gitlab 安装使用

Posted on Posted in git

gitlab 官网

  • CE 社区版
  • EE 企业版
  • OM RPM 完整包,包括nginx,redis等

功能

  1. 代码托管服务
  2. 访问权限控制
  3. 问题跟踪,bug的记录和讨论
  4. 代码审查,可以查看、评论代码
  5. 社区版基于 MIT License 开源完全免费

准备

cat /etc/selinux/config # 关闭selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

cat /etc/sysconfig/network
# Created by anaconda
NETWORKING=yes
HOSTNAME=r7

cat /etc/hostname 
gitserver.r7.com


[root@localhost ~]# cat /etc/hosts
192.168.197.136 gitserver.r7.com

[root@localhost ~]# iptables -F
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# systemctl disable firewalld.serice
[root@localhost ~]# firewall-cmd --permanent --add-service=http
[root@localhost ~]# firewall-cmd --permanent --add-service=https
[root@localhost ~]# firewall-cmd --reload
[root@localhost ~]# systemctl reload firewalld

ntpdate 202.120.2.101

cat /etc/yum.repos.d/gitlab.repo 
[gitlab-ce]
name=gitlab-ce
baseurl=https://mirrors4.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/
repo_gpgcheck=0
gpgcheck=0
enabled=1
gpgkey=https://packages.gitlab.com/gpg.key

安装

安装地址 https://about.gitlab.com/downloads/#centos7

# 准备工作
sudo yum install curl policycoreutils openssh-server openssh-clients
sudo systemctl enable sshd
sudo systemctl start sshd
sudo yum install postfix
sudo systemctl enable postfix
sudo systemctl start postfix
sudo firewall-cmd --permanent --add-service=http
sudo systemctl reload firewalld
# 安装
curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
sudo yum install gitlab-ce
# 或下载包,离线安装
curl -LJO https://packages.gitlab.com/gitlab/gitlab-ce/packages/el/7/gitlab-ce-XXX.rpm/download
rpm -i gitlab-ce-XXX.rpm
# 配置开始gitlab
sudo gitlab-ctl reconfigure

# 默认安装在 /opt 下

修改配置

vim /etc/gitlab/gitlab.rb
external_url 'http://gitserver.r7.com' # 改成自己的IP或者域名

[root@localhost ~]# gitlab-ctl reconfigure
...
Running handlers:
Running handlers complete
Chef Client finished, 361/515 resources updated in 02 minutes 06 seconds

[root@localhost ~]# gitlab-ctl start
ok: run: gitaly: (pid 12429) 1475s
ok: run: gitlab-monitor: (pid 12486) 1473s # 默认端口9168
ok: run: gitlab-workhorse: (pid 12443) 1474s #这个“工作马”,就是gitlab-Git-http-server(GitlabV8.0出现,V8.2名称变更为Gitlab-workhorse)
ok: run: logrotate: (pid 12089) 1502s # 切割日志
ok: run: nginx: (pid 11989) 1508s # 作为方向代理,代理到unicorn,nginx默认端口是80
ok: run: node-exporter: (pid 12215) 1493s
ok: run: postgres-exporter: (pid 12474) 1473s
ok: run: postgresql: (pid 11535) 1565s # 作为数据库,默认端口是5432
ok: run: prometheus: (pid 12457) 1474s # 监控,默认端口9090
ok: run: redis: (pid 11413) 1571s # 作为一个队列(NoSql), 用于存储用户session和任务,任务包括新建仓库、发送邮件等等,默认端口是6379
ok: run: redis-exporter: (pid 12256) 1492s
ok: run: sidekiq: (pid 11806) 1522s # 多线程启动
ok: run: unicorn: (pid 11740) 1524s # ruby的http server,可以通过http://localhost:8080端口访问, 默认端口是8080

# 如果系统资源不足,可以通过以下命令关闭Sidekiq来释放一部分内存
gitlab-ctl stop sidekiq

gitlab-ctl stop # 停止服务
gitlab-ctl restart # 重启服务
gitlab-ctl status # 状态
gitlab-ctl tail unicorn # 监控unicorn日志
gitlab-ctl tail 

登录,第一次登录需要设置密码

http://ip

卸载

rpm -e gitlab-ce
rm -rf /etc/gitlab/* /var/log/gitlab/ /var/opt/gitlab/ /opt/gitlab/

gitlab 命令使用

  • start 启动所有服务
  • stop 关闭所有服务
  • restart 重启所有服务
  • status 查看所有服务器状态
  • tail 查看日志信息
  • service-list 列举所有启动服务
  • graceful-kill 平稳听是一个服务
  • help 帮助
  • reconfigure 修改配置文件之后,需要重新加载下
  • show-config 查看所有服务配置文件信息
  • uninstall 卸载
  • cleanse 删除gitlib数据,初始化重新开始
  • pg-upgrade 更新postgresql版本!慎重!
    -revert-pg-upgrade 还原距离现在正在使用靠近的一个数据库的版本!慎重!
gitlab-ctl start
gitlab-ctl start nginx
gitlab-ctl tail 
gitlab-ctl tail nginx
#显示所有服务配置文件
[root@localhost ~]#gitlab-ctl show-config
#卸载gitlab
[root@localhost ~]#gitlab-ctl uninstall
#升级数据库
[root@localhost ~]# gitlab-ctl pg-upgrade
Checking for an omnibus managed postgresql: OK
Checking if we already upgraded: OK
The latest version 9.6.1 is already running, nothing to do
#降级数据库版本
[root@localhost ~]# gitlab-ctl revert-pg-upgrade

gitlab 配置

  • gitlab配置文件 /etc/gitlab/gitlab.rb
  • unicorn配置文件 /var/opt/gitlab/gitlab-rails/etc/unicorn.rb
  • nginx配置文件 /var/opt/gitlab/nginx/conf/gitlab-http.conf
  • gitlab仓库默认位置 /var/opt/gitlab/git-data/repositories

