| |
Table of Contents:
1, gitlab Introduction
2, Installation and Configuration gitlab
2.1 Experimental Environment Introduction
2.2, change the warehouse storage location
2.3, open access https
2.4, the SMTP service enabled
3, the basic use of GitLab
4, backup and recovery
5, sum
1, gitlab Introduction
GitLab is an open source project for a warehouse management system. Use Git as a code management tool, and built up on the basis of web services. GitLab has powerful capabilities that enable git warehouse management, code review, issue tracking, WIkI other functions, and with GitLab CI can be easier to achieve continuous integration and automated deployment. GitLab components include: Packages / Dependencies, Ruby, Go, System Users, Database, Redis, GitLab, Nginx, detailed information can be found (http://doc.gitlab.com/ce/install/installation.html).
2, Installation and Configuration gitlab
GitLab deployment is not supported on a Windows host, the host only be deployed in such a platform Ubuntu, Debian, CentOS, Raspberry PI, but only for 64-bit systems support
GitLab deployed in two ways, one is the source code for deployment, and the other is to use common deployment package, officially called "Omnibus package installation" deployment. Source code deployment workload, and error-prone, the official strongly recommends using a common way to deploy package. "Omnibus package installation" deployed in this manner will have GitLab GitLab process crashes when using Runit GitLab to restart the process if GitLab to install from source code, there is no Runit this management approach. It is recommended that everyone is still in the manner common to deploy package.
2.1 Experimental Environment Introduction
Platform: Debian 8.1 x64
IP address: 192.168.207.128
GitLab package: gitlab-ce_8.2.1-ce.0_amd64.deb Package Download: http: //mirror.tuna.tsinghua.edu.cn/gitlab-ce/, please choose according to their own download platform, but the completion of this it seems to be a wall when blog.
Note: When installing GitLab ensure that the host port 80 is not occupied, in the first test due to host the default installation of nginx, and start at boot time, cause when I deployed GitLab access homepage appears only nginx welcome page, this troubled for a long time, later found to be host by default listens on port 80.
root @ test1: ~ / tools # pwd
/ Root / tools
root @ test1: ~ / tools # ls
gitlab-ce_8.2.1-ce.0_amd64.deb
root @ test1: ~ / tools # dpkg -i gitlab-ce_8.2.1-ce.0_amd64.deb
Select a package is not selected gitlab-ce.
(Reading database ... system's current total installed 94237 files and directories.)
We are preparing to unpack gitlab-ce_8.2.1-ce.0_amd64.deb ...
We are unpacked gitlab-ce (8.2.1-ce.0) ...
We are set gitlab-ce (8.2.1-ce.0) ...
gitlab: Thank you for installing GitLab!
gitlab: To configure and start GitLab, RUN THE FOLLOWING COMMAND:
sudo gitlab-ctl reconfigure
gitlab: GitLab should be reachable at http://test1.cstonline.net
gitlab: Otherwise configure GitLab for your system by editing /etc/gitlab/gitlab.rb file
gitlab: And running reconfigure again.
gitlab:
gitlab: For a comprehensive list of configuration options please see the Omnibus GitLab readme
gitlab: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md
gitlab:
It looks like GitLab has not been configured yet; skipping the upgrade script.
Such installation GitLab's over, you can see in the output there is a link (https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md), this link is very important from here you can get into the details of all configuration GitLab, time can be a good read.
GitLab After installation, you can look at it regarded the program is installed where to go, use the following command:
root @ test1: ~ / tools # dpkg -L gitlab-ce | less
# Considerable output, add less split-screen display
2.2, change the warehouse storage location
GitLab warehouse storage location in the "/ var / opt / gitlab / git-data / repositories", in the actual production environment, we obviously are not stored in the default location, usually divided into a separate partition to store the data warehouse, I am here to plan the data stored in the "/ data / git-data" directory.
root @ test1: ~ / tools # mkdir -pv / data / git-data
mkdir: directory has been created "/ data"
mkdir: directory has been created "/ data / git-data"
root @ test1: ~ # chown -R git.git / data / git-data # modify to create a directory owner and user group git
root @ test1: ~ / tools # cp /etc/gitlab/gitlab.rb /etc/gitlab/gitlab.rb.bak
root @ test1: ~ / tools # vim /etc/gitlab/gitlab.rb
# Enable git_data_dir parameters, and amended as follows:
git_data_dir "/ data / git-data"
# Modify and change the value external_url Planning domain access
external_url 'http://test.gitlab.net'
root @ test1: ~ / tools # gitlab-ctl reconfigure # recompile gitlab.rb file, used to make the changes to take effect
After re-edit, GitLab repositories automatically creates a file in the repository directory, as follows:
root @ test1: ~ # ls -ld / data / git-data / repositories /
drwxrws --- 2 git git 4096 1 Yue 4 14:15 / data / git-data / repositories /
In Windows hosts hosts in DNS to do after our visit gitlab
The default user "root", password is "5iveL! Fe", you will be asked to modify the login password for security first landing
Here GitLab basically available, but generally do not use the http protocol to go directly in the enterprise, will use secure https protocol to access this service GitLab.
