墨 痕

 最近在系统的学习Git,需要用到远程仓库,于是想搭个GitLab玩玩。没想到想玩好GitLab也不是件容易的事情,即便是按照教程来搭都折腾了挺久,GitLab对各软件版本的要求比较苛刻,所以搭建起来也比较麻烦,在此记录一下搭建的过程以便备忘,其实如果不想折腾可直接使用GitHub
 本文记录在CentOS6.4 64bit上搭建GitLab的过程,搭建GitLab需要涉及到如下软件:

  • Git
  • Ruby
  • MySQL
  • Redis
  • GitLab
  • GitLab-shell
  • Gem
  • Nginx

安装依赖

 添加EPEL源

1
2
3
4
5
6
7
shell> wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 https://www.fedoraproject.org/static/0608B895.txt 
shell> rpm
shell> rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

#验证安装
shell> rpm -qa gpg-pubkey
gpg-pubkey-0608b895-4bd22942

 添加puias源

1
2
3
4
5
6
7
shell> wget -O /etc/yum.repos.d/PUIAS_6_computational.repo https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/install/centos/PUIAS_6_computational.repo
shell> wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-puias http://springdale.math.ias.edu/data/puias/6/x86_64/os/RPM-GPG-KEY-puias
shell> rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-puias

#验证安装
shell> rpm -qa gpg-pubkey
gpg-pubkey-41a40948-4ce19266

 查看以上添加的EPEL和puias源

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
shell> yum repolist
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* PUIAS_6_computational: puias.math.ias.edu
* base: ftp.sjtu.edu.cn
* extras: mirrors.nwsuaf.edu.cn
* updates: ftp.sjtu.edu.cn
PUIAS_6_computational | 3.3 kB 00:00
PUIAS_6_computational/primary_db | 1.9 MB 00:15
repo id repo name status
PUIAS_6_computational PUIAS computational Base 6 - x86_64 2,837
base CentOS-6 - Base 6,575
epel Extra Packages for Enterprise Linux 6 - x86_64 11,764
extras CentOS-6 - Extras 35
treasuredata TreasureData 14
updates CentOS-6 - Updates 298
repolist: 21,523

 安装依赖包

1
2
yum -y groupinstall 'Development Tools'
yum -y install gcc-c++ readline-devel zlib-devel libffi-devel openssl-devel make autoconf automake libtool bison libxml2-devel libxslt-devel libyaml-devel

添加Git系统用户

1
2
3
4
shell> adduser --system --shell /bin/bash --comment 'GitLab' --create-home --home-dir /home/git/ git
#将/usr/local/bin添加到系统默认路径
shell> visudo
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin

编译安装Git

 需要确保Git的版本在1.7.10或以上,CentOS6.4通过yum的版本是1.7.1,要手动编译安装更高版本

1
2
3
4
5
6
7
8
#如果通过yum安装过Git,需要先删除
shell> yum remove git
shell> yum install zlib-devel perl-CPAN gettext curl-devel expat-devel gettext-devel openssl-devel
shell> wget https://www.kernel.org/pub/software/scm/git/git-2.5.3.tar.gz
shell> tar -zxf git-2.5.3.tar.gz && cd git-2.5.3
shell> ./configure && make && make prefix=/usr/local install
shell> git --version
git version 2.5.3

编译安装ruby

ruby需要2.0+的版本,CentOS6.4通过yum安装的版本是1.8

1
2
3
4
5
6
7
#如果通过yum安装过ruby,需要先删除
shell> yum remove ruby
shell> wget ftp://ftp.ruby-lang.org/pub/ruby/2.1/ruby-2.1.2.tar.gz
shell> tar -zxf ruby-2.1.2.tar.gz && cd ruby-2.1.2
shell> ./configure --disable-install-rdoc && make && make prefix=/usr/local install
shell> ruby -v
ruby 2.1.2p95 (2014-05-08 revision 45877) [x86_64-linux]

 安装bundler,由于https://rubygems.org/被墙,需要修改ruby源

1
2
3
4
shell> gem sources --remove https://rubygems.org/
shell> gem sources -a https://ruby.taobao.org/
shell> gem sources -l
shell> gem install bundler --no-doc

安装MySQL数据库

 官方推荐使用MySQLPostgreSQL作为数据库,如果使用MySQL版本需要高于5.5.14,CentOS6.4通过yum默认安装版本为5.1.73,这里使用yum安装5.5.45
 安装MySQL 5.5.45

