使用Ubuntu22.04 部署 Gitlab CE
安装操作系统
-
操作系统:Ubuntu 22.04
-
系统盘:50G #/dev/sda 默认配置LVM
-
数据盘:100G #/dev/sdb1格式化为ext4,配置fstab挂载到/var/opt/gitlab
-
备份盘:100G #/dev/sdc1格式化为ext4,配置fstab挂载到/var/opt/gitlab-backups
-
更新安装源
-
配置主机名hostname文件中增加 gitlab01.owl.local
-
配置hosts文件,在127.0.0.1后增加gitlab.owl.local
-
执行hostnamectl命令,确定主机的fqdn名为:gitlab01.owl.local
安装gitlab
使用手动下载指定安装包的形式,【参考】
安装依赖包
sudo apt-get update
sudo apt-get install -y curl openssh-server ca-certificates tzdata perl
sudo apt-get install -y postfix
下载并安装Gitlab
-
gitlab-ce安装包下载地址:https://packages.gitlab.com/gitlab/gitlab-ce
-
用dpkg执行安装
dpkg -i gitlab-ce_17.5.0-ce.0_amd64.deb
:::
curl -s https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
网站会自动给出配置apt源的命令,但是所在服务器下载速度很慢,于是就手动下载安装包后上传到服务器。
:::
配置gitlab.rb
以下省略生成ssl证书的过程, 大致上,使用openssl生成一个自签名证书;ldap认证使用的是636端口上的ldaps服务而非389上的ldap,这依赖去ldap/AD服务器的配置。
external_url 'https://gitlab01.owl.local'
gitlab_rails['smtp_enable'] = true
#本例使用钉钉上绑定的阿里邮箱服务,使用其它邮箱配置会有不同,参照不同厂商的文档
gitlab_rails['smtp_address'] = "smtp.em.dingtalk.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "owl@abcd.com"
gitlab_rails['smtp_password'] = "**********"
gitlab_rails['smtp_authentication'] = "login"
#gitlab_rails['smtp_enable_starttls_auto'] = true
#gitlab_rails['smtp_tls'] 和 gitlab_rails['smtp_enable_starttls_auto'] 是互斥的. SMTP服务提供商,通常用465给TLS,587给STARTTLS. 不要用STARTTLS了,它落伍了
gitlab_rails['smtp_tls'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'none'
gitlab_rails['gitlab_email_enabled'] = true
#上面是登录信息,这里是发邮件出去的时候显示的地址和名称
gitlab_rails['gitlab_email_from'] = 'gitlab01@abcd.com'
gitlab_rails['gitlab_email_display_name'] = 'GitLab01 Server Message'
gitlab_rails['gitlab_email_reply_to'] = 'noreply@abcd.com'
gitlab_rails['gitlab_email_subject_suffix'] = ''
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'Windows AD'
host: '10.1.1.10'
port: 636
uid: 'sAMAccountName'
bind_dn: 'CN=dirlookup,OU=ServiceAccounts,OU=China,DC=owl,DC=local'
password: 'IdontHaveIt!'
encryption: 'simple_tls' # "start_tls" or "simple_tls" or "plain"
verify_certificates: false
allow_username_or_email_login: true
lowercase_usernames: true
block_auto_created_users: false
base: 'dc=lit,dc=local'
user_filter: 'memberOf=CN=gitlab01-users,OU=Groups,OU=Shanghai,OU=China,DC=owl,DC=local'
EOS
nginx['enable'] = true
nginx['redirect_http_to_https'] = true
nginx['redirect_http_to_https_port'] = 80
nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"
nginx['ssl_verify_client'] = "off"
nginx['ssl_verify_depth'] = "1"
#使用OPENSSL自签名的10年证书, 自2024/10/22日起
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab01.owl.local.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab01.owl.local.key"
nginx['ssl_protocols'] = "TLSv1.2 TLSv1.3"
#这个要关掉,要不然用自签名的证书会报错
letsencrypt['enable'] = false
#备份保留7天
gitlab_rails['backup_keep_time'] = 604800
gitlab_backup_cli['enable'] = true
gitlab_backup_cli['user'] = 'gitlab-backup'
gitlab_backup_cli['group'] = 'gitlab-backup'
gitlab_backup_cli['dir'] = '/var/opt/gitlab-backups'
gitlab_backup_cli['additional_groups'] = %w[git gitlab-psql registry]
变更配置文件后总是要执行 gitlab-ctl reconfigure 以使配置生效
配置备份
手动备份配置文件
每次变更完配置后,需要手动备份一下以下两个文件
mkdir -p /var/opt/gitlab/backups/config
cp /etc/gitlab/gitlab.rb /var/opt/gitlab/backups/config
cp /etc/gitlab/gitlab-secrets.json /var/opt/gitlab/backups/config
配置crontab
0 2 * * * /opt/gitlab/bin/gitlab-rake gitlab:backup:create >/dev/null2>&1
浙公网安备 33010602011771号