ansible+jenkins+gitlab

环境准备上篇

ANSIBLE+JANKINS	192.168.1.10
NGINX+PHP	192.168.1.20
MYSQl	192.168.1.30
NGINX负载均衡	192.168.1.40
GITLAB	192.168.1.50

安装GITLAB

关闭防火墙–>关selinex

[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
[root@localhost ~]# setenforce 0

安装gitlab依赖

[root@localhost ~]# yum install curl  policycoreutils openssh-server openssh-clients postfix -y

安装仓库

[root@localhost ~]# curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash

启动postfix服务

[root@localhost ~]# systemctl start postfix
[root@localhost ~]# systemctl enable postfix

上传文件 所需文件 提取码：se1t

[root@localhost ~]# rpm -ivh gitlab-ce-11.9.8-ce.0.el6.x86_64.rpm 
警告：gitlab-ce-11.9.8-ce.0.el6.x86_64.rpm: 头V4 RSA/SHA1 Signature, 密钥 ID f27eab47: NOKEY
准备中...                          ################################# [100%]
	软件包 gitlab-ce-11.9.8-ce.0.el6.x86_64 已经安装

创建域名证书

[root@localhost ~]# mkdir /etc/gitlab/ssl -p
[root@localhost ~]# openssl  genrsa -out "/etc/gitlab/ssl/gitlab.example.key"  2048
Generating RSA private key, 2048 bit long modulus
.................+++
....+++
e is 65537 (0x10001)
------------------------------------------------------------
[root@localhost ~]# openssl req -new -key "/etc/gitlab/ssl/gitlab.example.key" -out "/etc/gitlab/ssl/gitlab.example.csr"  #填写一个密码即可
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456  
An optional company name []:
------------------------------------------------------------
[root@gitlab ~]# ll /etc/gitlab/ssl/
总用量 8
-rw-r--r-- 1 root root 1062 2月  14 20:50 gitlab.example.csr
-rw-r--r-- 1 root root 1679 2月  14 20:47 gitlab.example.key
------------------------------------------------------------
[root@localhost ~]# openssl x509 -req -days 365 -in "/etc/gitlab/ssl/gitlab.example.csr" -signkey "/etc/gitlab/ssl/gitlab.example.key" -out "/etc/gitlab/ssl/gitlab.example.crt"
Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd
Getting Private key
------------------------------------------------------------
[root@localhost ~]# ll /etc/gitlab/ssl/
总用量 12
-rw-r--r--. 1 root root 1289 9月   3 13:16 gitlab.example.crt
-rw-r--r--. 1 root root 1078 9月   3 13:14 gitlab.example.csr
-rw-r--r--. 1 root root 1675 9月   3 13:09 gitlab.example.key
------------------------------------------------------------
[root@localhost ~]# openssl dhparam -out "/etc/gitlab/ssl/dhparams.pem" 2048
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
............................................................

[root@localhost ~]# ll /etc/gitlab/ssl/
总用量 16
-rw-r--r--. 1 root root  424 9月   3 14:05 dhparams.pem
-rw-r--r--. 1 root root 1103 9月   3 14:02 gitlab.example.crt
-rw-r--r--. 1 root root  985 9月   3 14:01 gitlab.example.csr
-rw-r--r--. 1 root root 1679 9月   3 14:00 gitlab.example.key

--------------------------------------------------------------
[root@localhost ~]# chmod 600 /etc/gitlab/ssl/*
[root@localhost ~]# ll  /etc/gitlab/ssl/
总用量 16
-rw-------. 1 root root  424 9月   3 14:05 dhparams.pem
-rw-------. 1 root root 1103 9月   3 14:02 gitlab.example.crt
-rw-------. 1 root root  985 9月   3 14:01 gitlab.example.csr
-rw-------. 1 root root 1679 9月   3 14:00 gitlab.example.key

修改gitlab配置文件

[root@localhost ~]# cd /etc/gitlab/
[root@localhost gitlab]# cp gitlab.rb{,_bak20200903} #创建副本
[root@localhost gitlab]# vim gitlab.rb
第13行
external_url 'http://192.168.1.50'   #本机ip
第983行
nginx['redirect_http_to_https'] = true
第995，996行
# nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.example.crt"
# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.example.key"
第1010行
# nginx['ssl_dhparam'] = /etc/gitlab/ssl/dhparams.pem # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
------------------------------------------------------------
[root@localhost gitlab]# gitlab-ctl  reconfigure 

