GitLab setup and configuration under CentOS 7

Due to the company's business, Git version control is required.

 * At present, there are relatively well-known Git service providers on the market, such as GitHub, BitBucket, GitLab in foreign countries, and Code Cloud and Coding in China.

* Existing service providers have certain restrictions on free packages. For example: GitHub only allows the establishment of free open source repositories, and the establishment of private repositories requires fees. BitBucket allows the establishment of unlimited private projects, but there is a limit on the number of developers participating in the project. When the number of developers in the team reaches a certain number, you need to pay for the corresponding package.

GitLab Community Edition is free. It can not only build free private repositories but also have no limit on the number of participants, and there is no limit on the number of participants. It can also set the permissions of members, even down to the permissions of a specific branch, as well as powerful workflows, etc. .

GitLab is a good fit for small and medium-sized companies with non-open source projects.

 

 

1. Introduction to GitLab

GitLab is an open-source version control system developed with Ruby on Rails that implements a self-hosted Git project repository that can access public or private projects through a web interface.

It has similar functionality to GitHub, with the ability to browse source code, manage bugs and comments. It manages the team's access to the repository, it is very easy to browse committed versions and provides a file history repository. Team members can use the built-in simple chat program (Wall) to communicate. It also provides a code snippet collection function to easily reuse code and find it later when needed.

The open source Chinese code hosting platform Code Cloud is based on the GitLab project.

GitLab is divided into GitLab Community Edition (CE) Community Edition and GitLab Enterprise Edition (EE) Professional Edition. The community version is free, and the professional version is charged. For the comparison of the functional differences between the two versions, you can refer to the official comparison instructions.

2. GitLab installation and configuration

Install Community Edition, GitLab CE version: 9.2.6

1. GitLab installation

It is relatively convenient to install through the Omnibus installation package officially provided by GitLab. The Omnibus installation package package integrates most of the packages (Nginx, ruby ​​on rails, git, redis, postgresql, etc.), and there is no need to install these additional software, which reduces most of the installation.

GitLab official installation documentation : CentOS7.x system

Install dependency packages and configure postfix service as GitLab mail service

 

# yum install curl openssh-server openssh-clients postfix cronie

# systemctl start postfix.service

# systemctl enable postfix.service

    For testing only, turn off the firewall.

        systemctl stop firewalld.service #停止firewall

        systemctl start firewalld.service #开启firewall

        systemctl disable firewalld.service #Prohibit firewall from starting

        systemctl enable firewalld.service # Turn on startup

        firewall-cmd --state #View the default firewall status (not running when turned off, running when turned on)

    Open HTTP and SSH ports if officially built

       

         # iptables -I INPUT -m tcp -p tcp --dport 22 -j ACCEPT

         # iptables -I INPUT -m tcp -p tcp --dport 80 -j ACCEPT

            (This is the operation under centos6, centos7 is Baidu on its own, I mainly build the environment here, let gitlab run, and close the firewall)

 

Two installation sources

• Install from official mirror sources

        添加GitLab仓库并安装到服务器上

     # curl -sS http://packages.gitlab.cc/install/gitlab-ce/script.rpm.sh | sudo bash

 

     # yum install gitlab-ce      # 自动安装最新版本 ，此过程可能会等待很长时间         # yum install gitlab-ce-9.2.1-ce.0.el6 # 安装指定版本

 

• 从第三方镜像源安装

    官方镜像源在国外，国内安装会很慢，甚至有时因网络问题会无法安装。

国内推荐使用清华大学开源软件镜像源。

新建 /etc/yum.repos.d/gitlab-ce.repo，内容为：

 

[gitlab-ce]

name=Gitlab CE Repository

baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el$releasever/

gpgcheck=0

enabled=1

 

再执行

# yum makecache             # 更新本地YUM缓存

 

# yum install gitlab-ce     # 自动安装最新版本

 

修改配置文件/etc/gitlab/gitlab.rb，绑定域名

 

external_url 'http://gitlab.xxx.com'        //如果没有域名就用ip地址即可

 

启动GitLab，使得配置生效

 

