jebbs/gitsites
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
359e4dd3bcbe6c58e2a7be8fc1745b755aa9e911
gitsites/Gitlab8.CentOS.md

678 lines
19 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 安装 Gitlab 依赖的工具
## 添加epel源
查看系统架构
$ exit
# getconf LONG_BIT
centos 7
<http://itgeeker.net/centos-7-epel-china-mirror-repository/>
centos 6
<http://www.dahouduan.com/2014/12/25/centos-yum-add-epel-remi/>
## 安装依赖
# yum install nodejs
# yum -y update
# yum -y groupinstall 'Development Tools'
# yum -y install readline readline-devel ncurses-devel gdbm-devel glibc-devel tcl-devel openssl-devel curl-devel expat-devel db4-devel byacc sqlite-devel libyaml libyaml-devel libffi libffi-devel libxml2 libxml2-devel libxslt libxslt-devel libicu libicu-devel system-config-firewall-tui git redis ruby sudo wget crontabs logwatch logrotate perl-Time-HiRes cmake nodejs
## 安装Git
先删除系统中原有的老版本 git
# yum -y remove git
# yum install zlib-devel perl-CPAN gettext curl-devel expat-devel gettext-devel openssl-devel
从官方网站下载源代码进行:
# cd ~
# curl --progress https://www.kernel.org/pub/software/scm/git/git-2.7.3.tar.gz | tar xz
# cd git-2.7.3/
# ./configure
# make
# make prefix=/usr/local install
然后使用下面这个命令检测安装是否有效:
# which git
## 安装 ruby
如果 ruby 的版本低于 2.0 的话,则需要重新安装 ruby。
# ruby --version
# yum -y remove ruby
# cd ~
# curl --progress ftp://ftp.ruby-lang.org/pub/ruby/ruby-2.3.0.tar.gz | tar xz
# cd ruby-2.3.0
# ./configure --disable-install-rdoc
# make
# make prefix=/usr/local install
## 安装 Go
前往以下地址查看合适的go版本
<https://golang.org/dl/>
# cd ~
# curl -O --progress https://storage.googleapis.com/golang/go1.6.linux-386.tar.gz
# tar -C /usr/local -xzf go1.6.linux-386.tar.gz
# ln -sf /usr/local/go/bin/{go,godoc,gofmt} /usr/local/bin/
# rm go1.6.linux-386.tar.gz
## 安装 Redis
### 安装
# yum -y remove redis
# wget http://download.redis.io/releases/redis-stable.tar.gz
# tar zxvf redis-stable.tar.gz
# cd redis-stable
# make
# make install
# ./utils/install_server.sh
*/usr/local/bin/redis-server*
### 配置
sock 文件权限改为777是因为redis是手工安装并不是以redis用户启动的而是root。
以端口的方式应该也可行(未测试),参考“在 CentOS 上安装 Gitlab 7”关于 redis 安装的部分并将后续所有redis相关配置改为tcp方式。
# mv 6379.conf 6379.conf.orig
# cp 6379.conf.orig redis.conf
# sed 's/^port .*/port 0/' /etc/redis/6379.conf.orig | tee /etc/redis/redis.conf
# echo 'unixsocket /var/run/redis/redis.sock' | tee -a /etc/redis/redis.conf
# echo 'unixsocketperm 777' | tee -a /etc/redis/redis.conf
# mkdir /var/run/redis
# chown redis:redis /var/run/redis
# chmod 755 /var/run/redis
附加git到redis组
usermod -aG redis git
创建 /etc/init.d/redis 并使用下面的代码作为启动脚本。
# vim /etc/init.d/redis
添加如下内容:
###########################
PATH=/usr/local/bin:/sbin:/usr/bin:/bin
REDISPORT=0
EXEC=/usr/local/bin/redis-server
REDIS_CLI=/usr/local/bin/redis-cli
PIDFILE=/var/run/redis.pid
CONF="/etc/redis/redis.conf"
case "$1" in
start)
if [ -f $PIDFILE ]
then
echo "$PIDFILE exists, process is already running or crashed"
else
echo "Starting Redis server..."
$EXEC $CONF
fi
if [ "$?"="0" ]
then
echo "Redis is running..."
fi
;;
stop)
if [ ! -f $PIDFILE ]
then
echo "$PIDFILE does not exist, process is not running"
else
PID=$(cat $PIDFILE)
echo "Stopping ..."
