Gitlab搭建及配置

Gitlab安装

安装依赖

# 安装依赖
yum -y install curl policycoreutils-python openssh-server perl
# 安装postfix(如果没有的情况下)
yum -y install postfix 
systemctl enable postfix 
systemctl start postfix 
# 如果出现不能启动
[root@HK-CodeServ-242 software]# journalctl -xe
Jan 16 17:01:01 HK-CodeServ-242 CROND[13416]: (root) CMD (run-parts /etc/cron.hourly)
Jan 16 17:01:01 HK-CodeServ-242 run-parts(/etc/cron.hourly)[13419]: starting 0anacron
Jan 16 17:01:01 HK-CodeServ-242 run-parts(/etc/cron.hourly)[13425]: finished 0anacron
Jan 16 17:01:21 HK-CodeServ-242 polkitd[1007]: Registered Authentication Agent for unix-process:13428:591766 (system bus name :1.62 [/usr/bin/pkttyagent --noti
Jan 16 17:01:21 HK-CodeServ-242 systemd[1]: Starting Postfix Mail Transport Agent...
-- Subject: Unit postfix.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit postfix.service has begun starting up.
Jan 16 17:01:21 HK-CodeServ-242 aliasesdb[13434]: /usr/sbin/postconf: fatal: parameter inet_interfaces: no local interface found for ::1
Jan 16 17:01:22 HK-CodeServ-242 aliasesdb[13434]: newaliases: fatal: parameter inet_interfaces: no local interface found for ::1
Jan 16 17:01:22 HK-CodeServ-242 postfix/sendmail[13436]: fatal: parameter inet_interfaces: no local interface found for ::1
Jan 16 17:01:22 HK-CodeServ-242 postfix[13441]: fatal: parameter inet_interfaces: no local interface found for ::1
Jan 16 17:01:23 HK-CodeServ-242 systemd[1]: postfix.service: control process exited, code=exited status=1
Jan 16 17:01:23 HK-CodeServ-242 systemd[1]: Failed to start Postfix Mail Transport Agent.

# 修改配置文件
vi /etc/postfix/main.cf

inet_interfaces = localhost #将localhost修改为all

[root@HK-CodeServ-242 software]# systemctl start postfix
[root@HK-CodeServ-242 software]# systemctl enable postfix

yum安装

使用官方YUM源

curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | bash 
yum makecache fast 
yum -y install gitlab-ce 

国内源安装

vi /etc/yum.repos.d/gitlab-ce.repo 
//添加如下内容 
[gitlab-ce] 
name=Gitlab CE Repository 
baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el$releasever/ 
gpgcheck=0 
enabled=1 

yum makecache fast 
yum -y install gitlab-ce 

rpm安装

到网站下载rpm包

# 安装依赖
yum -y install curl policycoreutils-python openssh-server perl
# 安装postfix(如果没有的情况下)
yum -y install postfix 
systemctl enable postfix 
systemctl start postfix 
# 安装Gitlab
rpm -ivh gitlab-ce-13.11.3-ce.0.el7.x86_64.rpm

Gitlab部分配置

配置文件目录/etc/gitlab/gitlab.rc
配置访问地址

external_url 'https://codeserv.xxx.com'
或者
external_url 'https://codeserv.xxx.com:12312'

配置https

mkdir /etc/gitlab/ssl
# 开启强制https
nginx['redirect_http_to_https'] = true
# nginx证书位置
nginx['ssl_certificate'] = "/etc/gitlab/ssl/xxx.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/xxx.key"
# 关闭letsencrypt
letsencrypt['enable'] = false

Gitlab备份路径

# 备份路径设置
gitlab_rails['manage_backup_path'] = true
gitlab_rails['backup_path'] = "/var/opt/gitlab/backups" #备份路径
gitlab_rails['backup_keep_time'] = 604800  # gitlab备份保留7天 1209600

#如果要迁移需要手动备份
/etc/gitlab/gitlab.rb
/etc/gitlab/gitlab-secrets.json

Gitlab关闭prometheus

prometheus['enable'] = false

Gitlab 邮箱配置

gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = "xxx@qq.com" #你的QQ号邮箱
gitlab_rails['gitlab_email_display_name'] = "admin" #发件显示名称

gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qq.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "xxx@qq.com" #邮箱全名
gitlab_rails['smtp_password'] = "******"  #QQ邮箱授权码
gitlab_rails['smtp_domain'] = "qq.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true

