本教程安装的是 Gitlab-ce (社区版)版本,非 Gitlab-ee (企业版)版本

安装必要的依赖

参考 GitLab Installation Centos 7
Configuration options

1
2
3
4
5
6
7
8
sudo yum install -y curl policycoreutils-python openssh-server
sudo systemctl enable sshd
sudo systemctl start sshd
sudo firewall-cmd --permanent --add-service=http
sudo systemctl reload firewalld
sudo yum install postfix
sudo systemctl enable postfix
sudo systemctl start postfix

已安装的就不用重复安装

添加 GitLab 社区版 Package 并安装

1
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash

可以添加国内清华的源

新建 /etc/yum.repos.d/gitlab-ce.repo 内容为:

1
2
3
4
5
[gitlab-ce]
name=Gitlab CE Repository
baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el$releasever/
gpgcheck=0
enabled=1

执行

1
yum makecache

安装 GitLab 社区版

1
yum install -y gitlab-ce

配置 external_url 地址

  • GitLab 默认的配置文件路径是 /etc/gitlab/gitlab.rb
  • 默认的站点Url配置项是: external_url 'http://gitlab.example.com'
  • 这里我将 GitLab 站点 Url 修改为 http://git.itlangzi.com ; 也可以用IP代替域名,这里根据自己需求来即可
  • 可配置相对路径 http://git.itlangzi.com/gitlab
    1
    vim /etc/gitlab/gitlab.rb
1
external_url 'http://git.itlangzi.com'

修改 Gitlab 仓库位置

  • 创建仓库目录

    1
    mkdir /home/gitlab/git-data -p
  • 修改 目录的属主和属组

    1
    chown -R gitlab:gitlab /home/gitlab/git-data
  • 启用 git_data_dirs, 去掉注释改成自己的

    1
    2
    3
    4
    5
    git_data_dirs({
    "default" => {
    "path" => "/home/gitlab/git-data"
    }
    })

使用外部(非绑定 redis ) redis

1
2
3
4
5
6
redis['enable'] = false
# gitlab_rails['redis_host'] = "127.0.0.1"
# gitlab_rails['redis_port'] = 6379
gitlab_rails['redis_password'] = "123456"
# unix socket
gitlab_rails['redis_socket'] = "/tmp/redis.sock"

1、 redisunix socket 必须启用
2、 redis 的路径 unix socket 可以在 redis.conf 中查看
3、 hostunix socket 这两种方式只能启用其中一种 ; 参考 Using a non-packaged Redis instance

使用外部 (非绑定 PostgreSQL ) PostgreSQL

1
2
3
4
5
6
7
8
9
10
postgresql['enable'] = false
gitlab_rails['db_adapter'] = "postgresql"
gitlab_rails['db_encoding'] = "utf8"
gitlab_rails['db_database'] = "gitlab" # 数据库名称
gitlab_rails['db_username'] = "postgres"
gitlab_rails['db_password'] = "123456"
# gitlab_rails['db_host'] = "127.0.0.1"
# gitlab_rails['db_port'] = 5432
gitlab_rails['db_socket'] = "/var/run/postgresql"
postgresql['dir'] = "/var/run/postgresql"

1、 需要创建数据库 gitlab
2、 需要安装扩展 yum install postgresql11-contrib -y
3、 此处 PostgreSQL 数据的 db_socketdir 可以在 /var/lib/pgsql/11/data/postgresql.conf -> unix_socket_directories 设置; 主要是 ostgresql['dir']
4、 hostunix socket 这两种方式只能启用其中一种,否则会有彩蛋哦
5、 参考 Using a non-packaged PostgreSQL database management server

使用外部(非绑定 web 服务) nginx

1
2
3
nginx['enable'] = false
# 设置外部 nginx 用户
web_server['external_users'] = ['nginx']

nginx 配置

参考 web-server
nginx.conf 加入以下内容
nginx 需要启用 gzip_static 指令,源码编译添加参数 --with-http_gzip_static_module

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
## GitLab 8.3+
##
## Lines starting with two hashes (##) are comments with information.
## Lines starting with one hash (#) are configuration parameters that can be uncommented.
##
##################################
## CONTRIBUTING ##
##################################
##
## If you change this file in a Merge Request, please also create
## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
##
###################################
## configuration ##
###################################
##
## See installation.md#using-https for additional HTTPS configuration details.

upstream gitlab-workhorse {
server unix:/var/opt/gitlab/gitlab-workhorse/socket;
}

