概述
本帖针对Centos6/REHL6系统
Gitlab的安装过程主要包括以下组件的配置:
关闭selinux
#修改/etc/selinux/config文件 将SELINUX=enforcing改为SELINUX=disabled,然后重启电脑 #sestatus-v 查看selinux状态 Currentmode:permissive#说明已关闭selinux
1.安装软件包及解决依赖项
添加EPEL源:
wget-O/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6https://mirrors.tuna.tsinghua.edu.cn/epel/RPM-GPG-KEY-EPEL-6 rpm--import/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 #安装`epel-release-latest-6.noarch.rpm`包,启用EPEL rpm-Uvhhttp://mirrors.ustc.edu.cn/epel/epel-release-latest-6.noarch.rpm yumgroupinstall"Developmenttools" yuminstallautoconfautomakebisonbuild-essentialbyacccheckinstallcmakecpiocrontabscurlcurl-develdb4-develexpat-develgcc-c++gdbm-develgettextgettext-develglibc-devellibcurl4-openssl-devlibexpat1-devlibffilibffi-devlibffi-devellibgdbm-devlibiculibicu-devlibicu-devellibkrb5-devlibncurses5-devlibreadline-devlibssl-devlibtoollibxml2libxml2-devlibxml2-devellibxsltlibxslt-devlibxslt-devellibyamllibyaml-devlibyaml-devellibz-devlogrotatelogwatchmakencurses-developenssh-serveropenssl-develpatchpcre-develperl-ExtUtils-CBuilderperl-ExtUtils-MakeMakerperl-Time-HiRespkg-configpostfixpython-develpython-docutilsreadlinereadline-develsqlite-develsudosystem-config-firewall-tuitcl-develvimwgetzlib1g-devzlib-devel
安装git
如果已经用yum安装过git,要先卸载掉旧的版本
yumremovegit
使用源码编译安装git
mkdir/tmp/git&&cd/tmp/git curl-O--progresshttps://www.kernel.org/pub/software/scm/git/git-2.8.5.tar.gz tarzxvfgit-2.8.5.tar.gz cdgit-2.8.5 ./configure makeprefix=/usr/localall #安装到/usr/local/bin sudomakeprefix=/usr/localinstall #验证git版本号 git--version #创建软连接 ln-s/usr/local/bin/git/usr/bin/git
2.添加系统用户
adduser--system--shell/bin/bash--comment'GitLab'--create-home--home-dir/home/git/git #修改git用户的环境变量PATH,以root用户运行 visudo #找到下面一行 Defaultssecure_path=/sbin:/bin:/usr/sbin:/usr/bin #修改为 Defaultssecure_path=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
3.安装ruby环境
在Gitlab生产环境使用Ruby版本管理工具RVM,rbenv或者chruby常常会带来很多疑难杂症.比如Gitlab-shell版本管理器调用OpenSSH的功能以防止越过ssh对仓库进行pull和push操作.而前面提到的三个版本管理器不支持这样的功能,所以我们强烈建议大家按照下面的方式来安装Ruby.
Note: The current supported Ruby (MRI) version is 2.3.x. GitLab 9.0 dropped
support for Ruby 2.1.x.
