1 - GitLab安裝
1.1 信息確認
[Anliven@node102 ~]$ uname -a Linux node102 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux [Anliven@node102 ~]$ cat /etc/system-release CentOS Linux release 7.5.1804 (Core) [Anliven@node102 ~]$
1.2 準備步驟
# 安裝依賴 sudo yum install -y curl policycoreutils-python openssh-server postfix # 啓動SSH和postfix sudo systemctl enable sshd sudo systemctl start sshd sudo systemctl enable postfix sudo systemctl start postfix # 開放端口 sudo firewall-cmd --add-service=ssh --permanent sudo firewall-cmd --add-service=http --permanent sudo firewall-cmd --reload
1.3 安裝方式1:Yum
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash sudo yum install -y gitlab-ce
1.4 安裝方式2:下載並安裝rpm包
清華鏡像:https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/ html
注意:能夠單獨下載RPM包,而後上傳到Server,要節約時間點。node
wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-12.5.0-ce.0.el7.x86_64.rpm rpm -i gitlab-ce-12.5.0-ce.0.el7.x86_64.rpm
2 - 初始化配置
GitLab默認的配置文件路徑:/etc/gitlab/python
- /etc/gitlab/gitlab.rb:主配置文件,包含外部URL、倉庫目錄、備份目錄等
- /etc/gitlab/gitlab-secrets.json:(執行gitlab-ctl reconfigure命令行後生成),包含各種密鑰的加密信息
2.1 初始化配置
- 配置首頁地址(需將設置的域名DNS解析到服務器IP,或者修改本地host將域名指向服務器IP)
- 修改服務端口,避免和其餘服務端口衝突
- 從新配置並啓動,使配置生效,並確認相關組件或進程的狀態
- 設置帳號密碼和管理員信息
[root@node102 ~]# ll /etc/gitlab/
total 96
-rw------- 1 root root 97727 Nov 26 23:05 gitlab.rb
[root@node102 ~]#
[root@node102 ~]# cat /etc/gitlab/gitlab.rb |grep -v "#" |grep -Ev "^$"
external_url 'http://gitlab.example.com'
[root@node102 ~]#
[root@node102 ~]# vim /etc/gitlab/gitlab.rb
[root@node102 ~]#
[root@node102 ~]# cat /etc/gitlab/gitlab.rb |grep -v "#" |grep -Ev "^$"
external_url 'http://192.168.16.102'
unicorn['listen'] = '192.168.16.102'
unicorn['port'] = 8081
[root@node102 ~]#
[root@test102 ~]# gitlab-ctl diff-config
diff --git a/etc/gitlab/gitlab.rb b/opt/gitlab/etc/gitlab.rb.template
index 3e27e40..31c0b45 100644
--- a/etc/gitlab/gitlab.rb
+++ b/opt/gitlab/etc/gitlab.rb.template
@@ -20,7 +20,7 @@
##! URL on which GitLab will be reachable.
##! For more details on configuring external_url see:
##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
-external_url 'http://192.168.16.102'
+external_url 'GENERATED_EXTERNAL_URL'
## Roles for multi-instance GitLab
##! The default is to have no roles enabled, which results in GitLab running as an all-in-one instance.
@@ -740,8 +740,8 @@ external_url 'http://192.168.16.102'
# unicorn['worker_processes'] = 2
### Advanced settings
-unicorn['listen'] = '192.168.16.102'
-unicorn['port'] = 8081
+# unicorn['listen'] = 'localhost'
+# unicorn['port'] = 8080
# unicorn['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
# unicorn['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid'
# unicorn['tcp_nopush'] = true
[root@test102 ~]#
[root@node102 ~]# firewall-cmd --zone=public --permanent --add-port=8081/tcp
success
[root@node102 ~]# firewall-cmd --reload
success
[root@node102 ~]#
[root@node102 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3 enp0s8
sources:
services: ssh dhcpv6-client http
ports: 8081/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@node102 ~]#
[root@node102 ~]# gitlab-ctl reconfigure
Starting Chef Client, version 14.13.11
resolving cookbooks for run list: ["gitlab"]
Synchronizing Cookbooks:
- gitlab (0.0.1)
- package (0.1.0)
- postgresql (0.1.0)
- redis (0.1.0)
- monitoring (0.1.0)
- registry (0.1.0)
- mattermost (0.1.0)
- consul (0.1.0)
- gitaly (0.1.0)
- nginx (0.1.0)
- praefect (0.1.0)
- letsencrypt (0.1.0)
- runit (4.3.0)
- acme (4.0.0)
- crond (0.1.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Recipe: gitlab::default
......