2.3, open access https
By default, omnibus-gitlab not enabled https, if we want to enable https as test.gitlab.net domain, then we need to apply a valid certificate GitLab, if only we GitLab internal use, can be self-built a CA, and to that end GitLab issue a certificate.
2.3.1, self CA
root @ test1: ~ # mkdir -pv / etc / ssl / demoCA / {private, newcerts}
mkdir: directory has been created "/ etc / ssl / demoCA"
mkdir: directory has been created "/ etc / ssl / demoCA / private"
mkdir: directory has been created "/ etc / ssl / demoCA / newcerts"
root @ test1: ~ # cd / etc / ssl
root @ test1: / etc / ssl # (umask 077; openssl genrsa -out ./demoCA/private/cakey.pem 2048) # generate the key
Generating RSA private key, 2048 bit long modulus
.................................................. .............. +++
...................... +++
e is 65537 (0x10001)
root @ test1: / etc / ssl # openssl req -new -x509 -key ./demoCA/private/cakey.pem -out ./demoCA/cacert.pem -days 3650 # generate a self-signed certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', The field will be left blank.
-----
Country Name (2 letter code) [AU]: CN
State or Province Name (full name) [Some-State]: ChongQing
Locality Name (eg, city) []: YuBei
Organization Name (eg, company) [Internet Widgits Pty Ltd]: SJKJ
Organizational Unit Name (eg, section) []: Operation Services
Common Name (e.g. server FQDN or YOUR name) []: test.gitlab.net # Here is the CA domain name may not be the same as gitlab
Email Address []: admin@admin.com
root @ test1: / etc / ssl # touch ./demoCA/index.txt
root @ test1: / etc / ssl # echo 01> ./demoCA/serial
2.3.2 for gitlab request a certificate, CA were awarded
root @ test1: ~ # ls / etc / gitlab /
gitlab.rb gitlab.rb.bak gitlab-secrets.json
#gitlab in the "/ etc / gitlab / ssl" directory to find the key and certificate files, and the certificate and key file name should be the same access gitlab domain, we are here is "test.gitlab.net"
root @ test1: ~ # mkdir -p / etc / gitlab / ssl # this directory path can not be altered
root @ test1: ~ # cd / etc / gitlab / ssl
root @ test1: / etc / gitlab / ssl # (umask 077; openssl genrsa -out test.gitlab.net.key 1024)
Generating RSA private key, 1024 bit long modulus
..................... ++++++
................................. ++++++
e is 65537 (0x10001)
root @ test1: / etc / gitlab / ssl # ls
test.gitlab.net.key
root @ test1: / etc / gitlab / ssl # openssl req -new -x509 -key test.gitlab.net.key -out test.gitlab.net.csr # generate a certificate signing request
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', The field will be left blank.
