提示:文章写完后,目录可以自动生成,如何生成可参考右边的帮助文档
前言
本文主要记录我在docker上安装gitlab-ce+gerrit的过程。为了方便,先把环境介绍一下:
主机IP地址:172.17.10.155
docker image:ubuntu:22.04
docker ip: 172.18.0.2
端口分配:
-
docker运行的时候映射80/8080/8181/8187/8188到主机172.17.10.155上
docker run -it -v /home/root1/dockerdata/:/home/dockerdata/ --name gitlabgerrit -p 8181:8181 -p 8187:8187 -p 8188:8188 -p 29418:29418 ubuntu:22.04 /bin/bash -
docker内端口分配:
gitlab:8181
nginx:listen:8188 proxy-pass:8187
gerrit:listen:proxy-http:8187 canonicalWebUrl:8188 ssh listen:29418 -
Gerrit访问的URL:
http://172.17.10.155:8188
`提示:docker中不建议直接用root用户操作,我创建一个新用户:gerrit
一、安装GitLab CE
- 安装依赖
首先,安装一些docker ubuntu 22.04版本上缺少的必要依赖项,这些也可以后面缺少时再安装
sudo apt-get update
sudo apt-get install -y curl openssh-server ca-certificates tzdata perl
sudo apt-get install -y bash curl git vim wget unzip build-essential net-tools iputils-ping sudo software-properties-common python3 python3-pip
- 添加GitLab包库并安装GitLab CE
使用以下命令添加GitLab的包库并安装GitLab CE:
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
sudo apt-get install gitlab-ce
也可以通过下载安装包来安装:
https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/apt/packages.gitlab.com/gitlab/gitlab-ce/ubuntu/pool/jammy/main/g/gitlab-ce/gitlab-ce_16.0.1-ce.0_amd64.deb
#安装gitlab-ce deb包
sudo dpkg -i gitlab-ce_16.0.1-ce.0_amd64_focal.deb
- 初始化参数,将external_url 'http://gitlab.example.com’修改为‘http://172.17.10.155:8081’
sudo vim /etc/gitlab/gitlab.rb
- 配置GitLab
运行以下命令来配置GitLab:
sudo gitlab-ctl reconfigure
发现在* ruby_block[wait for logrotate service socket] action
run这条打印处block住了。 sudo apt-get install systemd -y sudo apt-get install
systemctl -y sudo systemctl restart gitlab-runsvdir.service
(这条也执行的有问题,没有找到这个service,改用下面这条指令解决) sudo apt-get install gitlab-ce
sudo /opt/gitlab/embedded/bin/runsvdir-start & 然后再次运行sudo gitlab-ctl
reconfigure,此次pass了。
- 查看初始密码:
gerrit@616337b2925c:~$ sudo cat /etc/gitlab/initial_root_password
WARNING: This value is valid only in the following conditions
- If provided manually (either via
GITLAB_ROOT_PASSWORD
environment variable or viagitlab_rails['initial_root_password']
setting in
gitlab.rb
, it was provided before database was seeded for the first
time (usually, the first reconfigure run).- Password hasn’t been changed manually, either via UI or via command line.