如果系统上存在旧的Ruby1.8,先删除掉:
yumremoveruby
下载Ruby源码,编译安装:
mkdir/tmp/ruby&&cd/tmp/ruby #这里替换官方文档的下载地址为mirrors.ustc.edu.cn提供的镜像地址 curl-O--progresshttps://cache.ruby-lang.org/pub/ruby/2.1/ruby-2.1.5.tar.gz tarzxvfruby-2.1.5.tar.gz cdruby-2.1.5 ./configure--disable-install-rdoc make sudomakeinstall 安装完成后,重新登录终端确保$PATH生效,检测ruby的安装成功与否: ruby-v ln-s/usr/local/bin/ruby/usr/bin/ruby
国内使用Ruby的Gem和Bundler必须要做的事情:
#修改git用户gem安装源为淘宝 gemsources--addhttps://ruby.taobao.org/--removehttps://rubygems.org/ #确保git用户当前gems源为淘宝 gemsources-l ***CURRENTSOURCES*** 备:gems源中科大:https://gems.ruby-china.org/
安装bundle包(root用户)
sudogeminstallbundler--no-ri--no-rdoc
4-1.安装数据库-MysqL
#下载yum仓库文件: wgethttp://dev.MysqL.com/get/MysqL-community-release-el6-5.noarch.rpm #下载完成后将Yum库导入到你的本地: sudoyumlocalinstallMysqL-community-release-el6-*.noarch.rpm #安装MysqLServer: yuminstallMysqL-serverMysqL-develMysqL-clientlibMysqLclient-dev #启动MysqL服务 /etc/init.d/MysqLdstart #MysqL安全配置向导 MysqL_secure_installation --------------------------------------------------------------------------------- Entercurrentpasswordforroot(enterfornone):<�C初次运行直接回车 Setrootpassword?[Y/n]<�C是否设置root用户密码,输入y并回车或直接回车 Removeanonymoususers?[Y/n]<�C是否删除匿名用户,生产环境建议删除,所以直接回车 disallowrootloginremotely?[Y/n]<�C是否禁止root远程登录,根据自己的需求选择Y/n并回车,建议禁止 Removetestdatabaseandaccesstoit?[Y/n]<�C是否删除test数据库,直接回车 ReloadprivilegetablesNow?[Y/n]<�C是否重新加载权限表,直接回车
#登录数据库 $MysqL-uroot-p #输入root密码 #为gitlab创建使用用户 MysqL>createuser'gitlab'@'localhost'IDENTIFIEDBY'gitlab账号的密码'; #创建gitlaba使用的数据库 MysqL>CREATEDATABASEIFNOTEXISTS`gitlabhq_production`DEFAULTCHaraCTERSET`utf8`COLLATE`utf8_unicode_ci`; #给予gitlab用户权限 MysqL>GRANTSELECT,LOCKTABLES,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,ALTERON`gitlabhq_production`.*TO'git'@'localhost'IDENTIFIEDBY'gitpasswd'; #刷新权限 MysqL>flushprivileges; #查看创建的用户 MysqL>selectuser,host,passwordfromMysqL.user;
#测试新建的用户能否登陆MysqL MysqL-ugit-p-hlocalhost MysqL>showdatabases; +---------------------+ |Database| +---------------------+ |information_schema| |gitlabhq_production| +---------------------+ 2rowsinset(0.00sec)
4-2.安装数据库-Postgresql
配置postgresql安装源:
https://wiki.postgresql.org/wiki/YUM_Installation#Configure_your_YUM_repository
#修改/etc/yum.repos.d/CentOS-Base.repo,在[base]和[update]段落添加下面的配置 exclude=postgresql* #安装postgresql源 yumlocalinstallhttp://mirrors.ustc.edu.cn/postgresql/repos/yum/9.5/redhat/rhel-6-x86_64/pgdg-centos95-9.5-3.noarch.rpm #yumlocalinstallhttp://mirrors.ustc.edu.cn/postgresql/repos/yum/9.2/redhat/rhel-6-x86_64/pgdg-redhat92-9.2-8.noarch.rpm #安装postgresql yuminstallpostgresql95-serverpostgresql95-develpostgresql95-contrib #默认情况下,postgresql的数据库文件存放在 /var/lib/pgsql/9.5/data #初始化 mv/etc/init.d/{postgresql-9.5,postgresql} servicepostgresqlinitdb #启动postgresql servicepostgresqlstart #配置postgresql自启动 chkconfigpostgresqlon #为Gitlab创建一个用户,用户名为git cd/home sudo-upostgrespsql-dtemplate1-c"createusergitCREATEDB;" #创建pg_trgm扩展(requiredforGitLab8.6+): sudo-upostgrespsql-dtemplate1-c"CREATEEXTENSIONIFNOTEXISTSpg_trgm;" #创建Gitlab生产环境数据库并赋予git用户属主权限 sudo-upostgrespsql-dtemplate1-c"CREATEDATABASEgitlabhq_productioNowNERgit;" #用git用户测试下是否能登录刚才创建的数据库 sudo-ugit-Hpsql-dgitlabhq_production #检查是否启用pg_trgm扩展: SELECTtrueASenabled FROMpg_available_extensions WHEREname='pg_trgm' ANDinstalled_versionISNOTNULL; 如果启用了扩展,这将产生以下输出: enabled --------- t (1row) #退出数据库会话 gitlabhq_production>\q #创建pg_config的软连接 ln-s/usr/pgsql-9.5/bin/pg_config/usr/bin/pg_config
5.配置Redis
#此处redis是yum安装,为了省事。 yuminstall-yredis #disableRedislisteningonTCPbysetting'port'to0 sed's/^port.*/port0/'/etc/redis/redis.conf.orig|sudotee/etc/redis/redis.conf #添加redis.sock文件信息 echo'unixsocket/var/run/redis/redis.sock'|tee-a/etc/redis.conf echo-e'unixsocketperm0770'|tee-a/etc/redis.conf #创建文件并赋予权限 mkdir-p/var/run/redis sudochownredis:redis/var/run/redis sudochmod755/var/run/redis #Persistthedirectorywhichcontainsthesocket,ifapplicable if[-d/etc/tmpfiles.d];then echo'd/var/run/redis0755redisredis10d-'|sudotee-a/etc/tmpfiles.d/redis.conf fi #将redis用户添加到git组 sudousermod-aGredisgit #配置redis使其在开机时启动: sudochkconfigredison sudoserviceredisstart
6.安装GitLab
#将GitLab安装在git的家目录下: cd/home/git/ sudo-ugit-Hgitclonehttps://gitlab.com/gitlab-org/gitlab-ce.git-b7-6-stablegitlab cd/home/git/gitlab #复制gitlab.yml(Gitlab的主配置文件) sudo-ugit-Hcpconfig/gitlab.yml.exampleconfig/gitlab.yml #修改gitlab.yml sudo-ugit-Hvimconfig/gitlab.yml host:localhost为####修改第32行你的域名或者ip port:80 https:false #修改log/和tmp/文件夹权限 sudochown-Rgitlog/ sudochown-Rgittmp/ sudochmod-Ru+rwX,go-wlog/ sudochmod-Ru+rwXtmp/ #创建文件夹gitlab-satellites sudo-ugit-Hmkdir/home/git/gitlab-satellites sudochmodu+rwx,g=rx,o-rwx/home/git/gitlab-satellites #修改tmp/pids/和tmp/sockets/文件夹权限 sudochmod-Ru+rwXtmp/pids/ sudochmod-Ru+rwXtmp/sockets/ #创建public/uploads/文件夹 sudo-ugit-Hmkdirpublic/uploads/ #修改public/uploads/文件夹权限,只有git用户有访问权限 sudochmod-Ru+rwXpublic/uploads #复制Unicorn配置文件 sudo-ugit-Hcpconfig/unicorn.rb.exampleconfig/unicorn.rb #查询cpu核心数 nproc #如果你想搭建一个高负载的Gitlab实例,可启用集群模式. #修改'worker_processes'参数,至少要跟cpu核心数一样. #修改监听地址和端口,要和下文gitlab-shell/config.yml中配置一致 sudo-ugit-Hvimconfig/unicorn.rb worker_processes3 listen"your_IP:8080",:tcp_nopush=>true #复制Rackattack配置文件 sudo-ugit-Hcpconfig/initializers/rack_attack.rb.exampleconfig/initializers/rack_attack.rb #为git用户配置用户和邮件 sudo-ugit-Hgitconfig--globaluser.name"GitLab" sudo-ugit-Hgitconfig--globaluser.email"example@example.com" #'autocrlf'需要Web编辑器 sudo-ugit-Hgitconfig--globalcore.autocrlfinput #复制Redis连接配置文件 sudo-ugit-Hcpconfig/resque.yml.exampleconfig/resque.yml #如修改过redissocket的路径,在这个配置文件里面修改,确认redis端口和ip. sudo-ugit-Hvimconfig/resque.yml ------------------------------------- development:redis://127.0.0.1:6379 test:redis://127.0.0.1:6379 production:unix:/var/run/redis/redis.sock