$REDIS_CLI -p $REDISPORT SHUTDOWN
while [ -x ${PIDFILE} ]
do
echo "Waiting for Redis to shutdown ..."
sleep 1
done
echo "Redis stopped"
fi
;;
restart|force-reload)
${0} stop
${0} start
;;
*)
echo "Usage: /etc/init.d/redis {start|stop|restart|force-reload}" >&2
exit 1
esac
##############################
保存后,添加可执行权限:
# chmod +x /etc/init.d/redis
确保 redis 能随系统启动:
# vi /etc/rc.d/rc.local
在文件末尾添加下面这行:
# service redis start
然后使用上面同样的命令启动 redis 服务:
# service redis start
## 安装邮件服务器
# yum -y install postfix
# service postfix start
# chkconfig postfix on
# 为 Gitlab 添加系统用户
# adduser --system --shell /bin/bash --comment 'GitLab' --create-home --home-dir /home/git/ git
为了包含/usr/local/bin到git用户的$PATH一个方法是编辑超级用户文件。以管理员身份运行
# visudo
然后搜索:
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
将其改成:
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
# 安装 gitlab-workhorse
$ cd /home/git
$ git clone https://gitlab.com/gitlab-org/gitlab-workhorse.git
$ cd gitlab-workhorse
$ git checkout 0.7.0
$ make
# 安装数据库
## 安装
### centos 6
安装
# yum -y install mysql-server
设置MySQL服务随系统启动自启动
# chkconfig mysqld on
检查自启动状态,如果2--5为on的状态就OK
# chkconfig --list mysqld
启动mysql
# /etc/init.d/mysqld start
### centos 7
MySQL 已经不再包含在 CentOS 7 的源中,而改用了 MariaDB先搜索 MariaDB 现有的包:
# rpm -qa | grep mariadb
然后全部删除:
# rpm -e --nodeps mariadb-*
然后创建 /etc/yum.repos.d/MariaDB.repo
# vim /etc/yum.repos.d/MariaDB.repo
将以下内容添加至该文件中:
# MariaDB 10.0 CentOS repository list - created 2015-05-04 19:16 UTC
# http://mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.0/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
然后运行下面命令安装 MariaDB 10.0
# yum install MariaDB-server MariaDB-client
然后启动 MariaDB 服务:
# service mysql start
## 配置
接着运行 mysql_secure_installation
# mysql_secure_installation
登录 MariaDB 并创建相应的数据库用户与数据库:
# mysql -uroot -p
> CREATE USER 'git'@'localhost' IDENTIFIED BY '$password';
> SET storage_engine=INNODB;
> CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
> GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `gitlabhq_production`.* TO 'git'@'localhost';
> use mysql;
> UPDATE user SET password=PASSWORD("123") WHERE user='git';
> FLUSH PRIVILEGES;
> quit;
> \q
尝试使用新用户连接数据库:
> mysql -u git -p -D gitlabhq_production
> \q
# 安装 Gitlab
## 克隆源
# su git
$ cd ~
$ git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 8-6-stable gitlab
## 配置
$ cd ~/gitlab
Copy the example GitLab config
复制GitLab的示例配置文件
$ cp config/gitlab.yml.example config/gitlab.yml
Make sure to change "localhost" to the fully-qualified domain name of your
host serving GitLab where necessary
确保修改“localhost”为你的GitLab主机的FQDN
If you want to use https make sure that you set `https` to `true`. See #using-
https for all necessary details.
*经测试此处host和port影响后续 gitlab-shell 生成的配置的 gitlab_url 地址。操作完成后,再修改这两个值,只影响界面中合成的路径。若 gitlab-shell 的 gitlab_url不是实际访问路径 gitlab-shell 编辑文件后无法正常提交。*
If you installed Git from source, change the git bin_path to /usr/local/bin/git
如果你从源代码安装了Git修改git的bin_path为/usr/local/bin/git
$ vim config/gitlab.yml
Copy the example secrets file
$ cp config/secrets.yml.example config/secrets.yml
$ chmod 0600 config/secrets.yml
Make sure GitLab can write to the log/ and tmp/ directories
确保GitLab可以写入log/和temp/目录
$ chown -R git {log,tmp}
$ chmod -R u+rwX tmp
$ chmod -R u+rwX,go-w log
Make sure GitLab can write to the tmp/pids/ and tmp/sockets/ directories
确保GitLab可以写入tmp/pids/和temp/sockets/目录
$ chmod -R u+rwX tmp/{pids,sockets}
Make sure GitLab can write to the public/uploads/ directory
确保GitLab可以写入public/uploads/目录
$ mkdir public/uploads
$ chmod -R u+rwX public/uploads
