1 - GitLab安裝
1.1 信息確認
[Anliven@node102 ~]$ uname -a
Linux node102 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[Anliven@node102 ~]$ cat /etc/system-release
CentOS Linux release 7.5.1804 (Core)
[Anliven@node102 ~]$
1.2 准備步驟
# 安裝依賴
sudo yum install -y curl policycoreutils-python openssh-server postfix
# 啟動SSH和postfix
sudo systemctl enable sshd
sudo systemctl start sshd
sudo systemctl enable postfix
sudo systemctl start postfix
# 開放端口
sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --reload
1.3 安裝方式1:Yum
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
sudo yum install -y gitlab-ce
1.4 安裝方式2:下載並安裝rpm包
清華鏡像:https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/
注意:可以單獨下載RPM包,然后上傳到Server,要節約時間點。
wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-12.5.0-ce.0.el7.x86_64.rpm
rpm -i gitlab-ce-12.5.0-ce.0.el7.x86_64.rpm
2 - 初始化配置
GitLab默認的配置文件路徑:/etc/gitlab/
- /etc/gitlab/gitlab.rb:主配置文件,包含外部URL、倉庫目錄、備份目錄等
- /etc/gitlab/gitlab-secrets.json:(執行gitlab-ctl reconfigure命令行后生成),包含各類密鑰的加密信息
2.1 初始化配置
- 配置首頁地址(需將設置的域名DNS解析到服務器IP,或者修改本地host將域名指向服務器IP)
- 修改服務端口,避免和其他服務端口沖突
- 重新配置並啟動,使配置生效,並確認相關組件或進程的狀態
- 設置賬號密碼和管理員信息
[root@node102 ~]# ll /etc/gitlab/
total 96
-rw------- 1 root root 97727 Nov 26 23:05 gitlab.rb
[root@node102 ~]#
[root@node102 ~]# cat /etc/gitlab/gitlab.rb |grep -v "#" |grep -Ev "^$"
external_url 'http://gitlab.example.com'
[root@node102 ~]#
[root@node102 ~]# vim /etc/gitlab/gitlab.rb
[root@node102 ~]#
[root@node102 ~]# cat /etc/gitlab/gitlab.rb |grep -v "#" |grep -Ev "^$"
external_url 'http://192.168.16.102'
unicorn['listen'] = '192.168.16.102'
unicorn['port'] = 8081
[root@node102 ~]#
[root@test102 ~]# gitlab-ctl diff-config
diff --git a/etc/gitlab/gitlab.rb b/opt/gitlab/etc/gitlab.rb.template
index 3e27e40..31c0b45 100644
--- a/etc/gitlab/gitlab.rb
+++ b/opt/gitlab/etc/gitlab.rb.template
@@ -20,7 +20,7 @@
##! URL on which GitLab will be reachable.
##! For more details on configuring external_url see:
##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
-external_url 'http://192.168.16.102'
+external_url 'GENERATED_EXTERNAL_URL'
## Roles for multi-instance GitLab
##! The default is to have no roles enabled, which results in GitLab running as an all-in-one instance.
@@ -740,8 +740,8 @@ external_url 'http://192.168.16.102'
# unicorn['worker_processes'] = 2
### Advanced settings
-unicorn['listen'] = '192.168.16.102'
-unicorn['port'] = 8081
+# unicorn['listen'] = 'localhost'
+# unicorn['port'] = 8080
# unicorn['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
# unicorn['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid'
# unicorn['tcp_nopush'] = true
[root@test102 ~]#
[root@node102 ~]# firewall-cmd --zone=public --permanent --add-port=8081/tcp
success
[root@node102 ~]# firewall-cmd --reload
success
[root@node102 ~]#
[root@node102 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3 enp0s8
sources:
services: ssh dhcpv6-client http
ports: 8081/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@node102 ~]#
[root@node102 ~]# gitlab-ctl reconfigure
Starting Chef Client, version 14.13.11
resolving cookbooks for run list: ["gitlab"]
Synchronizing Cookbooks:
- gitlab (0.0.1)
- package (0.1.0)
- postgresql (0.1.0)
- redis (0.1.0)
- monitoring (0.1.0)
- registry (0.1.0)
- mattermost (0.1.0)
- consul (0.1.0)
- gitaly (0.1.0)
- nginx (0.1.0)
- praefect (0.1.0)
- letsencrypt (0.1.0)
- runit (4.3.0)
- acme (4.0.0)
- crond (0.1.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Recipe: gitlab::default
......
