搜索到
1
篇与
GitLab
的结果
-
GitLab企业版搭建(附生成证书) GitLab企业版搭建(附生成证书)GitLab官方文档部分内容摘自 【CSDN】万wu皆可爱安装GitLab EE安装环境 Raspberry Pi 4 8G (Rocky 8.5) root用户安装一些依赖支持# 若是没有安装完成也是没有啥子问题的(我的policycoreutils-python就没安装完成,包都没找着),不过前提是安装正常 yum install -y curl policycoreutils-python openssh-server perl检查ssh服务# 设置自启并开启ssh服务,这东西吧,我都能连服务器了,当然就是开着的,就当走个过场 systemctl enable sshd systemctl start sshd设置防火墙# 检查防火墙,查看防火墙状态可以用: systemctl status firewalld firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https systemctl reload firewalld # 当然,也可以用简单粗暴的方法 systemctl stop firewalld systemctl disable firewalld配置邮件服务器我这里推荐postfix, 当然也可以用其他的,比如SMTP等, SMTP服务可以参考官方的文档# 安装postfix yum install postfix # 设置自启 systemctl enable postfix # 启动postfix systemctl start postfix下载并安装gitlab-ee rpm软件包(2种方式)通过官方脚本安装curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh | sudo bash下载RPM包手动安装rpm -ivh gitlab-ee-14.0.5-ee.0.el7.x86_64.rpm安装GitLabEXTERNAL_URL ="http://gitlab.example.com" yum install -y gitlab-ee # http://gitlab.example.com为安装后访问的地址,如果是https的,那么在安装的时候会自动申请Let’s Encrypt的免费证书登陆默认用户名是root, 密码在/etc/gitlab/initial_root_password这个文件里生成证书安装2.3版本以上的rubyyum install ruby # 查看版本 ruby -v安装GitLab的证书包gem install gitlab-license创建生成证书的ruby源文件源文件参考vi license.rb # 以下为源文件内容 require "openssl" require "gitlab/license" key_pair = OpenSSL::PKey::RSA.generate(2048) File.open("license_key", "w") { |f| f.write(key_pair.to_pem) } public_key = key_pair.public_key File.open("license_key.pub", "w") { |f| f.write(public_key.to_pem) } private_key = OpenSSL::PKey::RSA.new File.read("license_key") Gitlab::License.encryption_key = private_key license = Gitlab::License.new license.licensee = { "Name" => "gitlab", "Company" => "GitLab", "Email" => "gitlab@gitlab.com", } # 开始时间 license.starts_at = Date.new(2020, 1, 1) # 结束时间 license.expires_at = Date.new(2050, 1, 1) license.notify_admins_at = Date.new(2049, 12, 1) license.notify_users_at = Date.new(2049, 12, 1) license.block_changes_at = Date.new(2050, 1, 1) license.restrictions = { active_user_count: 10000, } puts "License:" puts license data = license.export puts "Exported license:" puts data File.open("GitLabBV.gitlab-license", "w") { |f| f.write(data) } public_key = OpenSSL::PKey::RSA.new File.read("license_key.pub") Gitlab::License.encryption_key = public_key data = File.read("GitLabBV.gitlab-license") $license = Gitlab::License.import(data) puts "Imported license:" puts $license unless $license raise "The license is invalid." end if $license.restricted?(:active_user_count) # 用户数 active_user_count = 10000 if active_user_count > $license.restrictions[:active_user_count] raise "The active user count exceeds the allowed amount!" end end if $license.notify_admins? puts "The license is due to expire on #{$license.expires_at}." end if $license.notify_users? puts "The license is due to expire on #{$license.expires_at}." end module Gitlab class GitAccess def check(cmd, changes = nil) if $license.block_changes? return build_status_object(false, "License expired") end end end end puts "This instance of GitLab Enterprise Edition is licensed to:" $license.licensee.each do |key, value| puts "#{key}: #{value}" end if $license.expired? puts "The license expired on #{$license.expires_at}" elsif $license.will_expire? puts "The license will expire on #{$license.expires_at}" else puts "The license will never expire." end生成证书ruby license.rb # 执行完成后会生成如下三个文件 # GitLabBV.gitlab-license|license_key|license_key.pub # 第一个是证书,第二个是私钥,第三个是公钥使用许可证# 用license_key.pub替换/opt/gitlab/embedded/service/gitlab-rails/.license_encryption_key.pub # 重启GitLab gitlab-ctl -restart # 访问${address}/admin/license/new并用生成的GitLabBV.gitlab-license文件上传 #或者 ${address}/admin/license修改证书等级vi /opt/gitlab/embedded/service/gitlab-rails/ee/app/models/license.rb # 将 # restricted_attr(:plan).presence || STARTER_PLAN # 替换成 # restricted_attr(:plan).presence || ULTIMATE_PLAN # 重新加载配置 gitlab-ctl reconfigure配置与操作相关命令启动全部服务gitlab-ctl start重启全部服务gitlab-ctl restart停止全部服务gitlab-ctl stop重启单个服务,如重启nginxgitlab-ctl restart nginx查看服务状态gitlab-ctl status使配置文件生效gitlab-ctl reconfigure验证配置文件gitlab-ctl show-config删除gitlab(保留数据)gitlab-ctl uninstall删除所有数据,从新开始gitlab-ctl cleanse查看服务的日志gitlab-ctl tail <service name> # 如查看gitlab下nginx日志 gitlab-ctl tail nginx进入控制台gitlab-rails consoleGitlab反向代理默认情况下,Omnibus GitLab 会自动检测是否使用 SSL(如果包含 NGINX 并将其配置为 SSL 终端)。