CentOS 6.x搭建Gitlab

Gitlab简介

GitLab是一个使用 Ruby on Rails 开发的开源应用程序,与Github类似,能够浏览源代码,管理缺陷和注释,非常适合在团队内部使用。
GitLab服务有以下8部分组成:
1.Packages / Dependencies
2.Ruby
3.System Users
4.Database:MySql/PostgreSQL
5.Redis
6.GitLab
7.Web Server:Nginx/Apache
8.Firewall

安装说明

1.此教程适用于centos6.x安装gitlab
2.使用root帐号登录系统,如果不是root登录使用su root切换为root
3.你也可以参考:
官方centos文档
官方Ubuntu文档

安装Gitlab所需要的依赖

Add EPEL repository

EPEL即Extra Packages for Enterprise Linux,这个软件仓库里有很多非常常用的软件,而且是专门针对RHEL设计的,对RHEL标准yum源是一个很好的补充,完全免费使用,由Fedora项目维护,所以如果你使用的是RHEL,或者CentOS,Scientific等RHEL系的linux,可以非常放心的使用EPEL的yum源。

下载并安装GPG key

wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 https://www.fedoraproject.org/static/0608B895.txt
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
检查是否安装成功
rpm -qa gpg* 成功后会输出:
gpg-pubkey-0608b895-4bd22942
接着安装epel-release-6-8.noarch包
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
提示:不要在意x86_64,在i686的机器上一样能使用。

Add PUIAS Computational repository

PUIAS Linux是面向桌面和服务器的完整的操作系统,它靠编译Red Hat Enterprise Linux的源代码包来创建。除了这些上游的软件包外,该项目还提供一些其他的软件仓库:“Addons”包含了通常的Red Hat发行中未收入的额外软件包,“Computational”提供专门针对科学计算的软件,“Unsupported”则收入各种各样的测试性软件 包。该发行由美国普林斯顿 大学的高等研究所维护。

下载PUIAS repo
wget -O /etc/yum.repos.d/PUIAS_6_computational.repo https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/install/centos/PUIAS_6_computational.repo
下载并安装GPG key
wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-puias http://springdale.math.ias.edu/data/puias/6/x86_64/os/RPM-GPG-KEY-puias
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-puias
检查是否安装成功
rpm -qa gpg* 
成功会输出:
gpg-pubkey-41a40948-4ce19266

Install the required tools for GitLab

yum -y update
yum -y groupinstall 'Development Tools'
yum -y install readline readline-devel ncurses-devel gdbm-devel glibc-devel tcl-devel openssl-devel curl-devel expat-devel db4-devel byacc sqlite-devel libyaml libyaml-devel libffi libffi-devel libxml2 libxml2-devel libxslt libxslt-devel libicu libicu-devel system-config-firewall-tui redis sudo wget crontabs logwatch logrotate perl-Time-HiRes git cmake libcom_err-devel.i686 libcom_err-devel.x86_64 nodejs
RHEL提示
如果部分包不能安装,例如: eg. gdbm-devel, libffi-devel and libicu-devel,那么增加rhel6的安装源。
yum-config-manager --enable rhel-6-server-optional-rpms
提示:安装过程中,有些文件需要我们手动配置,如果你熟悉vim就是用vim配置,否则使用默认的编辑器。
# Install vim and set as default editor
yum -y install vim-enhanced
update-alternatives --set editor /usr/bin/vim.basic
# For reStructuredText markup language support, install required package:
yum -y install python-docutils

Install mail server

yum -y install postfix

Configure the default editor

ln -s /usr/bin/vim /usr/bin/editor

Git安装

确保git的版本>1.7.10
git --version
如果低于1.7.10
yum -y remove git
安装git的依赖程序
yum install -y libcurl4-openssl-dev libexpat1-dev gettext libz-dev libssl-dev build-essential
下载并安装git
mkdir /tmp/git && cd /tmp/git
curl --progress https://www.kernel.org/pub/software/scm/git/git-2.4.3.tar.gz | tar xz
cd git-2.4.3/
./configure
make
make prefix=/usr/local install
确认git安装到 $PATH
which git
提示:使用yum安装的git目录为:/usr/bin/git,下载安装的git目录为:/usr/local/bin/git,这个在之后gitlab.yml中需要修改。

Ruby安装

卸载掉旧版本的ruby
yum remove ruby
这里使用2.0以上的版本
ruby -v
mkdir /tmp/ruby && cd /tmp/ruby
curl --progress https://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.3.tar.gz | tar xz
cd ruby-2.2.3
./configure --disable-install-rdoc
make
make prefix=/usr/local install
检查ruby是否安装成功
which ruby
# /usr/local/bin/ruby
替换Ruby gem源
gem sources -l
# 移除https://rubygems.org源
gem sources --remove https://rubygems.org/
# 增加http://ruby.taobao.org/源
gem sources -a https://ruby.taobao.org/
# 更新缓存
gem sources -u
安装Bundler
gem install bundler --no-doc