# 完成后测试
gitlab-rails console
Notify.test_email('测试用的收件邮箱地址不是xxx@qq.com', '邮件主题', '邮件内容').deliver_now

# 测试成功后需要在新建的用户中设置接收消息配置

Gitlab初始化

# 在配置文件修改完成后执行，每次修改也需要执行这个命令加载配置
gitlab-ctl reconfigure
初始化默认管理员帐户的用户名为 root ，密码存储在/etc/gitlab/initial_root_password 文件中，此文件将在 24 小时后的第一次重新配置运行中清除

常用命令

# 启动，重启，停止gitlab
sudo gitlab-ctl start #启动
sudo gitlab-ctl restart #重启
sudo gitlab-ctl start #停止

# 查看服务状态
sudo gitlab-ctl status

# 使用控制台实时查看日志
sudo gitlab-ctl tail  #查看所有的logs; 按 Ctrl-C 退出
sudo gitlab-ctl tail gitlab-rails  #拉取/var/log/gitlab下子目录的日志
sudo gitlab-ctl tail nginx/gitlab_error.log #拉取某个指定的日志文件


vim /etc/gitlab/gitlab.rb  #查看配置文件
sudo gitlab-ctl reconfigure   #更新配置文件
gitlab-rake gitlab:check SANITIZE=true --trace  #检查gitlab
cat /opt/gitlab/embedded/service/gitlab-rails/VERSION  #查看GitLab的版本

Gitlab备份

# 定时备份,自动备份
crontab -e
0 2 * * * /opt/gitlab/bin/gitlab-rake gitlab:backup:create

#手动备份
/opt/gitlab/bin/gitlab-rake gitlab:backup:create

Gitlab还原

防止Gitlab-ce数据还原时发生PostgreSQL异常

# 异常信息
Restoring PostgreSQL database gitlabhq_production ... ERROR:  must be owner of extension pg_trgm
ERROR:  must be owner of extension btree_gist
ERROR:  must be owner of extension btree_gist
ERROR:  must be owner of extension pg_trgm
# 修改配置文件postgresql.conf
vim /var/opt/gitlab/postgresql/data/postgresql.conf
listen_addresses = '*'  # 修改为*
# 修改配置文件pg_hba.conf,最下面增加
vim /var/opt/gitlab/postgresql/data/pg_hba.conf
local   all         all                               trust
host    all         all                               127.0.0.1/32 trust
# 重启gitlab服务
gitlab-ctl restart
# 进入数据库修改
[root@CN-CodeServ-17 backups]# su - gitlab-psql #执行
-sh-4.2$ /opt/gitlab/embedded/bin/psql -h 127.0.0.1 gitlabhq_production #执行
......
gitlabhq_production=# ALTER USER gitlab WITH SUPERUSER; # 执行
ALTER ROLE
gitlabhq_production=# \q #执行
-sh-4.2$ exit #执行

停止Gitlab数据服务

gitlab-ctl stop unicorn
gitlab-ctl stop sidekiq

恢复Gitlab数据

# 拷贝备份文件到新Gitlab服务器配置文件设置的备份目录
cp 1673607956_2023_01_13_13.11.3_gitlab_backup.tar /var/opt/gitlab/backups/
# 进入备份目录
cd /var/opt/gitlab/backups
chown git:git 1673607956_2023_01_13_13.11.3_gitlab_backup.tar
# 恢复备份
# 这里有个神坑,gitlab在指定恢复的备份文件时，指定的名称在不同的版本也略有不同，13这个版本需要指定为1673607956_2023_01_13_13.11.3后面的_gitlab_backup.tar会自动补全，切记这个真的很坑
root@CN-CodeServ-17 backups]# gitlab-rake gitlab:backup:restore BACKUP=1673607956_2023_01_13_13.11.3 #恢复命令
Unpacking backup ... done
Be sure to stop Puma, Sidekiq, and any other process that
connects to the database before proceeding. For Omnibus
installs, see the following link for more information:
https://docs.gitlab.com/ee/raketasks/backup_restore.html#restore-for-omnibus-gitlab-installations

Before restoring the database, we will remove all existing
tables to avoid future upgrade problems. Be aware that if you have
custom tables in the GitLab database these tables and all data will be
removed.