但是,如果将 GitLab 配置为在反向代理或外部负载均衡器后面运行,则某些环境可能希望在 GitLab 应用程序外部终端部署 SSL。vi etc/gitlab/gitlab.rb nginx['listen_port'] = 80 nginx['listen_https'] = false external_url 'https://git.fengling.org'关闭 Gitlab 组件由于 Gitlab 核心功能是代码托管,所以有些额外的组件比较浪费资源,所以可以考虑关闭。prometheus['enable'] = false prometheus['monitor_kubernetes'] = false alertmanager['enable'] = false node_exporter['enable'] = false redis_exporter['enable'] = false postgres_exporter['enable'] = false gitlab_exporter['probe_sidekiq'] = false prometheus_monitoring['enable'] = false grafana['enable'] = false 初始化 Gitlab 组件第一次需要初始化 gitlab 服务,后续如果对 gitlab配置文件进行修改,也需要执行初始化进行重新配置。gitlab-ctl reconfigure gitlab-ctl status gitlab-ctl stop gitlab-ctl start验证 Gitlab 组件重新初始化后通过 gitlab-rails 检查 gitlab 邮箱是否可正常使用。# 打开控制台 gitlab-rails console # 发送邮件 Notify.test_email('dotdotmaples@163.com','test','gitlab').deliver_now日常维护备份修改默认存放备份站点目录,然后进行重新加载配置文件vim /etc/gitlab/gitlab.rb # 自定义备份路径 gitlab_rails['backup_path'] = "/data/gitlab/backups" # 保留7天 gitlab_rails['backup_keep_time'] = 604800 mkdir /data/gitlab/backups -p手动执行备份命令,会将备份的结果存储至/data/gitlab/backups 目录中gitlab-rake gitlab:backup:create # 也可以将备份命令写入定时任务每天进行自动备份 crontab -l 00 03 * * * /usr/bin/gitlab-rake gitlab:backup:create数据恢复当误删除项目,或者误删除用户等数据时候,如果之前有备份,那么可以做恢复操作。停止数据写入服务gitlab-ctl stop unicorn gitlab-ctl stop sidekiq通过 gitlab-rake 命令进行恢复,恢复时需要指定此前备份的名称。(但不需要写名称的.tar后缀)gitlab-rake gitlab:backup:restore BACKUP=1634715076_2021_10_20_12.3.0重启gitlab,检测是否 gitlab 是否恢复。gitlab-ctl restart迁移升级一般情况,gitlab一经使用,则不会升级;除非做迁移,例如从本地环境迁移到阿里云时,可以顺便升级;一般情况下,迁移会迁移两个文件,/etc/gitlab/gitlab.rb 和backups下的备份文件。在新节点需要安装相同的版本,先恢复数据数据恢复后先升级到本版本的最后一个版本,然后再升级到下个版本,例如(12.3 —> 12.9.9 --> 13),不能跨版本升级。如果从12 最后一个版本升级到13 ,会报错yum localinstall gitlabce-13.0.10-ce.0.el7.x86_64.rpm -y #会提示报错: Running transaction * gitlab_monitor['enable'] has been deprecated since 12.3 and was removed in 13.0. Use gitlab_exporter['enable'] instead.只需要根据提示编辑 /etc/gitlab.rb 配置文件#提示什么错变更什么即可 gitlab_monitor['enable'] =false gitlab_exporter['enable'] = false修改配置后重新初始化,然后在进行升级gitlab-ctl reconfigure yum localinstall gitlabce-13.0.10-ce.0.el7.x86_64.rpm -y安全将访问网页的 HTTP 协议升级到 HTTPS协议,保证数据安全;阿里云上申请下载nginx证书到/ssh_key文件夹mkdir -p /ssl_key修改 Gitlab 配置文件vim /etc/gitlab/gitlab.rb external_url "https://gitlab.bertwu.online" # 必须修改 nginx['enable'] = true nginx['client_max_body_size'] = '1000m' nginx['redirect_http_to_https'] = true nginx['redirect_http_to_https_port'] = 80 # 所有请求80的都跳转到443 nginx['ssl_certificate'] = "/ssl_key/server.crt" nginx['ssl_certificate_key'] = "/ssl_key/server.key" nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256" nginx['ssl_prefer_server_ciphers'] = "on" nginx['ssl_protocols'] = "TLSv1.2" nginx['ssl_session_cache'] = "builtin:1000 nnshared:SSL:10m" nginx['ssl_session_timeout'] = "1440m"重新初始化 Gitlabgitlab-ctl reconfigure忘记密码如何重置 GitLab的 root 密码 官方修改密码方式在 root 用户下,执行gitlab-rails console -e production -------------------------------------------------------------------------------- GitLab: 12.3.0 (4fcd588b89f) GitLab Shell: 10.0.0 PostgreSQL: 10.9 --------------------------------------------------------------------------------获得用户数据,修改用户密码irb(main):001:0> user=User.where(id:1).first => #<User id:1 @root> #更改密码并确认密码 irb(main):002:0> user.password="12345678" => "12345678" irb(main):003:0> user.password_confirmation="12345678" => "12345678" #保存退出 irb(main):004:0> user.save! Enqueued ActionMailer::DeliveryJob (Job ID: 07420155-1ccb-44a5-9b1c-c74e0253f253) to Sidekiq(mailers) with arguments: "DeviseMailer", "password_change", "deliver_now", #<GlobalID:0x00007f6ee7794b38 @uri=#<URI::GID gid://gitlab/User/1>> => true irb(main):005:0> quit