概述
本帖針對Centos6/REHL6系統
Gitlab的安裝過程主要包括以下組件的配置:
關閉selinux
# 修改/etc/selinux/config 文件 將SELINUX=enforcing改爲SELINUX=disabled ,然後重啓電腦 # sestatus -v 查看selinux狀態 Current mode: permissive #說明已關閉selinux
GitLab軟件包
所有GitLab軟件包都會發布到我們的軟件包服務器上,並且可以下載。我們維持五個回購:
GitLab EE:適用於官方企業版版本
GitLab CE:用於官方Community Edition版本
Unstable:適用於發佈候選版和其他不穩定版本
Nighty Builds:每晚製作
安裝軟件包及版本要求
Ubuntu/Debian/CentOS/RHEL**
ruby 2.0+
git 1.7.10+
redis 2.0+
MySQL or PostgreSQ
1.安裝軟件包及解決依賴項
添加EPEL源:
wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 https://mirrors.tuna.tsinghua.edu.cn/epel/RPM-GPG-KEY-EPEL-6 rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 # 安裝`epel-release-latest-6.noarch.rpm`包,啓用EPEL rpm -Uvh http://mirrors.ustc.edu.cn/epel/epel-release-latest-6.noarch.rpm yum groupinstall "Development tools" yum install autoconf automake bison build-essential byacc checkinstall cmake cpio crontabs curl curl-devel db4-devel expat-devel gcc-c++ gdbm-devel gettext gettext-devel glibc-devel libcurl4-openssl-dev libexpat1-dev libffi libffi-dev libffi-devel libgdbm-dev libicu libicu-dev libicu-devel libkrb5-dev libncurses5-dev libreadline-dev libssl-dev libtool libxml2 libxml2-dev libxml2-devel libxslt libxslt-dev libxslt-devel libyaml libyaml-dev libyaml-devel libz-dev logrotate logwatch make ncurses-devel openssh-server openssl-devel patch pcre-devel perl-ExtUtils-CBuilder perl-ExtUtils-MakeMaker perl-Time-HiRes pkg-config postfix python-devel python-docutils readline readline-devel sqlite-devel sudo system-config-firewall-tui tcl-devel vim wget zlib1g-dev zlib-devel
安裝git
如果已經用yum安裝過git,要先卸載掉舊的版本
yum remove git
使用源碼編譯安裝git
mkdir /tmp/git && cd /tmp/git curl -O --progress https://www.kernel.org/pub/software/scm/git/git-2.8.5.tar.gz tar zxvf git-2.8.5.tar.gz cd git-2.8.5 ./configure make prefix=/usr/local all # 安裝到/usr/local/bin sudo make prefix=/usr/local install # 驗證git版本號 git --version #創建軟連接 ln -s /usr/local/bin/git /usr/bin/git
2.添加系統用戶
我們添加一個用來管理運行Gitlab的用戶git
adduser --system --shell /bin/bash --comment 'GitLab' --create-home --home-dir /home/git/ git # 修改git用戶的環境變量PATH,以root用戶運行 visudo # 找到下面一行 Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin #修改爲 Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
3.安裝ruby環境
在Gitlab生產環境使用Ruby版本管理工具RVM,rbenv或者chruby常常會帶來很多疑難雜症.比如Gitlab-shell版本管理器調用OpenSSH的功能以防止越過ssh對倉庫進行pull和push操作.而前面提到的三個版本管理器不支持這樣的功能,所以我們強烈建議大家按照下面的方式來安裝Ruby.
Note: The current supported Ruby (MRI) version is 2.3.x. GitLab 9.0 dropped
support for Ruby 2.1.x.