## Normal HTTP host
server {
## Either remove "default_server" from the listen line below,
## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
## to be served if you visit any address that your server responds to, eg.
## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
listen 0.0.0.0:80 default_server;
listen [::]:80 default_server;
server_name git.repy.itlangzi.com; ## Replace this with something like gitlab.example.com
server_tokens off; ## Don't show the nginx version number, a security best practice
root /opt/gitlab/embedded/service/gitlab-rails/public;

## See app/controllers/application_controller.rb for headers set

## Individual nginx logs for this GitLab vhost
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;

location / {
client_max_body_size 0;
gzip off;

## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;

proxy_http_version 1.1;

proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass http://gitlab-workhorse;
}
}

官方配置,使用的是 gitlab-omnibus-nginx.conf
若域名为解析在本地 hosts 添加内容 ip git.repy.itlangzi.comipgitlab 服务器 IP

修改 unicorn 参数配置

1
unicorn['worker_processes'] = 2 # 可解决内存占用过高的问题

unicorn 换成 puma

unicorngitlab 默认的服务器, puma 也是 ruby 的一款服务器,性能和资源占有上却有极大的优势,@see Puma 替换 Unicorn 跑 Gitlab
Puma

1
2
3
4
...
unicorn['enable'] = false # 设置为false
...
puma['enable'] = true # 设置为true

重新构建 gitlab

1
gitlab-ctl reconfigure

若使用 Passenger/nginx 参考

配置比较复杂 不建议
如果访问出现 403 需要为nginx 安装 passenger 模块
安装nginx 的 passenger 模块

1
2
3
4
5
6
7
yum install -y epel-release yum-utils
yum-config-manager --enable epel
yum clean all && sudo yum update -y
yum install -y pygpgme
yum install passenger-devel -y
curl --fail -sSLo /etc/yum.repos.d/passenger.repo https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo
yum install -y passenger || yum-config-manager --enable cr && yum install -y passenger

参考 Installing Passenger + Nginx

构建 nginx 时候加上 --add-module=/path-to-passenger-module

使用命令 passenger-config --nginx-addon-dir 查看 path-to-passenger-module
本处是 /ngx_http_passenger_module
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --add-module=$(passenger-config --nginx-addon-dir)
参考 Installing Passenger as a normal or dynamic Nginx module

错误备注及修复方案

1、nginx 访问出现502 问题

查看 Nginx 日志,多半是权限问题,小编这里就是对目录 /var/opt/gitlab/gitlab-workhorse/socket 没有权限访问
添加权限

1
chmod -R ug+rw /var/opt/gitlab/gitlab-workhorse/socket

2、若出现 500 问题 ,查看日志,具体分析,小编这里是 由于 redis 连接失败

1
gitlab-ctl tail gitlab-rails

3、出现 Cached record for ApplicationSetting couldn't be loaded, falling back to uncached record: NOAUTH Authentication required

错误这是由于使用需要密码验证的 redis;但是gitlab_rails['redis_password']配置了却未起作用, 到目前位置这是一个尚未解决 Bug @see GitLab not using Redis AUTH passwordBug redis socket with auth, 解决的办法

1)修改 resque.yml, 添加 password , 然后重启 gitlab 即可

1
vim /var/opt/gitlab/gitlab-rails/etc/resque.yml

内容如下

1
2
3
production:
url: unix:/tmp/redis.sock
password: 123456 # 添加密码 同 gitlab_rails['redis_password']

然后重启

此时不能重新构建 不可执行 gitlab-ctl reconfigure 否则会被还原,又要重新配置一边

1
gitlab-ctl restart

2)修改源码

可以使 gitlab_rails['redis_password'] 起作用

第一处

1
vim /opt/gitlab/embedded/cookbooks/gitlab/recipes/gitlab-rails.rb

修改内容如下 部分代码

delete this linenew add 注释为修改内容

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
....
templatesymlink "Create a database.yml and create a symlink to Rails root" do
link_from File.join(gitlab_rails_source_dir, "config/database.yml")
link_to File.join(gitlab_rails_etc_dir, "database.yml")
source "database.yml.erb"
owner "root"
group gitlab_group
mode "0640"
variables node['gitlab']['gitlab-rails'].to_hash
dependent_services.each { |svc| notifies :restart, svc }
end

