env-centos-gitlab

一、安装并配置必要的依赖关系

在CentOS系统上安装所需的依赖：ssh，防火墙,postfix(用于邮件通知) ，wget，以下这些命令也会打开系统防火墙中的HTTP和SSH端口访问。

安装ssh: sudo yum install -y curl policycoreutils-pythonopenssh-server
将SSH服务设置成开机自启动，安装命令：sudo systemctl enable sshd
启动SSH服务，安装命令：sudo systemctl start sshd
安装防火墙（如果已经安装了防火墙并且已经在运行状态，则可直接进行第6步）:yum install firewalld systemd -y
开启防火墙，安装命令：service firewalld start

添加http服务到firewalld,pemmanent表示永久生效，若不加–permanent系统下次启动后就会失效。

#开放ssh、http服务
sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --add-service=http --permanent

#重载防火墙规则
sudo firewall-cmd --reload

接下来，安装Postfix以发送通知邮件，安装命令：sudo yum install postfix
将postfix服务设置成开机自启动，安装命令：sudo systemctl enable postfix

启动postfix，安装命令：sudo systemctl start postfix 遇到问题:

Job for postfix.service failed because the control process exited with error code. See "systemctl status postfix.service" and "journalctl -xe" for details.
(cmdb) [root@node1 ~]# journalctl -xe
Jan 21 16:30:01 node1.cn systemd[1]: Starting Session 764 of user root.
-- Subject: Unit session-764.scope has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

▽ Unit session-764.scope has begun starting up.
Jan 21 16:30:01 node1.cn CROND[5943]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Jan 21 16:30:21 node1.cn polkitd[450]: Registered Authentication Agent for unix-process:5950:36693241 (system bus name :1.1600 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org
Jan 21 16:30:21 node1.cn systemd[1]: Reloading.
Jan 21 16:30:21 node1.cn systemd[1]: Configuration file /usr/lib/systemd/system/eni.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs witho
Jan 21 16:30:21 node1.cn polkitd[450]: Unregistered Authentication Agent for unix-process:5950:36693241 (system bus name :1.1600, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, 
Jan 21 16:30:28 node1.cn polkitd[450]: Registered Authentication Agent for unix-process:5967:36693923 (system bus name :1.1601 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org
Jan 21 16:30:28 node1.cn systemd[1]: Starting Postfix Mail Transport Agent...
-- Subject: Unit postfix.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit postfix.service has begun starting up.
Jan 21 16:30:28 node1.cn aliasesdb[5973]: /usr/sbin/postconf: fatal: parameter inet_interfaces: no local interface found for ::1
Jan 21 16:30:29 node1.cn postfix/sendmail[5975]: fatal: parameter inet_interfaces: no local interface found for ::1
Jan 21 16:30:29 node1.cn aliasesdb[5973]: newaliases: fatal: parameter inet_interfaces: no local interface found for ::1
Jan 21 16:30:29 node1.cn postfix[5978]: fatal: parameter inet_interfaces: no local interface found for ::1
Jan 21 16:30:30 node1.cn systemd[1]: postfix.service: control process exited, code=exited status=1
Jan 21 16:30:30 node1.cn systemd[1]: Failed to start Postfix Mail Transport Agent.
-- Subject: Unit postfix.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

解决方法：修改 /etc/postfix/main.cf的设置

1 2	inet_protocols = ipv4 inet_interfaces = all

重新启动postfix即可

1	systemctl start postfix.service

二、安装

1、YUM安装gitlab

添加GitLab社区版Package

1	curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh \| sudo bash

安装GitLab社区版

1	sudo yum install -y gitlab-ce

2、配置GitLab站点Url

GitLab默认的配置文件路径是/etc/gitlab/gitlab.rb

默认的站点Url配置项是： external_url ‘http://gitlab.example.com:8082'

这里我将GitLab站点Url修改为http://git.wodekouwei.com 也可以用IP代替域名，这里根据自己需求来即可

#修改配置文件
sudo vi /etc/gitlab/gitlab.rb

#配置首页地址（大约在第15行）
external_url 'http://git.wodekouwei.com:8082'

2、配置端口号

修改nginx端口sudo vi /etc/gitlab/gitlab.rb:

1 2	nginx['listen_port'] = 8083 unicorn['port'] = 8092

修改/var/opt/gitlab/gitlab-rails/etc/unicorn.rb

1	listen "127.0.0.1:8092", :tcp_nopush => true

sudo vi /var/opt/gitlab/nginx/conf/gitlab-http.conf:

1 2	server { listen *:8083;

修改unicorn端口sudo vi /etc/gitlab/gitlab.rb:

1	unicorn['port'] = 8092

保存配置，重启

1
2
3

sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart
sudo gitlab-ctl status

sudo gitlab-ctl tail

如果还是想从80端口访问gitlab，我们可以用监听在80端口的nginx做一个反向代理。

1	service nginx restart

后可以正常访问。

server {
    listen 80;
    server_name gitlab.123.123.cn;

    location / {
        #rewrite ^(.*) http://127.0.0.1:8082;
        proxy_pass http://127.0.0.1:8082;
    }
}

3、配置smtp邮件发送

$ sudo vi /etc/gitlab/gitlab.rb                            
# Change the external_url to the address your users will type in their browser
external_url 'http://xxhost.com'

#Sending application email via SMTP
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.163.com"
gitlab_rails['smtp_port'] = 25 
gitlab_rails['smtp_user_name'] = "xxuser@163.com"
gitlab_rails['smtp_password'] = "xxpassword"
gitlab_rails['smtp_domain'] = "163.com"
gitlab_rails['smtp_authentication'] = :login
gitlab_rails['smtp_enable_starttls_auto'] = true

##修改gitlab配置的发信人
gitlab_rails['gitlab_email_from'] = "xxuser@163.com"
user["git_user_email"] = "xxuser@163.com"

4、启动并访问GitLab

启动GitLab

#重新配置并启动
sudo gitlab-ctl reconfigure

#完成后将会看到如下输出
Running handlers complete
Chef Client finished, 432/613 resources updated in 03 minutes 43 seconds
gitlab Reconfigured!

访问GitLab 将设置的域名DNS解析到服务器IP，或者修改本地host将域名指向服务器IP。访问：http://git.wodekouwei.com:8082

三、GitLab常用配置

1、禁用创建组权限

GitLab默认所有的注册用户都可以创建组。但对于团队来说，通常只会给Leader相关权限。虽然可以在用户管理界面取消权限，但毕竟不方便。我们可以通过配置GitLab默认禁用创建组权限。

#修改配置文件
sudo vi /etc/gitlab/gitlab.rb

#开启gitlab_rails['gitlab_default_can_create_group'] 选项，并将值设置为false
### GitLab user privileges
gitlab_rails['gitlab_default_can_create_group'] = false

#保存后，重新配置并启动GitLab
sudo gitlab-ctl reconfigure

2、gitlab-ctl常用命令介绍

命令	说明
check-config	检查在gitlab中是否有任何配置。在指定版本中删除的rb
deploy-page	安装部署页面
diff-config	将用户配置与包可用配置进行比较
remove-accounts	删除所有用户和组
upgrade	升级
service-list	查看所有服务
once	如果GitLab服务停止了就启动服务，如果已启动就不做任何操作
restart	重启GitLab服务
start	如果GitLab服务停止了就启动服务，如果已启动就重启服务
stop	停止GitLab服务
status	查看GitLab服务状态
reconfigure	reconfigure重新配置GitLab并启动

一、 安装并配置必要的依赖关系

二、 安装