Gitlab 安装教程(外部 Nginx,外部 Redis,外部 PostgreSQL)

本教程安装的是 Gitlab-ce (社区版)版本,非 Gitlab-ee (企业版)版本

安装必要的依赖

参考 GitLab Installation Centos 7
Configuration options

sudo yum install -y curl policycoreutils-python openssh-server
sudo systemctl enable sshd
sudo systemctl start sshd
sudo firewall-cmd --permanent --add-service=http
sudo systemctl reload firewalld
sudo yum install postfix
sudo systemctl enable postfix
sudo systemctl start postfix

已安装的就不用重复安装

添加 GitLab 社区版 Package 并安装

curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash

可以添加国内清华的源

新建 /etc/yum.repos.d/gitlab-ce.repo 内容为:

[gitlab-ce]
name=Gitlab CE Repository
baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el$releasever/
gpgcheck=0
enabled=1

执行

yum makecache

安装 GitLab 社区版

yum install -y gitlab-ce

配置 external_url 地址

  • GitLab 默认的配置文件路径是 /etc/gitlab/gitlab.rb
  • 默认的站点Url配置项是: external_url 'http://gitlab.example.com'
  • 这里我将 GitLab 站点 Url 修改为 http://git.itlangzi.com ; 也可以用IP代替域名,这里根据自己需求来即可
  • 可配置相对路径 http://git.itlangzi.com/gitlab
vim /etc/gitlab/gitlab.rb
external_url 'http://git.itlangzi.com'

修改 Gitlab 仓库位置

  • 创建仓库目录
mkdir /home/gitlab/git-data -p
  • 修改 目录的属主和属组
chown -R gitlab:gitlab /home/gitlab/git-data
  • 启用 git_data_dirs, 去掉注释改成自己的
git_data_dirs({
  "default" => {
    "path" => "/home/gitlab/git-data"
   }
})

使用外部(非绑定 redis ) redis

redis['enable'] = false
# gitlab_rails['redis_host'] = "127.0.0.1"
# gitlab_rails['redis_port'] = 6379
gitlab_rails['redis_password'] = "123456"
# unix socket
gitlab_rails['redis_socket'] = "/tmp/redis.sock"

1、 redisunix socket 必须启用
2、 redis 的路径 unix socket 可以在 redis.conf 中查看
3、 hostunix socket 这两种方式只能启用其中一种 ; 参考 Using a non-packaged Redis instance

使用外部 (非绑定 PostgreSQL ) PostgreSQL

postgresql['enable'] = false
gitlab_rails['db_adapter'] = "postgresql"
gitlab_rails['db_encoding'] = "utf8"
gitlab_rails['db_database'] = "gitlab" # 数据库名称
gitlab_rails['db_username'] = "postgres"
gitlab_rails['db_password'] = "123456"
# gitlab_rails['db_host'] = "127.0.0.1"
# gitlab_rails['db_port'] = 5432
gitlab_rails['db_socket'] = "/var/run/postgresql"
postgresql['dir'] = "/var/run/postgresql"

1、 需要创建数据库 gitlab
2、 需要安装扩展 yum install postgresql11-contrib -y
3、 此处 PostgreSQL 数据的 db_socketdir 可以在 /var/lib/pgsql/11/data/postgresql.conf -> unix_socket_directories 设置; 主要是 ostgresql['dir']
4、 hostunix socket 这两种方式只能启用其中一种,否则会有彩蛋哦
5、 参考 Using a non-packaged PostgreSQL database management server

使用外部(非绑定 web 服务) nginx

nginx['enable'] = false
# 设置外部 nginx 用户
web_server['external_users'] = ['nginx']

nginx 配置

参考 web-server
nginx.conf 加入以下内容
nginx 需要启用 gzip_static 指令,源码编译添加参数 --with-http_gzip_static_module

## GitLab 8.3+
##
## Lines starting with two hashes (##) are comments with information.
## Lines starting with one hash (#) are configuration parameters that can be uncommented.
##
##################################
##        CONTRIBUTING          ##
##################################
##
## If you change this file in a Merge Request, please also create
## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
##
###################################
##         configuration         ##
###################################
##
## See installation.md#using-https for additional HTTPS configuration details.

upstream gitlab-workhorse {
  server unix:/var/opt/gitlab/gitlab-workhorse/socket;
}

## Normal HTTP host
server {
  ## Either remove "default_server" from the listen line below,
  ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
  ## to be served if you visit any address that your server responds to, eg.
  ## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
  listen 0.0.0.0:80 default_server;
  listen [::]:80 default_server;
  server_name git.repy.itlangzi.com; ## Replace this with something like gitlab.example.com
  server_tokens off; ## Don't show the nginx version number, a security best practice
  root /opt/gitlab/embedded/service/gitlab-rails/public;

