GitLab部署
2023年9月18日大约 10 分钟
GitLab部署
安装
安装依赖
centos7:
yum install -y policycoreutils openssh-server openssh-clients postfix
centos8:
yum install -y curl openssh-server openssh-clients postfix cronie policycoreutils-python-utils
systemctl enable sshd
systemctl start sshd
systemctl enable postfix
systemctl start postfix添加官方源
- 官方源
# curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash- 官方源太慢选择清华源
vim /etc/yum.repos.d/gitlab-ce.repo
[gitlab-ce]name=gitlab-cebaseurl=http://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el6Repo_gpgcheck=0Enabled=1Gpgkey=https://packages.gitlab.com/gpg.key- 更新源
sudo yum makecache安装GitLab
[root@qfedu.com ~]# yum -y install gitlab-ce # 自动安装最新版
[root@qfedu.com ~]# yum -y install gitlab-ce-x.x.x # 安装指定版本Gitlab查看版本
[root@qfedu.com ~]# head -1 /opt/gitlab/version-manifest.txt
gitlab-ce 16.3.3配置登录链接
#设置登录链接
[root@qfedu.com ~]# vim /etc/gitlab/gitlab.rb
***
## GitLab URL
##! URL on which GitLab will be reachable.
##! For more details on configuring external_url see:
##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
# 没有域名,可以设置为本机IP地址
external_url 'http://172.17.0.61'
***
[root@qfedu.com ~]# grep "^external_url" /etc/gitlab/gitlab.rb
external_url 'http://172.17.0.61' #绑定监听的域名或IP获取初始密码
cat /etc/gitlab/initial_root_password
# WARNING: This value is valid only in the following conditions
# 1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run).
# 2. Password hasn't been changed manually, either via UI or via command line.
#
# If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.
Password: BkVClWSZi9vOZxwOJoy5GMh0z8epB7MdVkDrVfAyMqM=初始化
修改语言环境
如果是英文则不需要做修改
注意:可以先尝试以下方案
语言环境问题:如果碰到之后的解决方案如下,需要重新登录
[root@wing ~]# echo "export LC_ALL=en_US.UTF-8" >> /etc/profile
如果上面的方案不可以,再使用下面的方案:
# yum install langpacks-zh_CN langpacks-en langpacks-en_GB -y
# cat > /etc/profile.d/locale.sh<<-EOF
export LANG=en_US.UTF-8
export LANGUAGE=en_US.UTF-8
export LC_COLLATE=C
export LC_CTYPE=en_US.UTF-8
EOF
# source /etc/profile.d/locale.sh
退出终端重新登陆配置https
- 非必须
[root@qfedu.com ~]# vim /etc/gitlab/gitlab.rb
letsencrypt['enable'] = true //如果因为这行报错,改成false即可
letsencrypt['contact_emails'] = ['15652533044'] # 添加联系人的电子邮件地址Gitlab 添加smtp邮件功能
- 非必须
[git@qfedu.com ~]# vim /etc/gitlab/gitlab.rb
postfix 并非必须的;根据具体情况配置,以 SMTP 的为例配置邮件服务器来实现通知;参考配置如下:
### Email Settings
#############################
# gitlab.yml configuration #
#############################
gitlab_rails['gitlab_email_from'] = "15652533044@163.com" #//发件人邮箱
gitlab_rails['gitlab_email_display_name'] = "GitLab" #//发件人姓名################################
#GitLab email server settings #
################################
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.163.com" #//smtp地址
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "15652533044@163.com" #//登录账号
gitlab_rails['smtp_password'] = "FJACPUIAXSRHAEOX" #//smtp密码、smtp密
gitlab_rails['smtp_domain'] = "163.com" #//域名
gitlab_rails['smtp_authentication'] = :login
# GitLab User #
##########################
user["git_user_email"] = "15652533044@163.com"
gitlab_rails['smtp_enable_starttls_auto'] = false
gitlab_rails['smtp_tls'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'none'
#修改配置后需要初始化配置,先关掉服务再重新初始化
[git@qfedu.com ~]# gitlab-ctl stop
ok: down: gitaly: 0s, normally up
ok: down: gitlab-monitor: 1s, normally up
ok: down: gitlab-workhorse: 0s, normally up
ok: down: logrotate: 1s, normally up
ok: down: nginx: 0s, normally up
ok: down: node-exporter: 1s, normally up
ok: down: postgres-exporter: 0s, normally up
ok: down: postgresql: 0s, normally up
ok: down: prometheus: 0s, normally up
ok: down: redis: 0s, normally up
ok: down: redis-exporter: 1s, normally up
ok: down: sidekiq: 0s, normally up
ok: down: unicorn: 1s, normally up
[git@qfedu.com ~]# gitlab-ctl reconfigure
......