如果系統上存在舊的Ruby1.8,先刪除掉:
yum remove ruby
下載Ruby源碼,編譯安裝:
mkdir /tmp/ruby && cd /tmp/ruby # 這裏替換官方文檔的下載地址爲mirrors.ustc.edu.cn提供的鏡像地址 curl -O --progress https://cache.ruby-lang.org/pub/ruby/2.1/ruby-2.1.5.tar.gz tar zxvf ruby-2.1.5.tar.gz cd ruby-2.1.5 ./configure --disable-install-rdoc make sudo make install 安裝完成後,重新登錄終端確保$PATH生效,檢測ruby的安裝成功與否: ruby -v ln -s /usr/local/bin/ruby /usr/bin/ruby
國內使用Ruby的Gem和Bundler必須要做的事情:
# 修改git用戶gem安裝源爲淘寶 gem sources --add https://ruby.taobao.org/ --remove https://rubygems.org/ # 確保git用戶當前gems源爲淘寶 gem sources -l *** CURRENT SOURCES *** 備:gems源中科大: https://gems.ruby-china.org/
安裝bundle包(root用戶)
sudo gem install bundler --no-ri --no-rdoc
4-1.安裝數據庫-mysql
安裝mysql數據庫,設置數據庫管理員密碼
#下載yum倉庫文件: wget http://dev.mysql.com/get/mysql-community-release-el6-5.noarch.rpm #下載完成後將Yum庫導入到你的本地: sudo yum localinstall mysql-community-release-el6-*.noarch.rpm #安裝MySQLServer: yum install mysql-server mysql-devel mysql-client libmysqlclient-dev #啓動mysql服務 /etc/init.d/mysqld start #MySQL安全配置嚮導 mysql_secure_installation --------------------------------------------------------------------------------- Enter current password for root (enter for none): <–初次運行直接回車 Set root password? [Y/n] <– 是否設置root用戶密碼,輸入y並回車或直接回車 Remove anonymous users? [Y/n] <– 是否刪除匿名用戶,生產環境建議刪除,所以直接回車 Disallow root login remotely? [Y/n] <–是否禁止root遠程登錄,根據自己的需求選擇Y/n並回車,建議禁止 Remove test database and access to it? [Y/n] <– 是否刪除test數據庫,直接回車 Reload privilege tables now? [Y/n] <– 是否重新加載權限表,直接回車
創建新用戶和數據庫給gitlab使用
# 登錄數據庫 $ mysql -u root -p # 輸入root密碼 # 爲gitlab創建使用用戶 mysql> CREATE USER 'gitlab'@'localhost' IDENTIFIED BY 'gitlab賬號的密碼'; # 創建gitlaba使用的數據庫 mysql> CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`; # 給予gitlab用戶權限 mysql> GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `gitlabhq_production`.* TO 'git'@'localhost' IDENTIFIED BY 'gitpasswd'; # 刷新權限 mysql> flush privileges; # 查看創建的用戶 mysql> select user,host,password from mysql.user;
#測試新建的用戶能否登陸mysql mysql -u git -p -h localhost mysql> show databases; +---------------------+ | Database | +---------------------+ | information_schema | | gitlabhq_production | +---------------------+ 2 rows in set (0.00 sec)
4-2.安裝數據庫-PostgreSQL
配置postgresql安裝源:
https://wiki.postgresql.org/wiki/YUM_Installation#Configure_your_YUM_repository
# 修改/etc/yum.repos.d/CentOS-Base.repo,在[base]和[update]段落添加下面的配置 exclude=postgresql* # 安裝postgresql源 yum localinstall http://mirrors.ustc.edu.cn/postgresql/repos/yum/9.5/redhat/rhel-6-x86_64/pgdg-centos95-9.5-3.noarch.rpm #yum localinstall http://mirrors.ustc.edu.cn/postgresql/repos/yum/9.2/redhat/rhel-6-x86_64/pgdg-redhat92-9.2-8.noarch.rpm # 安裝postgresql yum install postgresql95-server postgresql95-devel postgresql95-contrib # 默認情況下,postgresql的數據庫文件存放在 /var/lib/pgsql/9.5/data # 初始化 mv /etc/init.d/{postgresql-9.5,postgresql} service postgresql initdb # 啓動postgresql service postgresql start # 配置postgresql自啓動 chkconfig postgresql on # 爲Gitlab創建一個用戶,用戶名爲git cd /home sudo -u postgres psql -d template1 -c "CREATE USER git CREATEDB;" #創建pg_trgm擴展 (required for GitLab 8.6+): sudo -u postgres psql -d template1 -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;" # 創建Gitlab生產環境數據庫並賦予git用戶屬主權限 sudo -u postgres psql -d template1 -c "CREATE DATABASE gitlabhq_production OWNER git;" # 用git用戶測試下是否能登錄剛纔創建的數據庫 sudo -u git -H psql -d gitlabhq_production #檢查是否啓用 pg_trgm 擴展: SELECT true AS enabled FROM pg_available_extensions WHERE name = 'pg_trgm' AND installed_version IS NOT NULL; 如果啓用了擴展,這將產生以下輸出: enabled --------- t (1 row) # 退出數據庫會話 gitlabhq_production> \q # 創建pg_config的軟連接 ln -s /usr/pgsql-9.5/bin/pg_config /usr/bin/pg_config
5.配置Redis