......
......
Recipe: <Dynamically Defined Resource>
* service[alertmanager] action restart
- restart service service[alertmanager]
* service[postgres-exporter] action restart
- restart service service[postgres-exporter]
* service[grafana] action restart
- restart service service[grafana]
Running handlers:
Running handlers complete
Chef Client finished, 543/1455 resources updated in 04 minutes 09 seconds
gitlab Reconfigured!
[root@node102 ~]#
[root@node102 ~]# gitlab-ctl status
run: alertmanager: (pid 6469) 45s; run: log: (pid 6123) 128s
run: gitaly: (pid 6335) 50s; run: log: (pid 5516) 263s
run: gitlab-exporter: (pid 6380) 48s; run: log: (pid 5972) 146s
run: gitlab-workhorse: (pid 6358) 49s; run: log: (pid 5882) 174s
run: grafana: (pid 6529) 44s; run: log: (pid 6273) 74s
run: logrotate: (pid 5920) 159s; run: log: (pid 5929) 158s
run: nginx: (pid 5893) 171s; run: log: (pid 5905) 167s
run: node-exporter: (pid 6367) 49s; run: log: (pid 5960) 152s
run: postgres-exporter: (pid 6488) 45s; run: log: (pid 6150) 121s
run: postgresql: (pid 5632) 255s; run: log: (pid 5644) 254s
run: prometheus: (pid 6406) 47s; run: log: (pid 6080) 132s
run: redis: (pid 5471) 272s; run: log: (pid 5479) 271s
run: redis-exporter: (pid 6384) 48s; run: log: (pid 6003) 140s
run: sidekiq: (pid 5842) 183s; run: log: (pid 5853) 180s
run: unicorn: (pid 5803) 189s; run: log: (pid 5835) 186s
[root@node102 ~]#
2.2 登錄
http://192.168.16.102 注意:這個地址是“external_url 'http://192.168.16.102'”
首次登錄顯示為密碼設置界面,設置管理員密碼,管理員賬號默認username是root
設置完成之后,刷新即可使用root賬號登錄,登陸后會進入歡迎界面。
2.3 更新管理員資料
2.4 查看管理員面板
Admin Area的主面板顯示整體數據,左側導航菜單可以查看具體的分類信息
2.5 創建新用戶
方式1:管理員直接創建用戶
Admin Area ---》New user,根據規則和需要分別設置Account、Access部分,Password部分可以由本人進行設置。
查看郵箱,點擊郵件中的鏈接,設置密碼並登陸
方式2:用戶直接注冊新的賬戶
在GitLab登錄界面,直接點擊“Register”,添加用戶相關信息。
3 - GitLab常用配置
3.1 配置Git存儲倉庫目錄
默認存儲目錄為/var/opt/gitlab/git-data/repositories
[root@test102 ~]# ll /var/opt/gitlab/git-data/
total 0
drwxrws--- 3 git root 45 Nov 27 13:53
[root@test102 ~]#
如果要更新或增加存儲倉庫目錄,可以修改/etc/gitlab/gitlab.rb配置文件中git_data_dirs部分的內容,然后執行“gitlab-ctl reconfigure”命令使之生效。
例如:
git_data_dirs({
"default" => {"path" => "/var/opt/gitlab/git-data"}
"newrepo" => {"path" => "/mnt/nfs-01/git-data"}
})
特別注意:
- 如果修改倉庫目錄,用戶有權限訪問,否則重新配置時會報錯。
- 修改倉庫目錄后,必須將舊倉庫的數據遷移到新目錄下,否則相關項目會提示“沒有倉庫”。
sudo gitlab-ctl upgrade # 組件更新(可選)
sudo gitlab-ctl stop # 停止服務
sudo rsync -av <old-dir> <new-dir>/ # 目錄同步(注意斜杠的作用)
ls <new-dir> # 檢查文件及目錄層級
sudo gitlab-ctl start # 啟動服務
sudo gitlab-ctl reconfigure # 重配置
3.2 配置郵件SMTP
GitLab可以直接發送郵件,但如果內網對網絡訪問有限制,就需要配置內部的SMTP服務來發送郵件。
[root@test102 ~]# cat -n /etc/gitlab/gitlab.rb |grep smtp
559 ###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
560 ###! **Use smtp instead of sendmail/postfix.**
562 # gitlab_rails['smtp_enable'] = true
563 # gitlab_rails['smtp_address'] = "smtp.server"
564 # gitlab_rails['smtp_port'] = 465
565 # gitlab_rails['smtp_user_name'] = "smtp user"