If the password shown here doesn’t work, you must reset the admin
password following
https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.”Password: QW7MtxDZMj6zYumY9FGedclGXYdxNvl2Em+z3CgNEPA=
Tips:
gitlab-ce相关命令:
sudo gitlab-ctl status
sudo gitlab-ctl restart
sudo gitlab-ctl start
sudo gitlab-ctl stop
记住,修改external_url之后需要重新sudo gitlab-ctl reconfigure。
重新进入docker后,需要执行下面命令启动服务
sudo /opt/gitlab/embedded/bin/runsvdir-start &
sudo gitlab-ctl start
- 登录gitlab网站,修改初始密码。
登录网站:
网站:http://172.17.10.155:8181
用户名:root
密码:QW7MtxDZMj6zYumY9FGedclGXYdxNvl2Em+z3CgNEPA=
修改初始密码:
在docker中输入:
sudo gitlab-rails console -e production
此时进入Rails,可以修改数据库中的数据。
user = User.where(id: 1).first
user.password = ‘123456’
user.password_confirmation = ‘123456’
user.save
exit
重新登录gitlab网站,验证新密码是否起效。
- 解决gitlab占用cpu和内存过高问题
`提示:没有遇到占用率过高的情况下可以忽略
打开配置文件,修改下面配置
sudo vim /etc/gitlab/gitlab.rb
puma[‘worker_processes’] = 8 #默认CPU核心数+1
postgresql[‘shared_buffers’] = “256MB”
postgresql[‘max_worker_processes’] = 8
nginx[‘worker_processes’] = 8
最后使用配置
sudo gitlab-ctl reconfigure sudo gitlab-ctl restart
二、设置gitlab邮箱
修改gitlab.rb文件参数:
sudo vim /etc/gitlab/gitlab.rb
gitlab_rails[‘smtp_enable’] = true gitlab_rails[‘smtp_address’] =
“smtp.lqsilicon.com” gitlab_rails[‘smtp_port’] = 465
gitlab_rails[‘smtp_user_name’] = “123@qq.com”
gitlab_rails[‘smtp_password’] = “123456”
gitlab_rails[‘smtp_domain’] = “smtp.qq.com”
gitlab_rails[‘smtp_authentication’] = “login”
gitlab_rails[‘smtp_enable_starttls_auto’] = false
gitlab_rails[‘smtp_tls’] = true gitlab_rails[‘smtp_pool’] = false#gitlab_rails[‘smtp_tls’] and gitlab_rails[‘smtp_enable_starttls_auto’] are mutually exclusive. Set
one of them to false. SMTP providers usually use port 465 for TLS and
port 587 for STARTTLS.
#state=error: certificate verify failed (self signed certificate in certificate chain) (OpenSSL::SSL::SSLError)
gitlab_rails[‘smtp_openssl_verify_mode’] = ‘none’gitlab_rails[‘gitlab_email_from’] = ‘123@qq.com’
gitlab_rails[‘gitlab_email_display_name’] = ‘123 Gitlab’
gitlab_rails[‘gitlab_email_reply_to’] = '123@qq.com
保存后:
sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart
验证:
sudo gitlab-rails console
命令行输入如下命令
Notify.test_email(‘123@qq.com’,‘Message Subject’,‘Hello, its from gitlab!’).deliver_now
三、 安装gerrit
- 安装Java 11
sudo apt install openjdk-11-jdk
#查看版本,确认是否成功
java -version
- nginx
安装nginx
sudo apt install nginx
查看状态
sudo service nginx status
查看错误信息
/var/log/nginx/error.log
修改端口:
sudo vim /etc/nginx/sites-available/default
此处可以保持为80端口
动态加载新配置
sudo nginx -s reload
如果执行 sudo nginx -s reload 报错:
nginx: [error] open() “/run/nginx.pid” failed (2: No such file or
directory):
指定配置文件
sudo nginx -c /etc/nginx/nginx.conf
重新启动
sudo nginx -s reload sudo service nginx restart
#常用指令
sudo service nginx status
sudo service nginx stop
sudo service nginx start
sudo service nginx restart
-
安装git
sudo apt-get install git
#查看git版本
git --version -
安装apache2环境
因为后面配置gerrit用户名密码时,会用到“htpasswd”命令,这个命令是Apache2里的(看其他教程,说也可以直接安装httpd-tools这个工具包,不需要安装整个Apache2)
#安装Apache2
sudo apt-get install apache2
#默认端口80已被使用,所以安装好后启动会显示失败
#修改端口,修改为8182(原先设置了8082不知道和哪里冲突了导致启动失败,现在换成8182后成功,其实这个不启动按道理来说也没有关系)
sudo vim /etc/apache2/ports.conf
#重启Apache2
sudo service apache2 restart
#查看Apache2状态
sudo service apache2 status
apache2可以不启动,此处安装仅仅是需要使用它的htpasswd命令。 -
安装gerrit
sudo java -jar ./gerrit-3.8.0.war init -d /var/gerrit
Using secure store:
com.google.gerrit.server.securestore.DefaultSecureStore [2024-03-06
17:57:37,478] [main] INFO
com.google.gerrit.server.config.GerritServerConfigProvider : No
/home/root1/gerrit/etc/gerrit.config; assuming defaults*** Gerrit Code Review 3.5.6
*** Git Repositories
Location of Git repositories [git]: git
#指定Git存储库,最好指定一个不存在的目录,他会自动创建:/home/dockerdata/gerritrepos*** JGit Configuration
Auto-configured “receive.autogc = false” to disable auto-gc after
git-receive-pack.*** Index
Type [lucene]: #默认即可
*** User Authentication
Authentication method [openid/?]: HTTP
#认证方法输入HTTP,我们要使用反向代理 Get username from custom HTTP header [y/N]? SSO logout URL : Enable signed push support [y/N]?*** Review Labels
Install Verified label [y/N]?