#此處redis是yum安裝,爲了省事。 yum install -y redis # Disable Redis listening on TCP by setting 'port' to 0 sed 's/^port .*/port 0/' /etc/redis/redis.conf.orig | sudo tee /etc/redis/redis.conf #添加redis.sock文件信息 echo 'unixsocket /var/run/redis/redis.sock' |tee -a /etc/redis.conf echo -e 'unixsocketperm 0770' |tee -a /etc/redis.conf #創建文件並賦予權限 mkdir -p /var/run/redis sudo chown redis:redis /var/run/redis sudo chmod 755 /var/run/redis # Persist the directory which contains the socket, if applicable if [ -d /etc/tmpfiles.d ]; then echo 'd /var/run/redis 0755 redis redis 10d -' | sudo tee -a /etc/tmpfiles.d/redis.conf fi #將redis用戶添加到git組 sudo usermod -aG redis git #配置redis使其在開機時啓動: sudo chkconfig redis on sudo service redis start
6.安裝GitLab
#將GitLab安裝在git的家目錄下: cd /home/git/ sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 7-6-stable gitlab cd /home/git/gitlab # 複製gitlab.yml(Gitlab的主配置文件) sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml # 修改gitlab.yml sudo -u git -H vim config/gitlab.yml host: gitlab.xxx.com ####修改第32行 爲你的域名或者ip port: 80 https: false # 修改 log/ 和 tmp/ 文件夾權限 sudo chown -R git log/ sudo chown -R git tmp/ sudo chmod -R u+rwX,go-w log/ sudo chmod -R u+rwX tmp/ #創建文件夾gitlab-satellites sudo -u git -H mkdir /home/git/gitlab-satellites sudo chmod u+rwx,g=rx,o-rwx /home/git/gitlab-satellites # 修改 tmp/pids/ 和 tmp/sockets/ 文件夾權限 sudo chmod -R u+rwX tmp/pids/ sudo chmod -R u+rwX tmp/sockets/ # 創建 public/uploads/ 文件夾 sudo -u git -H mkdir public/uploads/ # 修改 public/uploads/ 文件夾權限,只有git用戶有訪問權限 sudo chmod -R u+rwX public/uploads # 複製 Unicorn 配置文件 sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb # 查詢CPU核心數 nproc # 如果你想搭建一個高負載的Gitlab實例,可啓用集羣模式. # 修改'worker_processes'參數,至少要跟cpu核心數一樣. # 修改監聽地址和端口,要和下文 gitlab-shell/config.yml 中配置一致 sudo -u git -H vim config/unicorn.rb worker_processes 3 listen "your_IP:8080", :tcp_nopush => true # 複製Rack attack 配置文件 sudo -u git -H cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb # 爲 git 用戶配置用戶和郵件 sudo -u git -H git config --global user.name "GitLab" sudo -u git -H git config --global user.email "[email protected]" # 'autocrlf' 需要Web編輯器 sudo -u git -H git config --global core.autocrlf input # 複製 Redis 連接配置文件 sudo -u git -H cp config/resque.yml.example config/resque.yml # 如修改過redis socket的路徑,在這個配置文件裏面修改,確認redis端口和ip. sudo -u git -H vim config/resque.yml ------------------------------------- development: redis://127.0.0.1:6379 test: redis://127.0.0.1:6379 production: unix:/var/run/redis/redis.sock
7.GitLab數據庫配置
# 僅限於Mysql: sudo -u git cp config/database.yml.mysql config/database.yml # 僅限於PostgreSQl: sudo -u git cp config/database.yml.postgresql config/database.yml # 以下修改針對MySQL,修改username/password. sudo -u git -H vim config/database.yml production: adapter: mysql2 encoding: utf8 collation: utf8_general_ci reconnect: false database: gitlabhq_production pool: 10 username: git password: "gitpasswd" # host: localhost # socket: /tmp/mysql.sock socket: /var/lib/mysql/mysql.sock # 以下修改針對PostgreSQL,修改username/password. # 修改'secure password' 爲你設置的密碼,沒單獨設置則不改 production: adapter: postgresql encoding: unicode database: gitlabhq_production pool: 10 # username: git # password: #未設置不用修改 # host: localhost # port: 5432 # 修改database.yml的權限,確保git用戶可以讀取該文件. sudo -u git -H chmod o-rwx config/database.yml
8.Gems安裝
