墨痕

2015-10-05 OPS

GitLab搭建记

1. 安装依赖
2. 添加Git系统用户
3. 编译安装Git
4. 编译安装ruby
5. 安装MySQL数据库
6. 安装Redis
7. 安装GitLab
8. GitLab连接Redis配置
9. GitLab连接MySQL配置
10. 安装Gem
11. 安装GitLat shell
12. 初始化数据库
13. 下载GitLab脚本
14. 配置Nginx
15. 关于git clone

最近在系统的学习Git，需要用到远程仓库，于是想搭个GitLab玩玩。没想到想玩好GitLab也不是件容易的事情，即便是按照教程来搭都折腾了挺久，GitLab对各软件版本的要求比较苛刻，所以搭建起来也比较麻烦，在此记录一下搭建的过程以便备忘，其实如果不想折腾可直接使用GitHub。
本文记录在CentOS6.4 64bit上搭建GitLab的过程，搭建GitLab需要涉及到如下软件：

Git
Ruby
MySQL
Redis
GitLab
GitLab-shell
Gem
Nginx

安装依赖

添加EPEL源

shell> wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 https://www.fedoraproject.org/static/0608B895.txt --no-check-certificate
shell> rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
shell> rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

#验证安装
shell> rpm -qa gpg-pubkey
gpg-pubkey-0608b895-4bd22942

添加puias源

shell> wget -O /etc/yum.repos.d/PUIAS_6_computational.repo https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/install/centos/PUIAS_6_computational.repo
shell> wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-puias http://springdale.math.ias.edu/data/puias/6/x86_64/os/RPM-GPG-KEY-puias
shell> rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-puias

#验证安装
shell> rpm -qa gpg-pubkey
gpg-pubkey-41a40948-4ce19266

查看以上添加的EPEL和puias源

shell> yum repolist
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
 * PUIAS_6_computational: puias.math.ias.edu
 * base: ftp.sjtu.edu.cn
 * extras: mirrors.nwsuaf.edu.cn
 * updates: ftp.sjtu.edu.cn
PUIAS_6_computational                                                                                                   | 3.3 kB     00:00
PUIAS_6_computational/primary_db                                                                                        | 1.9 MB     00:15
repo id                                                 repo name                                                                        status
PUIAS_6_computational                                   PUIAS computational Base 6 - x86_64                                               2,837
base                                                    CentOS-6 - Base                                                                   6,575
epel                                                    Extra Packages for Enterprise Linux 6 - x86_64                                   11,764
extras                                                  CentOS-6 - Extras                                                                    35
treasuredata                                            TreasureData                                                                         14
updates                                                 CentOS-6 - Updates                                                                  298
repolist: 21,523

安装依赖包

1 2	yum -y groupinstall 'Development Tools' yum -y install gcc-c++ readline-devel zlib-devel libffi-devel openssl-devel make autoconf automake libtool bison libxml2-devel libxslt-devel libyaml-devel

添加Git系统用户

shell> adduser --system --shell /bin/bash --comment 'GitLab' --create-home --home-dir /home/git/ git
#将/usr/local/bin添加到系统默认路径
shell> visudo
	Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin

编译安装Git

需要确保Git的版本在1.7.10或以上，CentOS6.4通过yum的版本是1.7.1，要手动编译安装更高版本

#如果通过yum安装过Git，需要先删除
shell> yum remove git
shell> yum install zlib-devel perl-CPAN gettext curl-devel expat-devel gettext-devel openssl-devel
shell> wget https://www.kernel.org/pub/software/scm/git/git-2.5.3.tar.gz
shell> tar -zxf git-2.5.3.tar.gz && cd git-2.5.3
shell> ./configure && make && make prefix=/usr/local install
shell> git --version
git version 2.5.3

编译安装ruby

ruby需要2.0+的版本，CentOS6.4通过yum安装的版本是1.8

#如果通过yum安装过ruby，需要先删除
shell> yum remove ruby
shell> wget ftp://ftp.ruby-lang.org/pub/ruby/2.1/ruby-2.1.2.tar.gz
shell> tar -zxf ruby-2.1.2.tar.gz && cd ruby-2.1.2
shell> ./configure --disable-install-rdoc && make && make prefix=/usr/local install
shell> ruby -v
ruby 2.1.2p95 (2014-05-08 revision 45877) [x86_64-linux]

