經過docker安裝Gitlab

初始化操做

• 說在前面
  Gitlab安裝須要部署不少依賴和其餘服務來協做，很麻煩。
  因此懶人想懶招，因此直接用Docker來部署，簡單，省事，TNND還不用擔憂斷電重啓的問題！

操做系統

---

• 內核版本信息

  $ uname -a

• 輸出以下

  Linux yang-PowerEdge-R730 4.4.0-116-generic #140-Ubuntu SMP Mon Feb 12 21:23:04 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

安裝Docker

---

• 此處使用的是阿里源

• step 1: 安裝必要的一些系統工具

  $ apt-get update
  $ apt-get -y install apt-transport-https ca-certificates curl software-properties-common

• step 2: 安裝GPG證書

  $ curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -

• Step 3: 寫入軟件源信息

  $ add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"

• Step 4: 更新並安裝 Docker-CE

  $ apt-get -y update
  $ apt-get -y install docker-ce

• 安裝好以後，來看看Docker的版本。

  $   docker version

• 輸出以下

  Client:
  Version:      17.03.2-ce
  API version:  1.27
  Go version:   go1.7.5
  Git commit:   f5ec1e2
  Built:        Tue Jun 27 03:35:14 2017
  OS/Arch:      linux/amd64
  Server:
  Version:      17.03.2-ce
  API version:  1.27 (minimum version 1.12)
  Go version:   go1.7.5
  Git commit:   f5ec1e2
  Built:        Tue Jun 27 03:35:14 2017
  OS/Arch:      linux/amd64
  Experimental: false

  這樣Docker就安裝成功了。

  固然路走多了也會踩到坑的！下面是我碰到的一個小坑

• 異常處理

  # 出現以下報錯提示：
  Depends: libseccomp2 (>= 2.3.0) but 2.2.3-3ubuntu3 is to be installed
  Recommends: aufs-tools but it is not going to be installed

• 解決方法

  # 安裝指定版本的docker-ce
  $  apt-cache madison docker-ce 
  docker-ce | 18.03.0~ce-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial/stable amd64 Packages
  docker-ce | 17.12.1~ce-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial/stable amd64 Packages
  docker-ce | 17.12.0~ce-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial/stable amd64 Packages
  docker-ce | 17.09.1~ce-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial/stable amd64 Packages
  docker-ce | 17.09.0~ce-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial/stable amd64 Packages
  docker-ce | 17.06.2~ce-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial/stable amd64 Packages
  docker-ce | 17.06.1~ce-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial/stable amd64 Packages
  docker-ce | 17.06.0~ce-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial/stable amd64 Packages
  docker-ce | 17.03.2~ce-0~ubuntu-xenial | http://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial/stable amd64 Packages
  docker-ce | 17.03.1~ce-0~ubuntu-xenial | http://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial/stable amd64 Packages
  docker-ce | 17.03.0~ce-0~ubuntu-xenial | http://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial/stable amd64 Packages
  # 獲取<17.03.0~ce-0~ubuntu-xenia>版本
  $ apt install docker-ce=17.03.2~ce-0~ubuntu-xenial

安裝Gitlab-ce

拉取Gitlab-ce鏡像

---

• 拉取最近Gitlab-ce鏡像

  $ docker pull gitlab-ce
  # 鏡像很大，1.46 GB

• 從本地導入

  $ docker load < gitlab-ce_docker_images.tar.gz
  # 我本身的鏡像備份gitlab-ce_docker_images.tar.gz

建立容器

• $ docker run -d \
  --hostname 10.10.1.70 \                                       # 指定容器域名,未知功能:建立鏡像倉庫的時候使用到
  -p 8443:443 \                                                 # 將容器內443端口映射到主機8443,提供https服務
  -p 8080:80 \                                                  # 將容器內80端口映射到主機8080,提供http服務
  -p 2222:22 \                                                  # 將容器內22端口映射到主機2222,提供ssh服務
  -p 9090:9090 \                                                # 將容器內9090端口映射到主機9090,提供prometheus服務
  --name gitlab \                                               # 指定容器名稱
  --restart always \                                            # 容器退出時,自動重啓
  -v /home/gitlab/config:/etc/gitlab \                          # 將本地/home/gitlab/config掛載到容器內/etc/gitlab
  -v /home/gitlab/logs:/var/log/gitlab \                         # 將本地/home/gitlab/logs掛載到容器內/var/log/gitlab
  -v /home/gitlab/data:/var/opt/gitlab \                        # 將本地/home/gitlab/data掛載到容器內/var/opt/gitlab
  gitlab/gitlab-ce:latest                                       # 鏡像名稱:版本

  此處我單獨給/home/gitlab目錄mount了一個獨立硬盤，強烈建議Gitlab目錄和系統盤使用不一樣的物理硬盤。

• 查看Gitlab容器運行狀況

  $ docker inspect gitlab --format "{{.State.Status}}"

  輸出結果以下就好

  running

配置Gitlab

詳細配置說明文檔請參考官方

首先,備份默認gitlab.rb

$ cd /home/gitlab/config;
$ cp gitlab.rb gitlab.rb.default

本次Gitlab只對外提供http服務

配置web請求地址

external_url http://10.10.1.70

時區設置

gitlab_rails['time_zone'] = 'Asia/Shanghai'

