本文章适用于需要自建gitlab代码管理系统(仅供参考)
1. gitLab目录结构介绍
这是您按照此页面的说明最终得到的主目录结构:
|-- home
| |-- git
| |-- .ssh
| |-- gitlab
| |-- gitlab-shell
| |-- repositories
-
/home/git/.ssh:包含 OpenSSH 设置。其中authorized_keys为GitLab Shell 管理的文件。 -
/home/git/gitlab: GitLab 核心软件。 -
/home/git/gitlab-shell: GitLab的核心附加组件。维护 SSH 克隆和其他功能。 -
/home/git/repositories:按名称空间组织的所有项目的裸存储库。这是为所有项目维护推/拉的 Git 存储库的地方。该区域包含项目的关键数据。 保留备份。 - 关于gitlab配置可以在
config/gitlab.yml和config.yml进行配置gitlab默认存储的路径。 - 有关更深入的概述,请参阅GitLab 架构文档。
2. gitLab依赖组件说明
如下为源码部署gitlab服务依赖的组件介绍 :
组件 | 版本 |
系统 | Centos 7.6 |
ruby | 2.7.4 |
git | 2.29.0 |
redis | 5.0.4 |
node | 14.8 |
postgresql | 12.4 |
gitlab | 13-10-stable |
nginx | 1.16.10 |
3. gitLab依赖环境说明
GitLab服务部署需要安装包括设置以下组件:
1.基础软件及依赖包安装
2.git客户端安装
3.Ruby环境安装
4.Go环境安装
5.Node环境安装
6.git服务用户创建
7.数据库安装
8.Redis安装
9.GitLab安装
10.NGINX安装
4. 源码部署gitlab服务
4.1 基础软件及依赖包安装
4.1.1 安装基础工具以及优化bash执行路径
yum install wget telnet iftop -y
编辑/etc/sudoers,添加/usr/local/{bin,sbin}路径,修改结果如下:
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
4.1.2 添加epel扩展源
# 下载扩展源信任的GPL-KEY
wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 \
https://mirrors.tuna.tsinghua.edu.cn/epel/RPM-GPG-KEY-EPEL-7 \
--no-check-certificate
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
# 安装扩展源
rpm -Uvh \
http://mirrors.ustc.edu.cn/epel/epel-release-latest-7.noarch.rpm
yum -y install epel-release
4.1.3 安装gitlab服务编译需要的依赖包
yum groupinstall "Development tools"
yum install autoconf automake bison \
zlib-devel libyaml-devel gdbm-devel \
re2-devel readline-devel ncurses-devel libffi-devel \
curl openssh-server libxml2-devel libxslt-devel \
openssl-devel libcurl-devel libicu-devel logrotate \
rsync python-docutils pkgconfig cmake
4.1.4 升级cmake
因为gitlab bundle编译时需要cmake3,因此需要将cmake升级至3
yum remove cmake -y
yum install cmake3 -y
cd /usr/bin
ln -sf cmake3 cmake
4.1.5 安装runit(可选)
curl -s https://packagecloud.io/install/repositories/imeyer/runit/script.rpm.sh |sudo bash
yum install runit-2.1.1-7.el7.centos.x86_64
4.1.6 安装GraphicsMagick
yum install GraphicsMagick -y4.1.7 安装postfix
yum install postfix -y4.1.7 安装perl-Image-ExifTool
yum install perl-Image-ExifTool -y4.2 git客户端安装
从 GitLab 13.6 开始,我们建议您使用Gitaly 提供的Git 版本,理由如下 :
- 始终处于 GitLab 所需的版本。
- 可能包含正确操作所需的自定义补丁。
4.2.1 卸载原有的git以及安装所需的依赖项:
sudo yum install \
curl-devel expat-devel gettext-devel \
openssl-devel zlib-devel pcre2-devel -y
4.2.2 安装git
# 下载git源码包
cd /usr/local/src
wget \
https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.29.2.tar.gz \
--no-check-certificate
# 编译安装
tar zxf git-2.29.2.tar.gz
cd git-2.29.2
./configure --prefix=/usr/local/git-2.29.2 --with-libpcre
make -j24 && make install -j24
4.2.3 基于gitaly安装git,并删除源码编译的git
# 克隆gitaly源码包
cd /usr/local/src
git clone https://gitlab.com/gitlab-org/gitaly.git -b 13-10-stable gitaly
# 安装gitaly匹配的git
cd /usr/local/src/gitaly
vim Cmakefile 将git替换为安装后的git路径
make git GIT_PREFIX=/usr/local/git-2.29.0