......
......
Recipe: <Dynamically Defined Resource>
* service[alertmanager] action restart
- restart service service[alertmanager]
* service[postgres-exporter] action restart
- restart service service[postgres-exporter]
* service[grafana] action restart
- restart service service[grafana]
Running handlers:
Running handlers complete
Chef Client finished, 543/1455 resources updated in 04 minutes 09 seconds
gitlab Reconfigured!
[root@node102 ~]#
[root@node102 ~]# gitlab-ctl status
run: alertmanager: (pid 6469) 45s; run: log: (pid 6123) 128s
run: gitaly: (pid 6335) 50s; run: log: (pid 5516) 263s
run: gitlab-exporter: (pid 6380) 48s; run: log: (pid 5972) 146s
run: gitlab-workhorse: (pid 6358) 49s; run: log: (pid 5882) 174s
run: grafana: (pid 6529) 44s; run: log: (pid 6273) 74s
run: logrotate: (pid 5920) 159s; run: log: (pid 5929) 158s
run: nginx: (pid 5893) 171s; run: log: (pid 5905) 167s
run: node-exporter: (pid 6367) 49s; run: log: (pid 5960) 152s
run: postgres-exporter: (pid 6488) 45s; run: log: (pid 6150) 121s
run: postgresql: (pid 5632) 255s; run: log: (pid 5644) 254s
run: prometheus: (pid 6406) 47s; run: log: (pid 6080) 132s
run: redis: (pid 5471) 272s; run: log: (pid 5479) 271s
run: redis-exporter: (pid 6384) 48s; run: log: (pid 6003) 140s
run: sidekiq: (pid 5842) 183s; run: log: (pid 5853) 180s
run: unicorn: (pid 5803) 189s; run: log: (pid 5835) 186s
[root@node102 ~]#
2.2 登陸
http://192.168.16.102 注意:這個地址是「external_url 'http://192.168.16.102'」 首次登陸顯示爲密碼設置界面,設置管理員密碼,管理員帳號默認username是root 設置完成以後,刷新便可使用root帳號登陸,登錄後會進入歡迎界面。 nginx
2.3 更新管理員資料
2.4 查看管理員面板
Admin Area的主面板顯示總體數據,左側導航菜單能夠查看具體的分類信息 git
2.5 建立新用戶
方式1:管理員直接建立用戶
Admin Area ---》New user,根據規則和須要分別設置Account、Access部分,Password部分能夠由本人進行設置。 redis
查看郵箱,點擊郵件中的連接,設置密碼並登錄 sql
方式2:用戶直接註冊新的帳戶
在GitLab登陸界面,直接點擊「Register」,添加用戶相關信息。 shell
3 - GitLab經常使用配置
3.1 配置Git存儲倉庫目錄
默認存儲目錄爲/var/opt/gitlab/git-data/repositoriesjson
[root@test102 ~]# ll /var/opt/gitlab/git-data/ total 0 drwxrws--- 3 git root 45 Nov 27 13:53 [root@test102 ~]#
若是要更新或增長存儲倉庫目錄,能夠修改/etc/gitlab/gitlab.rb配置文件中git_data_dirs部分的內容,而後執行「gitlab-ctl reconfigure」命令使之生效。 例如:vim
git_data_dirs({
"default" => {"path" => "/var/opt/gitlab/git-data"}
"newrepo" => {"path" => "/mnt/nfs-01/git-data"}
})
特別注意:
- 若是修改倉庫目錄,用戶有權限訪問,不然從新配置時會報錯。
- 修改倉庫目錄後,必須將舊倉庫的數據遷移到新目錄下,不然相關項目會提示「沒有倉庫」。
sudo gitlab-ctl upgrade # 組件更新(可選) sudo gitlab-ctl stop # 中止服務 sudo rsync -av <old-dir> <new-dir>/ # 目錄同步(注意斜槓的做用) ls <new-dir> # 檢查文件及目錄層級 sudo gitlab-ctl start # 啓動服務 sudo gitlab-ctl reconfigure # 重配置
3.2 配置郵件SMTP
GitLab能夠直接發送郵件,但若是內網對網絡訪問有限制,就須要配置內部的SMTP服務來發送郵件。