1
2
3
4
5
6
7
8
9
10
11
12
13
shell> rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
shell> rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
shell> yum --enablerepo=remi,remi-test install mysql mysql-server mysql-devel
shell> mysql --version
mysql Ver 14.14 Distrib 5.5.45, for Linux (x86_64) using readline 5.1
shell> /etc/init.d/mysqld start
shell> mysql_secure_installation
#mysql_secure_installation作用
#为root用户设置密码
#删除匿名账号
#取消root用户远程登录
#删除test库和对test库的访问权限
#刷新授权表使修改生效

 创建GitLab所需数据库用户

1
2
3
shell > mysql -uroot -p
mysql> CREATE USER 'git'@'localhost' IDENTIFIED BY 'gitlab';
mysql> FLUSH PRIVILEGES;

 GitLab需要用INNODB,设置默认存储引擎为INNODB
  配置文档设置my.cnf

1
2
[mysqld]
default-storage-engine = innodb

  命令行设置

1
2
3
4
5
6
7
8
mysql> SET storage_engine=INNODB;
mysql> SHOW VARIABLES LIKE '%engine';
+------------------------+---------+
| Variable_name | Value |
|------------------------+---------|
| default_storage_engine | InnoDB |
| storage_engine | InnoDB |
+------------------------+---------+

 创建GitLab相关数据库及授权

1
2
3
mysql> CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
mysql> GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `gitlabhq_production`.* TO 'git'@'localhost';
mysql> FLUSH PRIVILEGES;

 登陆验证

1
shell> mysql -ugit -p -D gitlabhq_production

安装Redis

 使用yum安装Redis,完全按照官方文档配置无任何优化

1
2
3
4
5
6
7
8
9
shell> yum install redis
shell> cp /etc/redis.conf /etc/redis.conf.org
shell> sed 's/^port .*/port 0/' /etc/redis.conf.org |tee /etc/redis.conf
shell> echo 'unixsocket /var/run/redis/redis.sock' |tee -a /etc/redis.conf
shell> echo -e 'unixsocketperm 0770' |tee -a /etc/redis.conf
shell> chown redis:redis /var/run/redis
shell> chmod 755 /var/run/redis
shell> usermod -aG redis git
shell> /etc/init.d/redis start

安装GitLab

GitLab配置

 在配置文档config/unicorn.rb时中有个timeout设置,若机器性能差需要将timeout值设置大些,否则GitLab在初始化时可能超时
host最好填域名,此处使用HTTPS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
shell> cd /home/git
shell> sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 7-4-stable gitlab
shell> cd gitlab/
shell> sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml
shell> sudo -u git -H vim config/gitlab.yml
gitlab:
host: yourdomain
port: 443
https: true
shell> chown -R git log/
shell> chown -R git tmp/
shell> chmod -R u+rwX log/
shell> chmod -R u+rwX tmp/
shell> chmod -R u+rwX tmp/pids/
shell> chmod -R u+rwX tmp/sockets/
shell> chmod -R u+rwX public/uploads
shell> sudo -u git -H mkdir /home/git/gitlab-satellites
shell> chmod u+rwx,g=rx,o-rwx /home/git/gitlab-satellites
shell> sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb
#查看系统核心数
shell> nproc
shell> sudo -u git -H vim config/unicorn.rb
worker_processes 核心数

配置全局用户及邮箱

 此处使用163邮箱作为GitLab的发送邮箱

1
2
3
4
shell> sudo -u git -H cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb
shell> sudo -u git -H git config --global user.name "GitLab"
shell> sudo -u git -H git config --global user.email "[email protected]"
shell> sudo -u git -H git config --global core.autocrlf input

GitLab SMTP设置

GitLab默认使用Sendmail进行邮件的发送,邮件发送配置比较重要,当新建用户时GitLab会发送一封邮件给用户并要求重置密码,若要使用SMTP发送邮件则需如下配置(此处用的是163邮箱)。
 编辑配置文档sudo -u git -H vim /home/git/gitlab/config/environments/production.rb

