nginx['ssl_dhparam'] = /etc/gitlab/ssl/dhparam.pem # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
初始化gitlab相關服務配置
[root@gitlab ~]# gitlab-ctl reconfigure Starting Chef Client, version 13.6.4 resolving cookbooks for run list: ["gitlab"] Synchronizing Cookbooks: - gitlab (0.0.1) - package (0.1.0) - postgresql (0.1.0) - redis (0.1.0) - mattermost (0.1.0) - registry (0.1.0) - gitaly (0.1.0) - consul (0.0.0) - nginx (0.1.0) - runit (0.14.2) - letsencrypt (0.1.0) - acme (3.1.0) - crond (0.1.0) - compat_resource (12.19.0) Installing Cookbook Gems: Compiling Cookbooks... Recipe: gitlab::default * directory[/etc/gitlab] action create - change mode from '0755' to '0775' Converging 493 resources * directory[/etc/gitlab] action create (up to date) * directory[Create /var/opt/gitlab] action create - create new directory /var/opt/gitlab - change mode from '' to '0755' - change owner from '' to 'root' - change group from '' to 'root' * directory[/opt/gitlab/embedded/etc] action create - create new directory /opt/gitlab/embedded/etc - change mode from '' to '0755' - change owner from '' to 'root' - change group from '' to 'root' * template[/opt/gitlab/embedded/etc/gitconfig] action create - create new file /opt/gitlab/embedded/etc/gitconfig - update content in file /opt/gitlab/embedded/etc/gitconfig from none to 987af3 。。。。過程有點長,需要等一會(看個人服務器配置了) Running handlers: Running handlers complete Chef Client finished, 454/655 resources updated in 02 minutes 16 seconds gitlab Reconfigured! # 出現這個表示配置沒有問題!
對nginx配置
[root@gitlab ~]# cp /var/opt/gitlab/nginx/conf/gitlab-http.conf{,.bak} [root@gitlab ~]# vim /var/opt/gitlab/nginx/conf/gitlab-http.conf 37 server_name gitlab.example.com; #在此行下面添加38行的內容 38 rewrite ^(.*)$ https://$host$1 permanent;
重啟gitlab
[root@gitlab ~]# gitlab-ctl restart ok: run: alertmanager: (pid 6526) 1s ok: run: gitaly: (pid 6543) 0s ok: run: gitlab-monitor: (pid 6556) 0s ok: run: gitlab-workhorse: (pid 6579) 1s ok: run: logrotate: (pid 6589) 0s ok: run: nginx: (pid 6597) 1s ok: run: node-exporter: (pid 6681) 0s ok: run: postgres-exporter: (pid 6687) 1s ok: run: postgresql: (pid 6698) 0s ok: run: prometheus: (pid 6706) 0s ok: run: redis: (pid 6722) 0s ok: run: redis-exporter: (pid 6856) 0s ok: run: sidekiq: (pid 6866) 0s ok: run: unicorn: (pid 6880) 0s # 可以看出gitlab的所有服務重啟完成
使用宿主機win10下的chrome瀏覽器訪問gitlab.example.com:80
開始使用gitlab
創建一個測試工程
復制倉庫地址
回到win10宿主機,重新打開一個git命令行窗口如下所示操作
# 粘貼倉庫地址回車后會彈出輸入賬戶和密碼的窗口
之后就會將空的測試倉庫克隆到本地宿主機的桌面上的repo目錄下
xueji@xueji MINGW64 ~/Desktop/repo $ git -c http.sslVerify=false clone https://gitlab.example.com/root/test-repo.git Cloning into 'test-repo'... warning: You appear to have cloned an empty repository. xueji@xueji MINGW64 ~/Desktop/repo $ pwd /c/Users/xueji/Desktop/repo xueji@xueji MINGW64 ~/Desktop/repo $ ls test-repo/ xueji@xueji MINGW64 ~/Desktop/repo $ ls test-repo/
在win10宿主機下的test-repo目錄下新建一個test.py文件,並上傳至gitlab
xueji@xueji MINGW64 ~/Desktop/repo $ cd test-repo/ xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master) $ vi test.py xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master) $ git add . warning: LF will be replaced by CRLF in test.py. The file will have its original line endings in your working directory xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master) $ git commit -m"First Commit" [master (root-commit) 93bd740] First Commit Committer: unknown <xueji@pin.com> Your name and email address were configured automatically based on your username and hostname. Please check that they are accurate. You can suppress this message by setting them explicitly. Run the following command and follow the instructions in your editor to edit your configuration file: git config --global --edit After doing this, you may fix the identity used for this commit with: git commit --amend --reset-author 1 file changed, 1 insertion(+) create mode 100644 test.py xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master) $ git config --global user.email "admin@example.com" xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master) $ git config --global user.name "admin" xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master) $ git commit -m"First Commit" On branch master Your branch is based on 'origin/master', but the upstream is gone. (use "git branch --unset-upstream" to fixup) nothing to commit, working tree clean xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master) $ git -c http.sslVerify=false push master fatal: 'master' does not appear to be a git repository fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master)