[git@qfedu.com ~]# gitlab-ctl start
ok: run: gitaly: (pid 37603) 0s
ok: run: gitlab-monitor: (pid 37613) 0s
ok: run: gitlab-workhorse: (pid 37625) 0s
ok: run: logrotate: (pid 37631) 0s
ok: run: nginx: (pid 37639) 1s
ok: run: node-exporter: (pid 37644) 0s
ok: run: postgres-exporter: (pid 37648) 1s
ok: run: postgresql: (pid 37652) 0s
ok: run: prometheus: (pid 37660) 1s
ok: run: redis: (pid 37668) 0s
ok: run: redis-exporter: (pid 37746) 0s
ok: run: sidekiq: (pid 37750) 1s
ok: run: unicorn: (pid 37757) 0s发送邮件测试
[git@qfedu.com ~]# gitlab-rails console
[root@wing ~]# gitlab-rails console
---------------------------------------------------------------------
GitLab: 12.10.1 (e658772bd63) FOSS
GitLab Shell: 12.2.0
PostgreSQL: 11.7
---------------------------------------------------------------------
Loading production environment (Rails 6.0.2)
irb(main):003:0>
irb(main):004:0> Notify.test_email('15652533044@163.com', 'Message Subject', 'Message Body').deliver_now //输入测试命令,回车
Notify#test_email: processed outbound mail in 5.2ms
Delivered mail 5eafceaa250a_1d063fb777add9a08601a@wing.mail (1430.1ms)
Date: Mon, 04 May 2020 16:13:30 +0800
From: gitlab <276267003@qq.com>
Reply-To: gitlab <276267003@qq.com>
To: 276267003@qq.com
Message-ID: <5eafceaa250a_1d063fb777add9a08601a@wing.mail>
Subject: Message Subject
Mime-Version: 1.0
Content-Type: text/html;
charset=UTF-8
Content-Transfer-Encoding: 7bit
Auto-Submitted: auto-generated
X-Auto-Response-Suppress: All
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>Message Body</p></body></html>
=> #<Mail::Message:70056859616080, Multipart: false, Headers: <Date: Mon, 04 May 2020 16:13:30 +0800>, <From: gitlab <276267003@qq.com>>, <Reply-To: gitlab <276267003@qq.com>>, <To: 276267003@qq.com>, <Message-ID: <5eafceaa250a_1d063fb777add9a08601a@wing.mail>>, <Subject: Message Subject>, <Mime-Version: 1.0>, <Content-Type: text/html; charset=UTF-8>, <Content-Transfer-Encoding: 7bit>, <Auto-Submitted: auto-generated>, <X-Auto-Response-Suppress: All>>
irb(main):005:0>- 然后去邮箱看是否收到
重载配置
gitlab-ctl reconfigure使用
登录gitlab
浏览器输入gitlab地址
http://8.131.83.115/, 用户名为root, 初始密码通过cat /etc/gitlab/initial_root_password获取
image-20230918154115305 登录后先修改root密码
点击
Configure GitLab