1
config.action_mailer.delivery_method= :smtp

 编辑配置文档sudo -u git -H vim /home/git/gitlab/config/initializers/smtp_settings.rb
domain选项用于重置密码时访问的GitLab域名,根据自身情况配置,如domain: "test.com:8080"
enable_starttls_auto假若SMTP没有开启加密连接则此值设置为false

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
shell> cp /home/git/gitlab/config/initializers/smtp_settings.rb.sample /home/git/gitlab/config/initializers/smtp_settings.rb
#smtp_settings.rb
if Rails.env.production?
Gitlab::Application.config.action_mailer.delivery_method = :smtp

ActionMailer::Base.smtp_settings = {
address: "smtp.163.com",
port: 25,
user_name: "[email protected]",
password: "password",
domain: "domain.com",
authentication: :login,
enable_starttls_auto: false
}
end

 假若SMTP服务器只允许以用登陆方式发送邮件,则还需要配置sudo -u git -H vim /home/git/gitlab/config/gitlab.yml

1
email_from: username@163.com

GitLab连接Redis配置

 假若redis有自定义优化配置,则按自身需求修改配置文档sudo -u git -H vim /home/git/gitlab/config/resque.yml,否则按照默然配置(此处按照默认)

1
shell> sudo -u git -H cp /home/git/gitlab/config/resque.yml.example /home/git/gitlab/config/resque.yml

GitLab连接MySQL配置

 根据自身MySQL配置修改文档

1
2
3
4
5
6
7
8
9
10
11
12
13
shell> sudo -u git cp /home/git/gitlab/config/database.yml.mysql /home/git/gitlab/config/database.yml
shell> sudo -u git -H vim /home/git/gitlab/config/database.yml
production:
adapter: mysql2
encoding: utf8
collation: utf8_general_ci
reconnect: false
database: gitlabhq_production
pool: 10
username: git
password: "gitlab"
host: localhost
socket: /var/lib//mysql.sock

安装Gem

 如果太慢或根本无法下载安装,则可把/home/git/gitlab/Gemfile中的源需要改成淘宝的源
 安装前需要先安装libicu-devel及cmake,否则会报错An error occurred while installing charlock_holmes (0.6.9.4)/rugged (0.21.2), and Bundler cannot continue.

1
2
3
4
5
6
shell> yum -y install libicu-devel cmake

#修改源
shell> sudo -u git -H vim /home/git/gitlab/Gemfile
source 'https://ruby.taobao.org/'
shell> sudo -u git -H bundle install --deployment --without development test postgres aws

安装GitLat shell

 根据自身情况可修改GitLab shell的配置文档sudo -u git -H vim /home/git/gitlab-shell/config.yml
GitLab-shell的版本使用2.0.1,原本使用2.2.0版本但在git push的时候会报错,此为GitLab-shell版本的问题导致。可以通过sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production该命令检查GitLab-shell是否正确
git push时报错内容如下:

1
2
3
4
5
Check GitLab API access: /home/git/gitlab-shell/lib/gitlab_net.rb:122:in `read': No such file or directory @ rb_sysopen - /home/git/gitlab-shell/.gitlab_shell_secret (Errno::ENOENT)
from /home/git/gitlab-shell/lib/gitlab_net.rb:122:in `secret_token'
from /home/git/gitlab-shell/lib/gitlab_net.rb:79:in `get'
from /home/git/gitlab-shell/lib/gitlab_net.rb:39:in `check'
from /home/git/gitlab-shell/bin/check:11:in `<main>''

2.2.0版本试过有问题,git push报错,请使用2.0.1版本
shell> sudo -u git -H bundle exec rake gitlab:shell:install[v2.2.0] REDIS_URL=unix:/var/run/redis/redis.sock RAILS_ENV=production

1
shell> sudo -u git -H bundle exec rake gitlab:shell:install[v2.0.1] REDIS_URL=unix:/var/run/redis/redis.sock RAILS_ENV=production

/home/git/gitlab-shell/config.yml的配置,是否使用HTTPS决定某些配置项的细微差别(以下是使用HTTPS)
gitlab_urlself_signed_cert的配置必须匹配,否则在git push的时候会报错

1
2
3
4
5
6
7
8
9
10
11
12
13
14
toc: true
---
user: git
gitlab_url: https://yourdomain/
http_settings:
self_signed_cert: true
repos_path: "/home/git/repositories/"
auth_file: "/home/git/.ssh/authorized_keys"
redis:
bin: "/usr/bin/redis-cli"
namespace: resque:gitlab
socket: "/var/run/redis/redis.sock"
log_level: INFO
audit_usernames: false

