Centos6.7 minimal安裝GitLab8.3.4配置LDAP、發郵件以及升級到GitLab8.5.4

建議使用非root帳戶安裝，先同步系統時間：

ntpdate cn.pool.ntp.org

一、建立用戶gitlab

注意：centos下，adduser和useradd的命令效果是同樣的，但ubunut下，useradd只建立用戶不生成用戶主目錄，adduser會用嚮導提示你一步步建立一個完整的用戶：

[gitlab@localhost ~]$ su root
Password:
[root@localhost gitlab]# cd ~
[root@localhost ~]# passwd gitlab
Changing password for user gitlab.
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]# su gitlab
[gitlab@localhost root]$ cd ~
[gitlab@localhost ~]$

 

 

二、安裝gitlab

訪問 https://about.gitlab.com/downloads/#centos6：

 

按照第一步安裝必要的依賴。若是你不想用sendmail或者postfix做爲發送郵件的服務端，你能夠不安裝postfix，而使用內置的smtp配置第三方的郵箱便可，或者是你的企業郵箱：

1. Install and configure the necessary dependencies

sudo yum install curl openssh-server openssh-clients postfix cronie
sudo service postfix start
sudo chkconfig postfix on
sudo lokkit -s http -s ssh

 

 

第二步我使用的是下載rpm包的方式安裝，而不是使用官方的腳本：

2. Add the GitLab package server and install the package

rpm包到這裏下載，https://packages.gitlab.com/gitlab/gitlab-ce

包很大比較慢，不建議使用wget或者curl，建議下載到本地再上傳到服務器。

下載完成後，

sudo rpm -i gitlab-ce-8.5.4-ce.0.el6.x86_64.rpm

 

三、配置LDAP認證

編輯配置文件。注意，最後那個EOS的註釋要取消掉：

sudo vim /etc/gitlab/gitlab.rb

## For setting up LDAP
## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#setting-up-ldap-sign-in
## Be careful not to break the identation in the ldap_servers block. It is in
## yaml format and the spaces must be retained. Using tabs will not work.

 gitlab_rails['ldap_enabled'] = true
 gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
   main: # 'main' is the GitLab 'provider ID' of this LDAP server
     label: 'LDAP'
     host: '192.168.100.100'
     port: 389
     uid: 'sAMAccountName'
     method: 'plain' # "tls" or "ssl" or "plain"
     bind_dn: 'cn=your_ldap_name,ou=your_ou_name,dc=your_2nd_domain,dc=your_1st_domain'
     password: 'yourpassword'
     active_directory: true
     allow_username_or_email_login: false
     block_auto_created_users: false
     base: 'dc=tima,dc=local'
     user_filter: ''
#     ## EE only
#     group_base: ''
#     admin_group: ''
#     sync_ssh_keys: false
#
#   secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
#     port: 389
#     uid: 'sAMAccountName'
#     method: 'plain' # "tls" or "ssl" or "plain"
#     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
#     password: '_the_password_of_the_bind_user'
#     active_directory: true
#     allow_username_or_email_login: false
#     block_auto_created_users: false
#     base: ''
#     user_filter: ''
#     ## EE only
#     group_base: ''
#     admin_group: ''
#     sync_ssh_keys: false
 EOS

 

 

四、取消用戶註冊功能

注意：因爲你們呼聲很高，彷佛從7.7版開始，gitlab默認啓用了用戶註冊功能，而且在 /etc/gitlab/gitlab.rb 中找不到

#gitlabrails['gitlabsignup_enabled'] = false

#gitlabrails[

'signinenabled'] = false

配置部分了，可是能夠登陸root帳戶在GUI下的Admin Area 中配置，以下：

 

五、配置發送郵件功能

郵件發送其實沒必要要用到postfix或sendmail，因此我是先停掉了postfix，以避免配置過程當中的錯誤日誌產生誤導：

sudo service postfix status
sudo service postfix stop
sudo service postfix disable
sudo chkconfig postfix off
sudo chkconfig

編輯配置文件：

sudo vim /etc/gitlab/gitlab.rb

取消註釋並修改：

################################
# GitLab email server settings #
################################
# see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/smtp.md#smtp-settings
# Use smtp instead of sendmail/postfix.

 gitlab_rails['smtp_enable'] = true
 gitlab_rails['smtp_address'] = "smtp.yourdomain.com"
 gitlab_rails['smtp_port'] = 25 #465 for SSL
 gitlab_rails['smtp_user_name'] = "your_mail_sender_name"
 gitlab_rails['smtp_password'] = "your_password"
 gitlab_rails['smtp_domain'] = "smtp.yourdomain.com"
 gitlab_rails['smtp_authentication'] = "login"
 gitlab_rails['smtp_enable_starttls_auto'] = true
 gitlab_rails['smtp_tls'] = false
 gitlab_rails['smtp_openssl_verify_mode'] = 'none' # Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert', see http://api.rubyonrails.org/classes/ActionMailer/Base.html
# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"

