19 KiB
安装 Gitlab 依赖的工具
添加epel源
查看系统架构
$ exit
# getconf LONG_BIT
centos 7
http://itgeeker.net/centos-7-epel-china-mirror-repository/
centos 6
http://www.dahouduan.com/2014/12/25/centos-yum-add-epel-remi/
安装依赖
# yum install nodejs
# yum -y update
# yum -y groupinstall 'Development Tools'
# yum -y install readline readline-devel ncurses-devel gdbm-devel glibc-devel tcl-devel openssl-devel curl-devel expat-devel db4-devel byacc sqlite-devel libyaml libyaml-devel libffi libffi-devel libxml2 libxml2-devel libxslt libxslt-devel libicu libicu-devel system-config-firewall-tui git redis ruby sudo wget crontabs logwatch logrotate perl-Time-HiRes cmake nodejs
安装Git
先删除系统中原有的老版本 git:
# yum -y remove git
# yum install zlib-devel perl-CPAN gettext curl-devel expat-devel gettext-devel openssl-devel
从官方网站下载源代码进行:
# cd ~
# curl --progress https://www.kernel.org/pub/software/scm/git/git-2.7.3.tar.gz | tar xz
# cd git-2.7.3/
# ./configure
# make
# make prefix=/usr/local install
然后使用下面这个命令检测安装是否有效:
# which git
安装 ruby
如果 ruby 的版本低于 2.0 的话,则需要重新安装 ruby。
# ruby --version
# yum -y remove ruby
# cd ~
# curl --progress ftp://ftp.ruby-lang.org/pub/ruby/ruby-2.3.0.tar.gz | tar xz
# cd ruby-2.3.0
# ./configure --disable-install-rdoc
# make
# make prefix=/usr/local install
安装 Go
前往以下地址查看合适的go版本
# cd ~
# curl -O --progress https://storage.googleapis.com/golang/go1.6.linux-386.tar.gz
# tar -C /usr/local -xzf go1.6.linux-386.tar.gz
# ln -sf /usr/local/go/bin/{go,godoc,gofmt} /usr/local/bin/
# rm go1.6.linux-386.tar.gz
安装 Redis
安装
# yum -y remove redis
# wget http://download.redis.io/releases/redis-stable.tar.gz
# tar zxvf redis-stable.tar.gz
# cd redis-stable
# make
# make install
# ./utils/install_server.sh
/usr/local/bin/redis-server
配置
sock 文件权限改为777是因为redis是手工安装,并不是以redis用户启动的,而是root。 以端口的方式应该也可行(未测试),参考“在 CentOS 上安装 Gitlab 7”关于 redis 安装的部分,并将后续所有redis相关配置改为tcp方式。
# mv 6379.conf 6379.conf.orig
# cp 6379.conf.orig redis.conf
# sed 's/^port .*/port 0/' /etc/redis/6379.conf.orig | tee /etc/redis/redis.conf
# echo 'unixsocket /var/run/redis/redis.sock' | tee -a /etc/redis/redis.conf
# echo 'unixsocketperm 777' | tee -a /etc/redis/redis.conf
# mkdir /var/run/redis
# chown redis:redis /var/run/redis
# chmod 755 /var/run/redis
附加git到redis组
usermod -aG redis git
创建 /etc/init.d/redis 并使用下面的代码作为启动脚本。
# vim /etc/init.d/redis
添加如下内容:
###########################
PATH=/usr/local/bin:/sbin:/usr/bin:/bin
REDISPORT=0
EXEC=/usr/local/bin/redis-server
REDIS_CLI=/usr/local/bin/redis-cli
PIDFILE=/var/run/redis.pid
CONF="/etc/redis/redis.conf"
case "$1" in
start)
if [ -f $PIDFILE ]
then
echo "$PIDFILE exists, process is already running or crashed"
else
echo "Starting Redis server..."
$EXEC $CONF
fi
if [ "$?"="0" ]
then
echo "Redis is running..."
fi
;;
stop)
if [ ! -f $PIDFILE ]
then
echo "$PIDFILE does not exist, process is not running"
else
PID=$(cat $PIDFILE)
echo "Stopping ..."