[root@test102 ~]# cat -n /etc/gitlab/gitlab.rb |grep smtp 559 ###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html 560 ###! **Use smtp instead of sendmail/postfix.** 562 # gitlab_rails['smtp_enable'] = true 563 # gitlab_rails['smtp_address'] = "smtp.server" 564 # gitlab_rails['smtp_port'] = 465 565 # gitlab_rails['smtp_user_name'] = "smtp user" 566 # gitlab_rails['smtp_password'] = "smtp password" 567 # gitlab_rails['smtp_domain'] = "example.com" 568 # gitlab_rails['smtp_authentication'] = "login" 569 # gitlab_rails['smtp_enable_starttls_auto'] = true 570 # gitlab_rails['smtp_tls'] = false 574 # gitlab_rails['smtp_openssl_verify_mode'] = 'none' 576 # gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs" 577 # gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt" [root@test102 ~]#
此外,也能夠修改郵件的默認發送地址、顯示名稱等信息。
[root@test102 ~]# cat -n /etc/gitlab/gitlab.rb |grep gitlab_email
60 # gitlab_rails['gitlab_email_enabled'] = true
61 # gitlab_rails['gitlab_email_from'] = 'example@example.com'
62 # gitlab_rails['gitlab_email_display_name'] = 'Example'
63 # gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
64 # gitlab_rails['gitlab_email_subject_suffix'] = ''
65 # gitlab_rails['gitlab_email_smime_enabled'] = false
66 # gitlab_rails['gitlab_email_smime_key_file'] = '/etc/gitlab/ssl/gitlab_smime.key'
67 # gitlab_rails['gitlab_email_smime_cert_file'] = '/etc/gitlab/ssl/gitlab_smime.crt'
[root@test102 ~]#
郵件發送測試
[root@test102 ~]# gitlab-rails console
--------------------------------------------------------------------------------
GitLab: 12.5.0 (1f0ab8978ef)
GitLab Shell: 10.2.0
PostgreSQL: 10.9
--------------------------------------------------------------------------------
Loading production environment (Rails 5.2.3)
irb(main):001:0> Notify.test_email('anliven@126.com','test','test').deliver_now
Notify#test_email: processed outbound mail in 1.4ms
Sent mail to anliven@126.com (73.0ms)
Date: Wed, 27 Nov 2019 15:12:58 +0800
From: GitLab <gitlab@192.168.16.102>
Reply-To: GitLab <noreply@192.168.16.102>
To: anliven@126.com
Message-ID: <5dde21fa612d4_3a1b3fcb38fcf9c0651b@test102.mail>
Subject: test
Mime-Version: 1.0
Content-Type: text/html;
charset=UTF-8
Content-Transfer-Encoding: 7bit
Auto-Submitted: auto-generated
X-Auto-Response-Suppress: All
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>test</p></body></html>
=> #<Mail::Message:70141649239780, Multipart: false, Headers: <Date: Wed, 27 Nov 2019 15:12:58 +0800>, <From: GitLab <gitlab@192.168.16.102>>, <Reply-To: GitLab <noreply@192.168.16.102>>, <To: anliven@126.com>, <Message-ID: <5dde21fa612d4_3a1b3fcb38fcf9c0651b@test102.mail>>, <Subject: test>, <Mime-Version: 1.0>, <Content-Type: text/html; charset=UTF-8>, <Content-Transfer-Encoding: 7bit>, <Auto-Submitted: auto-generated>, <X-Auto-Response-Suppress: All>>
irb(main):002:0>
irb(main):003:0> exit
[root@test102 ~]#
3.3 禁用建立組權限
GitLab默認全部的註冊用戶均可以建立組,在實際使用中,一般只會給指定的少部分用戶相關權限。 將/etc/gitlab/gitlab.rb中的gitlab_rails['gitlab_default_can_create_group']參數設爲false,而後重載配置便可。
[root@test102 ~]# cat -n /etc/gitlab/gitlab.rb |grep "create_group"
70 # gitlab_rails['gitlab_default_can_create_group'] = true
