Gitlab部署(docker)
1.环境配置
(1)系统:centos7.8
(2)服务器配置:8H16G/1T
(3)IP地址:192.168.176.233
2.系统初始化
(1)关闭selinux
cat /etc/selinux/config | grep -w SELINUX
SELINUX=disabled
(2)修改ssh端口号
grep -rw "Port 16384" /etc/ssh/sshd_config
Port 16384
(3)启动firewalld,放行端口
firewall-cmd --zone=public --add-port=80/tcp
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=20022/tcp
firewall-cmd --zone=public --add-port=20022/tcp --permanent
firewall-cmd --zone=public --add-port=16384/tcp
firewall-cmd --zone=public --add-port=16384/tcp --permanent
firewall-cmd --reload
(4)修改主机名
hostnamectl set-hostname gitlab
(5)磁盘格式化
parted /dev/sdb <<EOF #磁盘名称按实际安装填写 mklabel #创建分区表 gpt #修改分区表格式gpt mkpart #创建一个part-type类型的分区 primary #将整块磁盘设置为主分区 ext4 #设置文件系统类型 1 #从1开始 1000G #此数值要根据客户提供磁盘大小更改 quit EOF #格式化磁盘 mkfs.xfs -f -n ftype=1 /dev/sdb mkdir -p /data/ # 创建逻辑分区(磁盘同上) yes|pvcreate /dev/sdb #此步骤需要y确认 vgcreate vgdata /dev/sdb # 此处将该卷组全部剩余空间划入本逻辑卷 lvcreate -l +100%FREE -n lvdata vgdata # 格式化逻辑卷 mkfs.xfs -f /dev/vgdata/lvdata # 设置开机自动挂载(手动) echo "/dev/vgdata/lvdata /data xfs defaults 0 0" >> /etc/fstab mount -a && df -Th
(6)内核优化
cat >> /etc/security/limits.conf <<EOF root soft nofile 100001 root hard nofile 100002 * soft core 10240 * hard core 10240 * soft data unlimited * hard data unlimited * soft fsize unlimited * hard fsize unlimited * soft memlock unlimited * hard memlock unlimited * soft nofile 1024000 * hard nofile 1024000 * soft rss unlimited * hard rss unlimited * soft stack 8194 docker soft nproc 102400 docker hard nproc 102400 * soft locks unlimited * hard locks unlimited * soft sigpending unlimited * hard sigpending unlimited * soft msgqueue unlimited * hard msgqueue unlimited EOF cat >> /etc/sysctl.conf <<EOF kernel.shmmax = 50000000000 #kernel.shmmni = 409600 kernel.shmall = 400000000000 kernel.sem = 500 20480 200 4096 kernel.sysrq = 1 kernel.core_uses_pid = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.msgmni = 2048 net.ipv4.tcp_syncookies = 1 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.tcp_max_syn_backlog = 4096 net.ipv4.conf.all.arp_filter = 1 net.ipv4.ip_local_port_range = 10000 65535 net.core.netdev_max_backlog = 10000 net.core.rmem_max = 2097152 net.core.wmem_max = 2097152 #vm.overcommit_memory = 2 #vm.swdatainess = 10 vm.zone_reclaim_mode = 0 vm.dirty_expire_centisecs = 500 vm.dirty_writeback_centisecs = 100 vm.dirty_background_ratio = 0 vm.dirty_ratio = 0 vm.dirty_background_bytes = 1610612736 vm.dirty_bytes = 4294967296 # ES配置 vm.max_map_count=262144 EOF # 执行命令生效 sysctl -p
(7)安装docker服务
#关闭swap交换分区
swapoff -a # 临时关闭
# vim /etc/fstab # 永久关闭,注释swap行
sed -i 's/.*swap.*/#&/' /etc/fstab
#关闭NetworkManager
systemctl stop NetworkManager.service
systemctl disable NetworkManager.service
#安装docker服务
#Install required packages.