$REDIS_CLI -p $REDISPORT SHUTDOWN
while [ -x ${PIDFILE} ]
do
echo "Waiting for Redis to shutdown ..."
sleep 1
done
echo "Redis stopped"
fi
;;
restart|force-reload)
${0} stop
${0} start
;;
*)
echo "Usage: /etc/init.d/redis {start|stop|restart|force-reload}" >&2
exit 1
esac
##############################
保存后,添加可执行权限:
# chmod +x /etc/init.d/redis
确保 redis 能随系统启动:
# vi /etc/rc.d/rc.local
在文件末尾添加下面这行:
# service redis start
然后使用上面同样的命令启动 redis 服务:
# service redis start
安装邮件服务器
# yum -y install postfix
# service postfix start
# chkconfig postfix on
为 Gitlab 添加系统用户
# adduser --system --shell /bin/bash --comment 'GitLab' --create-home --home-dir /home/git/ git
为了包含/usr/local/bin到git用户的$PATH,一个方法是编辑超级用户文件。以管理员身份运行:
# visudo
然后搜索:
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
将其改成:
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
安装 gitlab-workhorse
$ cd /home/git
$ git clone https://gitlab.com/gitlab-org/gitlab-workhorse.git
$ cd gitlab-workhorse
$ git checkout 0.7.0
$ make
安装数据库
安装
centos 6
安装
# yum -y install mysql-server
设置MySQL服务随系统启动自启动
# chkconfig mysqld on
检查自启动状态,如果2--5为on的状态就OK
# chkconfig --list mysqld
启动mysql
# /etc/init.d/mysqld start
centos 7
MySQL 已经不再包含在 CentOS 7 的源中,而改用了 MariaDB,先搜索 MariaDB 现有的包:
# rpm -qa | grep mariadb
然后全部删除:
# rpm -e --nodeps mariadb-*
然后创建 /etc/yum.repos.d/MariaDB.repo:
# vim /etc/yum.repos.d/MariaDB.repo
将以下内容添加至该文件中:
# MariaDB 10.0 CentOS repository list - created 2015-05-04 19:16 UTC
# http://mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.0/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
然后运行下面命令安装 MariaDB 10.0:
# yum install MariaDB-server MariaDB-client
然后启动 MariaDB 服务:
# service mysql start
配置
接着运行 mysql_secure_installation:
# mysql_secure_installation
登录 MariaDB 并创建相应的数据库用户与数据库:
# mysql -uroot -p
> CREATE USER 'git'@'localhost' IDENTIFIED BY '$password';
> SET storage_engine=INNODB;
> CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
> GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `gitlabhq_production`.* TO 'git'@'localhost';
> use mysql;
> UPDATE user SET password=PASSWORD("123") WHERE user='git';
> FLUSH PRIVILEGES;
> quit;
> \q
尝试使用新用户连接数据库:
> mysql -u git -p -D gitlabhq_production
> \q
安装 Gitlab
克隆源
# su git
$ cd ~
$ git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 8-6-stable gitlab
配置
$ cd ~/gitlab
Copy the example GitLab config 复制GitLab的示例配置文件
$ cp config/gitlab.yml.example config/gitlab.yml
Make sure to change "localhost" to the fully-qualified domain name of your
host serving GitLab where necessary
确保修改“localhost”为你的GitLab主机的FQDN
If you want to use https make sure that you set https to true. See #using-
https for all necessary details.
经测试,此处host和port影响后续 gitlab-shell 生成的配置的 gitlab_url 地址。操作完成后,再修改这两个值,只影响界面中合成的路径。若 gitlab-shell 的 gitlab_url不是实际访问路径, gitlab-shell 编辑文件后无法正常提交。
If you installed Git from source, change the git bin_path to /usr/local/bin/git 如果你从源代码安装了Git,修改git的bin_path为/usr/local/bin/git
$ vim config/gitlab.yml
Copy the example secrets file
$ cp config/secrets.yml.example config/secrets.yml
$ chmod 0600 config/secrets.yml
Make sure GitLab can write to the log/ and tmp/ directories 确保GitLab可以写入log/和temp/目录
$ chown -R git {log,tmp}
$ chmod -R u+rwX tmp
$ chmod -R u+rwX,go-w log
Make sure GitLab can write to the tmp/pids/ and tmp/sockets/ directories 确保GitLab可以写入tmp/pids/和temp/sockets/目录
$ chmod -R u+rwX tmp/{pids,sockets}
Make sure GitLab can write to the public/uploads/ directory 确保GitLab可以写入public/uploads/目录
$ mkdir public/uploads
$ chmod -R u+rwX public/uploads
Make sure only the GitLab user has access to the public/uploads/ directory now that files in public/uploads are served by gitlab-workhorse