566 # gitlab_rails['smtp_password'] = "smtp password"
567 # gitlab_rails['smtp_domain'] = "example.com"
568 # gitlab_rails['smtp_authentication'] = "login"
569 # gitlab_rails['smtp_enable_starttls_auto'] = true
570 # gitlab_rails['smtp_tls'] = false
574 # gitlab_rails['smtp_openssl_verify_mode'] = 'none'
576 # gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
577 # gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
[root@test102 ~]#
此外,也可以修改郵件的默認發送地址、顯示名稱等信息。
[root@test102 ~]# cat -n /etc/gitlab/gitlab.rb |grep gitlab_email
60 # gitlab_rails['gitlab_email_enabled'] = true
61 # gitlab_rails['gitlab_email_from'] = 'example@example.com'
62 # gitlab_rails['gitlab_email_display_name'] = 'Example'
63 # gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
64 # gitlab_rails['gitlab_email_subject_suffix'] = ''
65 # gitlab_rails['gitlab_email_smime_enabled'] = false
66 # gitlab_rails['gitlab_email_smime_key_file'] = '/etc/gitlab/ssl/gitlab_smime.key'
67 # gitlab_rails['gitlab_email_smime_cert_file'] = '/etc/gitlab/ssl/gitlab_smime.crt'
[root@test102 ~]#
郵件發送測試
[root@test102 ~]# gitlab-rails console
--------------------------------------------------------------------------------
GitLab: 12.5.0 (1f0ab8978ef)
GitLab Shell: 10.2.0
PostgreSQL: 10.9
--------------------------------------------------------------------------------
Loading production environment (Rails 5.2.3)
irb(main):001:0> Notify.test_email('anliven@126.com','test','test').deliver_now
Notify#test_email: processed outbound mail in 1.4ms
Sent mail to anliven@126.com (73.0ms)
Date: Wed, 27 Nov 2019 15:12:58 +0800
From: GitLab <gitlab@192.168.16.102>
Reply-To: GitLab <noreply@192.168.16.102>
To: anliven@126.com
Message-ID: <5dde21fa612d4_3a1b3fcb38fcf9c0651b@test102.mail>
Subject: test
Mime-Version: 1.0
Content-Type: text/html;
charset=UTF-8
Content-Transfer-Encoding: 7bit
Auto-Submitted: auto-generated
X-Auto-Response-Suppress: All
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>test</p></body></html>
=> #<Mail::Message:70141649239780, Multipart: false, Headers: <Date: Wed, 27 Nov 2019 15:12:58 +0800>, <From: GitLab <gitlab@192.168.16.102>>, <Reply-To: GitLab <noreply@192.168.16.102>>, <To: anliven@126.com>, <Message-ID: <5dde21fa612d4_3a1b3fcb38fcf9c0651b@test102.mail>>, <Subject: test>, <Mime-Version: 1.0>, <Content-Type: text/html; charset=UTF-8>, <Content-Transfer-Encoding: 7bit>, <Auto-Submitted: auto-generated>, <X-Auto-Response-Suppress: All>>
irb(main):002:0>
irb(main):003:0> exit
[root@test102 ~]#
3.3 禁用創建組權限
GitLab默認所有的注冊用戶都可以創建組,在實際使用中,通常只會給指定的少部分用戶相關權限。
將/etc/gitlab/gitlab.rb中的gitlab_rails['gitlab_default_can_create_group']參數設為false,然后重載配置即可。
[root@test102 ~]# cat -n /etc/gitlab/gitlab.rb |grep "create_group"
70 # gitlab_rails['gitlab_default_can_create_group'] = true
[root@test102 ~]#
3.4 集成OpenLDAP
設置/etc/gitlab/gitlab.rb文件中關於LDAP的內容,並重載配置,然后通過“gitlab-rake gitlab:ldap:check
”命令驗證是否是否能正常獲取用戶列表,最后重啟gitlab服務。
