GitLab服务器搭建

GitLab服务器搭建

1、GitLab介绍

GitLab 是一个用于仓库管理系统的开源项目，使 Git 作为代码管理工具，并在此基础上搭建起来的 Web 服务。

Gitlab 是被广泛使用的基于 git 的开源代码管理平台，基于 Ruby on Rails 构建, 主要针对软件开发过程中产生的代

码和文档进行管理，Gitlab 主要针对 group 和 project 两个维度进行代码和文档管理，其中 group 是群组，

project是工程项目，一个 group 可以管理多个 project，可以理解为一个群组中有多项软件开发任务，而一个

project 中可能包含多个 branch，意为每个项目中有多个分支，分支间相互独立，不同分支可以进行归并。

2、GitLab安装

如果某些步骤已经操作过了，则无需执行。

2.1 安装SSH依赖

yum install -y curl policycoreutils-python openssh-server

2.2 启动SSH服务

systemctl enable sshd
systemctl start sshd
systemctl status sshd

# 查看启动状态
[root@zsx ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2023-03-28 19:46:17 CST; 1 months 9 days ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 1238 (sshd)
    Tasks: 1
   Memory: 6.0M
   CGroup: /system.slice/sshd.service
           └─1238 /usr/sbin/sshd -D

2.3 设置防火墙

vim /etc/sysctl.conf
# 在文件末尾添加
net.ipv4.ip_forward = 1

2.4 安装并启动防火墙

yum install firewalld systemd -y
systemctl enable firewalld
systemctl start firewalld
systemctl status firewalld

# 查看防火墙状态
[root@zsx ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2023-03-28 19:46:15 CST; 1 months 9 days ago
     Docs: man:firewalld(1)
 Main PID: 808 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─808 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid

2.5 添加HTTP服务到firewalld

firewall-cmd --permanent --add-service=http
systemctl reload firewalld

其中，pemmanent 表示永久生效，若不加 --permanent 系统下次启动后就会失效。

2.6 安装Postfix以发送邮件

yum install postfix
systemctl enable postfix
systemctl start postfix
systemctl status postfix

# 查看启动情况
[root@zsx ~]# systemctl status postfix
● postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2023-03-28 19:46:22 CST; 1 months 9 days ago
 Main PID: 1776 (master)
    Tasks: 3
   Memory: 6.1M
   CGroup: /system.slice/postfix.service
           ├─ 1776 /usr/libexec/postfix/master -w
           ├─ 1782 qmgr -l -t unix -u
           └─99410 pickup -l -t unix -u

vim /etc/postfix/main.cf
# 修改inet_protocols = all为
inet_protocols = ipv4
systemctl restart postfix

2.7 添加gitlab镜像

在 /etc/yum.repos.d 目录下新建 gitlab-ce.repo 文件并保存，内容如下：

[gitlab-ce]
name=Gitlab CE Repository
baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el$releasever/
gpgcheck=0
enabled=1

# 重新生成缓存
yum makecache

2.8 安装GitLab

yum install -y gitlab-ce

或者是通过如下方式：

# 直接从tsinghua镜像下载安装包
wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-10.5.7-ce.0.el7.x86_64.rpm
rpm -i gitlab-ce-10.5.7-ce.0.el7.x86_64.rpm

安装信息：

[root@zsx ~]# yum install -y gitlab-ce
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.huaweicloud.com
 * extras: mirrors.huaweicloud.com
 * updates: mirrors.huaweicloud.com
Resolving Dependencies
--> Running transaction check
---> Package gitlab-ce.x86_64 0:15.11.2-ce.0.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================
 Package                Arch                Version                        Repository              Size
========================================================================================================
Installing:
 gitlab-ce              x86_64              15.11.2-ce.0.el7               gitlab-ce              1.2 G

Transaction Summary
========================================================================================================
Install  1 Package

Total download size: 1.2 G
Installed size: 1.2 G
Downloading packages:
No Presto metadata available for gitlab-ce
gitlab-ce-15.11.2-ce.0.el7.x86_64.rpm                                            | 1.2 GB  00:02:24
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : gitlab-ce-15.11.2-ce.0.el7.x86_64                                                    1/1
It looks like GitLab has not been configured yet; skipping the upgrade script.

       *.                  *.
      ***                 ***
     *****               *****
    .******             *******
    ********            ********
   ,,,,,,,,,***********,,,,,,,,,
  ,,,,,,,,,,,*********,,,,,,,,,,,
  .,,,,,,,,,,,*******,,,,,,,,,,,,
      ,,,,,,,,,*****,,,,,,,,,.
         ,,,,,,,****,,,,,,
            .,,,***,,,,
                ,*,.



     _______ __  __          __
    / ____(_) /_/ /   ____ _/ /_
   / / __/ / __/ /   / __ `/ __ \
  / /_/ / / /_/ /___/ /_/ / /_/ /
  \____/_/\__/_____/\__,_/_.___/


Thank you for installing GitLab!
GitLab was unable to detect a valid hostname for your instance.
Please configure a URL for your GitLab instance by setting `external_url`
configuration in /etc/gitlab/gitlab.rb file.
Then, you can start your GitLab instance by running the following command:
  sudo gitlab-ctl reconfigure

For a comprehensive list of configuration options please see the Omnibus GitLab readme
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md

Help us improve the installation experience, let us know how we did with a 1 minute survey:
https://gitlab.fra1.qualtrics.com/jfe/form/SV_6kVqZANThUQ1bZb?installation=omnibus&release=15-11

  Verifying  : gitlab-ce-15.11.2-ce.0.el7.x86_64                                                    1/1

Installed:
  gitlab-ce.x86_64 0:15.11.2-ce.0.el7

Complete!