登录gitlab网页192.168.1.50

创建一个项目

克隆仓库测试

[root@localhost ~]# mkdir repo
[root@localhost ~]# cd repo/
[root@localhost repo]# git -c  http.sslVerify=false clone http://192.168.1.50/root/test.git
正克隆到 'test'...
Username for 'http://192.168.1.50': root
Password for 'http://root@192.168.1.50':  #gitlab密码
warning: 您似乎克隆了一个空版本库。

提交一个文件，网页测试

[root@localhost repo]# ls
test
[root@localhost repo]# cd test/
[root@localhost test]# ls
[root@localhost test]# vim test.py
[root@localhost test]# git add .
[root@localhost test]# git commit -m "First commit"
[master（根提交） 2519f4d] First commit
 Committer: root <root@localhost.localdomain>
您的姓名和邮件地址基于登录名和主机名进行了自动设置。请检查它们正确
与否。您可以通过下面的命令对其进行明确地设置以免再出现本提示信息：

    git config --global user.name "Your Name"
    git config --global user.email you@example.com

设置完毕后，您可以用下面的命令来修正本次提交所使用的用户身份：

    git commit --amend --reset-author

 1 file changed, 1 insertion(+)
 create mode 100644 test.py
----------------------------------------------------------
[root@localhost test]# git -c http.sslVerify=false push origin master
Username for 'http://192.168.1.50': root
Password for 'http://root@192.168.1.50': 
Counting objects: 3, done.
Writing objects: 100% (3/3), 214 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To http://192.168.1.50/root/test.git
 * [new branch]      master -> master

网页访问

运维人员如何查看Gitlab系统健康状况

创建两个普通账户：开发和领导

可以自行编译账户密码

设置权限

dev开发人员提交代码

[root@localhost ~]# cd repo/  #填写dev用户
[root@localhost repo]# rm -rf test/
[root@localhost repo]# git -c http.sslVerify=false clone http://192.168.1.50/root/test.git
正克隆到 'test'...
Username for 'http://192.168.1.50': dev
Password for 'http://dev@192.168.1.50': 
remote: Enumerating objects: 6, done.
remote: Counting objects: 100% (6/6), done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 6 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (6/6), done.

新建分支，切换分支，修改文件，提交到本地仓库，提交到远程的release-1.0分支

[root@localhost repo]# cd test/
[root@localhost test]# ls
test.py
[root@localhost test]# git checkout  -b release-1.0
切换到一个新分支 'release-1.0'
[root@localhost test]# ls
test.py
[root@localhost test]# vim test.py
[root@localhost test]# cat test.py 
111111111111111111111111111111111111111111111111
print "This is a test code release-1.0"
[root@localhost test]# git add .
[root@localhost test]# git commit -m "release-1.0"
[release-1.0 a72a231] release-1.0
 Committer: root <root@localhost.localdomain>
您的姓名和邮件地址基于登录名和主机名进行了自动设置。请检查它们正确
与否。您可以通过下面的命令对其进行明确地设置以免再出现本提示信息：

    git config --global user.name "Your Name"
    git config --global user.email you@example.com

设置完毕后，您可以用下面的命令来修正本次提交所使用的用户身份：

    git commit --amend --reset-author

 1 file changed, 1 insertion(+)
 ----------------------------------------------------------
[root@localhost test]# git -c http.sslVerify=false push origin release-1.0   #注意这里填写dev用户
Username for 'http://192.168.1.50': dev
Password for 'http://root@192.168.1.50': 
Counting objects: 5, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 281 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
remote: 
remote: To create a merge request for release-1.0, visit:
remote:   http://192.168.1.50/root/test/merge_requests/new?merge_request%5Bsource_branch%5D=release-1.0
remote: 
To http://192.168.1.50/root/test.git
 * [new branch]      release-1.0 -> release-1.0

登录开发者dev用户

开发人员可以申请合并分支

领导的视角

查看merge请求

查看leader仓库