gitlab安装与基本配置
# gitlab安装
# centos7通过systemd管理
- 添加仓库源
curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
- 查看有哪些版本
yum --showduplicates list gitlab-ce
- 安装
修改域名,也可以安装完再修改( /etc/gitlab/gitlab.rb) external_url参数
EXTERNAL_URL="https://git.yfklife.cn" yum install gitlab-ce #建议把rpm包缓存到本地做预留,以后不麻烦找包
- 重新加载配置(如果有修改过gitlab.rb文件需要执行)
gitlab-ctl reconfigure
- 重启
gitlab-ctl restart
- 查看
gitlab-ctl status #查看所有服务状态
gitlab-ctl start/stop #启动或停止所有服务,后面加名称可操作单个服务
gitlab-ctl tail nginx #查看nginx日志,或其他服务日志
2
3
默认目录
/etc/gitlab/gitlab.rb # 主配置文件 /var/log/gitlab/ # 日志目录 /var/opt/gitlab/ # 各个服务的主目录 /var/opt/gitlab/git-data/repositories # Git仓库数据目录修改默认访问端口,和数据目录
注意数据目录权限属主git
[root@gitlab data]# grep -Ev "^$|#" /etc/gitlab/gitlab.rb
external_url 'http://git.yfklife.cn'
git_data_dirs({ "default" => { "path" => "/var/opt/gitlab/git-data", 'gitaly_address' => 'unix:/var/opt/gitlab/gitaly/gitaly.socket' } })
nginx['listen_port'] = 88
2
3
4
``
- 通过nginx代理
upstream gitlab{
server 127.0.0.1:88;
}
server
{
listen 80;
server_name git.yfklife.cn;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/;
proxy_pass http://gitlab;
}
}
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
访问:http://git.yfklife.cn ,第一次访问会让你设置密码
# 通过docker-compose部署gitlab
mkdir -p /application/gitlab/{config,data,logs} && cd /application/gitlab/
cat >docker-compose.yml<<'EOF'
version: '3'
services:
gitlab:
image: 'gitlab/gitlab-ce:15.1.6-ce.0'
restart: always
hostname: 'git.yfklife.cn'
container_name: 'gitlab'
environment:
TZ: 'Asia/Shanghai'
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://git.yfklife.cn'
gitlab_rails['time_zone'] = 'Asia/Shanghai'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qq.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "451127509@qq.com"
gitlab_rails['smtp_password'] = "tabkjfgqsdabbgfd"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_from'] = '451127509@qq.com'
ports:
- '18080:80'
volumes:
- /etc/localtime:/etc/localtime
- ./config:/etc/gitlab
- ./data:/var/opt/gitlab
- ./logs:/var/log/gitlab
networks:
cloud_net:
ipv4_address: 172.16.0.33
networks:
cloud_net:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.16.0.0/24
EOF
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
- 修改配置文件gitlab.rb
grep -Ev "^$|#" config/gitlab.rb
nginx['listen_port'] = 80
gitlab_rails['gitlab_default_can_create_group'] = false
gitlab_rails['gitlab_username_changing_enabled'] = false
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
label: 'LDAP'
host: '192.168.0.28'
bind_dn: 'cn=admin,dc=yfklife,dc=cn'
password: 'yfk123456'
active_directory: false
allow_username_or_email_login: false
base: 'ou=users,dc=yfklife,dc=cn'
user_filter: ''
attributes:
username: ['uid', 'userid', 'sAMAccountName']
email: ['mail', 'email', 'userPrincipalName']
name: 'cn'
first_name: 'givenName'
last_name: 'sn'
EOS
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# 配置
- 不允许用户注册
# LDAP用户登录
gitlab_Version:9.1.3
vi /etc/gitlab/gitlab.rdb
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main:
label: 'LDAP'
host: '192.168.14.11'
port: 389
uid: 'cn' #默认SamAccountName 如果要使用中文登录时就使用默认配置SamAccountName,英文登录为cn
method: 'plain' # "tls" or "ssl" or "plain"
bind_dn: 'cn=admin,dc=yfklife,dc=cn' #ldap管理员登录用户
password: 'yfk123456' ##指定ldap服务器的管理员密码
active_directory: false
allow_username_or_email_login: false
block_auto_created_users: false
base: 'ou=users,dc=yfklife,dc=cn' #注意ou名称,和ldap组织对应
user_filter: ''
attributes:
username: ['uid', 'userid', 'sAMAccountName']
email: ['mail', 'email', 'userPrincipalName']
name: 'cn'
first_name: 'givenName'
last_name: 'sn'
EOS
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
注意ou要对应
gitlab-ctl reconfigure #加载配置
如果无法登录,查看登录日志: tailf /var/log/gitlab/gitlab-rails/production.log
# 备份与还原,迁移
gitlab官方备份文档 (opens new window)
# 备份
在终端中执行:
- 备份
gitlab-rake gitlab:backup:create
备份文件所在路径为:/var/opt/gitlab/backups/
备份得到的文件格式如:1642777140_2022_01_21_gitlab_backup.tar 时间挫_年_月_日_gitlap版本_gitlab_backup.tar
若需修改备份文件的存放路径:vim /etc/gitlab/gitlab.rb 修改# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"即可
备份:/etc/gitlab/gitlab-secrets.json
# 还原
- 停止相关数据连接服务
注意:不能直接在终端执行gitlab-ctl stop停止所有服务。因gitlab删除和还原操作还需要使用到redis和postgresql连接
gitlab-ctl start #先保证服务是都起来的,再停止
gitlab-ctl stop unicorn
gitlab-ctl stop sidekiq
2
3
假设从 1642777140_2022_01_21_gitlab_backup.tar 备份文件中恢复
- 还原
gitlab-rake gitlab:backup:restore BACKUP=1642777140_2022_01_21
- 启动gitlab服务
gitlab-ctl start
- 替换gitlab-secrets.json
替换 /etc/gitlab/gitlab-secrets.json ,重启gitlab服务
- 迁移
gitlab迁移不支持版本的变更,需要保持和原来的版本一致
迁移和还原差不多,就多两步推送文件(/var/opt/gitlab/backups/),授权
chown git.git /var/opt/gitlab/backups/* #授权
gitlab-rake gitlab:backup:restore BACKUP=1642777140_2022_01_21 #还原1642777140备份版本
# Whoops, something went wrong on our end.
由于还原没有替换 gitlab-secrets.json ,导致gitlab日志出现访问路径异常,找不到,把/etc/gitlab/gitlab-secrets.json 放入到新的服务器替换,重启gitlab解决
gitlab-secrets.json文件在GitLab中的作用是存储敏感信息的加密密钥。这个文件包含数据库的加密密钥、双重认证的密钥、GitLab CI的密钥等加密信息,主要用于保护敏感数据的安全 如果gitlab-secrets.json文件丢失或损坏,GitLab将无法解密存储在数据库中的敏感信息,导致各种功能无法正常访问,例如CI/CD变量、Kubernetes和GCP集成、自定义页面域名、项目错误跟踪、Runner认证、项目镜像以及Web钩子等功能