# 优化git执行路径
yum remove -y git-core
cd /usr/local
ln -sf git-2.29.0 git
ln -sf /usr/local/git/bin/git* /usr/bin/
# 确认git版本是否正确以及pcre是否支持
# git --version
显示为git version 2.29.0即为正常
# ldd $(which git) | grep pcre2
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fc3b65af000)
看到上述输出即为正常
注意:
- 基于gitaly安装git需要原有git版本高于2.20以上,gitaly源码中默认git路径为:/usr/bin/git,即低版本git,因此需要替换为源码编译安装的git执行路径,否则会报如下错误:
error: unknown option `initial-branch=master'
usage: git init [-q | --quiet] [--bare] [--template=<template-directory>] [--shared[=<permissions>]] [directory]
--template <template-directory>
directory from which templates will be used
--bare create a bare repository
--shared[=<permissions>]
specify that the git repository is to be shared amongst several users
-q, --quiet be quiet
--separate-git-dir <gitdir>
separate git dir from working tree
make: *** [/usr/local/src/gitaly/_build/deps/git/install/bin/git] Error 129
- 选择基于gitaly安装的git是为了更好兼容gitlab服务组件,以及包括中间补丁修复。
4.3 ruby环境安装
# 卸载旧有的ruby
yum remove ruby -y
# 下载rub源码包
cd /usr/local/src/
wget \
https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.4.tar.gz
# 解压ruby压缩包
tar xzf ruby-2.7.4.tar.gz
# 源码安装编译ruby
cd ruby-2.7.4
./configure --prefix=/usr/local/ruby-2.7.4 \
--disable-install-rdoc \
--enable-shared
make -j24 && make install -j24
# 优化ruby执行路径
cd /usr/local
ln -sf ruby-2.7.4 ruby
ln -sf /usr/local/ruby/bin/{bundle,gem,rake,ruby} /usr/local/bin/
4.4 go环境安装
# 删除就有go环境
rm /usr/local/go
# 下载go源码安装包
cd /usr/local/src
wget \
https://mirrors.ustc.edu.cn/golang/go1.16.10.linux-amd64.tar.gz
# 解压go源码安装包
cd /usr/local/src
tar -zxf go1.16.10.linux-amd64.tar.gz -C /usr/local
mv /usr/local/go /usr/local/go-1.16.10
ln sf go-1.16.10 go
ln -sf /usr/local/go/bin/{go,gofmt} /usr/local/bin/
# 确认go环境是否ok
go version
显示如下信息即表示正常:
go version go1.16.10 linux/amd64
4.5 node环境安装
# 安装node rmp源码
cd /usr/local/src
curl --silent --location \
https://rpm.nodesource.com/setup_14.x | sudo bash -
yum install -y nodejs
# 确认node和yarn环境是否ok
node -v
显示:v14.18.2 (node)为正常
# 设置npm源为国内源加快编译拉包速度
npm config set registry https://registry.npm.taobao.org
npm config get registry
# 安装yarn包
npm install --global yarn
# 确认yarn版本
yarn --version
显示:1.22.17为正常
4.6 gitlab服务账户创建
添加git组
groupadd git
添加git用户
useradd -g git -c "Gitlab Service" -d /home/git git
4.7 pgsql数据库部署
4.7.1 添加postgresql服务运行账户
添加git组
groupadd postgres
添加git用户
useradd \
-g postgres \
-c "Postgres Databaes Service" \
-s /bin/bash \
-d /var/lib/postgres \
-m \
postgres
4.7.2 源码编译部署postgresql服务
# 下载postgresql二进制安装包
cd /usr/local/src/
wget \
https://repo.huaweicloud.com/postgresql/source/v12.4/postgresql-12.4.tar.gz
# 安装postgresql
tar zxvf postgresql-12.4.tar.gz
cd /usr/local/src/postgresql-12.4
./configure \
--prefix=/usr/local/postgresql-12.4 \
--without-readline
make -j24 && make install -j24
当输出以下内容表示安装成功
PostgreSQL, contrib, and documentation installation complete.