安装bundler，由于https://rubygems.org/被墙，需要修改ruby源

shell> gem sources --remove https://rubygems.org/
shell> gem sources -a https://ruby.taobao.org/
shell> gem sources -l
shell> gem install bundler --no-doc

安装MySQL数据库

官方推荐使用MySQL或PostgreSQL作为数据库，如果使用MySQL版本需要高于5.5.14，CentOS6.4通过yum默认安装版本为5.1.73，这里使用yum安装5.5.45
安装MySQL 5.5.45

shell> rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
shell> rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
shell> yum --enablerepo=remi,remi-test install mysql mysql-server mysql-devel
shell> mysql --version
mysql  Ver 14.14 Distrib 5.5.45, for Linux (x86_64) using readline 5.1
shell> /etc/init.d/mysqld start
shell> mysql_secure_installation
#mysql_secure_installation作用
	#为root用户设置密码
	#删除匿名账号
	#取消root用户远程登录
	#删除test库和对test库的访问权限
	#刷新授权表使修改生效

创建GitLab所需数据库用户

1
2
3

shell > mysql -uroot -p
		mysql> CREATE USER 'git'@'localhost' IDENTIFIED BY 'gitlab';
		mysql> FLUSH PRIVILEGES;

GitLab需要用INNODB，设置默认存储引擎为INNODB
配置文件设置my.cnf

1 2	[mysqld] default-storage-engine = innodb

命令行设置

mysql> SET storage_engine=INNODB;
mysql> SHOW VARIABLES LIKE '%engine';
+------------------------+---------+
| Variable_name          | Value   |
|------------------------+---------|
| default_storage_engine | InnoDB  |
| storage_engine         | InnoDB  |
+------------------------+---------+

创建GitLab相关数据库及授权

1
2
3

mysql> CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
mysql> GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `gitlabhq_production`.* TO 'git'@'localhost';
mysql> FLUSH PRIVILEGES;

登陆验证

1	shell> mysql -ugit -p -D gitlabhq_production

安装Redis

使用yum安装Redis，完全按照官方文档配置无任何优化

shell> yum install redis
shell> cp /etc/redis.conf /etc/redis.conf.org
shell> sed 's/^port .*/port 0/' /etc/redis.conf.org |tee /etc/redis.conf
shell> echo 'unixsocket /var/run/redis/redis.sock' |tee -a /etc/redis.conf
shell> echo -e 'unixsocketperm 0770' |tee -a /etc/redis.conf
shell> chown redis:redis /var/run/redis
shell> chmod 755 /var/run/redis
shell> usermod -aG redis git
shell> /etc/init.d/redis start

安装GitLab

GitLab配置

在配置文件config/unicorn.rb时中有个timeout设置，若机器性能差需要将timeout值设置大些，否则GitLab在初始化时可能超时
host最好填域名，此处使用HTTPS

shell> cd /home/git
shell> sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 7-4-stable gitlab
shell> cd gitlab/
shell> sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml
shell> sudo -u git -H vim config/gitlab.yml
			  gitlab:
				host: yourdomain
				port: 443
				https: true
shell> chown -R git log/
shell> chown -R git tmp/
shell> chmod -R u+rwX log/
shell> chmod -R u+rwX tmp/
shell> chmod -R u+rwX tmp/pids/
shell> chmod -R u+rwX tmp/sockets/
shell> chmod -R u+rwX  public/uploads
shell> sudo -u git -H mkdir /home/git/gitlab-satellites
shell> chmod u+rwx,g=rx,o-rwx /home/git/gitlab-satellites
shell> sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb
#查看系统核心数
shell> nproc
shell> sudo -u git -H vim config/unicorn.rb
			worker_processes 核心数

配置全局用户及邮箱

此处使用163邮箱作为GitLab的发送邮箱

shell> sudo -u git -H cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb
shell> sudo -u git -H git config --global user.name "GitLab"
shell> sudo -u git -H git config --global user.email "username@163.com"
shell> sudo -u git -H git config --global core.autocrlf input

GitLab SMTP设置

GitLab默认使用Sendmail进行邮件的发送，邮件发送配置比较重要，当新建用户时GitLab会发送一封邮件给用户并要求重置密码，若要使用SMTP发送邮件则需如下配置(此处用的是163邮箱)。
编辑配置文件sudo -u git -H vim /home/git/gitlab/config/environments/production.rb