報錯,跟據提示信息我們進行如下操作
xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master) $ git branch --unset-upstream xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master) $ git add . xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master) $ git config --global user.email "admin@example.com" xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master) $ git config --global user.name "admin" xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master) $ git commit -m"First Commit" On branch master nothing to commit, working tree clean xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master) $ git commit -m"Second Commit" On branch master nothing to commit, working tree clean xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master) $ git -c http.sslVerify=false push origin master Enumerating objects: 3, done. Counting objects: 100% (3/3), done. Writing objects: 100% (3/3), 242 bytes | 242.00 KiB/s, done. Total 3 (delta 0), reused 0 (delta 0) To https://gitlab.example.com/root/test-repo.git * [new branch] master -> master
回到gitlab的瀏覽器頁面,刷新查看
已經成功上傳到test-repo工程當中。
Gitlab應用
比如說Systeminfo
比如說日志
需要我們關注的是application.log和production.log兩項
比如說健康狀況
創建開發人員及leader的賬號
開發人員賬號
其他選項不要動,點擊創建即可。
創建leader的賬號
其他也不要動。
建好后的賬戶
同理添加lead賬戶
更改兩個賬戶的密碼
其他選項保持不變,然后點擊頁面最下面的save changes,同理更改lead的密碼
使用dev賬戶進行git命令行的提交操作
## 以下步驟也是在win10宿主機上進行的 xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master) $ pwd /c/Users/xueji/Desktop/repo/test-repo xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master) $ cd .. xueji@xueji MINGW64 ~/Desktop/repo $ rm -rf test-repo/ $ git -c http.sslVerify=false clone https://gitlab.example.com/root/test-repo.git Cloning into 'test-repo'... remote: Enumerating objects: 3, done. remote: Counting objects: 100% (3/3), done. remote: Total 3 (delta 0), reused 0 (delta 0) Unpacking objects: 100% (3/3), done. # 這一步就很尷尬了,本來是想要驗證dev賬戶的,誰知道什么都不需要輸入就直接可以clone下來。 xueji@xueji MINGW64 ~/Desktop/repo $ ls test-repo/ xueji@xueji MINGW64 ~/Desktop/repo $ ls test-repo/ test.py xueji@xueji MINGW64 ~/Desktop/repo $ cd test-repo/ xueji@xueji MINGW64 ~/Desktop/repo/test-repo (master) $ git checkout -b release-1.0 #創建開發人員版本 Switched to a new branch 'release-1.0' xueji@xueji MINGW64 ~/Desktop/repo/test-repo (release-1.0) $ ls test.py xueji@xueji MINGW64 ~/Desktop/repo/test-repo (release-1.0) $ vim test.py xueji@xueji MINGW64 ~/Desktop/repo/test-repo (release-1.0) $ cat test.py print("This is a test python file for release-1.0!") xueji@xueji MINGW64 ~/Desktop/repo/test-repo (release-1.0) $ git -c http.sslVerify=false push origin release-1.0 Enumerating objects: 5, done. Counting objects: 100% (5/5), done. Delta compression using up to 4 threads Compressing objects: 100% (2/2), done. Writing objects: 100% (3/3), 287 bytes | 287.00 KiB/s, done. Total 3 (delta 0), reused 0 (delta 0) remote: remote: To create a merge request for release-1.0, visit: remote: https://gitlab.example.com/root/test-repo/merge_requests/new?merge_request%5Bsource_branch%5D=release-1.0 remote: To https://gitlab.example.com/root/test-repo.git * [new branch] release-1.0 -> release-1.0 # 我靠,估計版本不一樣,這一步不需要輸入賬戶名和密碼
返回gitlab的瀏覽器頁面
使用開發賬戶登錄
設置新密碼
至此,gitlab安裝配置完成,接下來演示gitlab應用:
開發人員創建一個分支,然后發申請到主管請求合並到主分支,
回到gitbash命令行,首先刪除之前的test-repo目錄:
然后使用dev賬號登陸gitlab,並復制gitlab倉庫地址:
本地提交並推送到gitlab遠端:
開始提交合並到主分支的申請
接着退出當前的dev賬號,使用lead賬號登錄,同樣lead賬號首次登錄需要更改密碼,步驟同dev一樣:
jenkins的配置與使用見Jenkins+Gitlab+Ansible自動化部署(二)。