初始化数据库

 设置GitLab的root用户密码并初始化数据库

1
shell> sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD=your_gitlab_root_passwd

下载GitLab脚本

 下载管理GitLab的脚本,设置logrotate,检查应用状态

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
shell> wget -O /etc/init.d/gitlab https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/init/sysvinit/centos/gitlab-unicorn --no-check-certificate
shell> chmod a+x /etc/init.d/gitlab
shell> cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab
shell> sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
System information
System: CentOS 6.4
Current User: git
Using RVM: no
Ruby Version: 2.1.2p95
Gem Version: 2.2.2
Bundler Version:1.10.6
Rake Version: 10.3.2
Sidekiq Version:2.17.0

GitLab information
Version: 7.4.5
Revision: 19d572e
Directory: /home/git/gitlab
DB Adapter: mysql2
URL: http://yourdomain
HTTP Clone URL: http://yourdomain/some-project.git
SSH Clone URL: git@yourdomain:some-project.git
Using LDAP: no
Using Omniauth: no

GitLab Shell
Version: 2.0.1
Repositories: /home/git/repositories/
Hooks: /home/git/gitlab-shell/hooks/
Git: /usr/bin/git
shell> sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production
shell> /etc/init.d/gitlab start

配置Nginx

 要通过web访问需要配置web服务器,这里选择Nginx。
 配置主要是修改server_name,自定义日志路径等。可适当调大client_max_body_size的值(防止推送时数据过大而出错)

1
2
3
4
5
6
7
8
9
10
#使用SSL
shell> wget -O /usr/local/nginx/conf/vhosts/gitlab.conf https://gitlab.com/gitlab-org/gitlab-ce/raw/master/lib/support/nginx/gitlab-ssl --no-check-certificate

#不使用SSL
shell> wget -O /usr/local/nginx/conf/vhosts/gitlab.conf https://gitlab.com/gitlab-org/gitlab-ce/raw/master/lib/support/nginx/gitlab --no-check-certificate

#生成证书,将gitlab.crt和gitlab.key放到Nginx配置文档gitlab.conf中ssl指定的目录下
shell> openssl req -new -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key

shell> usermod -a -G git nginx && chmod g+rx /home/git/

关于git clone

 一般从远程库克隆仓库到本地使用git clone命令,克隆有两种方式SSH(git clone [email protected]_server:username/repo_name.git)和HTTPS(git clone https://gitlab_server/username/repo_name.git)。假若添加了SSH KEY就使用SSH即可,但为了使用HTTPS方式克隆,折腾了很久!又是安装gitlab-git-http-server又是安装GO,网上搜索折腾了很久都无果,最后灵机一动搞定了!

 假若HTTPS方式克隆报错Peer certificate cannot be authenticated with known CA certificates,则在需要克隆的机器上的~/.bash_profile添加

1
2
3
4
export GIT_SSL_NO_VERIFY=1

#添加后重新加载
shell> source ~/.bash_profile

 CentOS上使用yum安装的git版本为1.7.1,在使用git clone克隆GitLab仓库时若出现如下报错则需要手动编译2.0版本以上的git(编译安装详见上文)

1
2
error:  while accessing https://gitlab_server/username/repo_name.git/info/refs
fatal: HTTP request failed

 GitLab默认的Nginx配置文档中定义了规则,将HTTPS方式克隆的请求转到gitlab-git-http-server.socket,问题是GitLab默认并没有启用gitlab-git-http-server。若要安装gitlab-git-http-server则需先安装Go,当安装好gitlab-git-http-server后发现仍然无法使用。最后抱着试试看的心态将upstream转到gitlab.socket而非gitlab-git-http-server.socket,然后HTTPS方式的克隆就搞定了!

1
2
3
4
5
6
7
8
9
10
11
12
13
upstream gitlab-git-http-server {
#默认配置
#server unix:/home/git/gitlab/tmp/sockets/gitlab-git-http-server.socket fail_timeout=0;

#修改后
server unix:/home/git/gitlab/tmp/sockets/gitlab.socket fail_timeout=0;
}


location ~ [-/w.]+.git/ {
#其余详细配置省略
proxy_pass http://gitlab-git-http-server;
}