# 安装pgsql工具集
cd /usr/local/src/postgresql-12.4/contrib
make -j24 && make install -j24
# 确认安装版本
/usr/local/postgresql-12.4/bin/postgres --version
postgres (PostgreSQL) 12.4
输出上述结果即为正常
4.7.3 postgresql 路径优化及pgsql lib库加载
# 安装目录优化
cd /usr/local/
ln -sf postgresql-12.4 pgsql
# 执行命令优化
ln -sf /usr/local/pgsql/bin/{psql,initdb} /usr/local/bin/
ln -sf /usr/local/pgsql/bin/pg_* /usr/local/bin/
# pgsql lib库文件加载配置(不配置该项会导致pg初始化及启动异常以及gitlab bundle时无法编译libpg包)
echo "/usr/local/pgsql/lib" >/etc/ld.so.conf.d/pg.conf
ldconfig
4.7.4 初始化postgresql
# 创建pgsql数据存放以及日志存放路径
mkdir -p /usr/local/pgsql/{data,logs}
# 递归授权postgres用户给pgsql安装目录
chown postgres.postgres -R /usr/lcoal/pgsql/
# 初始化pgsql数据库
su postgres
/usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data
# 安装pgsql服务启动脚本
cd /usr/local/src/postgresql-12.4/
cp contrib/start-scripts/linux /etc/init.d/postgresql
chmod +x /etc/init.d/postgresql
# 编辑启动脚本内容,优化pgsql服务启动日志路径
PGLOG="/usr/local/pgsql/logs/server.log"
4.7.5 pgsql配置以及用户认证设置
pgsql配置文件修改
# 编辑/usr/local/pgsql/data/pg_hba.conf文件,内容如下
host all all 0.0.0.0/0 md5
# 编辑/usr/local/pgsql/data/postgresql.conf,内容如下:
listen_addresses = '*'
# 重启pgsql
service postgresql start
# 查看pgsql状态
service postgresql status
设置管理员root用户认证信息
sudo -u postgres -H /usr/local/bin/psql
psql (12.4)
Type "help" for help.
postgres=# \password
Enter new password:
Enter it again:
4.7.6 添加pg扩展
# 创建pg_trgm扩展
sudo -u postgres psql -d template1 -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
# 创建btree_gist扩展(GitLab 13.1+ 需要)
sudo -u postgres psql -d template1 -c "CREATE EXTENSION IF NOT EXISTS btree_gist;"
4.7.7 创建gitlab库并授权给git用户
# 为GitLab 创建一个数据库用户
sudo -u postgres psql -d template1 -c "CREATE USER git CREATEDB;"
# 创建 GitLab 生产数据库并授予数据库的所有权限
sudo -u postgres psql -d template1 -c "CREATE DATABASE gitlabhq_production OWNER git;"
4.7.8验证pg扩展是否启用
# 使用git用户登录gitlab数据库
sudo -u git -H psql -d gitlabhq_production
# 检查pg_trgm扩展是否启用
$ SELECT true AS enabled
FROM pg_available_extensions
WHERE name = 'pg_trgm'
AND installed_version IS NOT NULL;
显示如下信息为正常
enabled
---------
t
(1 row)
# 检查btree_gist扩展是否启用
$ SELECT true AS enabled
FROM pg_available_extensions
WHERE name = 'btree_gist'
AND installed_version IS NOT NULL;
显示如下信息为正常
enabled
---------
t
(1 row)
设置git用户登录认证信息
\password;
Enter it again:
附录:有关pgsql部署可参考:https://www.postgresql.org/download/linux/redhat/
4.8 redis数据库部署
4.8.1 安装redis数据库
yum install -y https://repo.ius.io/ius-release-el7.rpm
yum install -y redis5
4.8.2 配置redis数据库配置
daemonize yes
bind localhost
protected-mode no
port 6379
tcp-backlog 65535
timeout 0
tcp-keepalive 300
pidfile /var/run/redis/redis.pid
unixsocket /var/run/redis/redis.sock
unixsocketperm 770
loglevel notice
logfile "/var/log/redis/redis.log"
databases 32
save 900 1
save 300 10
save 60 10000
dbfilename dump.rdb
dir /var/lib/redis/db
4.8.3 生成redis服务相关目录
sudo mkdir -p /var/run/redis
sudo -u redis -H mkdir /var/lib/redis/db
sudo chown redis:redis /var/run/redis
sudo chmod 755 /var/run/redis
4.8.4 redis服务内核参数调整