1	config.action_mailer.delivery_method= :smtp

编辑配置文件sudo -u git -H vim /home/git/gitlab/config/initializers/smtp_settings.rb
domain选项用于重置密码时访问的GitLab域名，根据自身情况配置，如domain: "test.com:8080"
enable_starttls_auto假若SMTP没有开启加密连接则此值设置为false

shell> cp /home/git/gitlab/config/initializers/smtp_settings.rb.sample /home/git/gitlab/config/initializers/smtp_settings.rb
#smtp_settings.rb
	if Rails.env.production?
	  Gitlab::Application.config.action_mailer.delivery_method = :smtp

	  ActionMailer::Base.smtp_settings = {
		address: "smtp.163.com",
		port: 25,
		user_name: "username@163.com",
		password: "password",
		domain: "domain.com",
		authentication: :login,
		enable_starttls_auto: false
	  }
	end

假若SMTP服务器只允许以用登陆方式发送邮件，则还需要配置sudo -u git -H vim /home/git/gitlab/config/gitlab.yml

1	email_from: username@163.com

GitLab连接Redis配置

假若redis有自定义优化配置，则按自身需求修改配置文件sudo -u git -H vim /home/git/gitlab/config/resque.yml，否则按照默然配置(此处按照默认)

1	shell> sudo -u git -H cp /home/git/gitlab/config/resque.yml.example /home/git/gitlab/config/resque.yml

GitLab连接MySQL配置

根据自身MySQL配置修改文件

shell> sudo -u git cp /home/git/gitlab/config/database.yml.mysql /home/git/gitlab/config/database.yml
shell> sudo -u git -H vim /home/git/gitlab/config/database.yml
			production:
				adapter: mysql2
				encoding: utf8
				collation: utf8_general_ci
				reconnect: false
				database: gitlabhq_production
				pool: 10
				username: git
				password: "gitlab"
				host: localhost
				socket: /var/lib/mysql/mysql.sock

安装Gem

如果太慢或根本无法下载安装，则可把/home/git/gitlab/Gemfile中的源需要改成淘宝的源
安装前需要先安装libicu-devel及cmake，否则会报错An error occurred while installing charlock_holmes (0.6.9.4)/rugged (0.21.2), and Bundler cannot continue.

shell> yum -y install libicu-devel cmake

#修改源
shell> sudo -u git -H vim /home/git/gitlab/Gemfile
			source 'https://ruby.taobao.org/'
shell> sudo -u git -H bundle install --deployment --without development test postgres aws

安装GitLat shell

根据自身情况可修改GitLab shell的配置文件sudo -u git -H vim /home/git/gitlab-shell/config.yml
GitLab-shell的版本使用2.0.1，原本使用2.2.0版本但在git push的时候会报错，此为GitLab-shell版本的问题导致。可以通过sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production该命令检查GitLab-shell是否正确
git push时报错内容如下：

Check GitLab API access: /home/git/gitlab-shell/lib/gitlab_net.rb:122:in `read': No such file or directory @ rb_sysopen - /home/git/gitlab-shell/.gitlab_shell_secret (Errno::ENOENT)
        from /home/git/gitlab-shell/lib/gitlab_net.rb:122:in `secret_token'
        from /home/git/gitlab-shell/lib/gitlab_net.rb:79:in `get'
        from /home/git/gitlab-shell/lib/gitlab_net.rb:39:in `check'
        from /home/git/gitlab-shell/bin/check:11:in `<main>''

~~2.2.0~~版本试过有问题，git push报错，请使用2.0.1版本
~~shell> sudo -u git -H bundle exec rake gitlab:shell:install[v2.2.0] REDIS_URL=unix:/var/run/redis/redis.sock RAILS_ENV=production~~

1	shell> sudo -u git -H bundle exec rake gitlab:shell:install[v2.0.1] REDIS_URL=unix:/var/run/redis/redis.sock RAILS_ENV=production

/home/git/gitlab-shell/config.yml的配置，是否使用HTTPS决定某些配置项的细微差别(以下是使用HTTPS)
gitlab_url和self_signed_cert的配置必须匹配，否则在git push的时候会报错

toc: true
---
user: git
gitlab_url: https://yourdomain/
http_settings:
  self_signed_cert: true
repos_path: "/home/git/repositories/"
auth_file: "/home/git/.ssh/authorized_keys"
redis:
  bin: "/usr/bin/redis-cli"
  namespace: resque:gitlab
  socket: "/var/run/redis/redis.sock"
log_level: INFO
audit_usernames: false