  ## See app/controllers/application_controller.rb for headers set

  ## Individual nginx logs for this GitLab vhost
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;

  location / {
    client_max_body_size 0;
    gzip off;

    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_http_version 1.1;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;

    proxy_pass http://gitlab-workhorse;
  }
}

官方配置,使用的是 gitlab-omnibus-nginx.conf
若域名为解析在本地 hosts 添加内容 ip git.repy.itlangzi.comipgitlab 服务器 IP

修改 unicorn 参数配置

unicorn['worker_processes'] = 2 # 可解决内存占用过高的问题

unicorn 换成 puma

unicorngitlab 默认的服务器, puma 也是 ruby 的一款服务器,性能和资源占有上却有极大的优势,@see Puma 替换 Unicorn 跑 Gitlab
Puma

...
unicorn['enable'] = false  # 设置为false
...
puma['enable'] = true   # 设置为true

重新构建 gitlab

gitlab-ctl reconfigure

若使用 Passenger/nginx 参考

配置比较复杂 不建议
如果访问出现 403 需要为nginx 安装 passenger 模块
安装nginx 的 passenger 模块

yum install -y epel-release yum-utils
yum-config-manager --enable epel
yum clean all && sudo yum update -y
yum install -y pygpgme
yum install passenger-devel -y
curl --fail -sSLo /etc/yum.repos.d/passenger.repo https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo
yum install -y passenger || yum-config-manager --enable cr && yum install -y passenger

参考 Installing Passenger + Nginx

构建 nginx 时候加上 --add-module=/path-to-passenger-module

使用命令 passenger-config --nginx-addon-dir 查看 path-to-passenger-module
本处是 /ngx_http_passenger_module
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --add-module=$(passenger-config --nginx-addon-dir)
参考 Installing Passenger as a normal or dynamic Nginx module

错误备注及修复方案

1、nginx 访问出现502 问题

查看 Nginx 日志,多半是权限问题,小编这里就是对目录 /var/opt/gitlab/gitlab-workhorse/socket 没有权限访问
添加权限

chmod -R ug+rw /var/opt/gitlab/gitlab-workhorse/socket

2、若出现 500 问题 ,查看日志,具体分析,小编这里是 由于 redis 连接失败

 gitlab-ctl tail gitlab-rails

3、出现 Cached record for ApplicationSetting couldn't be loaded, falling back to uncached record: NOAUTH Authentication required

错误这是由于使用需要密码验证的 redis;但是gitlab_rails['redis_password']配置了却未起作用, 到目前位置这是一个尚未解决 Bug @see GitLab not using Redis AUTH passwordBug redis socket with auth, 解决的办法

1)修改 resque.yml, 添加 password , 然后重启 gitlab 即可

vim /var/opt/gitlab/gitlab-rails/etc/resque.yml

内容如下

production:
  url: unix:/tmp/redis.sock
  password: 123456  # 添加密码 同 gitlab_rails['redis_password']

然后重启

此时不能重新构建 不可执行 gitlab-ctl reconfigure 否则会被还原,又要重新配置一边

gitlab-ctl restart

2)修改源码

可以使 gitlab_rails['redis_password'] 起作用

第一处

vim /opt/gitlab/embedded/cookbooks/gitlab/recipes/gitlab-rails.rb

修改内容如下 部分代码

delete this linenew add 注释为修改内容

....
templatesymlink "Create a database.yml and create a symlink to Rails root" do
  link_from File.join(gitlab_rails_source_dir, "config/database.yml")
  link_to File.join(gitlab_rails_etc_dir, "database.yml")
  source "database.yml.erb"
  owner "root"
  group gitlab_group
  mode "0640"
  variables node['gitlab']['gitlab-rails'].to_hash
  dependent_services.each { |svc| notifies :restart, svc }
end

redis_url = RedisHelper.new(node).redis_url
redis_password = node['gitlab']['gitlab-rails']['redis_password'] # new add
redis_sentinels = node['gitlab']['gitlab-rails']['redis_sentinels']
redis_enable_client = node['gitlab']['gitlab-rails']['redis_enable_client']

templatesymlink "Create a secrets.yml and create a symlink to Rails root" do
  link_from File.join(gitlab_rails_source_dir, "config/secrets.yml")
  link_to File.join(gitlab_rails_etc_dir, "secrets.yml")
  source "secrets.yml.erb"
  owner "root"
  group "root"
  mode "0644"
  variables(:redis_url => redis_url, :redis_sentinels => redis_sentinels)
  sensitive true
  variables('secrets' => { 'production' => {
              'db_key_base' => node['gitlab']['gitlab-rails']['db_key_base'],
              'secret_key_base' => node['gitlab']['gitlab-rails']['secret_key_base'],
              'otp_key_base' => node['gitlab']['gitlab-rails']['otp_key_base'],
              'openid_connect_signing_key' => node['gitlab']['gitlab-rails']['openid_connect_signing_key']
            } })
  dependent_services.each { |svc| notifies :restart, svc }
end