image-20230918154424896 点击左侧边栏,
dashboard----> user找到root,然后修改密码
image-20230918154542882 
image-20230918154708537
设置用户组
点击侧边栏,选择
Overview--->Groups, 然后点击新建New group
image-20230918155141616 
image-20230918155226339
去掉用户自动注册
admin are -> settings -> general -> Sign-up Restrictions 去掉钩钩,然后拉到最下面保存,重新登录
gitlab分支
代码提交流程
PM(项目主管/项目经理)在gitlab创建任务,分配给开发人员
开发人员领取任务后,在本地使用git clone拉取代码库
开发人员创建开发分支(git checkout -b dev),并进行开发
开发人员完成之后,提交到本地仓库(git commit )
开发人员在gitlab界面上申请分支合并请求(Merge request)
PM在gitlab上查看提交和代码修改情况,确认无误后,确认将开发人员的分支合并到主分支(master)
开发人员在gitlab上Mark done确认开发完成,并关闭issue。这一步在提交合并请求时可以通过描述中填写"close #1"等字样,可以直接关闭issue
创建项目管理用户
- 创建
zhangtq用户
同样的方法,再创建zhangtq1、zhangtq2用户。用户添加完毕后,gitlab 会给用户发一封修改密码的邮件,各用户需要登录自己的邮箱,并点击相关的链接,设置新密码。
创建项目组
- 点击保存
在用户组中添加用户
将 zhangtq1用户添加到组中,指定T为本组的 owner
image-20230918163219905 
image-20230918163243271
通过zhangtq账号登录创建Project项目
创建分支
客户端配置git
[Tompson@qfedu.com ~]$ git config --global user.email "15652533044@163.com"
[Tompson@qfedu.com ~]$ git config --global user.name "zhangtq"
[Tompson@qfedu.com ~]$ git clone http://8.131.83.115/cicd/cicd.git
正克隆到 'cicd'...
Username for 'http://8.131.83.115': 15652533044@163.com
Password for 'http://15652533044@163.com@8.131.83.115':
remote: Enumerating objects: 6, done.
remote: Counting objects: 100% (6/6), done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 6 (delta 0), reused 0 (delta 0), pack-reused 0
接收对象中: 100% (6/6), 完成.
[Tompson@qfedu.com ~]$
[Tompson@qfedu.com ~]$ cd cicd
[Tompson@qfedu.com chathall]$ ls
Readme.txt
[Tompson@qfedu.com chathall]$创建新文件,添加内容,并提交到main分支
zhangtq@zhangtq-X550CC:~/data/cicd$ vi test.sh
zhangtq@zhangtq-X550CC:~/data/cicd$ git commit
位于分支 main
您的分支与上游分支 'origin/main' 一致。
未跟踪的文件:
(使用 "git add <文件>..." 以包含要提交的内容)
test.sh
提交为空,但是存在尚未跟踪的文件(使用 "git add" 建立跟踪)
zhangtq@zhangtq-X550CC:~/data/cicd$ git add .
zhangtq@zhangtq-X550CC:~/data/cicd$ git commit
[main 67db839] '添加test.sh'
1 file changed, 2 insertions(+)
create mode 100644 test.sh
zhangtq@zhangtq-X550CC:~/data/cicd$ vi test.sh
zhangtq@zhangtq-X550CC:~/data/cicd$ git commit
位于分支 main
您的分支与上游分支 'origin/main' 一致。
未跟踪的文件:
(使用 "git add <文件>..." 以包含要提交的内容)
test.sh
提交为空,但是存在尚未跟踪的文件(使用 "git add" 建立跟踪)
zhangtq@zhangtq-X550CC:~/data/cicd$ git add .