[root@test102 ~]#
3.4 集成OpenLDAP
設置/etc/gitlab/gitlab.rb文件中關於LDAP的內容,並重載配置,而後經過「gitlab-rake gitlab:ldap:check 」命令驗證是不是否能正常獲取用戶列表,最後重啓gitlab服務。
[root@test102 ~]# cat -n /etc/gitlab/gitlab.rb |grep "LDAP Settings" 296 ### LDAP Settings [root@test102 ~]#
3.5 GitLab我的中文界面
登陸後,點擊右上角用戶頭像---》Settings---》Preferences---》Localization部分的Language項目---》選擇「簡體中文」並保存更改---》刷新頁面。
4 - 日誌查看
gitlab-ctl tail # 查看全部GitLab日誌 gitlab-ctl tail <module-name> # 查看某個組件的日誌 gitlab-ctl tail <module-name>/<log-name> # 查看某個組件的某個類型日誌
日誌目錄:/var/log/gitlab/
[root@test102 ~]# ll /var/log/gitlab/ total 0 drwx------ 2 gitlab-prometheus root 47 Nov 27 13:55 alertmanager drwx------ 2 git root 47 Nov 27 13:53 gitaly drwx------ 2 git root 47 Nov 27 13:55 gitlab-exporter drwx------ 2 git root 238 Nov 27 14:00 gitlab-rails drwx------ 2 git root 6 Nov 27 13:53 gitlab-shell drwx------ 2 git root 47 Nov 27 13:54 gitlab-workhorse drwx------ 2 gitlab-prometheus root 47 Nov 27 13:56 grafana drwx------ 2 root root 47 Nov 27 13:55 logrotate drwxr-x--- 2 root gitlab-www 131 Nov 27 13:54 nginx drwx------ 2 gitlab-prometheus root 47 Nov 27 13:55 node-exporter drwx------ 2 gitlab-psql root 47 Nov 27 13:55 postgres-exporter drwx------ 2 gitlab-psql root 47 Nov 27 13:53 postgresql drwx------ 2 gitlab-prometheus root 47 Nov 27 13:55 prometheus drwxr-xr-x 2 root root 50 Nov 27 15:04 reconfigure drwx------ 2 gitlab-redis root 47 Nov 27 13:53 redis drwx------ 2 gitlab-redis root 47 Nov 27 13:55 redis-exporter drwx------ 2 git root 47 Nov 27 13:54 sidekiq drwx------ 2 git root 99 Nov 27 13:54 unicorn [root@test102 ~]# [root@test102 ~]# ll /var/log/gitlab/nginx/ total 32 -rw-r--r-- 1 root root 0 Nov 27 13:54 access.log -rw-r--r-- 1 root root 30 Nov 27 13:54 config -rw-r--r-- 1 root root 0 Nov 27 13:54 current -rw-r--r-- 1 root root 0 Nov 27 13:54 error.log -rw-r--r-- 1 root root 28553 Nov 27 15:25 gitlab_access.log -rw-r--r-- 1 root root 0 Nov 27 13:54 gitlab_error.log -rw------- 1 root root 0 Nov 27 13:54 lock [root@test102 ~]#
5 - GitLab-ctl經常使用命令
gitlab-ctl reconfigure # 重載配置 gitlab-ctl check-config # 檢查配置並啓動 gitlab-ctl diff-config # 將用戶配置與包可用配置進行比較 gitlab-ctl status # 查看全部啓動組件的進程和狀態 gitlab-ctl service-list # 查看全部服務 gitlab-ctl stop # 中止GitLab服務 gitlab-ctl start # 啓動GitLab服務 gitlab-ctl restart # 重啓GitLab服務 gitlab-ctl once # 若是GitLab服務已中止則啓動服務,若是GitLab服務已啓動則重啓GitLab服務
gitlab-ctl help
# gitlab-ctl help
omnibus-ctl: command (subcommand)
check-config
Check if there are any configuration in gitlab.rb that is removed in specified version
deploy-page
Put up the deploy page
diff-config
Compare the user configuration with package available configuration
prometheus-upgrade
Upgrade the Prometheus data to the latest supported version
remove-accounts
Delete *all* users and groups used by this package
reset-grafana
Reset Grafana instance to its initial state by removing the data directory
