Gitlab_ansible_jenkins三剑客①搭建gitlab的详细步骤
环境准备
1.关闭selinux和防火墙
[root@node1 lesson2]# vim /etc/sysconfig/selinux
SELINUX=disabled
# systemctl stop firewalld
# systemctl disable firewalld
# 安装依赖包
yum -y install curl policycoreutils openssh-server openssh-clients postfix
# 获取gitlab的yum源安装脚本并执行
curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
# 因为有代理,需要设置
export http_proxy=http://10.11.0.148:808
export https_proxy=http://10.11.0.148:808
export ftp_proxy=http://10.11.0.148:808
# 启动邮件服务
systemctl enable postfix && systemctl start postfix
# 安装gitlab-ce 版
yum install gitlab-ce -y
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : audit-libs-2.8.4-4.el7.x86_64 1/12
Installing : audit-libs-python-2.8.4-4.el7.x86_64 2/12
Installing : setools-libs-3.3.8-4.el7.x86_64 3/12
Installing : python-IPy-0.75-6.el7.noarch 4/12
Installing : libsemanage-python-2.5-14.el7.x86_64 5/12
Installing : checkpolicy-2.5-8.el7.x86_64 6/12
Installing : libcgroup-0.41-20.el7.x86_64 7/12
Installing : policycoreutils-python-2.5-29.el7_6.1.x86_64 8/12
Installing : gitlab-ce-11.8.1-ce.0.el7.x86_64 9/12
Updating : audit-2.8.4-4.el7.x86_64 10/12
Cleanup : audit-2.8.1-3.el7.x86_64 11/12
Cleanup : audit-libs-2.8.1-3.el7.x86_64 12/12
It looks like GitLab has not been configured yet; skipping the upgrade script.
*. *.
*** ***
***** *****
.****** *******
******** ********
,,,,,,,,,***********,,,,,,,,,
,,,,,,,,,,,*********,,,,,,,,,,,
.,,,,,,,,,,,*******,,,,,,,,,,,,
,,,,,,,,,*****,,,,,,,,,.
,,,,,,,****,,,,,,
.,,,***,,,,
,*,.
_______ __ __ __
/ ____(_) /_/ / ____ _/ /_
/ / __/ / __/ / / __ `/ __ \
/ /_/ / / /_/ /___/ /_/ / /_/ /
\____/_/\__/_____/\__,_/_.___/
Thank you for installing GitLab!
GitLab was unable to detect a valid hostname for your instance.
Please configure a URL for your GitLab instance by setting `external_url`
configuration in /etc/gitlab/gitlab.rb file.
Then, you can start your GitLab instance by running the following command:
sudo gitlab-ctl reconfigure
For a comprehensive list of configuration options please see the Omnibus GitLab readme
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md
Verifying : libcgroup-0.41-20.el7.x86_64 1/12
Verifying : checkpolicy-2.5-8.el7.x86_64 2/12
Verifying : policycoreutils-python-2.5-29.el7_6.1.x86_64 3/12
Verifying : audit-libs-2.8.4-4.el7.x86_64 4/12
Verifying : libsemanage-python-2.5-14.el7.x86_64 5/12
Verifying : gitlab-ce-11.8.1-ce.0.el7.x86_64 6/12
Verifying : python-IPy-0.75-6.el7.noarch 7/12
Verifying : setools-libs-3.3.8-4.el7.x86_64 8/12
Verifying : audit-2.8.4-4.el7.x86_64 9/12
Verifying : audit-libs-python-2.8.4-4.el7.x86_64 10/12
Verifying : audit-2.8.1-3.el7.x86_64 11/12
Verifying : audit-libs-2.8.1-3.el7.x86_64 12/12
Installed:
gitlab-ce.x86_64 0:11.8.1-ce.0.el7
Dependency Installed:
audit-libs-python.x86_64 0:2.8.4-4.el7 checkpolicy.x86_64 0:2.5-8.el7 libcgroup.x86_64 0:0.41-20.el7 libsemanage-python.x86_64 0:2.5-14.el7 policycoreutils-python.x86_64 0:2.5-29.el7_6.1 python-IPy.noarch 0:0.75-6.el7 setools-libs.x86_64 0:3.3.8-4.el7
Dependency Updated:
audit.x86_64 0:2.8.4-4.el7 audit-libs.x86_64 0:2.8.4-4.el7
Complete!