$ chmod 0700 public/uploads
Change the permissions of the directory where CI build traces are stored
$ chmod -R u+rwX builds/
Change the permissions of the directory where CI artifacts are stored
$ chmod -R u+rwX shared/artifacts/
Copy the example Unicorn config 复制Unicorn的示例配置文件
$ cp config/unicorn.rb.example config/unicorn.rb
Find number of cores
nproc
Enable cluster mode if you expect to have a high load instance Ex. change amount of workers to 3 for 2GB RAM server 启用集群模式如果你期望拥有一个高负载实例 附:修改worker的数量到3用于2GB内存的服务器
$ vim config/unicorn.rb
默认监听本地127.0.0.1,仅供内部访问,一般情况下需要使用nginx做端口转发,使gitlab与其他站点共存。若要使unicorn直接提供外网访问,更改为:
listen "0.0.0.0:8080", :tcp_nopush => true
unicorn 无法直接使用80端口,原因不明。
worker的数量不能小于2,否则 push 时候出现如下错误:
error: RPC failed; result=18, HTTP code = 200
fatal: The remote end hung up unexpectedly
Copy the example Rack attack config 复制Rack attack的示例配置文件
$ cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb
Configure Git global settings for git user, useful when editing via web Edit user.email according to what is set in config/gitlab.yml 为git用户配置Git全局设定,当通过web修改时有用 修改user.email根据config/gitlab.yml中的设定
$ git config --global core.autocrlf input
$ git config --global user.name "GitLab"
$ git config --global user.email "gitlab@localhost"
Configure Redis connection settings
$ cp config/resque.yml.example config/resque.yml
Change the Redis socket path if you are not using the default Debian / Ubuntu configuration
$ vim config/resque.yml
数据库配置
MySQL only: 仅限MySQL:
cp config/database.yml.mysql config/database.yml
MySQL and remote PostgreSQL only: Update username/password in config/database.yml. You only need to adapt the production settings (first part). If you followed the database guide then please do as follows: Change 'secure password' with the value you have given to $password You can keep the double quotes around the password 仅限MySQL和远程PostgreSQL: 在config/database.yml中更新用户名/密码; 你只需要适配生产设定(第一部分); 如果你跟从数据库向导,请按以下操作: 修改'secure password'使用你刚才设定的$password; 你可以保留密码两端的双引号。
vim config/database.yml
PostgreSQL and MySQL: Make config/database.yml readable to git only PostgreSQL和MySQL: 设置config/database.yml仅对git可读。
$ chmod o-rwx config/database.yml
安装 Gems
$ cd /home/git/gitlab
##仅限中国大陆用户
$ vim Gemfile
更改为
$ source "https://ruby.taobao.org" # 原始 source "https://rubygems.org/"
仅限中国大陆用户
$ gem source -r https://rubygems.org/
$ gem sources -a https://ruby.taobao.org/
安装支持
$ exit
# yum install cmake
# yum -y install mysql-devel
# gem install bundle
安装GitLab Shell
For MySQL (note, the option says "without ... postgres")
# su git
$ cd ~/gitlab
$ bundle install --deployment --without development test postgres aws kerberos
运行gitlab-shell的安装任务(替换REDIS_URL如果有需要的话):
# su git
$ cd ~/gitlab
$ bundle exec rake gitlab:shell:install REDIS_URL=unix:/var/run/redis/redis.sock RAILS_ENV=production
By default, the gitlab-shell config is generated from your main gitlab config. 默认的,gitlab-shell的配置文件是由你的gitlab主配置文件生成的。
Note: When using GitLab with HTTPS please change the following:
- Provide paths to the certificates under
ca_fileand `ca_path options. - The
gitlab_urloption must point to the https endpoint of GitLab. - In case you are using self signed certificate set
self_signed_certtotrue. See #using-https for all necessary details. 提示:当通过HTTPS使用GitLab时,请做出如下更改: - 提供证书的路径在
ca_file和ca_path选项; gitlab_url选项必须指向GitLab的https端点;- 如果你使用自签名的证书,设置
self-signed_cert为true。 所有必需的具体细节参见#using-https
You can review (and modify) it as follows: 你可以检查(并修改该)通过以下方法:
$ vim /home/git/gitlab-shell/config.yml
Ensure the correct SELinux contexts are set Read http://wiki.centos.org/HowTos/Network/SecuringSSH 确保正确的SELinux上下文被设置 阅读http://wiki.centos.org/HowTos/Network/SecuringSSH