[root@test102 ~]# cat -n /etc/gitlab/gitlab.rb |grep "LDAP Settings"
296 ### LDAP Settings
[root@test102 ~]#
3.5 GitLab個人中文界面
登錄后,點擊右上角用戶頭像---》Settings---》Preferences---》Localization部分的Language項目---》選擇“簡體中文”並保存更改---》刷新頁面。
4 - 日志查看
gitlab-ctl tail # 查看所有GitLab日志
gitlab-ctl tail <module-name> # 查看某個組件的日志
gitlab-ctl tail <module-name>/<log-name> # 查看某個組件的某個類型日志
日志目錄:/var/log/gitlab/
[root@test102 ~]# ll /var/log/gitlab/
total 0
drwx------ 2 gitlab-prometheus root 47 Nov 27 13:55 alertmanager
drwx------ 2 git root 47 Nov 27 13:53 gitaly
drwx------ 2 git root 47 Nov 27 13:55 gitlab-exporter
drwx------ 2 git root 238 Nov 27 14:00 gitlab-rails
drwx------ 2 git root 6 Nov 27 13:53 gitlab-shell
drwx------ 2 git root 47 Nov 27 13:54 gitlab-workhorse
drwx------ 2 gitlab-prometheus root 47 Nov 27 13:56 grafana
drwx------ 2 root root 47 Nov 27 13:55 logrotate
drwxr-x--- 2 root gitlab-www 131 Nov 27 13:54 nginx
drwx------ 2 gitlab-prometheus root 47 Nov 27 13:55 node-exporter
drwx------ 2 gitlab-psql root 47 Nov 27 13:55 postgres-exporter
drwx------ 2 gitlab-psql root 47 Nov 27 13:53 postgresql
drwx------ 2 gitlab-prometheus root 47 Nov 27 13:55 prometheus
drwxr-xr-x 2 root root 50 Nov 27 15:04 reconfigure
drwx------ 2 gitlab-redis root 47 Nov 27 13:53 redis
drwx------ 2 gitlab-redis root 47 Nov 27 13:55 redis-exporter
drwx------ 2 git root 47 Nov 27 13:54 sidekiq
drwx------ 2 git root 99 Nov 27 13:54 unicorn
[root@test102 ~]#
[root@test102 ~]# ll /var/log/gitlab/nginx/
total 32
-rw-r--r-- 1 root root 0 Nov 27 13:54 access.log
-rw-r--r-- 1 root root 30 Nov 27 13:54 config
-rw-r--r-- 1 root root 0 Nov 27 13:54 current
-rw-r--r-- 1 root root 0 Nov 27 13:54 error.log
-rw-r--r-- 1 root root 28553 Nov 27 15:25 gitlab_access.log
-rw-r--r-- 1 root root 0 Nov 27 13:54 gitlab_error.log
-rw------- 1 root root 0 Nov 27 13:54 lock
[root@test102 ~]#
5 - GitLab-ctl常用命令
gitlab-ctl reconfigure # 重載配置
gitlab-ctl check-config # 檢查配置並啟動
gitlab-ctl diff-config # 將用戶配置與包可用配置進行比較
gitlab-ctl status # 查看所有啟動組件的進程和狀態
gitlab-ctl service-list # 查看所有服務
gitlab-ctl stop # 停止GitLab服務
gitlab-ctl start # 啟動GitLab服務
gitlab-ctl restart # 重啟GitLab服務
gitlab-ctl once # 如果GitLab服務已停止則啟動服務,如果GitLab服務已啟動則重啟GitLab服務
gitlab-ctl help
# gitlab-ctl help
omnibus-ctl: command (subcommand)
check-config
Check if there are any configuration in gitlab.rb that is removed in specified version
deploy-page
Put up the deploy page
diff-config
Compare the user configuration with package available configuration
prometheus-upgrade
Upgrade the Prometheus data to the latest supported version
remove-accounts
Delete *all* users and groups used by this package
reset-grafana
Reset Grafana instance to its initial state by removing the data directory
set-grafana-password
Reset admin password for Grafana
upgrade
Run migrations after a package upgrade
General Commands:
cleanse
Delete *all* gitlab data, and start from scratch.