# 配置gitlab本地证书,并加载证书
a. 创建私钥
[root@node1 ~]# mkdir -p /etc/gitlab/ssl
[root@node1 ~]# openssl genrsa -out "/etc/gitlab/ssl/gitlab.example.com.key" 2048
Generating RSA private key, 2048 bit long modulus
.......................................................................................................................+++
......................................................+++
e is 65537 (0x10001)
b. 使用私钥创建 csr 证书
[root@node1 ~]# openssl req -new -key "/etc/gitlab/ssl/gitlab.example.com.key" -out "/etc/gitlab/ssl/gitlab.example.com.csr"
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:sz
Locality Name (eg, city) [Default City]:sz
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:gitlab.example.com
Email Address []:admin@example.gitlab.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:
[root@node1 ~]# cd /etc/gitlab/ssl/
[root@node1 ssl]# ll
total 8
-rw-r--r-- 1 root root 1086 Mar 11 20:46 gitlab.example.com.csr
-rw-r--r-- 1 root root 1679 Mar 11 20:45 gitlab.example.com.key
c.签署crt证书
[root@node1 ssl]# openssl x509 -req -days 365 -in "/etc/gitlab/ssl/gitlab.example.com.csr" -signkey "/etc/gitlab/ssl/gitlab.example.com.key" -out "/etc/gitlab/ssl/gitlab.example.com.crt"
Signature ok
subject=/C=cn/ST=sz/L=sz/O=Default Company Ltd/CN=gitlab.example.com/emailAddress=admin@example.gitlab.com
Getting Private key
# 创建pem证书
# openssl dhparam -out /etc/gitlab/ssl/dhparams.pem 2048
# 修改权限
[root@node1 ssl]# ll
total 16
-rw-r--r-- 1 root root 424 Mar 11 20:53 dhparams.pem
-rw-r--r-- 1 root root 1302 Mar 11 20:50 gitlab.example.com.crt
-rw-r--r-- 1 root root 1086 Mar 11 20:46 gitlab.example.com.csr
-rw-r--r-- 1 root root 1679 Mar 11 20:45 gitlab.example.com.key
[root@node1 ssl]# chmod 600 *
[root@node1 ssl]# ll
total 16
-rw------- 1 root root 424 Mar 11 20:53 dhparams.pem
-rw------- 1 root root 1302 Mar 11 20:50 gitlab.example.com.crt
-rw------- 1 root root 1086 Mar 11 20:46 gitlab.example.com.csr
-rw------- 1 root root 1679 Mar 11 20:45 gitlab.example.com.key
修改配置 vim /etc/gitlab/gitlab.rb
external_url 'http://gitlab.example.com'
改成
external_url 'https://gitlab.example.com'
nginx['redirect_http_to_https'] = false 改为 nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt" 改为 nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.example.com.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key" 改为 nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.example.com.key"
# nginx['ssl_dhparam'] = nil 改为 # nginx['ssl_dhparam'] = /etc/gitlab/ssl/dhparams.pem
#####初始化 gitlab 配置
gitlab-ctl reconfigure
# nginx配置
# vim /var/opt/gitlab/nginx/conf/gitlab-http.conf
server {
listen *:80;
server_name gitlab.example.com;
// 新增该行配置
rewrite ^(.*)$ https://$host$1 permanent;
server_tokens off; ## Don't show the nginx version number, a security best practice
location / {
return 301 https://gitlab.example.com:443$request_uri;
}
access_log /var/log/gitlab/nginx/gitlab_access.log gitlab_access;
error_log /var/log/gitlab/nginx/gitlab_error.log;
}
# 重新启动,加载nginx 配置
[root@node1 lesson2]# gitlab-ctl restart
本地电脑新增hosts记录,用于访问我们自己搭建的gitlab服务
10.11.0.210 gitlab.example.com
访问浏览器:gitlab.example.com
root 修改密码为 admin888
简单使用gitlab
创建一个test-repo仓库
拷贝仓库地址
简单验证git仓库能否正常工作
下载安装git windows客户端
下载地址:https://git-scm.com/download/win
# 克隆 test_repo 仓库
ws@SZ18052967C01 MINGW64 /git_repo
$ git -c http.sslVerify=false clone https://gitlab.example.com/root/test-repo.git
ws@SZ18052967C01 MINGW64 /git_repo
$ git -c http.sslVerify=false clone https://gitlab.example.com/root/test-repo.git
Cloning into 'test-repo'...
warning: You appear to have cloned an empty repository.
ws@SZ18052967C01 MINGW64 /git_repo
$ cd test-repo/
ws@SZ18052967C01 MINGW64 /git_repo/test-repo (master)
$ vim test.py
ws@SZ18052967C01 MINGW64 /git_repo/test-repo (master)
$ cat test.py
#coding:utf-8
print "hello python"
ws@SZ18052967C01 MINGW64 /git_repo/test-repo (master)
$ git add .
warning: LF will be replaced by CRLF in test.py.
The file will have its original line endings in your working directory
ws@SZ18052967C01 MINGW64 /git_repo/test-repo (master)
$ git commit -m "first commit"
*** Please tell me who you are.
Run
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
to set your account's default identity.
Omit --global to set the identity only in this repository.
fatal: unable to auto-detect email address (got 'ws@SZ18052967C01.(none)')
# 初始化windows本地的git配置
ws@SZ18052967C01 MINGW64 /git_repo/test-repo (master)
$ git config --global user.email "admin@example.com"
ws@SZ18052967C01 MINGW64 /git_repo/test-repo (master)
$ git config --global user.name "admin"
ws@SZ18052967C01 MINGW64 /git_repo/test-repo (master)
$ git commit -m "first commit"
[master (root-commit) 3d89950] first commit
1 file changed, 3 insertions(+)
create mode 100644 test.py
#把我们刚才的test.py代码推送到gitlab服务器
ws@SZ18052967C01 MINGW64 /git_repo/test-repo (master)
$ git -c http.sslVerify=false push origin master
Enumerating objects: 3, done.
Counting objects: 100% (3/3), done.
Writing objects: 100% (3/3), 238 bytes | 21.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To https://gitlab.example.com/root/test-repo.git
* [new branch] master -> master
查看git仓库,可以看到代码成功推送
修改root密码
1.登录GitLab后台服务器,并且切换至git用户
su - git
2.登录GitLab的Rails控制台
gitlab-rails console
3.定位到root用户
user = User.where(id: 1).first
4.修改root密码
user.password='admin888'
5.保存
user.save!
6.让配置生效
gitlab-ctl reconfigure
登录gitlab控制台即可用修改后的密码登录了