*** Email Delivery
SMTP server hostname [localhost]: #输入自动发送邮件的smtp服务器
smtp.lqsilicon.com" SMTP server port [(default)]:
#465/994时SSL协议端口后,25是非SSL协议端口号 465 SMTP encryption [none/?]: #如果上一步输入的是465/994,此处输入SSL,否则直接回车即可 SSL SMTP username
: #此处是你定义自动发送邮件的邮箱地址 gitlab@lqsilicon.com
#接着我们需要输入2次咱们邮箱的授权码,而非邮箱密码! 直接回车,不输入*** Container Process
Run as [root1]: Java runtime
[/usr/lib/jvm/java-11-openjdk-amd64]: Copy gerrit-3.5.6.war to
/home/root1/gerrit/bin/gerrit.war [Y/n]? Copying gerrit-3.5.6.war to
/home/root1/gerrit/bin/gerrit.war*** SSH Daemon
Listen on address [*]: #指定SSH后台服务的监听地址 Listen on port
[29418]: #指定SSH后台服务的端口号 Generating SSH host key … rsa…
ed25519… ecdsa 256… ecdsa 384… ecdsa 521… done*** HTTP Daemon
Behind reverse proxy [y/N]? y #使用发向代理 Proxy uses SSL
(https://) [y/N]? #不适用SSL Subdirectory on proxy server [/]:
#指定代理服务器的子目录,默认为"/"路径,默认即可 Listen on address [*]: #只当gerrit服务的监听地址 Listen on port [8081]: #指定gerrit的服务端口 8188 Canonical URL [http://lq-daima/]:#指定标准连接 http://172.17.10.155/*** Cache
*** Plugins
Installing plugins. #接下来就是询问我们是否安装插件,我们一路“y”即可 Install plugin
codemirror-editor version v3.5.6 [y/N]? y Installed codemirror-editor
v3.5.6 Install plugin commit-message-length-validator version v3.5.6
[y/N]? y Installed commit-message-length-validator v3.5.6 Install
plugin delete-project version v3.5.6 [y/N]? y Installed delete-project
v3.5.6 Install plugin download-commands version v3.5.6 [y/N]? y
Installed download-commands v3.5.6 Install plugin gitiles version
v3.5.6 [y/N]? y Installed gitiles v3.5.6 Install plugin hooks version
v3.5.6 [y/N]? y Installed hooks v3.5.6 Install plugin plugin-manager
version v3.5.6 [y/N]? y Installed plugin-manager v3.5.6 Install plugin
replication version v3.5.6 [y/N]? y Installed replication v3.5.6
Install plugin reviewnotes version v3.5.6 [y/N]? y Installed
reviewnotes v3.5.6 Install plugin singleusergroup version v3.5.6
[y/N]? y Installed singleusergroup v3.5.6 Install plugin webhooks
version v3.5.6 [y/N]? y Installed webhooks v3.5.6 Initializing
plugins.============================================================================ Welcome to the Gerrit community
Find more information on the homepage:
https://www.gerritcodereview.com Discuss Gerrit on the mailing list:
https://groups.google.com/g/repo-discuss
============================================================================ Initialized /home/root1/gerrit Init complete, reindexing
accounts,changes,groups,projects with: reindex --site-path
/home/root1/gerrit --threads 1 --index accounts --index changes
–index groups --index projectsReindexed 0 documents in accounts index in 0.0s (0.0/s) Index accounts in version 11 is ready Reindexing