zhangtq@zhangtq-X550CC:~/data/cicd$ git commit
[main 67db839] '添加test.sh'
1 file changed, 2 insertions(+)
create mode 100644 test.sh使用 zhangtq1用户登录,并 clone 项目
linux上新建zhangtq1用户并登录
sudo useradd -d "/home/zhangtq1" -m -s "/bin/bash" zhangtq1 root@zhangtq-X550CC:/home/zhangtq/data/cicd# root@zhangtq-X550CC:/home/zhangtq/data/cicd# su zhangtq1配置私钥
zhangtq1@zhangtq-X550CC:~$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/zhangtq1/.ssh/id_rsa): Created directory '/home/zhangtq1/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/zhangtq1/.ssh/id_rsa Your public key has been saved in /home/zhangtq1/.ssh/id_rsa.pub The key fingerprint is: SHA256:ffaaAhvQEEFhsPX+VG7MFKW9v+OtC1je3ViG5YbM+jE zhangtq1@zhangtq-X550CC The key's randomart image is: +---[RSA 3072]----+ | .oB+ ... | | +.. + | | . o. + . .| | .... * o * | | .S o O * =| | oo B + B.| | +o + E +| | . . = +o| | .o ==o| +----[SHA256]-----+将公钥添加到项目里
zhangtq1@zhangtq-X550CC:~$ cat /home/zhangtq1/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzbHyii91nH1MlKyNtzzGZ4Wm3FgFcDqJF8/uo7aR4b9t3/56o+hb8P5qMYLQ3rBYKcuBl/6amuVD/L/mrG0rNeJO9CNzH9mWXEOpq1CLTZec41OvoAHVSPvxEJiyt6sOx9huLNIugnQPXKwLpYxYywCpwTmSRofZ4oDFQE4umXxCGLQdmVrUp/sRh06ivLv6x4DnJrzT5tcOc6iunpG737dKVLCo9d2uvvg0jwvLYLJDjDo6+X36yEiEoCrvLDZ3o+niqrcc2jcfXSF+N6B4IiSGuW76kwNSbJaDMNsEKVpof89VqrsNH1V9Qx00qgL6+F49sB4dZAvnD4c50suNVPSctdSt6oyQsT5pEFazi6NUHuL2ts+V3ITBFRxLoD9pFRuSTxAy83/YoNrs67hkfU4bQ0TGEoC6C3El/sNd4NCpJUDXN0eomNjX/fnFcmZQiTn6fGAPHaQyL2+AuyCFeQ38Jp0tFY/1vAgcdQPXK/hu6Q7jv8Wr8gAsoQb+PrkE= zhangtq1@zhangtq-X550CC同样需要使用zhangtq1用户登录gitlab web 界面,并添加相应的ssh-key。然后设置git ,并clone项目
zhangtq1@zhangtq-X550CC:~$ git config --global user.email "15652533044@163.com" zhangtq1@zhangtq-X550CC:~$ git config --global user.name "zhangtq1" zhangtq1@zhangtq-X550CC:~$ git clone git@8.131.83.115:cicd/cicd.git 正克隆到 'cicd'... The authenticity of host '8.131.83.115 (8.131.83.115)' can't be established. ED25519 key fingerprint is SHA256:095FWGVNfH3kTYNNPG2/vQmoXjWlBIz6m5cF6gg7h6E. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '8.131.83.115' (ED25519) to the list of known hosts. remote: Enumerating objects: 9, done. remote: Counting objects: 100% (9/9), done. remote: Compressing objects: 100% (6/6), done. remote: Total 9 (delta 1), reused 0 (delta 0), pack-reused 0 接收对象中: 100% (9/9), 完成. 处理 delta 中: 100% (1/1), 完成.切换到dev分支,修改文件内容,并将新 code 提交到 dev分支 (Developer角色默认并没有提交master的权限)