Gitlab鏡像自帶nginx配置

nginx['enable'] = true
nginx['client_max_body_size'] = '250m'
nginx['redirect_http_to_https'] = false
nginx['listen_addresses'] = ['0.0.0.0', '[::]']
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/*.conf;"
nginx['proxy_read_timeout'] = 3600
nginx['proxy_connect_timeout'] = 300
nginx['proxy_set_headers'] = {
 "Host" => "$http_host_with_default",
 "X-Real-IP" => "$remote_addr",
 "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
 "Upgrade" => "$http_upgrade",
 "Connection" => "$connection_upgrade"
}
nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2'
nginx['proxy_cache'] = 'gitlab'
nginx['http2_enabled'] = false
nginx['real_ip_trusted_addresses'] = ['172.16.0.0/16']
nginx['real_ip_header'] = 'X-Real-IP'
nginx['real_ip_recursive'] = on
nginx['custom_error_pages'] = {
  '404' => {
    'title' => 'Example title',
    'header' => 'Example header',
    'message' => 'Example message'
  }
}
nginx['dir'] = "/var/opt/gitlab/nginx"
nginx['log_directory'] = "/var/log/gitlab/nginx"
nginx['worker_processes'] = 4
nginx['worker_connections'] = 10240
nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'
nginx['sendfile'] = 'on'
nginx['tcp_nopush'] = 'on'
nginx['tcp_nodelay'] = 'on'
nginx['gzip'] = "on"
nginx['gzip_http_version'] = "1.0"
nginx['gzip_comp_level'] = "2"
nginx['gzip_proxied'] = "any"
nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
nginx['keepalive_timeout'] = 65
nginx['cache_max_size'] = '5000m'
nginx['server_names_hash_bucket_size'] = 64
nginx['status'] = {
 "enable" => false,
}

配置郵件服務

# 設置郵件擡頭髮件人地址
gitlab_rails['gitlab_email_from'] = 'xiaohuruwei@163.com'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.163.com" 
gitlab_rails['smtp_port'] = 25 
gitlab_rails['smtp_user_name'] = "xiaohuruwei@163.com"
gitlab_rails['smtp_password'] = "xxxx" 
gitlab_rails['smtp_domain'] = "163.com" 
gitlab_rails['smtp_authentication'] = "login" 
gitlab_rails['smtp_enable_starttls_auto'] = true 
gitlab_rails['smtp_tls'] = false 
gitlab_rails['smtp_openssl_verify_mode'] = 'none'
# 設置郵件擡頭髮件人暱稱
user['git_user_name'] = "GitLab"

郵件部分參考小狐濡尾特此註明出處

郵件功能調試命令

gitlab-rails console
Notify.test_email('***@163.com', 'Message Subject', 'Message Body').deliver_now

Gitlab鏡像自帶Postgresql配置

postgresql['enable'] = true
postgresql['ssl'] = 'off'

Gitlab鏡像自帶Redis配置

gitlab_rails['redis_host'] = "127.0.0.1"
gitlab_rails['redis_port'] = 6379
gitlab_rails['redis_password'] = '00e05611e8f68d6e9c9cc62f'
gitlab_rails['redis_database'] = 0
redis['enable'] = true
redis['username'] = "gitlab-redis"
redis['maxclients'] = "10000"
redis['maxmemory'] = "1gb"
redis['maxmemory_policy'] = "allkeys-lru"
redis['maxmemory_samples'] = "5"
redis['tcp_timeout'] = "60"
redis['tcp_keepalive'] = "300"
redis['port'] = 6379
redis['password'] = '00e05611e8f68d6e9c9cc62f'

Gitlab備份路徑配置

gitlab_rails['manage_backup_path'] = true
gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"

監控Prometheus配置

prometheus['enable'] = true
prometheus['monitor_kubernetes'] = false                                         # 若是用k8s安裝Gitlab,此處應設置爲true
prometheus['username'] = 'gitlab-prometheus'
prometheus['uid'] = nil
prometheus['gid'] = nil
prometheus['shell'] = '/bin/sh'
prometheus['home'] = '/var/opt/gitlab/prometheus'
prometheus['log_directory'] = '/var/log/gitlab/prometheus'
prometheus['scrape_interval'] = 15
prometheus['scrape_timeout'] = 15
prometheus['chunk_encoding_version'] = 2
prometheus['listen_address'] = '0.0.0.0:9090'                                    # 注意端口和以前docker run -p 9090一致
prometheus_monitoring['enable'] = true
# 如下爲設置加入Prometheus的開關和配置項
node_exporter['enable'] = true
redis_exporter['enable'] = true
redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter'
redis_exporter['flags'] = {
  'redis.addr' => "127.0.0.1:6379",
  'redis.password' => '00e05611e8f68d6e9c9cc62f'
}
postgres_exporter['enable'] = true
gitlab_monitor['enable'] = true

配置重載

docker exec -t gitlab gitlab-ctl reconfigure
docker exec -t gitlab gitlab-ctl restart

結束

配置處處爲止
內網使用，暫時不開啓HTTPS
自簽證書實現Gitlab HTTPS雙向認證部分等有空了再說吧

平常管理

• 配置重載

  docker exec -t gitlab gitlab-ctl reconfigure
  docker exec -t gitlab gitlab-ctl restart

• 備份恢復

  # 備份
  docker exec -t gitlab gitlab-rake gitlab:backup:create
  # gitlab還原
  docker exec -t gitlab gitlab-ctl stop unicorn
  docker exec -t gitlab gitlab-ctl stop sidekiq
  docker exec -t gitlab gitlab-rake gitlab:backup:restore BACKUP=1521789664_2018_03_23_10.5.6
  docker exec -t gitlab gitlab-ctl restart
  docker exec -t gitlab gitlab-rake gitlab:check SANITIZE=true

參考資料

---

Docker安裝報錯參考docker.libseccomp2
配置文件參考官網配置Gitlab.doc
Gitlab鏡像自帶的監控Prometheus配置能夠參照官方Gitlab.Prometheus.doc
郵件部分參考小狐濡尾特此註明出處