yum install -y yum-utils device-mdataer-persistent-data lvm2
# Add Docker repository.
yum-config-manager --add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
# Install Docker CE.
yum install -y containerd.io-1.2.13 docker-ce-19.03.8 docker-ce-cli-19.03.8
# yum -y install docker-ce-19.03.4 docker-ce-cli-19.03.4 containerd.io-1.2.10
## Create /etc/docker directory.
mkdir /etc/docker
# Setup daemon
cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"graph": "/data/docker_storage",
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
],
"insecure-registries" : ["192.168.176.130:8090","49.233.23.168:8090","192.168.27.141"],
"registry-mirrors": ["https://g427vmjy.mirror.aliyuncs.com"],
"live-restore": true
}
EOF
mkdir -p /etc/systemd/system/docker.service.d
#打开docker的api监听端口
cp /usr/lib/systemd/system/docker.service{,.bak}
# /usr/lib/systemd/system/docker.service
sed -i 's/^ExecStart.*/#&/' /lib/systemd/system/docker.service
sed -i '15i ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock -H fd:// --containerd=/run/containerd/containerd.sock' /lib/systemd/system/docker.service
# Restart Docker
systemctl daemon-reload
systemctl restart docker
systemctl enable docker
(8)同步时间
yum -y install ntpdate
ntpdate cn.pool.ntp.org
(9)下载并启动gitlab容器
docker run -itd -p 80:80 -p 443:443 -p 20022:22 -v /data/gitlab/etc:/etc/gitlab -v /data/gitlab/log:/var/log/gitlab -v /data/gitlab/opt:/var/opt/gitlab \
-v /etc/localtime:/etc/localtime:ro --restart always --privileged=true --name gitlab 192.168.176.111:8090/oa_software/gitlab-ce:v14.6.1_20220411
(10)gitlab配置文件修改
cat /data/gitlab/etc/gitlab.rb external_url 'http://192.168.176.233' gitlab_rails['gitlab_ssh_host'] = '192.168.176.233' gitlab_rails['gitlab_shell_ssh_port'] = 20022
(11)gitlab目录说明
/var/opt/gitlab/git-data/repositories/:仓库默认存储目录 /opt/gitlab:应用程序代码和相应的依赖程序 /var/opt/gitlab:gitlab数据存放路径 gitlab-ctl reconfigure命令编译后的应用数据和配置文件,不需要人为修改配置 /etc/gitlab: 配置文件目录 /etc/gitlab/gitlab.rb gitlab配置文件 /var/log/gitlab:此目录下存放了 gitlab各个组件产生的日志 /var/opt/gitlab/backups/:备份文件生成的目录
(12)部署gitlab参考文档:
https://www.cnblogs.com/liuqingzheng/p/15325288.html
(13)查看gitlab版本号
cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
(14)gitlab邮箱配置
参考文档:https://blog.csdn.net/qq_37398834/article/details/115674903
cat /data/gitlab/etc
gitlab_rails['gitlab_email_from'] = 'test@test-ai.com' #企业微信邮箱
gitlab_rails['gitlab_email_display_name'] = 'Gitlab'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.exmail.qq.com"
gitlab_rails['smtp_port'] = 25
gitlab_rails['smtp_user_name'] = "test@test-ai.com" #企业微信邮箱
gitlab_rails['smtp_password'] = "idY7a8g7JCEgqkm4" #在企业邮箱网页版中获得客户端登录认证码
gitlab_rails['smtp_domain'] = "test-ai.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = false
#重载配置文件
gitlab-ctl reconfigure
#邮箱测试
gitlab-rails console
Notify.test_email('test@test.com', 'Message Subject', 'Message Body').deliver_now
(15)修改root密码
# 进入容器内部 docker exec -it gitlab /bin/bash # 进入控制台 gitlab-rails console -e production # 查询id为1的用户,id为1的用户是超级管理员 user = User.where(id:1).first # 修改密码为lqz123456 user.password='lqz123456' # 保存 user.save! # 退出 exit
(16)gitlab备份与还原
参考文档:https://www.cnblogs.com/cheyunhua/p/14875506.html
(17)登录配置
http://192.168.176.233