zhangtq1@zhangtq-X550CC:~/cicd$ git checkout -b dev 切换到一个新分支 'dev' zhangtq1@zhangtq-X550CC:~/cicd$ git checkout -b dev 切换到一个新分支 'dev' zhangtq1@zhangtq-X550CC:~/cicd$ vi zhangtq1.sh zhangtq1@zhangtq-X550CC:~/cicd$ git add . zhangtq1@zhangtq-X550CC:~/cicd$ git commit -m "测试" [dev 995d28f] 测试 1 file changed, 2 insertions(+) create mode 100644 zhangtq1.sh zhangtq1@zhangtq-X550CC:~/cicd$ git push origin dev 枚举对象中: 4, 完成. 对象计数中: 100% (4/4), 完成. 使用 2 个线程进行压缩 压缩对象中: 100% (2/2), 完成. 写入对象中: 100% (3/3), 304 字节 | 304.00 KiB/s, 完成. 总共 3(差异 1),复用 0(差异 0),包复用 0 remote: remote: To create a merge request for dev, visit: remote: http://8.131.83.115/cicd/cicd/-/merge_requests/new?merge_request%5Bsource_branch%5D=dev remote: To 8.131.83.115:cicd/cicd.git 0199ec3..995d28f dev -> dev zhangtq1@zhangtq-X550CC:~/cicd$使用
zhangtq1登录创建合并请求
image-20230918172736355 
image-20230918172813775
备份
查看系统版本和软件版本
16.3.3[root@iZ2zedmodzug186k0ehc8pZ ~]# cat /etc/redhat-release
CentOS Linux release 8.2.2004 (Core)
[root@iZ2zedmodzug186k0ehc8pZ ~]#
[root@iZ2zedmodzug186k0ehc8pZ ~]# cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
16.3.3
[root@iZ2zedmodzug186k0ehc8pZ ~]#数据备份
[root@qfedu.com ~]# vim /etc/gitlab/gitlab.rb
gitlab_rails['manage_backup_path'] = true
gitlab_rails['backup_path'] = "/data/gitlab/backups"
# 该项定义了默认备份出文件的路径,可以通过修改该配置,并执行 **gitlab-ctl reconfigure 或者 gitlab-ctl restart** 重启服务生效。执行备份命令进行备份
[root@qfedu.com ~]# /opt/gitlab/bin/gitlab-rake gitlab:backup:create添加到 crontab 中定时执行
[root@qfedu.com ~]# crontab -e
0 2 * * * bash /opt/gitlab/bin/gitlab-rake gitlab:backup:create- 可以到/data/gitlab/backups找到备份包,解压查看,会发现备份的还是比较全面的,数据库、repositories、build、upload等分类还是比较清晰的
设置备份保留时长
防止每天执行备份,有目录被爆满的风险,打开/etc/gitlab/gitlab.rb配置文件,找到如下配置:
xxxxxxxxxx3 1[root@qfedu.com ~]# vim /etc/gitlab/gitlab.rb2gitlab_rails['backup_keep_time'] = 6048003设置备份保留7天(7360024=604800),秒为单位,如果想增大或减小,可以直接在该处配置,并通过gitlab-ctl restart 重启服务生效。
备份完成,会在备份目录中生成一个当天日期的tar包。
恢复
查看备份相关的配置项
[root@qfedu.com ~]# vim /etc/gitlab/gitlab.rb gitlab_rails['backup_path'] = "/data/gitlab/backups"=修改该配置,定义了默认备份出文件的路径,并执行 gitlab-ctl reconfigure 或者 gitlab-ctl restart 重启服务生效。
恢复前需要先停掉数据连接服务
[root@qfedu.com ~]# gitlab-ctl stop unicorn [root@qfedu.com ~]# gitlab-ctl stop sidekiq如果是台新搭建的主机,不需要操作,理论上不停这两个服务也可以。停这两个服务是为了保证数据一致性。
同步备份文件到新服务器
[root@qfedu.com gitlab]# rsync -avz 1530773117_2019_03_05_gitlab_backup.tar 192.168.95.135:/data/gitlab/backups/注意权限:600权限是无权恢复的。 实验环境可改成了777,生产环境建议修改属主属组
[root@qfedu.com backups]# pwd /data/gitlab/backups [root@qfedu.com backups]# chown -R git.git 1530773117_2019_03_05_gitlab_backup.tar [root@qfedu.com backups]# ll total 17328900 -rwxrwxrwx 1 git git 17744793600 Jul 5 14:47 1530773117_2018_07_05_gitlab_backup.tar执行命令进行恢复
后面再输入两次 yes 就完成恢复了。
[root@qfedu.com ~]# gitlab-rake gitlab:backup:restore BACKUP=1530773117_2018_07_05_gitlab_backup.tar 注意:backups 目录下保留一个备份文件可直接执行恢复完成启动服务
恢复完成后,启动刚刚的两个服务,或者重启所有服务,再打开浏览器进行访问,发现数据和之前的一致:
[root@qfedu.com ~]# gitlab-ctl start unicorn [root@qfedu.com ~]# gitlab-ctl start sidekiq 或 [root@qfedu.com ~]# gitlab-ctl restart注意:通过备份文件恢复gitlab必须保证两台主机的gitlab版本一致,否则会提示版本不匹配