help
Print this help message.
reconfigure
Reconfigure the application.
show-config
Show the configuration that would be generated by reconfigure.
uninstall
Kill all processes and uninstall the process supervisor (data will be preserved).
Service Management Commands:
graceful-kill
Attempt a graceful stop, then SIGKILL the entire process group.
hup
Send the services a HUP.
int
Send the services an INT.
kill
Send the services a KILL.
once
Start the services if they are down. Do not restart them if they stop.
restart
Stop the services if they are running, then start them again.
service-list
List all the services (enabled services appear with a *.)
start
Start services if they are down, and restart them if they stop.
status
Show the status of all the services.
stop
Stop the services, and do not restart them.
tail
Watch the service logs of all enabled services.
term
Send the services a TERM.
usr1
Send the services a USR1.
usr2
Send the services a USR2.
Backup Commands:
backup-etc
Backup GitLab configuration [accepts directory path]
Let's Encrypt Commands:
renew-le-certs
Renew the existing Let's Encrypt certificates
Database Commands:
pg-password-md5
Generate MD5 Hash of user password in PostgreSQL format
pg-upgrade
Upgrade the PostgreSQL DB to the latest supported version
revert-pg-upgrade
Run this to revert to the previous version of the database
set-replication-password
Set database replication password
Container Registry Commands:
registry-garbage-collect
Run Container Registry garbage collection.
6 - 問題處理
修改root密碼
https://docs.gitlab.com/ce/security/reset_root_password.html
[root@node102 ~]# gitlab-rails console -e production
--------------------------------------------------------------------------------
GitLab: 12.5.0 (1f0ab8978ef)
GitLab Shell: 10.2.0
PostgreSQL: 10.9
--------------------------------------------------------------------------------
Loading production environment (Rails 5.2.3)
irb(main):001:0> user = User.where(id: 1).first
=> #<User id:1 @root>
irb(main):002:0> user = User.find_by(email: 'admin@example.com')
=> #<User id:1 @root>
irb(main):003:0> user.password = 'secret_pass'
=> "secret_pass"
irb(main):004:0> user.password_confirmation = 'secret_pass'
=> "secret_pass"
irb(main):005:0> user.save!
Enqueued ActionMailer::DeliveryJob (Job ID: 90526cdc-8d61-458f-bb85-bd1f2797c5b1) to Sidekiq(mailers) with arguments: "DeviseMailer", "password_change", "deliver_now", #<GlobalID:0x00007fc0b4541088 @uri=#<URI::GID gid://gitlab/User/1>>
=> true
irb(main):006:0> exit
[root@node102 ~]#
7 - 參考信息
- 官網:https://about.gitlab.com/install/#centos-7
- CentOS 7 下 GitLab安裝部署教程:https://ken.io/note/centos7-gitlab-install-tutorial