redis_url = RedisHelper.new(node).redis_url
redis_password = node['gitlab']['gitlab-rails']['redis_password'] # new add
redis_sentinels = node['gitlab']['gitlab-rails']['redis_sentinels']
redis_enable_client = node['gitlab']['gitlab-rails']['redis_enable_client']

templatesymlink "Create a secrets.yml and create a symlink to Rails root" do
link_from File.join(gitlab_rails_source_dir, "config/secrets.yml")
link_to File.join(gitlab_rails_etc_dir, "secrets.yml")
source "secrets.yml.erb"
owner "root"
group "root"
mode "0644"
variables(:redis_url => redis_url, :redis_sentinels => redis_sentinels)
sensitive true
variables('secrets' => { 'production' => {
'db_key_base' => node['gitlab']['gitlab-rails']['db_key_base'],
'secret_key_base' => node['gitlab']['gitlab-rails']['secret_key_base'],
'otp_key_base' => node['gitlab']['gitlab-rails']['otp_key_base'],
'openid_connect_signing_key' => node['gitlab']['gitlab-rails']['openid_connect_signing_key']
} })
dependent_services.each { |svc| notifies :restart, svc }
end

templatesymlink "Create a resque.yml and create a symlink to Rails root" do
link_from File.join(gitlab_rails_source_dir, "config/resque.yml")
link_to File.join(gitlab_rails_etc_dir, "resque.yml")
source "resque.yml.erb"
owner "root"
group "root"
mode "0644"
# variables(redis_url: redis_url, redis_sentinels: redis_sentinels, redis_enable_client: redis_enable_client) # delete this line
variables(:redis_url => redis_url, :redis_sentinels => redis_sentinels, :redis_password => redis_password) # new add
dependent_services.each { |svc| notifies :restart, svc }
end

%w(cache queues shared_state).each do |instance|
filename = "redis.#{instance}.yml"
url = node['gitlab']['gitlab-rails']["redis_#{instance}_instance"]
sentinels = node['gitlab']['gitlab-rails']["redis_#{instance}_sentinels"]
templatesymlink "Create a #{filename} and create a symlink to Rails root" do
link_from File.join(gitlab_rails_source_dir, "config/#{filename}")
link_to File.join(gitlab_rails_etc_dir, filename)
source 'resque.yml.erb'
owner 'root'
group 'root'
mode '0644'
# variables(redis_url: url, redis_sentinels: sentinels) # delete this line
variables(redis_url: url, redis_sentinels: [], :redis_password => '') # new add
dependent_services.each { |svc| notifies :restart, svc }
not_if { url.nil? }
end
end
....

第二处

1
vim /opt/gitlab/embedded/cookbooks/gitlab/templates/default/resque.yml.erb

添加如下内容

1
2
3
<% unless @redis_password.empty? %>
password: <%= @redis_password %>
<% end %>

完整代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
production:
url: <%= @redis_url %>
<% unless @redis_password.empty? %> # 新加代码
password: <%= @redis_password %> # 新加代码
<% end %> # 新加代码
<% if !@redis_enable_client %>
id:
<% end %>
<% unless @redis_sentinels.empty? %>
sentinels:
<% @redis_sentinels.each do |sentinel| %>
-
host: <%= sentinel['host'] %>
port: <%= sentinel['port'] %>
<% end %>
<% end %>

然后重新构建重启

1
2
gitlab-ctl reconfigure
gitlab-ctl restart

查看 resque.yml 文件内容 password 已存在 cat /var/opt/gitlab/gitlab-rails/etc/resque.yml


4、出现 Permission denied - connect(2) for /tmp/redis.sock

没有权限访问 redis.sock,不能用通常的 chmod 授权,需要修改 redis.confunixsocketperm 700 -> unixsocketperm 777


完全卸载GitLab

一、停止gitlab

1
gitlab-ctl stop

二、卸载gitlab

1
rpm -e gitlab-ce

三、查看gitlab进程

1
ps -ef|grep gitlab

杀掉进程 runsvdir -P /opt/gitlab/service log

1
kill -9 4473

再次查看gitlab进程是否存在

1
ps -ef|grep gitlab

四、删除gitlab文件

删除所有包含gitlab的文件及目录

1
2
find / -name *gitlab*|xargs rm -rf      
find / -name gitlab |xargs rm -rf

删除 gitlab-ctl uninstall 时自动在 root 下备份的配置文件( ls /root/gitlab* 看看有没有,有也删除)

参考 CentOs 7 完全卸载 GitLab