环境配置
关闭防火墙、关闭SELinux
尝试邮件服务,开启邮件服务
[root@git-server /]# systemctl start postfix
[root@git-server /]# systemctl enable postfix
部署 Gitlab
安装 gitlab 依赖包
Centos7:
[root@git-server /]# yum install -y curl openssh-server openssh-clients postfix cronie policycoreutils-python
# gitlab-ce 10.x.x以后的版本需要依赖policycoreutils-python
Centos8:
[root@git-server /]# yum install -y curl openssh-server openssh-clients postfix cronie policycoreutils-python-utils
本实验选择CentOS8
添加官方源或其他镜像源
[root@git-server]# curl <https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh> | sudo bash
如果官方源太慢,可以使用国内清华yum源,配置如下
[root@git-server /]# vim /etc/yum.repos.d/gitlab-ce.repo
[gitlab-ce]
name=Gitlab CE Repository
baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el$releasever/
gpgcheck=0
enabled=1
安装 Gitlab
[root@git-server /]# yum -y install gitlab-ce # 自动安装最新版
[root@git-server /]# yum -y install gitlab-ce-x.x.x # 安装指定版本Gitlab
Gitlab 配置登录URL
#设置登录链接 [root@git-server /]# vim /etc/gitlab/gitlab.rb
##GitLab URL ##! URL on which GitLab will be reachable. ##! For more details on configuring external_url see: ##! https://docs.gitlab.com/omnibus/settings/configuration.html #configuring-the-external-url-for-gitlab #如果没有域名,可以设置为本机IP地址 external_url ‘git-server.corp.tanzu’
查看配置情况
[root@git-server /]# grep “^external_url” /etc/gitlab//gitlab.rb external_url ‘http://git-server.corp.tanzu’
Https URL配置(可选)
为了防止内网渗透,可将gitlab服务的访问添加了SSL
修改配置文件
[root@git-server /]# vim /etc/gitlab/gitlab.rb
#13行的 http » https external_url ‘https://ip:port’ #修改nginx配置 810行 nginx[‘redirect_http_to_https’] =true nginx[‘ssl_certificate’] = “/etc/gitlab/ssl/server.crt” nginx[‘ssl_certificate_key’] = “/etc/gitlab/ssl/server.key”
秘钥与证书
脚本如下:
#秘钥脚本,将以下内容保存为shell脚本,然后运行
#出现提示输入信息的地方输入信息,先输入域名然后4次证书密码,任意密码,四次保持一致。
#!/bin/sh
# create self-signed server certificate:
read -p "Enter your domain : " DOMAIN
echo "Create server key..."
openssl genrsa -des3 -out $DOMAIN.key 1024
echo "Create server certificate signing request..."
SUBJECT="/C=US/ST=Mars/L=iTranswarp/O=iTranswarp/OU=iTranswarp/CN=$DOMAIN"
openssl req -new -subj $SUBJECT -key $DOMAIN.key -out $DOMAIN.csr
echo "Remove password..."
mv $DOMAIN.key $DOMAIN.origin.key
openssl rsa -in $DOMAIN.origin.key -out $DOMAIN.key
echo "Sign SSL certificate..."
openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt
echo "TODO:"
echo "Copy $DOMAIN.crt to /etc/nginx/ssl/$DOMAIN.crt"
echo "Copy $DOMAIN.key to /etc/nginx/ssl/$DOMAIN.key"
echo "Add configuration in nginx:"
echo "server {"
echo " ..."