Make sure only the GitLab user has access to the public/uploads/ directory
now that files in public/uploads are served by gitlab-workhorse
$ chmod 0700 public/uploads
Change the permissions of the directory where CI build traces are stored
$ chmod -R u+rwX builds/
Change the permissions of the directory where CI artifacts are stored
$ chmod -R u+rwX shared/artifacts/
Copy the example Unicorn config
复制Unicorn的示例配置文件
$ cp config/unicorn.rb.example config/unicorn.rb
Find number of cores
nproc
Enable cluster mode if you expect to have a high load instance
Ex. change amount of workers to 3 for 2GB RAM server
启用集群模式如果你期望拥有一个高负载实例
修改worker的数量到3用于2GB内存的服务器
$ vim config/unicorn.rb
默认监听本地127.0.0.1仅供内部访问一般情况下需要使用nginx做端口转发使gitlab与其他站点共存。若要使unicorn直接提供外网访问更改为
listen "0.0.0.0:8080", :tcp_nopush => true
unicorn 无法直接使用80端口原因不明。
worker的数量不能小于2否则 push 时候出现如下错误:
error: RPC failed; result=18, HTTP code = 200
fatal: The remote end hung up unexpectedly
Copy the example Rack attack config
复制Rack attack的示例配置文件
$ cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb
Configure Git global settings for git user, useful when editing via web
Edit user.email according to what is set in config/gitlab.yml
为git用户配置Git全局设定当通过web修改时有用
修改user.email根据config/gitlab.yml中的设定
$ git config --global core.autocrlf input
$ git config --global user.name "GitLab"
$ git config --global user.email "gitlab@localhost"
Configure Redis connection settings
$ cp config/resque.yml.example config/resque.yml
Change the Redis socket path if you are not using the default Debian / Ubuntu configuration
$ vim config/resque.yml
## 数据库配置
MySQL only:
仅限MySQL
cp config/database.yml.mysql config/database.yml
MySQL and remote PostgreSQL only:
Update username/password in config/database.yml.
You only need to adapt the production settings (first part).
If you followed the database guide then please do as follows:
Change 'secure password' with the value you have given to $password
You can keep the double quotes around the password
仅限MySQL和远程PostgreSQL
在config/database.yml中更新用户名/密码;
你只需要适配生产设定(第一部分);
如果你跟从数据库向导,请按以下操作:
修改'secure password'使用你刚才设定的$password
你可以保留密码两端的双引号。
vim config/database.yml
PostgreSQL and MySQL:
Make config/database.yml readable to git only
PostgreSQL和MySQL
设置config/database.yml仅对git可读。
$ chmod o-rwx config/database.yml
# 安装 Gems
$ cd /home/git/gitlab
##仅限中国大陆用户
$ vim Gemfile
更改为
$ source "https://ruby.taobao.org" # 原始 source "https://rubygems.org/"
仅限中国大陆用户
$ gem source -r https://rubygems.org/
$ gem sources -a https://ruby.taobao.org/
安装支持
$ exit
# yum install cmake
# yum -y install mysql-devel
# gem install bundle
# 安装GitLab Shell
For MySQL (note, the option says "without ... postgres")
# su git
$ cd ~/gitlab
$ bundle install --deployment --without development test postgres aws kerberos
运行gitlab-shell的安装任务替换`REDIS_URL`如果有需要的话):
# su git
$ cd ~/gitlab
$ bundle exec rake gitlab:shell:install REDIS_URL=unix:/var/run/redis/redis.sock RAILS_ENV=production
By default, the gitlab-shell config is generated from your main gitlab config.
默认的gitlab-shell的配置文件是由你的gitlab主配置文件生成的。
Note: When using GitLab with HTTPS please change the following:
- Provide paths to the certificates under `ca_file` and `ca_path options.
- The `gitlab_url` option must point to the https endpoint of GitLab.
- In case you are using self signed certificate set `self_signed_cert` to `true`.
See #using-https for all necessary details.
提示当通过HTTPS使用GitLab时请做出如下更改
- 提供证书的路径在`ca_file``ca_path`选项;
- `gitlab_url`选项必须指向GitLab的https端点
- 如果你使用自签名的证书,设置`self-signed_cert``true`
所有必需的具体细节参见#using-https
You can review (and modify) it as follows:
你可以检查(并修改该)通过以下方法:
