gitlab 搭建使用

1. 硬件要求

##CPU 
4 核心500用戶 
8 核心1000用戶 
##內存 
4 G內存500用戶 
8 G內存1000用戶

2. 下載鏈接

3. 安裝依賴

yum -y install curl openssh-server postfix wget

4. 安裝gitlab組件

yum -y localinstall gitlab-ce-15.9.3-ce.0.el7.x86_64.rpm

5. 修改配置文件

cat > /etc/gitlab/gitlab.rb <<EOF
external_url 'http://gitlab.tom.com'
gitlab_rails['smtp_enable'] = false
gitlab_rails['registry_enabled'] = false
registry['enable'] = false
prometheus['enable'] = false
alertmanager['enable'] = false
node_exporter['enable'] = false
redis_exporter['enable'] = false
postgres_exporter['enable'] = false
gitlab_exporter['enable'] = false
prometheus_monitoring['enable'] = false
EOF

#使用gitlab.rb文件重新生成子配置文件

gitlab-ctl reconfigure

#重啟所有gitlab相關文件.

gitlab-ctl restart

#查看gitlab狀態

]# gitlab-ctl status
run: gitaly: (pid 31042) 128s; run: log: (pid 30218) 355s
run: gitlab-kas: (pid 31141) 118s; run: log: (pid 30464) 344s
run: gitlab-workhorse: (pid 31147) 117s; run: log: (pid 30632) 294s
run: logrotate: (pid 31157) 117s; run: log: (pid 30173) 367s
run: nginx: (pid 31853) 2s; run: log: (pid 30647) 289s
run: postgresql: (pid 31208) 96s; run: log: (pid 30397) 348s
run: puma: (pid 31197) 97s; run: log: (pid 30575) 306s
run: redis: (pid 31202) 97s; run: log: (pid 30194) 361s
run: sidekiq: (pid 31219) 95s; run: log: (pid 30599) 300s

6. 登錄gitlab頁面

]# cat /etc/gitlab/initial_root_password
# WARNING: This value is valid only in the following conditions
#          1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run).
#          2. Password hasn't been changed manually, either via UI or via command line.
#
#          If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.Password: fIElM6At23WAaLvZBiy2lzFvOd8Vz8ch96gw3Y0S+HU=# NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.

登錄用戶：root

密碼：/etc/gitlab/initial_root_password文件中的Password字段值

7. 漢化

8. 修改密碼

9. 關閉注冊功能

10. 使用案例

步驟：

1. 創建dev開發組
2. 添加用戶tom
3. 用戶組添加用戶
4. 創建1個項目happy_app并關聯dev組

10.1. 創建dev開發組

10.2. 創建用戶

10.3. 關聯用戶到用戶組

10.4. 創建項目并關聯組

10.5. 普通用戶登錄gitlab

]# cat /root/.ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSZ9RvDQpNBc9Hz0vJ8vzQ/bE5Nu7bH9o+krxItSGHvwCCkuducUve0vweyEk52iZRUb3OYAH9Z5GDTFZ+br5sipT/wg8z7FW8g+EhDAOc9adsHSU+hDluKykyw6qLnQ4rX9tIZh6KXrZCiLneRBtfESg+MQvxNYZ8qiAqmiyq3tuz1Wue8KJ/869GvYVoPYDNYt+HBUmSJb9aagVkndXvHvex6ECgRTDrdzoXfpd5HrIlgtvxT46+RnZX5pFiDyUd0K7k9T99VxLQU5oUFUh+YA9glpojleKlOduUa1ld6Lno+StQdAOhKsUYiz31UKwJ5IBE0XCx5OTnG372p0Ib root@jenkins

把用戶主機上/root/.ssh/id_rsa.pub 里面的公鑰復制到下圖1的位置，如果沒有此文件，先ssh-keygen生成

已經有遠程倉庫的代碼，需要切換遠程倉庫地址

#把origin重命名為old-origin
git remote rename origin old-origin
#添加新的origin地址
git remote add origin git@gitlab.tom.com:dev/happy-app.git
#推送所有分支
git push -u origin --all
#推送所有tag
git push -u origin --tags

上面報錯是因為此用戶權限是developer，無法創建分支，可以用管理員賬戶把tom用戶權限調整為owner.

已經可以看到代碼的分支，標簽，提交記錄

11. 如果gitlab管理員用戶名密碼忘記，重置方法

gitlab-rake "gitlab:password:reset"

12. gitlab備份與恢復

12.1. gitlab服務配置文件備份

/etc/gitlab目錄備份

12.2. 備份gitlab里面的內容

gitlab_rails['manage_backup_path'] = true   		#是否可以指定備份目錄
gitlab_rails['backup_path'] = "/var/opt/gitlab/backups" #備份目錄
gitlab_rails['backup_archive_permissions'] = 0600   #備份的壓縮包權限
gitlab_rails['backup_keep_time'] = 604800   		#備份保留多久 7天]# egrep -v '^$|^#' /etc/gitlab/gitlab.rb
external_url 'http://gitlab.tom.com'
gitlab_rails['manage_backup_path'] = true
gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
gitlab_rails['backup_archive_permissions'] = 0600
gitlab_rails['backup_keep_time'] = 604800
gitlab_rails['smtp_enable'] = false
gitlab_rails['registry_enabled'] = false
registry['enable'] = false
prometheus['enable'] = false
alertmanager['enable'] = false
node_exporter['enable'] = false
redis_exporter['enable'] = false
postgres_exporter['enable'] = false
gitlab_exporter['enable'] = false
prometheus_monitoring['enable'] = false#重新生成子配置文件
]# gitlab-ctl reconfigure]# gitlab-ctl restart#手動執行備份命令
]# gitlab-backup create