# 進入gitlab目錄 cd /home/git/gitlab -------------------------------------------------------------- gem sources --add https://ruby.taobao.org/ --remove https://rubygems.org/ -------------------------------------------------------------- # 修改 Gemfile 和 Gemfile.lock vim Gemfile(Gemfile.lock) 更改 source https://rubygems.org/ 爲: source 'https://ruby.taobao.org/' -------------------------------------------------------------- # 確保只有 https://ruby.taobao.org/ gem sources -l https://ruby.taobao.org/ ln -s /usr/local/bin/bundle /usr/bin/ ####一定要注意選擇自己用的數據庫的命令 ###PostgreSQL (note, the option says "without ... mysql") sudo -u git -H bundle install --deployment --without development test mysql aws # 如果使用 MySQL,執行下面的命令 (note, the option says "without ... postgres") sudo -u git -H bundle install --deployment --without development test postgres aws 筆記: 如果你想去用 Kerberos 做用戶認證, 然後在--without選項中省略Kerbero
9.Gitlab-shell安裝
# Run the installation task for gitlab-shell (replace `REDIS_URL` if needed): sudo -u git -H bundle exec rake gitlab:shell:install[v2.4.0] REDIS_URL=unix:/var/run/redis/redis.sock RAILS_ENV=production # 默認情況下,gitlab-shell的配置是根據Gitlab的配置生產的. # 你可以運行下面的命令查看和修改gitlab-shell的配置, # 監聽端口要和/home/git/gitlab/config/unicorn.rb中配置一致 sudo -u git -H vim /home/git/gitlab-shell/config.yml --- user: git gitlab_url: https://localhost:8080/ #使用https http_settings: self_signed_cert: false #如果gitlab_url爲https,修改成true repos_path: "/home/git/repositories/" auth_file: "/home/git/.ssh/authorized_keys" redis: bin: "/usr/bin/redis-cli" namespace: resque:gitlab socket: "/var/run/redis/redis.sock" log_level: INFO audit_usernames: false
10.初始化數據庫,激活高級特性
cd /home/git/gitlab sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production # 輸入 'yes' 以創建數據庫表 # 當看到以下內容,表示已經安裝完成 Administrator account created: login: root password: your_passwd == Seed from /home/git/gitlab/db/fixtures/production/010_settings.rb
Note: 你能通過提供環境變量設置 Administrator/root 密碼和郵箱, 分別爲GITLAB_ROOT_PASSWORD 和 GITLAB_ROOT_EMAIL , 如下所示。如果你不能設置密碼(它被設置爲默認的) 請等待曝光gitlab到公共互聯網直到安裝完成和你已經登錄到服務器的第一時間。 在第一次登錄時,您將被迫更改默認密碼。.
sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD=yourpassword GITLAB_ROOT_EMAIL=youremail
11.下載服務腳本
wget -O /etc/init.d/gitlab https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/init/sysvinit/centos/gitlab-unicorn # 配置gitlab的啓動級別 chmod +x /etc/init.d/gitlab chkconfig --add gitlab chkconfig gitlab on 設置Logrotate cd /home/git/gitlab sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab 檢查GitLab環境配置 sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production ----- production System information System: CentOS 6.8 Current User: git Using RVM: no Ruby Version: 2.1.5p273 Gem Version: 2.2.2 Bundler Version:1.15.1 Rake Version: 10.3.2 Sidekiq Version:2.17.8 GitLab information Version: 7.6.2 Revision: fatal: Not a git repository (or any parent up to mount point /home) Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set). Directory: /home/git/gitlab DB Adapter: mysql2 URL: http://your_ip HTTP Clone URL: http://your_ip/some-project.git SSH Clone URL: git@your_ip:some-project.git Using LDAP: no Using Omniauth: no GitLab Shell Version: 2.1.0 Repositories: /home/git/repositories/ Hooks: /home/git/gitlab-shell/hooks/ Git: /usr/bin/git # 生成GitLab前端資源 sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production # 啓動gitlab服務 service gitlab start
12.安裝nginx服務,並下載gitlab的站點配置文件
# 使用yum進行安裝 yum install -y nginx chkconfig nginx on wget -O /etc/nginx/conf.d/gitlab.conf https://gitlab.com/gitlab-org/gitlab-ce/raw/master/lib/support/nginx/gitlab-ssl # 將nginx用戶添加到git組 mkdir -p /etc/nginx/ssl cd /etc/nginx/ssl/ openssl req -new -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key # 啓動nginx服務 service nginx restart
13.Gitlab配置SMTP郵件