为Gitlab创建git用户

adduser --system --shell /bin/bash --comment 'GitLab' --create-home --home-dir /home/git/ git
重要:
执行
visudo
找到
Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
改为:
Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
保存并退出
```

## 安装MySQL
```Shell`
安装:
yum install -y mysql-server mysql-devel
chkconfig mysqld on
service mysqld start
设置mysql root账号的密码:
mysql_secure_installation
用root登录mysql
mysql -u root -p
创建新用户和数据库给gitlab使用
CREATE USER 'git'@'localhost' IDENTIFIED BY '这里改为你自己的密码';
SET storage_engine=INNODB;
创建gitlab使用的数据库
CREATE DATABASE IF NOT EXISTS`gitlabhq_productionDEFAULT CHARACTER SETutf8COLLATEutf8_unicode_ci`;
给予gitlab用户权限
GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON`gitlabhq_production`.* TO 'git'@'localhost';
退出:q
检查是否能用git帐号登录数据库
sudo -u git -H mysql -u git -p -D gitlabhq_production
退出:q

配置Redis

chkconfig redis on
cp /etc/redis.conf /etc/redis.conf.orig
sed 's/^port .*/port 0/' /etc/redis.conf.orig | sudo tee /etc/redis.conf
echo 'unixsocket /var/run/redis/redis.sock' | sudo tee -a /etc/redis.confecho -e 'unixsocketperm 0770' | sudo tee -a /etc/redis.conf
mkdir /var/run/redis
chown redis:redis /var/run/redis
chmod 755 /var/run/pedis
重启redis:
service redis restart
将git用户添加到redis组
usermod -aG redis git

Gitlab安装

cd /home/git
克隆GitLab并切换分支到8-2-stable(你可以选择更新的版本)
sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 8-2-stable gitlab
配置GitLab
# Go to GitLab installation folder
cd /home/git/gitlab
# Copy the example GitLab config
sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml
# Update GitLab config file, follow the directions at top of file
# 不要忘记修改gitlab.yml中git的路径
sudo -u git -H editor config/gitlab.yml
# Copy the example secrets file
sudo -u git -H cp config/secrets.yml.example config/secrets.yml
sudo -u git -H chmod 0600 config/secrets.yml
# Make sure GitLab can write to the log/ and tmp/ directories
sudo chown -R git log/
sudo chown -R git tmp/
sudo chmod -R u+rwX,go-w log/
sudo chmod -R u+rwX tmp/
# Make sure GitLab can write to the tmp/pids/ and tmp/sockets/ directories
sudo chmod -R u+rwX tmp/pids/
sudo chmod -R u+rwX tmp/sockets/
# Make sure GitLab can write to the public/uploads/ directory
sudo chmod -R u+rwX  public/uploads
# Change the permissions of the directory where CI build traces are stored
sudo chmod -R u+rwX builds/
# Change the permissions of the directory where CI artifacts are stored
sudo chmod -R u+rwX shared/artifacts/
# Copy the example Unicorn config
sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb
# Find number of cores
nproc
# Enable cluster mode if you expect to have a high load instance
# Set the number of workers to at least the number of cores
# Ex. change amount of workers to 3 for 2GB RAM server
sudo -u git -H editor config/unicorn.rb
# Copy the example Rack attack config
sudo -u git -H cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb
# Configure Git global settings for git user, used when editing via web editor
sudo -u git -H git config --global core.autocrlf input
# Configure Redis connection settings
sudo -u git -H cp config/resque.yml.example config/resque.yml
# Change the Redis socket path if you are not using the default Debian / Ubuntu configuration
sudo -u git -H editor config/resque.yml

注:

这里如果提示没有路径,就手动创建文件夹

配置GitLab数据库

sudo -u git cp config/database.yml.mysql config/database.yml
# 修改其中username和password即可,其中密码就是上面数据库步骤中创建gitlab用户的密码
sudo -u git -H editor config/database.yml
# 确保该文件只有git账号有权限读取
sudo -u git -H chmod o-rwx config/database.yml

安装GitLab需要的Gems

cd /home/git/gitlab
接着修改Gemfile中的https://rubygems.org为https://ruby.taobao.org
sudo -u git -H bundle install --deployment --without development test postgres aws kerberos

安装GitLabShell

# Run the installation task for gitlab-shell (replace`REDIS_URL` if needed):
sudo -u git -H bundle exec rake gitlab:shell:install REDIS_URL=unix:/var/run/redis/redis.sock RAILS_ENV=production
# By default, the gitlab-shell config is generated from your main GitLab config.
# You can review (and modify) the gitlab-shell config as follows:
sudo -u git -H editor /home/git/gitlab-shell/config.yml
# Ensure the correct SELinux contexts are set
# Read http://wiki.centos.org/HowTos/Network/SecuringSSH
restorecon -Rv /home/git/.ssh