echo 65535 /proc/sys/net/core/somaxconn
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo "echo never>/sys/kernel/mm/transparent_hugepage/enabled" >>/etc/rc.local
echo "vm.overcommit_memory = 1" >>/etc/sysctl.conf
sysctl -p
4.8.5 Redis自动启动配置
if [ -d /etc/tmpfiles.d ]; then
echo 'd /var/run/redis 0755 redis redis 10d -' | sudo tee -a /etc/tmpfiles.d/redis.conf
fi
4.8.6 启动redis服务及查看
systemctl start redis
systemctl status
注意:如果启动失败,请查看redis启动日志排查问题。
4.8.7 将git用户加入到redis组以方便访问redis.socket
sudo usermod -aG redis git
4.9 源码部署nginx应用
4.10 源码部署gitlab应用
4.9.1 克隆gitlab13-10仓库
cd /home/git
sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-foss.git -b 13-10-stable gitlab
注意:
- 确保替换为<X-Y-stable>与您要安装的版本匹配的稳定分支。例如,如果您想安装 13.10,您将使用分支名称13-10-stable。
- 如果您想要最先进的版本,您可以更改<X-Y-stable>,但永远不要在生产环境上使用master分支部署。
4.9.2 修改gitlab相关组件配置文件
创建gitlab模板并修改相关配置
cd /home/git/gitlab
sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml
sudo -u git -H vim config/gitlab.yml
找到如下行内容
## GitLab settings
gitlab:
host: code.xxx.com 修改为你需要访问的域名
port: 80 # Set to 443 如果需要https访问,开启HTTPS即可;
## Git settings
git:
bin_path: /usr/local/bin/git 修改为git的命令执行路径
time_zone: 'UTC' 修改为“Asia/Shanghai”
创建puma组件服务配置模板文件并编辑配置,修改如下
cd /home/git/gitlab
sudo -u git -H cp config/puma.rb.example config/puma.rb
sudo -u git -H vim config/puma.rb
找到如下内容
worker_processes 3 (值修改为服务器的cpu数+1)
创建gitlab secret密钥文件并修改文件权限(注意此文件内容自动生成, 在迁移gitlab需要用到该文件)
cd /home/git/gitlab
sudo -u git -H cp config/secrets.yml.example config/secrets.yml
sudo -u git -H chmod 0600 config/secrets.yml
创建redis连接配置文件并编辑配置
cd /home/git/gitlab
sudo -u git -H cp config/resque.yml.example config/resque.yml
sudo -u git -H vim config/resque.yml
修改内容如下(此处仅为参考模板,如果需要配置redis集群请详见官网配置说明)
# If you change this file in a Merge Request, please also create
# a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
#
production:
# Redis (single instance)
url: unix:/var/run/redis/redis.sock
##
# 修改配置文件权限
# sudo -u git -H chmod 0600 config/secrets.yml
创建gitlab database连接配置文件并编辑配置
cd /home/git/gitlab
# 创建数据库配置文件
sudo -u git cp config/database.yml.postgresql config/database.yml
sudo -u git -H vim config/database.yml
修改内容如下(此处仅为模板)
#
# PRODUCTION
#
production:
adapter: postgresql
encoding: unicode
database: gitlabhq_production
username: git
password: "1qaz@WSX.com"
host: 192.168.2.241
# 修改数据配置文件权限
sudo -u git -H chmod o-rwx config/database.yml
gitlab相关目录创建以及授权
cd /home/git/gitlab
# 确认git用户对tmp,log,public,shared等目录有读写权限
sudo chown -R git log/
sudo chown -R git tmp/
sudo chmod -R u+rwX,go-w log/
sudo chmod -R u+rwX tmp/
sudo chmod -R u+rwX tmp/pids/
sudo chmod -R u+rwX tmp/sockets/
sudo -u git -H mkdir -p public/uploads/
sudo chmod 0700 public/uploads
sudo chmod -R u+rwX builds/
sudo chmod -R u+rwX shared/artifacts/
sudo chmod -R ug+rwX shared/pages/
设置git全局默认参数
sudo -u git -H git config --global core.autocrlf input
sudo -u git -H git config --global gc.auto 0
sudo -u git -H git config --global repack.writeBitmaps true