# 使用SMTP郵件服務器,可以不安裝postfix cd /home/git/gitlab sudo -u git -H cp config/initializers/smtp_settings.rb.sample config/initializers/smtp_settings.rb #修改如下 sudo -u git -H vim config/initializers/smtp_settings.rb 這裏提供163和騰訊企業郵箱兩種配置方式,注意將下面的123456替換成自己的密碼 163郵箱: if Rails.env.production? Gitlab::Application.config.action_mailer.delivery_method = :smtp ActionMailer::Base.delivery_method = :smtp #使用smtp方法 ActionMailer::Base.smtp_settings = { address: "smtp.163.com", port: 25, user_name: "wpgitlab", password: "123456", domain: "163.com", authentication: :plain, enable_starttls_auto: true } end QQ郵箱: if Rails.env.production? Gitlab::Application.config.action_mailer.delivery_method = :smtp ActionMailer::Base.delivery_method = :smtp #使用smtp方法 ActionMailer::Base.smtp_settings = { address: "smtp.exmail.qq.com", port: 25, user_name: "[email protected]", password: "123456", domain: "smtp.qq.com", authentication: :plain, enable_starttls_auto: true, } end 3. 修改gitlab.yml cd /home/git/gitlab sudo -u git -H vim config/gitlab.yml 一鍵安裝路徑: cd /opt/gitlab-8.5.7-0 vim apps/gitlab/htdocs/config/gitlab.yml 將默認郵箱修改爲自己的郵箱 163: ## Email settings # Email address used in the "From" field in mails sent by GitLab email_from: [email protected] 騰訊企業郵箱: ## Email settings # Email address used in the "From" field in mails sent by GitLab email_from: [email protected] #編輯文件 [root@git gitlab]#sudo -u git -H vim config/environments/production.rb config.action_mailer.delivery_method = :smtp #將方法修改成smtp方式 4. 修改後。重啓gitlab #監控日誌文件 tail -f /home/git/gitlab/log/*.log tail -f /var/log/maillog
安裝完成後gitlab運行異常使用如下命令檢測,並解決
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
驗證結果,訪問地址如下:
用戶名和密碼如下
login.........root
password......5iveL!fe
備份恢復
Gitlab 創建備份
使用Gitlab一鍵安裝包安裝Gitlab非常單, 同樣的備份恢復與遷移也非常簡單,用一條命令即可創建完整的Gitlab備份:
cd /home/git/gitlab sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production STRATEGY=copy
注:跳過某些內容sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production SKIP=db,uploads
skip爲:
db (database)
uploads (attachments)
repositories (Git repositories data)
builds (CI job output logs)
artifacts (CI job artifacts)
lfs (LFS objects)
registry (Container Registry images)
pages (Pages content)
Gitlab 修改備份文件默認目錄
修改/home/git/gitlab/config/gitlab.yml
來修改默認存放備份文件的目錄:
sudo -u git -H vim /home/git/gitlab/config/gitlab.yml ---------------------- backup: path: "/home/git/backups/" # Relative paths are relative to Rails.root (default: tmp/backups/)
自動備份
# Create a full backup of the GitLab repositories and SQL database every day at 4am 0 4 * * * cd /home/git/gitlab && PATH=/usr/local/bin:/usr/bin:/bin bundle exec rake gitlab:backup:creat # 0 4 * * * cd /home/git/gitlab && sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
恢復
首先進入備份 gitlab 的目錄,這個目錄是配置文件中的path
,本文設置爲 /home/git/backups/ 。
然後停止 unicorn 和 sidekiq ,保證數據庫沒有新的連接,不會有寫數據情況。
# 停止相關數據連接服務 service gitlab stop cd /home/git/gitlab sudo -u git -H bundle exec rake gitlab:backup:restore RAILS_ENV=productione RAILS_ENV=production CRON=1 # 如果備份目錄下面有多個備份文件,則需加參數並指明時間戳 BACKUP=timestamp_of_backup (required if more than one backup exists) force=yes (do not ask if the authorized_keys file should get regenerated) sudo -u git -H bundle exec rake gitlab:backup:restore RAILS_ENV=productione RAILS_ENV=production CRON=1 force=yes BACKUP=timestamp_of_backup #恢復時候BACKUP=timestamp_of_backup timestamp_of_backup表示是時間前綴 默認恢復最新一次的備份 # 啓動Gitlab sudo gitlab-ctl start
# 恢復過程中沒有權限 mkdir /home/git/backups/ chown git /home/git/backups/ chmod 700 /home/git/backups/
遷移
把備份文件拷貝到gitlab的備份目錄下,根據上面gitlab恢復步驟即可。
備份注意事項:
還需要備份文件:/home/git/gitlab/config/secrets.yml(兩步驗證時用到:用戶名密碼登錄及短信驗證)