初始化数据库

设置GitLab的root用户密码并初始化数据库

1	shell> sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD=your_gitlab_root_passwd

下载GitLab脚本

下载管理GitLab的脚本，设置logrotate，检查应用状态

shell> wget -O /etc/init.d/gitlab https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/init/sysvinit/centos/gitlab-unicorn --no-check-certificate
shell> chmod a+x /etc/init.d/gitlab
shell> cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab
shell> sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
			System information
			System:         CentOS 6.4
			Current User:   git
			Using RVM:      no
			Ruby Version:   2.1.2p95
			Gem Version:    2.2.2
			Bundler Version:1.10.6
			Rake Version:   10.3.2
			Sidekiq Version:2.17.0

			GitLab information
			Version:        7.4.5
			Revision:       19d572e
			Directory:      /home/git/gitlab
			DB Adapter:     mysql2
			URL:            http://yourdomain
			HTTP Clone URL: http://yourdomain/some-project.git
			SSH Clone URL:  git@yourdomain:some-project.git
			Using LDAP:     no
			Using Omniauth: no

			GitLab Shell
			Version:        2.0.1
			Repositories:   /home/git/repositories/
			Hooks:          /home/git/gitlab-shell/hooks/
			Git:            /usr/bin/git
shell> sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production
shell> /etc/init.d/gitlab start

配置Nginx

要通过web访问需要配置web服务器，这里选择Nginx。
配置主要是修改server_name，自定义日志路径等。可适当调大client_max_body_size的值(防止推送时数据过大而出错)

#使用SSL
shell> wget -O /usr/local/nginx/conf/vhosts/gitlab.conf https://gitlab.com/gitlab-org/gitlab-ce/raw/master/lib/support/nginx/gitlab-ssl --no-check-certificate

#不使用SSL
shell> wget -O /usr/local/nginx/conf/vhosts/gitlab.conf https://gitlab.com/gitlab-org/gitlab-ce/raw/master/lib/support/nginx/gitlab --no-check-certificate

#生成证书，将gitlab.crt和gitlab.key放到Nginx配置文件gitlab.conf中ssl指定的目录下
shell> openssl req -new -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key

shell> usermod -a -G git nginx && chmod g+rx /home/git/

关于git clone

一般从远程库克隆仓库到本地使用git clone命令，克隆有两种方式SSH(git clone git@gitlab_server:username/repo_name.git)和HTTPS(git clone https://gitlab_server/username/repo_name.git)。假若添加了SSH KEY就使用SSH即可，但为了使用HTTPS方式克隆，折腾了很久！又是安装gitlab-git-http-server又是安装GO，网上搜索折腾了很久都无果，最后灵机一动搞定了！

假若HTTPS方式克隆报错Peer certificate cannot be authenticated with known CA certificates，则在需要克隆的机器上的~/.bash_profile添加

export GIT_SSL_NO_VERIFY=1

#添加后重新加载
shell> source ~/.bash_profile

CentOS上使用yum安装的git版本为1.7.1，在使用git clone克隆GitLab仓库时若出现如下报错则需要手动编译2.0版本以上的git(编译安装详见上文)

1 2	error: while accessing https://gitlab_server/username/repo_name.git/info/refs fatal: HTTP request failed

GitLab默认的Nginx配置文件中定义了规则，将HTTPS方式克隆的请求转到gitlab-git-http-server.socket，问题是GitLab默认并没有启用gitlab-git-http-server。若要安装gitlab-git-http-server则需先安装Go，当安装好gitlab-git-http-server后发现仍然无法使用。最后抱着试试看的心态将upstream转到gitlab.socket而非gitlab-git-http-server.socket，然后HTTPS方式的克隆就搞定了！

upstream gitlab-git-http-server {
  #默认配置
  #server unix:/home/git/gitlab/tmp/sockets/gitlab-git-http-server.socket fail_timeout=0;

  #修改后
  server unix:/home/git/gitlab/tmp/sockets/gitlab.socket fail_timeout=0;
}


location ~ [-\/\w\.]+\.git\/ {
	#其余详细配置省略
	proxy_pass http://gitlab-git-http-server;
}

GitLab