7.GitLab数据库配置
#仅限于MysqL: sudo-ugitcpconfig/database.yml.MysqLconfig/database.yml #仅限于Postgresql: sudo-ugitcpconfig/database.yml.postgresqlconfig/database.yml #以下修改针对MysqL,修改username/password. sudo-ugit-Hvimconfig/database.yml production: adapter:MysqL2 encoding:utf8 collation:utf8_general_ci reconnect:false database:gitlabhq_production pool:10 username:git password:"gitpasswd" #host:localhost #socket:/tmp/MysqL.sock socket:/var/lib/MysqL/MysqL.sock #以下修改针对Postgresql,修改username/password. #修改'securepassword'为你设置的密码,没单独设置则不改 production: adapter:postgresql encoding:unicode database:gitlabhq_production pool:10 #username:git #password:#未设置不用修改 #host:localhost #port:5432 #修改database.yml的权限,确保git用户可以读取该文件. sudo-ugit-Hchmodo-rwxconfig/database.yml
8.Gems安装
#进入gitlab目录 cd/home/git/gitlab -------------------------------------------------------------- gemsources--addhttps://ruby.taobao.org/--removehttps://rubygems.org/ -------------------------------------------------------------- #修改Gemfile和Gemfile.lock vimGemfile(Gemfile.lock) 更改 sourcehttps://rubygems.org/ 为: source'https://ruby.taobao.org/' -------------------------------------------------------------- #确保只有https://ruby.taobao.org/ gemsources-l https://ruby.taobao.org/ ln-s/usr/local/bin/bundle/usr/bin/ ####一定要注意选择自己用的数据库的命令 ###Postgresql(note,theoptionsays"without...MysqL") sudo-ugit-Hbundleinstall--deployment--withoutdevelopmenttestMysqLaws #如果使用MysqL,执行下面的命令(note,theoptionsays"without...postgres") sudo-ugit-Hbundleinstall--deployment--withoutdevelopmenttestpostgresaws 笔记:如果你想去用Kerberos做用户认证,然后在--without选项中省略Kerbero
9.Gitlab-shell安装
#Runtheinstallationtaskforgitlab-shell(replace`REdis_URL`ifneeded): sudo-ugit-Hbundleexecrakegitlab:shell:install[v2.4.0]REdis_URL=unix:/var/run/redis/redis.sockRAILS_ENV=production #默认情况下,gitlab-shell的配置是根据Gitlab的配置生产的. #你可以运行下面的命令查看和修改gitlab-shell的配置, #监听端口要和/home/git/gitlab/config/unicorn.rb中配置一致 sudo-ugit-Hvim/home/git/gitlab-shell/config.yml --- user:git gitlab_url:https://localhost:8080/#使用https http_settings: self_signed_cert:false#如果gitlab_url为https,修改成true repos_path:"/home/git/repositories/" auth_file:"/home/git/.ssh/authorized_keys" redis: bin:"/usr/bin/redis-cli" namespace:resque:gitlab socket:"/var/run/redis/redis.sock" log_level:INFO audit_usernames:false
10.初始化数据库,激活高级特性
cd/home/git/gitlab sudo-ugit-Hbundleexecrakegitlab:setupRAILS_ENV=production #输入'yes'以创建数据库表 #当看到以下内容,表示已经安装完成 Administratoraccountcreated: login:root password:your_passwd ==Seedfrom/home/git/gitlab/db/fixtures/production/010_settings.rb
Note:你能通过提供环境变量设置 Administrator/root 密码和邮箱,分别为GITLAB_ROOT_PASSWORD 和 GITLAB_ROOT_EMAIL,如下所示。如果你不能设置密码(它被设置为默认的) 请等待曝光gitlab到公共互联网直到安装完成和你已经登录到服务器的第一时间。 在第一次登录时,您将被迫更改默认密码。.