set-grafana-password
Reset admin password for Grafana
upgrade
Run migrations after a package upgrade
General Commands:
cleanse
Delete *all* gitlab data, and start from scratch.
help
Print this help message.
reconfigure
Reconfigure the application.
show-config
Show the configuration that would be generated by reconfigure.
uninstall
Kill all processes and uninstall the process supervisor (data will be preserved).
Service Management Commands:
graceful-kill
Attempt a graceful stop, then SIGKILL the entire process group.
hup
Send the services a HUP.
int
Send the services an INT.
kill
Send the services a KILL.
once
Start the services if they are down. Do not restart them if they stop.
restart
Stop the services if they are running, then start them again.
service-list
List all the services (enabled services appear with a *.)
start
Start services if they are down, and restart them if they stop.
status
Show the status of all the services.
stop
Stop the services, and do not restart them.
tail
Watch the service logs of all enabled services.
term
Send the services a TERM.
usr1
Send the services a USR1.
usr2
Send the services a USR2.
Backup Commands:
backup-etc
Backup GitLab configuration [accepts directory path]
Let's Encrypt Commands:
renew-le-certs
Renew the existing Let's Encrypt certificates
Database Commands:
pg-password-md5
Generate MD5 Hash of user password in PostgreSQL format
pg-upgrade
Upgrade the PostgreSQL DB to the latest supported version
revert-pg-upgrade
Run this to revert to the previous version of the database
set-replication-password
Set database replication password
Container Registry Commands:
registry-garbage-collect
Run Container Registry garbage collection.
6 - 問題處理
修改root密碼
https://docs.gitlab.com/ce/security/reset_root_password.html
[root@node102 ~]# gitlab-rails console -e production -------------------------------------------------------------------------------- GitLab: 12.5.0 (1f0ab8978ef) GitLab Shell: 10.2.0 PostgreSQL: 10.9 -------------------------------------------------------------------------------- Loading production environment (Rails 5.2.3) irb(main):001:0> user = User.where(id: 1).first => #<User id:1 @root> irb(main):002:0> user = User.find_by(email: 'admin@example.com') => #<User id:1 @root> irb(main):003:0> user.password = 'secret_pass' => "secret_pass" irb(main):004:0> user.password_confirmation = 'secret_pass' => "secret_pass" irb(main):005:0> user.save! Enqueued ActionMailer::DeliveryJob (Job ID: 90526cdc-8d61-458f-bb85-bd1f2797c5b1) to Sidekiq(mailers) with arguments: "DeviseMailer", "password_change", "deliver_now", #<GlobalID:0x00007fc0b4541088 @uri=#<URI::GID gid://gitlab/User/1>> => true irb(main):006:0> exit [root@node102 ~]#
7 - 參考信息
- 官網:https://about.gitlab.com/install/#centos-7
- CentOS 7 下 GitLab安裝部署教程:https://ken.io/note/centos7-gitlab-install-tutorial