$ vim /home/git/gitlab-shell/config.yml
Ensure the correct SELinux contexts are set
Read http://wiki.centos.org/HowTos/Network/SecuringSSH
确保正确的SELinux上下文被设置
阅读http://wiki.centos.org/HowTos/Network/SecuringSSH
$ restorecon -Rv /home/git/.ssh
# 初始化数据库和激活高级功能
$ bundle exec rake gitlab:setup RAILS_ENV=production
# Type 'yes' to create the database tables.
# When done you see 'Administrator account created:'
# login.........root
# password......5iveL!fe
$ exit
#安装初始化脚本
下载初始化脚本(将放在/etc/init.d/gitlab
# cd /home/git/gitlab
# cp lib/support/init.d/gitlab /etc/init.d/gitlab
# chmod +x /etc/init.d/gitlab
# chkconfig --add gitlab
# 设置GitLab开机启动
# chkconfig gitlab on
#设置日志翻转
# cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab
# 检查应用状态
# su git
$ cd ~/gitlab
$ bundle exec rake gitlab:env:info RAILS_ENV=production
# 编译静态文件
$ bundle exec rake assets:precompile RAILS_ENV=production
# 启动实例
$ /etc/init.d/gitlab start
再起检查,保证所有项目都是绿色
# su git
$ cd /home/git/gitlab
$ bundle exec rake gitlab:check RAILS_ENV=production
此时,在本机已经可以使用以下地址访问 gitlab 了
http://localhost:8080
如果 unicorn 中配置为监听 0.0.0.0:8080外网也可以通过8080端口访问了
http://you.do.main:8080
如果配置为监听127.0.0.1:8080则以上地址为拒绝访问。这时需要为 gitlab 配置一个面向外部的服务器。
# 配置 Apache
这里介绍使用 apache 作为网页服务器Nginx 请参考官方或其他文档
## 安装
如有没有安装Apache。
# yum install httpd
注意查看安装的 apache 版本。
# vim /etc/httpd/conf/httpd.conf
在文件末尾添加下面这行:
Include /etc/httpd/conf/vhosts/*.conf
然后建立文件夹
# mkdir /etc/httpd/conf/vhosts
这样所有的站点都可以在 vhosts 目录下配置了。
## 配置
这里以上一节的配置环境为例。
访问以下网址找到配置模板,根据安装的版本及SSL支持情况选用本例为 gitlab-apache22.conf
<https://gitlab.com/gitlab-org/gitlab-recipes/tree/8-2-stable/web-server/apache>
修改所有YOUR_SERVER_FQDN并保证log配置指向存在的路径。
本例修改后的内容如下:
# This configuration has been tested on GitLab 8.2
# Note this config assumes unicorn is listening on default port 8080 and
# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
# listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
#
# gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
#
#Module dependencies
# mod_rewrite
# mod_proxy
# mod_proxy_http
<VirtualHost *:80>
ServerName YOUR_SERVER_FQDN
ServerSignature Off
ProxyPreserveHost On
# Ensure that encoded slashes are not decoded but left in their encoded state.
# http://doc.gitlab.com/ce/api/projects.html#get-single-project
AllowEncodedSlashes NoDecode
<Location />
Order deny,allow
Allow from all
#Allow forwarding to gitlab-workhorse
ProxyPassReverse http://127.0.0.1:8181
#Allow forwarding to GitLab Rails app (Unicorn)
ProxyPassReverse http://127.0.0.1:8080
ProxyPassReverse http://YOUR_SERVER_FQDN/
</Location>
# Apache equivalent of nginx try files
# http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
# http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
RewriteEngine on
#Forward these requests to gitlab-workhorse
RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/gitlab-lfs/objects.* [OR]
RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/builds/download.* [OR]
RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/repository/archive.* [OR]
RewriteCond %{REQUEST_URI} ^/api/v3/projects/.*/repository/archive.* [OR]
RewriteCond %{REQUEST_URI} ^/ci/api/v1/builds/[0-9]+/artifacts.* [OR]
RewriteCond %{REQUEST_URI} ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$
RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
#Forward any other requests to GitLab Rails app (Unicorn)
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads
RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA,NE]
# needed for downloading attachments
DocumentRoot /home/git/gitlab/public
#Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
ErrorDocument 404 /404.html
ErrorDocument 422 /422.html
ErrorDocument 500 /500.html
ErrorDocument 503 /deploy.html
# It is assumed that the log directory is in /var/log/httpd.
# For Debian distributions you might want to change this to
# /var/log/apache2.
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog logs/YOUR_SERVER_FQDN_error.log
CustomLog logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
CustomLog logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
CustomLog logs/YOUR_SERVER_FQDN.log combined
</VirtualHost>
新建一个服务器配置,将上述内容输入
# vim /etc/httpd/conf/vhosts/gitlab.conf
启动 apache
# service httpd start
测试是否能正常访问
http://you.do.main
设置 apache 随系统启动
# chkconfig httpd on
参考链接
<https://segmentfault.com/a/1190000002729796#articleHeader3>
#调试资料
查看邮件记录
$ tail /var/log/maillog
Reference in New Issue View Git Blame Copy Permalink