-----
Country Name (2 letter code) [AU]: CN
State or Province Name (full name) [Some-State]: ChongQing
Locality Name (eg, city) []: YuBei
Organization Name (eg, company) [Internet Widgits Pty Ltd]: SJKJ
Organizational Unit Name (eg, section) []: Operation Services
Common Name (e.g. server FQDN or YOUR name) []: test.gitlab.net
Email Address []: test@admin.com
A challenge password []: # Enter
An optional company name []: # Enter
root @ test1: / etc / gitlab / ssl # ls
test.gitlab.net.csr test.gitlab.net.key
root @ test1: / etc / gitlab / ssl # openssl ca -in test.gitlab.net.csr -out test.gitlab.net.crt -days 3650 #CA signed certificate
Using configuration from /usr/lib/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
140185766790800: error: 02001002: system library: fopen: No such file or directory: bss_file.c: 398: fopen ( './ demoCA / private / cakey.pem', 'r')
140185766790800: error: 20074002: BIO routines: FILE_CTRL: system lib: bss_file.c: 400:
unable to load CA private key
In signing the certificates are being given, according to information given at the time of signing the certificate that will continue in the current directory to find "./demoCA/private/cakey.pem" the CA key file, so it should be switched to the "/ etc / ssl" go on top of the directory command, as follows:
root @ test1: / etc / ssl # openssl ca -in /etc/gitlab/ssl/test.gitlab.net.csr -out /etc/gitlab/ssl/test.gitlab.net.crt -days 3650
Using configuration from /usr/lib/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jan 6 01:13:40 2016 GMT
Not After: Jan 3 01:13:40 2026 GMT
Subject:
countryName = CN
stateOrProvinceName = ChongQing
organizationName = SJKJ
organizationalUnitName = Operation Services
commonName = test.gitlab.net
emailAddress = test@admin.com
X509v3 extensions:
X509v3 Basic Constraints:
CA: FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
52: 95: 81: FD: 1D: D9: CE: 40: D8: 22: 9C: 95: 8D: D0: 8D: 1C: A8: 7D: 78: 4D
X509v3 Authority Key Identifier:
keyid: 05: 0A: A9: 09: 33: 18: C3: 99: 71: 19: BD: 3F: EA: 92: EB: A5: D2: 30: 72: EB
Certificate is to be certified until Jan 3 01:13:40 2026 GMT (3650 days)
Sign the certificate [y / n]:? Y
1 out of 1 certificate requests certified, commit? [Y / n] y
Write out database with 1 new entries
Data Base Updated
root @ test1: / etc / ssl # ls / etc / gitlab / ssl /
test.gitlab.net.crt test.gitlab.net.csr test.gitlab.net.key
root @ test1: / etc / ssl # rm -f /etc/gitlab/ssl/test.gitlab.net.csr # certificate signing request file can be deleted
root @ test1: / etc / ssl # chmod 700 / etc / gitlab / ssl # Change directory permissions
root @ test1: / etc / ssl # ls -ld / etc / gitlab / ssl
drwx ------ 2 root root 4096 1 Yue 6 09:24 / etc / gitlab / ssl
2.3.3, open https support of GitLab
root @ test1: / etc / ssl # vim /etc/gitlab/gitlab.rb
# Note the 'https' below
external_url 'https://test.gitlab.net'
##### Open htts #####################
nginx [ 'redirect_http_to_https'] = true
nginx [ 'ssl_certificate'] = "/etc/gitlab/ssl/test.gitlab.net.crt"
nginx [ 'ssl_certificate_key'] = "/etc/gitlab/ssl/test.gitlab.net.key"
"Nginx [ 'redirect_http_to_https'] = true" represents all the http traffic to https, the bottom two lines represent GitLab and key and certificate path where, I guess from here the path to store keys and certificates can be customized as long as there can be specified correctly, I have not verified.
root @ test1: / etc / ssl # gitlab-ctl reconfigure # recompile configuration
Running on top of the command to recompile the configuration file and restart individual components GitLab services now come to visit at our GitLab
Direct access "http://test.gitlab.net" will be forcibly directed to a secure link https.
2.3.4, enable the SMTP service
When registering a new user on GitHub you will receive an e-mail, the mail will be some suggestive information or click on a link allows you to change the login password, GitLab will also be able to configure such e-mail alerts if you do not own mail server, that are generally configured to enable third-party SMTP service. For more details, please refer to the official https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/smtp.md. No official information describes how to configure SMTP configuration 163 mailboxes, here I will take it as an example.
123456789101112 root @ test1: ~ # vim /etc/gitlab/gitlab.rb # following information to be appended to the final
##### Open smtp ############
gitlab_rails [ 'smtp_enable'] = true
gitlab_rails [ 'smtp_address'] = "smtp.163.com"
gitlab_rails [ 'smtp_port'] = 465
gitlab_rails [ 'smtp_user_name'] = "XXXXX@163.com"
gitlab_rails [ 'smtp_password'] = "***********"
gitlab_rails [ 'smtp_domain'] = "163.com"
gitlab_rails [ 'smtp_authentication'] = "login"
gitlab_rails [ 'smtp_enable_starttls_auto'] = true
gitlab_rails [ 'smtp_tls'] = true
gitlab_rails [ 'gitlab_email_from'] = "XXXX@163.com"
When you enable SMTP spent a lot of time, because between the various parameters used in conjunction with, and this can only ourselves to try the job.
root @ test1: ~ # gitlab-ctl reconfigure # recompile
Now our GitLab on SMTP feature is enabled. |
|
|
|