Do you want to continue (yes/no)? yes  #输入yes
.....
 * liufei/site-search.design (@hashed/d4/ee/d4ee9f58e5860574ca98e3b4839391e7a356328d4bd6afecefc2381df5f5b41b.design) ... 
 * liufei/site-search.design (@hashed/d4/ee/d4ee9f58e5860574ca98e3b4839391e7a356328d4bd6afecefc2381df5f5b41b.design) ... [DONE]
2023-01-15 19:06:02 +0800 -- done
2023-01-15 19:06:02 +0800 -- Restoring uploads ... 
2023-01-15 19:06:02 +0800 -- done
2023-01-15 19:06:02 +0800 -- Restoring builds ... 
2023-01-15 19:06:02 +0800 -- done
2023-01-15 19:06:02 +0800 -- Restoring artifacts ... 
2023-01-15 19:06:07 +0800 -- done
2023-01-15 19:06:07 +0800 -- Restoring pages ... 
2023-01-15 19:06:07 +0800 -- done
2023-01-15 19:06:07 +0800 -- Restoring lfs objects ... 
2023-01-15 19:06:07 +0800 -- done
This task will now rebuild the authorized_keys file.
You will lose any data stored in the authorized_keys file.
Do you want to continue (yes/no)? yes   #输入yes

Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data 
and are not included in this backup. You will need to restore these files manually.
Restore task is done.

Gitlab迁移后部分页面报错500

方法1

在旧gitlab配置文件未删除的情况下，拷贝gitlab-secrets.json文件到新服务器替换，重启gitlab。

# 配置文件位置，复制到新gitlab
/etc/gitlab/gitlab-secrets.json
# 重新加载配置文件
gitlab-ctl reconfigure
# 重启gitlab服务
gitlab-ctl restart

方法2

若旧gitlab配置已删除，可执行以下两组命令重置相关CI的所有密钥和token。

# 进入控制台
gitlab-rails console
# 执行命令
irb(main):001:0> Ci::Runner.all.update_all(token_encrypted: nil)
# 重启gitlab服务
gitlab-ctl restart
# 进入控制台
gitlab-rails dbconsole
# 执行命令
gitlabhq_production=>  UPDATE projects SET runners_token = null, runners_token_encrypted = null;
gitlabhq_production=>  UPDATE namespaces SET runners_token = null, runners_token_encrypted = null;
gitlabhq_production=>  UPDATE application_settings SET runners_registration_token_encrypted = null;

执行完命令后，\q 退出.重启gitlab服务

Gitlab升级

Gitlab找回密码

# 1.重置root密码之前，需先使用root用户登录到gitlab所在服务器。启动Ruby on Rails控制台。
gitlab-rails console -e production

# 2.等待控制台加载完毕，有多种找到用户的方法，您可以搜索电子邮件或用户名。
user = User.where(id: 1).first
或者
user = User.find_by(email: 'admin@example.com')

# 3.现在更改密码。
user.password = '新密码'
user.password_confirmation = '新密码'

# 4.注意，必须同时更改密码和password_confirmation才能使其正常工作，最后别忘了保存更改。
user.save

root@971e942b7a70:/# gitlab-rails console -e production
--------------------------------------------------------------------------------
 Ruby:         ruby 2.7.4p191 (2021-07-07 revision a21a3b7d23) [x86_64-linux]
 GitLab:       14.3.0 (ceec8accb09) FOSS
 GitLab Shell: 13.21.0
 PostgreSQL:   12.7
--------------------------------------------------------------------------------
Loading production environment (Rails 6.1.3.2)
irb(main):001:0> user = User.where(id: 1).first
=> #<User id:1 @root>
irb(main):002:0> user.password = 'admin1234'
=> "admin1234"
irb(main):004:0> user.password_confirmation = 'admin1234'
=> "admin1234"
irb(main):005:0> user.save
Enqueued ActionMailer::MailDeliveryJob (Job ID: 191a2ed7-0caa-4122-bd06-19c32bffc50c) to Sidekiq(mailers) with arguments: "DeviseMailer", "password_change", "deliver_now", {:args=>[#<GlobalID:0x00007f72f7503158 @uri=#<URI::GID gid://gitlab/User/1>>]}
=> true