sudo -u git -H git config --global receive.advertisePushOptions true
sudo -u git -H git config --global core.fsyncObjectFiles true
4.9.3 安装gem依赖包
说明:从 Bundler 1.5.2 开始,您可以调用bundle install -jN(其中N是处理器内核的数量)并享受并行 gems 安装,完成时间有可测量的差异(快约 60%)。使用nproc.检查您的核心数量。有关更多信息,请参阅这篇文章。
确保bundle版本1.5.2<=bundle>2.x
sudo -u git -H bundle -v
由于默认的ruby源地址访问会存在网络访问慢的问题,所以需要更换为国内的ruby源
cd /home/git/gitlab
sed 's/rubygems.org/gems.ruby-china.com/g' -i Gemfile
sed 's/rubygems.org/gems.ruby-china.com/g' -i Gemfile.lock
安装 gems(如果您想使用 Kerberos 进行用户身份验证,请kerberos在--without下面的选项中省略 ):
sudo -u git -H bundle config set --local deployment 'true'
sudo -u git -H bundle config set --local without 'development test mysql aws kerberos'
sudo -u git -H bundle install -j4
上述命令执行完后,结果如下:
Bundle complete! 276 Gemfile dependencies, 443 gems now installed.
Gems in the groups development, test, mysql, aws and kerberos were not installed.
Bundled gems are installed into `./vendor/bundle`
注意:在安装gems过程中,如gem依赖包安装过程中错误请参考以下处理:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
error occurred while installing charlock_holmes (0.7.3), and Bundler cannot continue.
Make sure that `gem install charlock_holmes -v ‘0.7.3’` succeeds before bundling.
brew install icu4c or apt-get install libicu-dev
解决办法:
# yum install libicu.x86_64 libicu-devel.x86_64
An error occurred while installing rugged (0.25.1.1), and Bundler cannot continue.
Make sure that `gem install rugged -v '0.25.1.1'` succeeds before bundling.
解决办法:
# yum install cmake3 && yum remove cmake && ln cmake3 cmake
ERROR: Could not find a valid gem 'charlock_holmes' (= 0.6.9.4), here is why:
Unable to download data from https://rubygems.org/ - Errno::ECONNRESET:
Connection reset by peer - SSL_connect (https://api.rubygems.org/quick/Marshal.4.8/charlock_holmes-0.6.9.4.gemspec.rz)
ERROR: Possible alternatives: charlock_holmes
解决办法:
#yum install libicu-devel
An error occurred while installing re2 (1.0.0), and Bundler cannot continue.
Make sure that `gem install re2 -v '1.0.0'` succeeds before bundling.
#解决办法
# yum install -y re2-devel
An error occurred while installing pg (0.18.4), and Bundler cannot continue.
Make sure that `gem install pg -v ‘0.18.4’` succeeds before bundling.
#解决办法
# gem install pg -v '0.18.4'
# yum install postgresql-devel.x86_64
An error occurred while installing sqlite3 (1.5.14), and Bundler cannot continue.
Make sure that `gem install sqlite3 -v ‘1.5.14’` succeeds before bundling.
# 解决办法
# yum install sqlite-devel.x86_64
# gem install sqlite3 -v '1.5.14'
Bundler::GemRequireError: There was an error while trying to load the gem ‘coffee-rails’.
Gem Load Error is: Could not find a JavaScript runtime. See https://github.com/rails/execjs for a list of available runtimes.
#解决办法:因为execjs需要javascript的支持,需要安装nodejs工具
4.9.4 安装gitlab-shell组件
GitLab Shell 是专为 GitLab 开发的 SSH 访问和存储库管理软件。
sudo -u git -H bundle exec rake gitlab:shell:install RAILS_ENV=production
sudo -u git -H e /home/git/gitlab-shell/config.yml
4.9.5 安装gitlab-workhourse组件