12.3. gitlab恢復數據

先停止寫入數據

[root@gitlab ~]# gitlab-ctl stop puma
ok: down: puma: 0s, normally up
[root@gitlab ~]# gitlab-ctl sidekiq
ok: down: sidekiq: 1s, normally up

執行恢復命令

注意：執行恢復命令的時候，備份文件的名字去除_gitlab_backup.tar，只要前面的部分

 ~]# ll /var/opt/gitlab/backups/
-rw------- 1 git git 512000 Jul 12 08:40 1720744836_2024_07_12_15.9.3_gitlab_backup.tar~]# gitlab-backup restore BACKUP=/var/opt/gitlab/backups/1720744836_2024_07_12_15.9.3

12.4. 定時任務備份

#創建備份目錄
mkdir -p /backup/gitlab/{code,conf}
chown -R git.root /backup/gitlab/code
#--------------------------------------------------------------
#修改git配置文件中備份文件夾路徑
[root@gitlab ~]# egrep -v '^$|^#' /etc/gitlab/gitlab.rb
external_url 'http://gitlab.tom.com'
gitlab_rails['manage_backup_path'] = true
gitlab_rails['backup_path'] = "/backup/gitlab/code/"
gitlab_rails['backup_archive_permissions'] = 0600
gitlab_rails['backup_keep_time'] = 604800
gitlab_rails['smtp_enable'] = false
gitlab_rails['registry_enabled'] = false
registry['enable'] = false
prometheus['enable'] = false
alertmanager['enable'] = false
node_exporter['enable'] = false
redis_exporter['enable'] = false
postgres_exporter['enable'] = false
gitlab_exporter['enable'] = false
prometheus_monitoring['enable'] = false#重新生成子配置文件
]# gitlab-ctl reconfigure
]# gitlab-ctl restart
#--------------------------------------------------------------
#自動備份腳本
]# cat /server/scripts/backup-gitlab.sh 
#!/bin/bash
#1.備份gitlab數據
gitlab-backup create ? ?
#2.備份gitlab配置和密碼文件
tar zcf /backup/gitlab/conf/gitlab-conf-$(date +%F).tar.gz ? /etc/gitlab/
#3. 傳輸到備份服務器
#rsync xxx#增加定時任務
* 03 * * * /bin/bash /server/scripts/backup-gitlab.sh  &> /backup/gitlab/back.log

13. gitlab證書配置

為了防止內網滲透，將gitlab服務的訪問添加了ssl,具體步驟如下：
1.gitlab配置https(請先做個快照.)
nginx['enable' ] = true
nginx['client_max_body_size' ]= '250m '
nginx['redirect_http_to_https' ]= true
nginx['redirect_http_to_https _port' ] = 443
nginx['ssl_certificate' ] = "path/ key.crt"
nginx['ssl_certificate_key'] = "path/ key.key"
nginx['ssl_ciphers' ] ="ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
nginx['ssl_prefer_server_ciphers']= "on"
nginx['ssl_protocols']= "TLSv1.2"
nginx['ssl_session_cache' ] = "builtin:1000shared:sSL: 10m"
nginx['ssl_session_timeout']= "5m"核心：
nginx['ssl_certificate' ] = 用于指定證書 .crt .pem
nginx['ssl_certificate_key'] ?= 用于指定私鑰 .key 2.gitlab重新配置子項目
gitlab-ctl reconfigure
重啟：
gitlab-ctl restart

14. 優化配置

優化暫時不用組件 (選作)
#關閉目前不使用的組件 默認都是true 修改為 false 
#關閉prometheus
prometheus['enable'] = false
prometheus['monitor_kubernetes'] = false
#關閉alertmanger
alertmanager['enable'] = false
#關閉exporter 如果需要prometheus監控 則可以打開。
node_exporter['enable'] = false
redis_exporter['enable'] = false
postgres_exporter['enable'] = false
gitlab_monitor['enable'] = false
#gitlab_exporter
prometheus_monitoring['enable'] = false
grafana['enable'] = false

本文來自互聯網用戶投稿，該文觀點僅代表作者本人，不代表本站立場。本站僅提供信息存儲空間服務，不擁有所有權，不承擔相關法律責任。
如若轉載，請注明出處：http://www.pswp.cn/web/45170.shtml
繁體地址，請注明出處：http://hk.pswp.cn/web/45170.shtml
英文地址，請注明出處：http://en.pswp.cn/web/45170.shtml

如若內容造成侵權/違法違規/事實不符，請聯系多彩編程網進行投訴反饋email:809451989@qq.com，一經查實，立即刪除！