一、
gitlab二进制文件下载地址:
官方网站:
gitlab/gitlab-ce - Packages · packages.gitlab.com
清华镜像站:
Index of /gitlab-ce/yum/ | 清华大学开源软件镜像站 | Tsinghua Open Source Mirror
gitlab分为ce也就是社区版本和ee版本,也就是企业版,当然现在选择的是社区版啦,这里说明一下,gitlab是用ruby语言写的,因此,初始化的时候会看到非常多的ruby脚本在执行
🆗,还有什么fips版本,什么是fips?合规监管要求其必须使用符合FIPS规范。FIPS 140-2和 FIPS 140-3 定义了用于计算机和电信系统以及保护敏感信息的网络系统中的加密模块的安全要求,也就是这样的版本更加安全,同时意味着更多的麻烦,部署方面的麻烦,fips版本下载地址:
gitlab/gitlab-fips - Packages · packages.gitlab.com
本次部署使用的是gitlab-ce-17.7.7-ce.0.el7.x86_64.rpm ,在centos7操作系统下部署成功
二、
安装部署流程
1、
yum安装gitlab-ce-17.7.7
上传gitlab-ce-17.7.7-ce.0.el7.x86_64.rpm,配置yum源,至少需要阿里云的base源,epel源,如果实在是懒得配置yum,可以使用离线安装源
离线yum安装源下载地址:
通过网盘分享的文件:gitlab-install
链接: https://pan.baidu.com/s/1mLDg6T6UjH5crsQwYaepsg?pwd=y71m 提取码: y71m
配置离线yum源,gitlab-install文件夹放置到root目录下
[gitlab]
name=gitlab Repository (x86_64)
baseurl=file:///root/gitlab-install
enabled=1
gpgcheck=0
安装命令为:
yum install /root/gitlab-install/gitlab-ce-17.7.7-ce.0.e
依赖的rpm包如下;
audit-libs-python x86_64 2.8.5-4.el7 base_x86_64 76 kcheckpolicy x86_64 2.5-8.el7 base_x86_64 295 klibcgroup x86_64 0.41-21.el7 base_x86_64 66 klibsemanage-python x86_64 2.5-14.el7 base_x86_64 113 kpolicycoreutils-python x86_64 2.5-34.el7 base_x86_64 457 kpython-IPy noarch 0.75-6.el7 base_x86_64 32 ksetools-libs x86_64 3.3.8-4.el7 base_x86_64 620 k
Updating for dependencies:policycoreutils x86_64 2.5-34.el7 base_x86_64 917 k
重要提示如下:
Thank you for installing GitLab!
GitLab was unable to detect a valid hostname for your instance.
Please configure a URL for your GitLab instance by setting `external_url`
configuration in /etc/gitlab/gitlab.rb file.
Then, you can start your GitLab instance by running the following command:sudo gitlab-ctl reconfigureFor a comprehensive list of configuration options please see the Omnibus GitLab readme
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.mdHelp us improve the installation experience, let us know how we did with a 1 minute survey:
https://gitlab.fra1.qualtrics.com/jfe/form/SV_6kVqZANThUQ1bZb?installation=omnibus&release=17-7以上提示意思是external_url需要设置,配置文件是/etc/gitlab/gitlab.rb,gitlab的启动命令是gitlab-ctl reconfigure
2、
gitlab配置文件的修改
主要是external_url的定义,这里采用服务器IP+端口的形式就可以了,如果不想gitlab默认在80端口启动,我这里修改为19000端口启动:
external_url 'http://192.168.123.14:19000'
3、
初始化和启动gitlab
gitlab是默认安装在/opt目录下的,查看/opt/gitlab/version-manifest.txt ,可以看到gitlab使用的组件有哪些
对该文件分析,可以得出gitlab是一个软件集合,有非常多的组件组合而成,这些组件都是内置形式放在/opt/gitlab/embedded 这个目录下,很多组件是大家很熟悉的,比如postgresql数据库,redis数据库,nginx等等,pg数据库版本是比较高的哦,应该是14版本
service是服务配置文件存放目录,由于还没有初始化,也就是gitlab-ctl reconfigure命令还没执行,因此,现在是没有什么文件的
bin目录是gitlab的命令行工具,其中包括gitlab-ctl这个命令