而後reconfigure：

sudo gitlab-ctl reconfigure

同時可能須要檢查如下兩個配置文件是否與你配置的信息一致：

sudo vim /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml

sudo vim /opt/gitlab/embedded/service/gitlab-rails/config/initializers/smtp_settings.rb

SecureCRT另開session觀察日誌輸出：

sudo tail -f /var/log/gitlab/gitlab-rails/production.log

 

測試郵件推送功能是否正常：

使用ldap帳戶登陸到gitlab，建立一個項目如pythonweb，這時候默認的group是你的用戶名，若是你想用別的項目，能夠點擊Create a group，添加一個group，建立完成後個人git路徑是：

git@172.16.224.246:openstack/pythonweb.git

第一次配的時候應該是

git@localhost:openstack/pythonweb.git

 

這裏的localhost是不合理的，別人提交代碼的時還得修改爲ip或者域名，這個能夠在配置文件裏修改默認值：

sudo vim /etc/gitlab/gitlab.rb

在最頂部修改以下：

## Url on which GitLab will be reachable.
external_url 'http://172.16.224.246'  #這裏是ip地址或者域名

 

回到gitlab界面，點擊左下角的settings--services--Emails on push, 勾選Active，Recipients填寫本項目更新須要推送知曉的人員，多個用空格或者逗號隔開：

 

本機添加git目錄並push到遠程主機：

我在windows下，使用cygwin，cygwin配置能夠參考：

https://xstarcd.github.io/wiki/cygwin/index.html（我同事）

http://www.cnblogs.com/astwish/articles/3700459.html

git使方法推薦廖雪峯老師的git教程。

 

第一次提交項目前會要求添加SSH key，點擊add an SSH key，能夠添加本身的公鑰到（公鑰能夠有多個）：

 

本機生成SSH key，並複製藍底部分到上面的key框中：

$

ssh-keygen -t rsa -C valiant.jiang@timanetworks.com

#email要填你登陸gitlab的ldap關聯的email
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ONE/.ssh/id_rsa):
/home/ONE/.ssh/id_rsa already exists.
Overwrite (y/n)? n #我是no 由於已經有了不想再改

ONE@DESKTOP-BGP4M01 ~$ 

cat ~/.ssh/id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0V2KJgXp3O0p/5pE2apMJLg9W9ePQF8cOFUo03nEIX6IRjrHGmZjMX8napr9lJRU676pgJhekW/gbyn1DuSyBxurPe65vr/MpQMCMq/Pd00tA/z3irT5DIvfhLb+xhaTMJcT7UIBNvSjw4pUb2la3cKJzkbV01RzbESoNnpEqtnZsVY8Ys1WNHzRkgxO+EGQphf9HdEanRxOoIUKmOKtVUA8oiCpz0z6yyWnNFYnL6OMeviYiJ26n7eKTV5pqUmQtbzc3sKNTXsi+1Cw+3l1/l8Mbro2o6NGQP4lNfJGjFU6Q3t/uV4l+mpP11r0cqfzjF4gegxk0G9NiIomgAHmp valiant.jiang@timanetworks.com

ONE@DESKTOP-BGP4M01 ~$

 

按照project頁面的提示，設置全局的免密鑰代碼提交帳戶：

 

git config --global user.name "Valiant Jiang"

git config --global user.email valiant.jiang@timanetworks.com

git clone git@172.16.224.246:openstack/pythonweb.git
cd pythonweb
touch README.md
git add README.md
git commit -m "add README"
git push -u origin master

作完這一步，應該就能夠收到系統發給你的push報告郵件了：

 

 

 

六、升級到最新穩定版

針對不一樣的安裝方式，GitLab官方提供了不一樣的升級方法，咱們是手動安裝的omnibus包，因此用下面的連接升級：

 

 

 

https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/update/README.md#updating-from-gitlab-66-and-higher-to-the-latest-version

Updating from GitLab 6.6 and higher to the latest version

The procedure can also be used to upgrade from a CE omnibus package to an EE omnibus package.

First, download the latest CE or EE (license key required) package to your GitLab server.

Stop services but leave postgresql running for the database migrations and create a backup

sudo gitlab-ctl stop unicorn
sudo gitlab-ctl stop sidekiq
sudo gitlab-ctl stop nginx
sudo gitlab-rake gitlab:backup:create

Install the latest package

# Ubuntu/Debian:
sudo dpkg -i gitlab_x.x.x-omnibus.xxx.deb

# CentOS:
sudo rpm -Uvh gitlab-x.x.x_xxx.rpm

Reconfigure GitLab (includes running database migrations) and restart all services

sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart

Done!

Trouble? Check status details

sudo gitlab-ctl status
sudo gitlab-rake gitlab:check SANITIZE=true

 

 

七、實用連接

log文件詳解：http://doc.gitlab.com/ee/logs/logs.html

ldap配置：http://doc.gitlab.com/ce/integration/ldap.html

smtp配置：http://doc.gitlab.com/omnibus/settings/smtp.html

各版本升級地址：https://about.gitlab.com/update/

本次升級地址：https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/update/README.md#updating-from-gitlab-66-and-higher-to-the-latest-version