2.9 修改gitlab配置文件

vim  /etc/gitlab/gitlab.rb
# 指定服务器ip和自定义端口
external_url 'http://192.168.164.195:30080'

# 将30080端口添加到防火墙中
firewall-cmd --zone=public --add-port=30080/tcp --permanent

# 重启防火墙
systemctl reload firewalld

2.10 重置gitlab

gitlab-ctl reconfigure

# 出现下面信息代表重置成功
Notes:
Default admin account has been configured with following details:
Username: root
Password: You didn't opt-in to print initial root password to STDOUT.
Password stored to /etc/gitlab/initial_root_password. This file will be cleaned up in first reconfigure run after 24 hours.

NOTE: Because these credentials might be present in your log files in plain text, it is highly recommended to reset the password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.

[2023-05-07T15:39:15+08:00] WARN: This release of Cinc Client became end of life (EOL) on May 1st 2023. Please update to a supported release to receive new features, bug fixes, and security updates.
gitlab Reconfigured!

2.11 启动gitlab

gitlab-ctl restart

[root@zsx ~]# gitlab-ctl restart
ok: run: alertmanager: (pid 41700) 1s
ok: run: gitaly: (pid 41720) 0s
ok: run: gitlab-exporter: (pid 41735) 1s
ok: run: gitlab-kas: (pid 42105) 0s
ok: run: gitlab-workhorse: (pid 42113) 0s
ok: run: logrotate: (pid 42133) 1s
ok: run: nginx: (pid 42142) 0s
ok: run: node-exporter: (pid 42157) 1s
ok: run: postgres-exporter: (pid 42162) 0s
ok: run: postgresql: (pid 42196) 0s
ok: run: prometheus: (pid 42261) 0s
ok: run: puma: (pid 42270) 0s
ok: run: redis: (pid 42281) 1s
ok: run: redis-exporter: (pid 42292) 0s
ok: run: sidekiq: (pid 42342) 0s

2.12 访问Gitlab页面

通过服务器ip和指定端口进行访问：
查看初始化密码：

[root@zsx ~]# cat /etc/gitlab/initial_root_password
# WARNING: This value is valid only in the following conditions
#          1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run).
#          2. Password hasn't been changed manually, either via UI or via command line.
#
#          If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.

Password: hMUHtYJppbM4qP/4cqdpNVZLqxfADjTh5pG+wMOwwZI=

# NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.

输出用户名和密码进行登录：

查看登录后的效果：

登录之后我们可以修改密码：

这里将密码修改为qwer123456。

如果启动的时候出现502的情况：

第一种可能是启动端口被占用，解决方法：

# 查看端口情况
netstat -ntpl
lsof -i :port

# 修改端口
vim /etc/gitlab/gitlab.rb

# 重新启动
gitlab-ctl reconfigure
gitlab-ctl stop
gitlab-ctl start

第二种可能是 gitlab 占用内存太多，导致服务器崩溃，尤其是使用阿里云服务器最容易出现502，解决方法：

默认情况下，主机的 swap 功能是没有启用的，解决办法是启动 swap 分区。

# 新建2 GB大小的交换分区
dd if=/dev/zero of=/root/swapfile bs=1M count=2048

# 对其格式化
mkswap /root/swapfile
swapon /root/swapfile

# 添加自启用
vim /etc/fstab
# 在文件最后添加新的一行
/root/swapfile swap swap defaults 0 0

2.13 添加公钥至gitlab

为了安全性考虑，需要创建 public key：

# 在机器上生成public key
ssh-keygen

复制 id_rsa.pub 文件的 public key：

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA47/Y/buiytszS3I7o6UdhOFV82vzZMnUOIa1HGJ5UPlzdpGt5NsaJDEDTE4UZ/KXQFtrxEvz6Gs9uFY/tRln4nBgyfOW9SREy2uWd2G8UzTcfCtDaPxLz6kVTH16oP59q3/tp7CMbCIi24w/QB4O0rXGkpVJHt3Q5edSphIrWqPzxjBeQEVqEmGoFPXDYolIL8e6aBMviINGtSiYhDumRKdreJw/uTMBYJUluhnwM+wO3pGfKgCLwB7QCT31smAN31nqCZDDNzwVb0hzFHn0Yue0VR1wRmC156PtmH+QCHH9RWMJBP6JzKeXfB406Ek0Vkj1hTUobGRQumF5KtYN 2420309401@qq.com

添加 public key 至 gitlab：

点击 Add Key：

2.14 常用的操作命令

# 启动服务
gitlab -ctl start

# 查看状态
gitlab -ctl status

# 停掉服务
gitlab -ctl stop

# 重启服务
gitlab -ctl restart

# 让配置生效
gitlab -ctl reconfigure

至此，GiLab搭建完毕!