$ restorecon -Rv /home/git/.ssh
初始化数据库和激活高级功能
$ bundle exec rake gitlab:setup RAILS_ENV=production
# Type 'yes' to create the database tables.
# When done you see 'Administrator account created:'
# login.........root
# password......5iveL!fe
$ exit
#安装初始化脚本
下载初始化脚本(将放在/etc/init.d/gitlab):
# cd /home/git/gitlab
# cp lib/support/init.d/gitlab /etc/init.d/gitlab
# chmod +x /etc/init.d/gitlab
# chkconfig --add gitlab
设置GitLab开机启动:
# chkconfig gitlab on
#设置日志翻转
# cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab
检查应用状态
# su git
$ cd ~/gitlab
$ bundle exec rake gitlab:env:info RAILS_ENV=production
编译静态文件
$ bundle exec rake assets:precompile RAILS_ENV=production
启动实例
$ /etc/init.d/gitlab start
再起检查,保证所有项目都是绿色
# su git
$ cd /home/git/gitlab
$ bundle exec rake gitlab:check RAILS_ENV=production
此时,在本机已经可以使用以下地址访问 gitlab 了
http://localhost:8080
如果 unicorn 中配置为监听 0.0.0.0:8080,外网也可以通过8080端口访问了
http://you.do.main:8080
如果配置为监听127.0.0.1:8080,则以上地址为拒绝访问。这时需要为 gitlab 配置一个面向外部的服务器。
配置 Apache
这里介绍使用 apache 作为网页服务器,Nginx 请参考官方或其他文档
安装
如有没有安装Apache。
# yum install httpd
注意查看安装的 apache 版本。
# vim /etc/httpd/conf/httpd.conf
在文件末尾添加下面这行:
Include /etc/httpd/conf/vhosts/*.conf
然后建立文件夹
# mkdir /etc/httpd/conf/vhosts
这样所有的站点都可以在 vhosts 目录下配置了。
配置
这里以上一节的配置环境为例。
访问以下网址找到配置模板,根据安装的版本及SSL支持情况选用,本例为 gitlab-apache22.conf
https://gitlab.com/gitlab-org/gitlab-recipes/tree/8-2-stable/web-server/apache
修改所有YOUR_SERVER_FQDN,并保证log配置指向存在的路径。
本例修改后的内容如下:
# This configuration has been tested on GitLab 8.2
# Note this config assumes unicorn is listening on default port 8080 and
# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
#
# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
#
#Module dependencies
# mod_rewrite
# mod_proxy
# mod_proxy_http
<VirtualHost *:80>
ServerName YOUR_SERVER_FQDN
ServerSignature Off
ProxyPreserveHost On
# Ensure that encoded slashes are not decoded but left in their encoded state.
# http://doc.gitlab.com/ce/api/projects.html#get-single-project
AllowEncodedSlashes NoDecode
<Location />
Order deny,allow
Allow from all
#Allow forwarding to gitlab-workhorse
ProxyPassReverse http://127.0.0.1:8181
#Allow forwarding to GitLab Rails app (Unicorn)
ProxyPassReverse http://127.0.0.1:8080
ProxyPassReverse http://YOUR_SERVER_FQDN/
</Location>
# Apache equivalent of nginx try files
# http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
# http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
RewriteEngine on
#Forward these requests to gitlab-workhorse
RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/gitlab-lfs/objects.* [OR]
RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/builds/download.* [OR]
RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/repository/archive.* [OR]
RewriteCond %{REQUEST_URI} ^/api/v3/projects/.*/repository/archive.* [OR]
RewriteCond %{REQUEST_URI} ^/ci/api/v1/builds/[0-9]+/artifacts.* [OR]
RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$
RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
#Forward any other requests to GitLab Rails app (Unicorn)
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads
RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA,NE]
# needed for downloading attachments
DocumentRoot /home/git/gitlab/public
#Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
ErrorDocument 404 /404.html
ErrorDocument 422 /422.html
ErrorDocument 500 /500.html
ErrorDocument 503 /deploy.html
# It is assumed that the log directory is in /var/log/httpd.
# For Debian distributions you might want to change this to
# /var/log/apache2.
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog logs/YOUR_SERVER_FQDN_error.log
CustomLog logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
CustomLog logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
CustomLog logs/YOUR_SERVER_FQDN.log combined
</VirtualHost>
新建一个服务器配置,将上述内容输入
# vim /etc/httpd/conf/vhosts/gitlab.conf
启动 apache
# service httpd start
测试是否能正常访问
http://you.do.main
设置 apache 随系统启动
# chkconfig httpd on
参考链接 https://segmentfault.com/a/1190000002729796#articleHeader3
#调试资料
查看邮件记录
$ tail /var/log/maillog