# gitlab-ctl reconfigure                //此过程可能会等待很长时间

在Dnspod中添加解析记录

使用浏览器访问GitLab，就访问填写上面external_url的值

首次访问GitLab,系统会让你重新设置管理员的密码,设置成功后会返回登录界面.//新版本可能会让你登录，自己注册个账号再登录就行。如下图：

 

 

 

登录成功后出现下面页面：

 

如果你还想要配置更多的细节，可以参考https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md

 

GitLab安装细节

主配置文件: /etc/gitlab/gitlab.rb

GitLab 文档根目录: /opt/gitlab

默认存储库位置: /var/opt/gitlab/git-data/repositories

GitLab Nginx 配置文件路径: /var/opt/gitlab/nginx/conf/gitlab-http.conf

Postgresql 数据目录: /var/opt/gitlab/postgresql/data

GitLab由以下服务构成

• nginx: 静态web服务器
• gitlab-shell: 用于处理Git命令和修改authorized keys列表
• gitlab-workhorse: 轻量级的反向代理服务器
• logrotate：日志文件管理工具
• postgresql：数据库
• redis：缓存数据库
• sidekiq：用于在后台执行队列任务（异步执行）
• unicorn：An HTTP server for Rack applications，GitLab Rails应用是托管在这个服务器上面的。

2、配置SMTP服务

如果你不想用服务器自带的postfix服务来发邮件，可以改用SMTP服务。

修改GitLab邮件服务配置(gitlab.rb文件)，使用腾讯企业邮箱的SMTP服务器，填写账号和密码

 

gitlab_rails['smtp_address'] = "smtp.exmail.qq.com"

gitlab_rails['smtp_port'] = 25

gitlab_rails['smtp_user_name'] = "xxx"

gitlab_rails['smtp_password'] = "xxx"

gitlab_rails['smtp_domain'] = "smtp.qq.com"

gitlab_rails['smtp_authentication'] = 'plain'

gitlab_rails['smtp_enable_starttls_auto'] = true

使配置生效

# gitlab-ctl reconfigure

# gitlab-rake cache:clear RAILS_ENV=production # 清除缓存

 

3、GitLab配置HTTPS

GitLab默认是使用HTTP的，可以手动配置为HTTPS

上传SSL证书

创建ssl目录，用于存放SSL证书

 

# mkdir -p /etc/gitlab/ssl

# chmod 0700 /etc/gitlab/ssl

上传证书并修改证书权限

 

# chmod 600 /etc/gitlab/ssl/*

修改GitLab的配置文件

修改配置文件/etc/gitlab/gitlab.rb

 

external_url "https://gitlab.xxx.com"

nginx['redirect_http_to_https'] = true

nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.xxx.com.crt"

nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.xxx.com.key"

重建配置，使其生效

 

# gitlab-ctl reconfigure

以上操作后，GitLab自带的Nginx服务的配置文件 /var/opt/gitlab/nginx/conf/gitlab-http.conf 会被重新修改：

 

server {

    listen *:80;

    server_name gitlab.xxx.com;

    server_tokens off; ## Don't show the nginx version number, a security best practice

    return 301 https://gitlab.xxx.com:443$request_uri;

    access_log /var/log/gitlab/nginx/gitlab_access.log gitlab_access;

    error_log /var/log/gitlab/nginx/gitlab_error.log;

}

不用额外再配置，HTTP 会自动跳转到 HTTPS 。

开放443端口

在防火墙上开放443端口，用于HTTPS

 

# iptables -I INPUT -m tcp -p tcp --dport 443 -j ACCEPT

4、修改root用户密码

对于普通用户而言，可通过系统重置密码，接收邮件即可。可是GitLab管理员账号，缺省邮箱 [email protected] 是个不存在的邮箱地址，无法通过邮箱修改密码。

官方修改密码文档，根据文档，修改root密码的方法如下：

打开与Rails程序交互的控制台

在root权限下，执行：

 

# gitlab-rails console production

等待一会，直到控制台加载成功。

获取用户信息并修改root用户密码

 

# gitlab-rails console production

Loading production environment (Rails 4.2.8)

irb(main):001:0> user = User.where(id: 1).first    取出第一个用户即root

=> #<User id: 1, email: "[email protected]"......

irb(main):009:0> user.password = '12345678'        修改密码

=> "12345678"irb(main):010:0> user.password_confirmation = '12345678'

=> "12345678"irb(main):011:0> user.save!