安装gitlab-workhorse

gitlab-workhorse是用go语言写的一个small daemon,所以先要安装go语言编译器

yum install go
接着安装gitlab-workhorse
cd /home/git
sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-workhorse.git
cd gitlab-workhorse
sudo -u git -H git checkout 0.4.2
sudo -u git -H make

初始化gitlab数据库并激活高级功能

# Go to GitLab installation folder
cd /home/git/gitlab
sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production
# Type 'yes' to create the database tables.
# 这里会生成你的管理员帐号和密码请牢记

安装启动脚本

sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab
chmod +x /etc/init.d/gitlab
chkconfig --add gitlab
chkconfig gitlab on
cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab

检测应用程序状态并编译Assets

sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production
编译完成后就可以启动gitlab了
service gitlab start

Nginx安装

yum install yum-fastestmirror
yum update
yum -y install nginx
查看nginx版本
nginx -v

如果不是最新版本使用下面的命令进行升级

cd /etc/yum.repos.d/ 
vim nginx.repo

输入下面的文本

# nginx.repo    
[nginx]  
name=nginx repo  
baseurl=http://nginx.org/packages/centos/6/$basearch/  
gpgcheck=0  
enabled=1

升级nginx

yum update nginx

配置Nginx

把nginx加入git用户组
usermod -a -G git nginx
chmod g+rx /home/git/
chown -R git /etc/nginx 
编辑/etc/nginx/nginx.conf,将 include /etc/nginx/conf.d/*.conf; 改为 include /etc/nginx/sites-enabled/*;,就是修改额外加载的配置文件目录
修改nginx.conf文件总的user 为git
Site Configuration
mkdir /etc/nginx/sites-available
mkdir /etc/nginx/sites-enabled
cd /home/git/gitlab
sudo cp lib/support/nginx/gitlab /etc/nginx/sites-available/gitlab
sudo ln -s /etc/nginx/sites-available/gitlab /etc/nginx/sites-enabled/gitlab

启动nginx服务

chkconfig nginx on
service nginx start

注:

如果遇到Starting nginx: nginx: emerg bind() to 0.0.0.0:80 failed (98: Address already use)
编辑/etc/nginx/sites-available/gitlab,将 listen :::80 default_server; 改为 listen :::80 ipv6only=on default_server;

防火墙配置

lokkit -s http -s https -s ssh
service iptables restart

完成安装

现在可以在浏览器中访问http://localhost
如果没有问题是可以访问成功的,如果有问题请看“问题记录”

问题记录

如果nginx出现502 Bad gateWay,可以去查看gitlab和nginx的日志

# 这里有gitlab访问的日志
cd /etc/log/nginx/

如果日志中错误为:connect() to unix:/home/git/gitlab/tmp/sockets/gitlab.socket failed (13: Permission denied) while connecting to upstream,

# 关闭selinux防火墙
setenforce 0

数据备份

有两台服务器,一台作为正常使用,一台作为备份服务器,两台机器的Gitlab版本必须相同,不然恢复的时候会很麻烦。
假设A为正常使用服务器,B为备份服务器。
1.使A机器能够无密码远程访问B机器

ssh-keygen -t rsa
scp /root/.ssh/id_rsa.pub [email protected]:/root/.ssh/authorized_keys

2.编写gitlab_backup.sh(名字可以随便起)脚本,下面是脚本中的代码

# !/bin/bash
### 将下面的IP替换为你自己备份服务器的IP
REMOTE_SERVER_ADDR=192.168.1.210
GITLABDIR=/home/git/gitlab
GITLAB_BACKUP_DIR=${GITLABDIR}/tmp/backups/
cd ${GITLABDIR}
sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
ERROR=$?
if [ $ERROR -gt 0 ]; then
exit $ERROR
fi
ssh ${REMOTE_SERVER_ADDR} "rm -f ${GITLAB_BACKUP_DIR}/*.tar"
scp tmp/backups/*_gitlab_backup.tar [email protected]${REMOTE_SERVER_ADDR}:/home/git/gitlab/tmp/backups/

3.修改gitlab.yml中keep_time为18000(这个单位是秒,即将备份文件保留5小时,下次执行备份会自动删除)

cd /home/git/gitlab
editor config/gitlab.yml

4.将gitlab_backup.sh加入到crontab的定时任务中

crontab -e

接着输入一下代码,我这里shell脚本的路径为/home/git/gitlab_backup.sh,你可以换成你的位置
我设置的时间是每天凌晨2点执行,你可以百度crontab了解更多

0 2 * * * /home/git/gitlab_backup.sh

5.脚本中用了sudo会提示执行sudo需要终端,所以编辑 /etc/sudoers 文件,将Default requiretty注释掉即可。