templatesymlink "Create a resque.yml and create a symlink to Rails root" do
  link_from File.join(gitlab_rails_source_dir, "config/resque.yml")
  link_to File.join(gitlab_rails_etc_dir, "resque.yml")
  source "resque.yml.erb"
  owner "root"
  group "root"
  mode "0644"
  # variables(redis_url: redis_url, redis_sentinels: redis_sentinels, redis_enable_client: redis_enable_client) # delete this line
  variables(:redis_url => redis_url, :redis_sentinels => redis_sentinels, :redis_password => redis_password) # new add
  dependent_services.each { |svc| notifies :restart, svc }
end

%w(cache queues shared_state).each do |instance|
  filename = "redis.#{instance}.yml"
  url = node['gitlab']['gitlab-rails']["redis_#{instance}_instance"]
  sentinels = node['gitlab']['gitlab-rails']["redis_#{instance}_sentinels"]
  templatesymlink "Create a #{filename} and create a symlink to Rails root" do
    link_from File.join(gitlab_rails_source_dir, "config/#{filename}")
    link_to File.join(gitlab_rails_etc_dir, filename)
    source 'resque.yml.erb'
    owner 'root'
    group 'root'
    mode '0644'
    # variables(redis_url: url, redis_sentinels: sentinels) # delete this line 
    variables(redis_url: url, redis_sentinels: [], :redis_password => '') # new add
    dependent_services.each { |svc| notifies :restart, svc }
    not_if { url.nil? }
  end
end
....

第二处

vim /opt/gitlab/embedded/cookbooks/gitlab/templates/default/resque.yml.erb

添加如下内容

<% unless @redis_password.empty? %>
password: <%= @redis_password %>
<% end %>

完整代码

production:
  url: <%= @redis_url %>
  <% unless @redis_password.empty? %> # 新加代码
  password: <%= @redis_password %>    # 新加代码
  <% end %>                           # 新加代码
  <% if !@redis_enable_client %>
  id:
  <% end %>
  <% unless @redis_sentinels.empty? %>
  sentinels:
    <% @redis_sentinels.each do |sentinel| %>
    -
      host: <%= sentinel['host'] %>
      port: <%= sentinel['port'] %>
    <% end %>
  <% end %>

然后重新构建重启

gitlab-ctl reconfigure
gitlab-ctl restart

查看 resque.yml 文件内容 password 已存在 cat /var/opt/gitlab/gitlab-rails/etc/resque.yml


4、出现 Permission denied - connect(2) for /tmp/redis.sock

没有权限访问 redis.sock,不能用通常的 chmod 授权,需要修改 redis.confunixsocketperm 700 -> unixsocketperm 777


完全卸载GitLab

一、停止gitlab

gitlab-ctl stop

二、卸载gitlab

rpm -e gitlab-ce

三、查看gitlab进程

ps -ef|grep gitlab

杀掉进程 runsvdir -P /opt/gitlab/service log

kill -9 4473

再次查看gitlab进程是否存在

ps -ef|grep gitlab

四、删除gitlab文件

删除所有包含gitlab的文件及目录

find / -name *gitlab*|xargs rm -rf      
find / -name gitlab |xargs rm -rf 

删除 gitlab-ctl uninstall 时自动在 root 下备份的配置文件( ls /root/gitlab* 看看有没有,有也删除)

参考 CentOs 7 完全卸载 GitLab


作者: 浪子
版权声明: 本博客所有文章除特別声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 浪子 !
 上一篇
防火墙的基本操作 防火墙的基本操作
启动防火墙 systemctl start firewalld.service 关闭防火墙 systemctl stop firewalld.service 防火墙开机自启 systemctl enable firewalld.service 添加端口 firewall-cmd --permanent --zone=public --add-port=22/tcp 删除端口 firewall-c
2020年4月6日
下一篇 
二进制及位运算的理解 二进制及位运算的理解
bit 、byte 、字 1 bit = 1 二进制数据 计算机中最小的单位 1 byte = 8 bit 1 字母 = 1 byte = 8 bit 1 汉字 = 2 byte = 16 bit 1 KB = 1024 byte 1 MB = 1024 KB 1 GB = 1024 MB 基础知识 原码、补码、反码 原码 一个正数,按照绝对值大小转换成的二进制数;一个负数按照绝对值大小转换成的
2020年4月6日