sudo-ugit-Hbundleexecrakegitlab:setupRAILS_ENV=productionGITLAB_ROOT_PASSWORD=yourpasswordGITLAB_ROOT_EMAIL=youremail
11.下载服务脚本
wget-O/etc/init.d/gitlabhttps://gitlab.com/gitlab-org/gitlab-recipes/raw/master/init/sysvinit/centos/gitlab-unicorn #配置gitlab的启动级别 chmod+x/etc/init.d/gitlab chkconfig--addgitlab chkconfiggitlabon 设置Logrotate cd/home/git/gitlab sudocplib/support/logrotate/gitlab/etc/logrotate.d/gitlab 检查GitLab环境配置 sudo-ugit-Hbundleexecrakegitlab:env:infoRAILS_ENV=production ----- production Systeminformation System: CentOS6.8 CurrentUser: git UsingRVM: no RubyVersion: 2.1.5p273 GemVersion: 2.2.2 BundlerVersion:1.15.1 RakeVersion: 10.3.2 SidekiqVersion:2.17.8 GitLabinformation Version: 7.6.2 Revision: fatal:Notagitrepository(oranyparentuptomountpoint/home) Stoppingatfilesystemboundary(GIT_disCOVERY_ACROSS_FILESYstemnotset). Directory: /home/git/gitlab DBAdapter: MysqL2 URL: http://your_ip HTTPCloneURL: http://your_ip/some-project.git SSHCloneURL: git@your_ip:some-project.git UsingLDAP: no UsingOmniauth: no GitLabShell Version: 2.1.0 Repositories: /home/git/repositories/ Hooks: /home/git/gitlab-shell/hooks/ Git: /usr/bin/git #生成GitLab前端资源 sudo-ugit-Hbundleexecrakeassets:precompileRAILS_ENV=production #启动gitlab服务 servicegitlabstart
12.安装Nginx服务,并下载gitlab的站点配置文件
#使用yum进行安装 yuminstall-yNginx chkconfigNginxon wget-O/etc/Nginx/conf.d/gitlab.confhttps://gitlab.com/gitlab-org/gitlab-ce/raw/master/lib/support/Nginx/gitlab-ssl #将Nginx用户添加到git组 mkdir-p/etc/Nginx/ssl cd/etc/Nginx/ssl/ opensslreq-new-x509-nodes-days3560-outgitlab.crt-keyoutgitlab.key #启动Nginx服务 serviceNginxrestart
13.Gitlab配置SMTP邮件
#使用SMTP邮件服务器,可以不安装postfix cd/home/git/gitlab sudo-ugit-Hcpconfig/initializers/smtp_settings.rb.sampleconfig/initializers/smtp_settings.rb #修改如下 sudo-ugit-Hvimconfig/initializers/smtp_settings.rb 这里提供163和腾讯企业邮箱两种配置方式,注意将下面的123456替换成自己的密码 163邮箱: ifRails.env.production? Gitlab::Application.config.action_mailer.delivery_method=:smtp ActionMailer::Base.delivery_method=:smtp#使用smtp方法 ActionMailer::Base.smtp_settings={ address:"smtp.163.com",port:25,user_name:"wpgitlab",password:"123456",domain:"163.com",authentication::plain,enable_starttls_auto:true } end QQ邮箱: ifRails.env.production? Gitlab::Application.config.action_mailer.delivery_method=:smtp ActionMailer::Base.delivery_method=:smtp#使用smtp方法 ActionMailer::Base.smtp_settings={ address:"smtp.exmail.qq.com",user_name:"wangpeng@scnee.com",domain:"smtp.qq.com",enable_starttls_auto:true,} end 3.