echo " listen 443 ssl;"
echo " ssl_certificate /etc/nginx/ssl/$DOMAIN.crt;"
echo " ssl_certificate_key /etc/nginx/ssl/$DOMAIN.key;"
echo "}"
#移动到相应的位置
sudo mkdir -p /etc/gitlab/ssl sudo chmod 700 /etc/gitlab/ssl/ -R su cp xxxx.crt /etc/gitlab/ssl/server.crt sudo cp xxxx.key /etc/gitlab/ssl/server.key
重建配置
sudo gitlab-ctl reconfigure
配置语言环境
gitlab要求语言环境为英文环境,如果不是,必须切换,切换方法如下: 注意:可以先尝试以下方案 语言环境问题:如果碰到之后的解决方案如下,需要重新登录 [root@git-server /]# echo “export LC_ALL=en_US.UTF-8” » /etc/profile 如果上面的方案不可以,再使用下面的方案:
#yum install langpacks-zh_CN langpacks-en langpacks-en_GB -y #cat > /etc/profile.d/locale.sh«-EOF export LANG=en_US.UTF-8 export LANGUAGE=en_US.UTF-8 export LC_COLLATE=C export LC_CTYPE=en_US.UTF-8 EOF #source /etc/profile.d/locale.sh
退出终端重新登陆
初始化 Gitlab
[root@git-server /]# gitlab-ctl reconfigure …… Running handlers: Running handlers complete Chef Infra Client finished, 571/1516 resources updated in 11 minutes 02 seconds Notes: Default admin account has been configured with following details: Username: root Password: You didn’t opt-in to print initial root password to STDOUT. Password stored to /etc/gitlab/initial_root_password. This file will be cleaned up in first reconfigure run after 24 hours. NOTE: Because these credentials might be present in your log files in plain text, it is highly recommended to reset the password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password. gitlab Reconfigured!
Note:第一次使用配置时间较长
Gitlab 添加smtp邮件功能
[root@git-server /]# vim /etc/gitlab/gitlab.rb postfix 并非必须的;根据具体情况配置,以 SMTP 的为例配置邮件服务器来实现通知;参考配置如下:
###Email Settings gitlab_rails[‘gitlab_email_enabled’] = true gitlab_rails[‘gitlab_email_from’] = ‘2346750@qq.com’ gitlab_rails[‘gitlab_email_display_name’] = ‘gitlab’ gitlab_rails[‘gitlab_email_reply_to’] = ‘2346750@qq.com’ gitlab_rails[‘gitlab_email_subject_suffix’] = ‘[gitlab]’ gitlab_rails[‘smtp_enable’] = true gitlab_rails[‘smtp_address’] = “smtp.qq.com” gitlab_rails[‘smtp_port’] = 465 gitlab_rails[‘smtp_user_name’] = “2346750@qq.com” gitlab_rails[‘smtp_password’] = “gjdbqvpbkuagbe” #这是我的qq邮箱授权码 gitlab_rails[‘smtp_domain’] = “smtp.qq.com” gitlab_rails[‘smtp_authentication’] = “login” gitlab_rails[‘smtp_enable_starttls_auto’] = true gitlab_rails[‘smtp_tls’] = true
#修改配置后需要初始化配置,先关掉服务再重新初始化
[root@git-server /]# gitlab-ctl stop [root@git-server /]# gitlab-ctl reconfigure [root@git-server /]# gitlab-ctl start
Gitlab 发送邮件测试
[root@git-server /]# gitlab-rails console
Ruby: ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-linux] GitLab: 14.0.5 (25fc1060aff) FOSS GitLab Shell: 13.19.0 PostgreSQL: 12.6
Loading production environment (Rails 6.1.3.2) irb(main):001:0>
Notify.test_email(‘2346750@qq.com’, ‘Message Subject’, ‘Message Body’).deliver_now
60eef4206f5d_fbe25a8c1f6@git-server.mail
Open URL
修改Root密码
为http://git-server.corp.tanzu提供root密码
[root@git-server /]# gitlab-rails console
Ruby: ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-linux] GitLab: 14.0.5 (25fc1060aff) FOSS GitLab Shell: 13.19.0 PostgreSQL: 12.6
Loading production environment (Rails 6.1.3.2) irb(main):001:0> user = User.where(id: 1).first => #<User id:1 @root> irb(main):002:0> user.password = ‘VMware1!’ => “VMware1!” irb(main):003:0> user.save! Enqueued ActionMailer::MailDeliveryJob (Job ID: 0e82f079-dc05-4d2a-86be-adc0f505b1a5) to Sidekiq(mailers) with arguments: “DeviseMailer”, “password_change”, “deliver_now”, {:args=>[#<GlobalID:0x00007ff184aab4c8 @uri=#<URI::GID gid://gitlab/User/1»]} => true irb(main):004:0> exit
安装成功。
以上