groups: 100% (2/2) Reindexed 2 documents in groups index in 0.4s
(5.0/s) Index groups in version 8 is ready Reindexing changes: Slicing
projects: 100% (2/2), done Reindexed 0 documents in changes index
in 0.0s (0.0/s) Index changes in version 71 is ready Reindexing
projects: 100% (2/2) Reindexed 2 documents in projects index in
0.1s (33.3/s) Index projects in version 4 is ready
上述配置完了之后,可以sudo cat /var/gerrit/etc/gerrit.config看看配置,如果有问题可以sudo
vim /var/gerrit/etc/gerrit.config来修改。
gerrit@bd876986ddde:/$ sudo cat /var/gerrit/etc/gerrit.config [gerrit]
basePath = /home/dockerdata/gerritrepos
canonicalWebUrl = http://172.17.10.155:8188
serverId = e75bed7e-18c2-45f1-ae1d-05d9dd4a828c [container]
javaOptions = “-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance”
javaOptions = “-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance”
user = root
javaHome = /usr/lib/jvm/java-11-openjdk-amd64 [index]
type = lucene [auth]
type = HTTP
userNameCaseInsensitive = true [receive]
enableSignedPush = false [sendemail]
enable = true
smtpServer = smtp.lqsilicon.com
smtpServerPort = 465
smtpEncryption = SSL
sslVerify = false
smtpUser = gitlab@lqsilicon.com
smtpPass = longqing@123
from = gitlab@lqsilicon.com [sshd]
listenAddress = :29418 [httpd]
listenUrl = proxy-http://:8187/ [cache]
directory = cache
创建gerrit.password文件,并创建用户:
创建第一个用户admin,同时会生成一个gerrit.password文件
htpasswd -c /var/gerrit/etc/gerrit.password admin
该命令会提示输入密码
后续可以用下面命令来创建其它的用户
在gerrit.password增加用户用 -m
htpasswd -m /var/gerrit/etc/gerrit.password username
然后用/var/gerrit/bin/gerrit.sh restart来重新启动gerrit
启动好之后,不能直接访问 http://172.17.10.150:8188/,需要配置nginx反向代理:
#打开nginx配置文件,配置nginx反向代理,server节点内容如下:
sudo vim /etc/nginx/sites-available/default
server {
listen 8188;
server_name localhost;
allow all;
deny all;
auth_basic “Welcome to Gerrit Code Review Site!”;
auth_basic_user_file /var/gerrit/etc/gerrit.password;
location / {
proxy_pass http://127.0.0.1:8187;
proxy_set_header X-Forwarded-For$remote_addr;
proxy_set_header Host $host;
}
}
配置好后,nginx重新加载配置:
sudo nginx -s reload
执行
sudo service nginx restart
启动好nginx后,即可正常访问 http://172.17.10.155:8188/
四、错误排查
查看gerrit当前状态
/var/gerrit/bin/gerrit.sh status
查看log
tail -f /var/gerrit/logs/error_log
也可以使用 curl 命令从命令行检查 Gerrit 的 Web 界面是否正常响应:
curl -I http://localhost:8188
你应该会看到类似以下的输出,表示服务器响应正常:
HTTP/1.1 200 OK
查看端口是否在监听状态
netstat -tulnp
如果出错,可以试试先把两个都停掉,再按照顺序开启。
sudo var/gerrit/bin/gerrit.sh stop
sudo service nginx stop
停掉之后 sudo netstat -tulnp查看一下端口占用情况。
sudo service nginx start
开启了nginx,此时查看一下端口情况,看看Listen的端口是否已启动
sudo var/gerrit/bin/gerrit.sh start
开启了gerrit,此时再查看一下端口情况,httpd里面的listenUrl的端口为监听的端口。看看是否已经启动。
sudo netstat -tulnp