修改gitlab.yml cd/home/git/gitlab sudo-ugit-Hvimconfig/gitlab.yml 一键安装路径: cd /opt/gitlab-8.5.7-0 vim apps/gitlab/htdocs/config/gitlab.yml 将默认邮箱修改为自己的邮箱 163: ##Emailsettings #Emailaddressusedinthe"From"fieldinmailssentbyGitLab email_from:wpgit@163.com 腾讯企业邮箱: ##Emailsettings #Emailaddressusedinthe"From"fieldinmailssentbyGitLab email_from:wangpeng@scnee.com #编辑文件 [root@gitgitlab]#sudo-ugit-Hvimconfig/environments/production.rb config.action_mailer.delivery_method=:smtp#将方法修改成smtp方式 4.修改后。重启gitlab #监控日志文件 tail-f/home/git/gitlab/log/*.log tail-f/var/log/maillog
安装完成后gitlab运行异常使用如下命令检测,并解决
sudo-ugit-Hbundleexecrakegitlab:checkRAILS_ENV=production
验证结果,访问地址如下:
用户名和密码如下
login.........root
password......5iveL!fe
备份恢复
Gitlab 创建备份
使用Gitlab一键安装包安装Gitlab非常单,同样的备份恢复与迁移也非常简单,用一条命令即可创建完整的Gitlab备份:
cd/home/git/gitlab sudo-ugit-Hbundleexecrakegitlab:backup:createraILS_ENV=productionSTRATEGY=copy
注:跳过某些内容sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=productionSKIP=db,uploads
skip为:
db (database)
uploads (attachments)
repositories (Git repositories data)
builds (CI job output logs)
artifacts (CI job artifacts)
lfs (LFS objects)
registry (Container Registry images)
pages (Pages content)
Gitlab 修改备份文件默认目录
修改/home/git/gitlab/config/gitlab.yml来修改默认存放备份文件的目录:
sudo-ugit-Hvim/home/git/gitlab/config/gitlab.yml ---------------------- backup: path:"/home/git/backups/"#RelativepathsarerelativetoRails.root(default:tmp/backups/)
自动备份
#CreateafullbackupoftheGitLabrepositoriesandsqldatabaseeverydayat4am 04***cd/home/git/gitlab&&PATH=/usr/local/bin:/usr/bin:/binbundleexecrakegitlab:backup:creat #04***cd/home/git/gitlab&&sudo-ugit-Hbundleexecrakegitlab:backup:createraILS_ENV=production
恢复
首先进入备份 gitlab 的目录,这个目录是配置文件中的path,本文设置为/home/git/backups/。
然后停止 unicorn 和 sidekiq ,保证数据库没有新的连接,不会有写数据情况。
#停止相关数据连接服务 servicegitlabstop cd/home/git/gitlab sudo-ugit-Hbundleexecrakegitlab:backup:restoreRAILS_ENV=productioneRAILS_ENV=productionCRON=1 #如果备份目录下面有多个备份文件,则需加参数并指明时间戳 BACKUP=timestamp_of_backup(requiredifmorethanonebackupexists) force=yes(donotaskiftheauthorized_keysfileshouldgetregenerated) sudo-ugit-Hbundleexecrakegitlab:backup:restoreRAILS_ENV=productioneRAILS_ENV=productionCRON=1force=yesBACKUP=timestamp_of_backup #恢复时候BACKUP=timestamp_of_backuptimestamp_of_backup表示是时间前缀默认恢复最新一次的备份 #启动Gitlab sudogitlab-ctlstart
#恢复过程中没有权限 mkdir/home/git/backups/ chowngit/home/git/backups/ chmod700/home/git/backups/
迁移
把备份文件拷贝到gitlab的备份目录下,根据上面gitlab恢复步骤即可。
备份注意事项:
还需要备份文件:/home/git/gitlab/config/secrets.yml(两步验证时用到:用户名密码登录及短信验证)