修改web端口

如果80和8080端口被占用可以修改

[root@gitlab gitlab_pack]# vi /var/opt/gitlab/gitlab-rails/etc/unicorn.rb
listen "127.0.0.1:8080", :tcp_nopush => true #这一行端口修改为你要端口
#修改nginx端口
[root@gitlab gitlab_pack]# vi /var/opt/gitlab/nginx/conf/gitlab-http.conf
server { #这里的80端口修改为你所需要的端口
  listen *:80;
# 注:只要修改了配置文件一定要重新加载配置

修改Prometheus端口

#Prometheus默认端口是9090
[root@localhost gitlab_pack]# vi /etc/gitlab/gitlab.rb
prometheus['listen_address'] = 'localhost:9090'

修改项目工程数量

第一种方法:默认安装好,你能创建的项目,只能创建10个

[root@localhost ~]# vim /opt/gitlab/embedded/service/gitlab-rails/config/initializers/1_settings.rb
Settings.gitlab['default_projects_limit'] ||= 100000
[root@localhost ~]# gitlab-ctl reconfigure

第二种方法

 

关闭监控

[root@localhost ~]# gitlab-ctl stop
[root@localhost ~]# vim /etc/gitlab/gitlab.rb
prometheus_monitoring['enable'] = false # 改为false
[root@localhost ~]# gitlab-ctl reconfigure
[root@localhost ~]# gitlab-ctl start

安全

[root@localhost ~]# cd /opt/gitlab/embedded/service/gitlab-rails/config/initializers
[root@localhost initializers]# cp -rf devise_password_length.rb.example devise_password_length.rb
[root@localhost ~]# gitlab-ctl restart

Rack attack

为了防止滥用客户造成损害GitLab使用机架攻击,提供一个保护路径

默认情况下,用户登录,用户注册(如果启用)和用户密码重置被限制为每分钟6个请求。尝试6次后,客户端将不得不等待下一分钟再次尝试。

如果发现节流不足以保护您免遭滥用客户端,机架式攻击宝石提供IP白名单,黑名单,Fail2ban样式过滤器和跟踪。

[root@localhost ~]# cd /opt/gitlab/embedded/service/gitlab-rails/config/initializers/
[root@localhost initializers]# cp rack_attack.rb.example rack_attack.rb
[root@localhost initializers]# vim /opt/gitlab/embedded/service/gitlab-rails/config/application.rb
...
    config.action_view.sanitized_allowed_protocols = %w(smb)
    config.middleware.use Rack::Attack # 添加这行
    config.middleware.insert_before Warden::Manager, Rack::Attack
...
[root@localhost ~]# gitlab-ctl restart

重置密码

[root@localhost ~]# gitlab-rails console production
Loading production environment (Rails 4.2.8)
irb(main):001:0> user = User.where(id: 1).first #查看信息
=> #<User id: 1, email: "admin@example.com", created_at: "2017-06-28 01:58:59", updated_at: "2017-06-28 02:32:46", name: "Administrator", admin: true, projects_limit: 100000, skype: "", linkedin: "", twitter: "", authentication_token: "3mxW2VHsikMVTQEUxxxr", bio: nil, username: "root", can_create_group: true, can_create_team: false, state: "active", color_scheme_id: 1, password_expires_at: nil, created_by_id: nil, last_credential_check_at: nil, avatar: nil, hide_no_ssh_key: false, website_url: "", notification_email: "admin@example.com", hide_no_password: false, password_automatically_set: false, location: nil, encrypted_otp_secret: nil, encrypted_otp_secret_iv: nil, encrypted_otp_secret_salt: nil, otp_required_for_login: false, otp_backup_codes: nil, public_email: "", dashboard: 0, project_view: 2, consumed_timestep: nil, layout: 0, hide_project_limit: false, otp_grace_period_started_at: nil, external: false, incoming_email_token: "1rf871j6t6j4mcirgyx0dphvz", organization: nil, require_two_factor_authentication_from_group: false, two_factor_grace_period: 48, ghost: nil, last_activity_on: nil, notified_of_own_activity: false, preferred_language: "en", rss_token: "s1a5PxbbsNedzBs34Aot", external_email: false, email_provider: nil>
irb(main):002:0> user.password = 'admin123' #设置新的密码
=> "admin123"
irb(main):003:0> user.password_confirmation = 'admin123' #验证密码
=> "admin123"
irb(main):004:0> user.save! #保存密码
Enqueued ActionMailer::DeliveryJob (Job ID: a11b9db8-ffc0-4f3a-bab5-62ee8b91b481) to Sidekiq(mailers) with arguments: "DeviseMailer", "password_change", "deliver_now", gid://gitlab/User/1
=> true
irb(main):005:0>  #ctrl+d 退出
» 转载请注明来源:若我若鱼 » gitlab 安装使用

Leave a Reply

Your email address will not be published. Required fields are marked *

nineteen + nineteen =