Enqueued ActionMailer::DeliveryJob (Job ID: 510bb5be-a156-4522-9983-44d8a895e92a) to Sidekiq(mailers) with arguments: "DeviseMailer", "password_change", "deliver_now", gid://gitlab/User/1

=> true

irb(main):011:0> exit

三、GitLab 常用命令

运维管理排查

# 查看版本

cat /opt/gitlab/embedded/service/gitlab-rails/VERSION

 

# 检查gitlab

gitlab-rake gitlab:check SANITIZE=true --trace

 

# 实时查看日志

gitlab-ctl tail

 

# 数据库关系升级

gitlab-rake db:migrate

 

# 清理redis缓存

gitlab-rake cache:clear

 

# 升级GitLab-ce 版本

yum update gitlab-ce

 

# 升级PostgreSQL最新版本

gitlab-ctl pg-upgrade

 

服务管理

# 启动所有 gitlab 组件：

gitlab-ctl start

 

# 停止所有 gitlab 组件：

gitlab-ctl stop

 

# 停止所有 gitlab postgresql 组件：

gitlab-ctl stop postgresql

 

# 停止相关数据连接服务

gitlab-ctl stop unicorn

gitlab-ctl stop sidekiq

 

# 重启所有 gitlab 组件：

gitlab-ctl restart

 

# 重启所有 gitlab gitlab-workhorse 组件：

gitlab-ctl restart gitlab-workhorse

 

# 查看服务状态

gitlab-ctl status

 

# 生成配置并启动服务

gitlab-ctl reconfigure

 

日志

# 实时查看所有日志

gitlab-ctl tail

 

# 实时检查redis的日志

gitlab-ctl tail redis

 

# 实时检查postgresql的日志

gitlab-ctl tail postgresql

 

# 检查gitlab-workhorse的日志

gitlab-ctl tail gitlab-workhorse

 

# 检查logrotate的日志

gitlab-ctl tail logrotate

 

# 检查nginx的日志

gitlab-ctl tail nginx

 

# 检查sidekiq的日志

gitlab-ctl tail sidekiq

 

# 检查unicorn的日志

gitlab-ctl tail unicorn

 

四、GitLab备份和恢复

备份

GitLab作为公司项目代码的版本管理系统，数据非常重要，必须做好备份。

修改备份目录

GitLab备份的默认目录是 /var/opt/gitlab/backups ，如果想改备份目录，可修改/etc/gitlab/gitlab.rb：

gitlab_rails['backup_path'] = '/data/backups'

修改配置后，记得：

gitlab-ctl reconfigure

备份命令

gitlab-rake gitlab:backup:create

该命令会在备份目录（默认：/var/opt/gitlab/backups/）下创建一个tar压缩包xxxxxxxx_gitlab_backup.tar，其中开头的xxxxxx是备份创建的时间戳，这个压缩包包括GitLab整个的完整部分。

自动备份

通过任务计划crontab 实现自动备份

# 每天2点备份gitlab数据

0 2 * * * /usr/bin/gitlab-rake gitlab:backup:create

备份保留7天

可设置只保留最近7天的备份，编辑配置文件 /etc/gitlab/gitlab.rb

# 数值单位：秒

gitlab_rails['backup_keep_time'] = 604800

重新加载gitlab配置文件

gitlab-ctl reconfigure

恢复

备份文件：

/var/opt/gitlab/backups/1499244722_2017_07_05_9.2.6_gitlab_backup.tar

停止 unicorn 和 sidekiq ，保证数据库没有新的连接，不会有写数据情况。

# 停止相关数据连接服务

gitlab-ctl stop unicorn

gitlab-ctl stop sidekiq

 

# 指定恢复文件，会自动去备份目录找。确保备份目录中有这个文件。

# 指定文件名的格式类似：1499242399_2017_07_05_9.2.6，程序会自动在文件名后补上：“_gitlab_backup.tar”

# 一定按这样的格式指定，否则会出现 The backup file does not exist! 的错误

gitlab-rake gitlab:backup:restore BACKUP=1499242399_2017_07_05_9.2.6

 

# 启动Gitlab

gitlab-ctl start

 

 

原文链接：https://www.jianshu.com/p/56541f6c01a5