[root@centos14 ~]# cat /opt/gitlab/version-manifest.txt
gitlab-ce 17.7.7Component Installed Version Version GUID
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
alertmanager v0.27.0 git:0aa3c2aad14cff039931923ab16b26b7481783b5
bzip2 1.0.8 sha512:083f5e675d73f3233c7930ebe20425a533feedeaaa9d8cc86831312a6581cefbe6ed0d08d2fa89be81082f2a5abdabca8b3c080bf97218a1bd59dc118a30b9f3
cacerts 2022.07.19 sha256:6ed95025fba2aef0ce7b647607225745624497f876d74ef6ec22b26e73e9de77
chef-acme v4.1.6 git:c670bfbcdd7957fa052872c23e38dfba7eef02dc
chef-gem 18.3.0
compat_resource v12.19.1 git:e36200f6b804915b68a4ce74c8b7a293c041d9fe
config_guess c9092d05347c925a26f6887980e185206e13f9d6 git:00b15927496058d23e6258a28d8996f87cf1f191
curl curl-8_11_0 git:b1ef0e1a01c0bb6ee5367bd9c186a603bde3615a
docker-distribution-pruner v0.2.0 git:a796e3670d508529da84ac66f242d87ff7803609
exiftool 12.99 git:4981552ec9bf94a0b5a64a06919b5e4f797c208e
git v17.7.7 git:c1e7db8408da156064fd6eadfa625bccf25b0309
git-filter-repo v2.47.0
gitaly v17.7.7 git:c1e7db8408da156064fd6eadfa625bccf25b0309
gitlab-backup-cli 11bd2a07e00a1c1de5d6a7dfe4301fe4
gitlab-config-template 17.7.7
gitlab-cookbooks 17.7.7
gitlab-ctl 17.7.7
gitlab-exporter 15.0.0
gitlab-healthcheck 0060154a010637bec197fb38217ddcbc
gitlab-kas v17.7.7 git:627b1fb728ba5e6b760b034e89f8e7b92803516c
gitlab-pages v17.7.7 git:c51b9359e4eb1ab417717ac841fb2859219d7828 初始化gitlab
这里的初始化其实就是载入/etc/gitlab/gitlab.rb配置文件,并依据此配置文件生成各个组件的配置文件,命令为gitlab-ctl reconfigure,但gitlab-ctl还没有加入系统环境变量,因此,使用全路径:
/opt/gitlab/bin/gitlab-ctl reconfigure初始化完成后的日志结尾如下:
[2025-03-29T14:06:22+08:00] INFO: execute[reload all sysctl conf] ran successfully- execute sysctl -e --system
[2025-03-29T14:06:22+08:00] INFO: directory[/var/opt/gitlab/gitlab-workhorse/sockets] sending restart action to runit_service[gitlab-workhorse] (delayed)
Recipe: gitlab::gitlab-workhorse* runit_service[gitlab-workhorse] action restart (up to date)
[2025-03-29T14:06:23+08:00] INFO: version_file[Create version file for NGINX] sending restart action to runit_service[nginx] (delayed)
Recipe: nginx::enable* runit_service[nginx] action restart (up to date)
[2025-03-29T14:06:23+08:00] INFO: env_dir[/opt/gitlab/etc/node-exporter/env] sending restart action to runit_service[node-exporter] (delayed)
Recipe: monitoring::node-exporter* runit_service[node-exporter] action restart (up to date)
[2025-03-29T14:06:24+08:00] INFO: env_dir[/opt/gitlab/etc/gitlab-exporter/env] sending restart action to runit_service[gitlab-exporter] (delayed)
Recipe: monitoring::gitlab-exporter* runit_service[gitlab-exporter] action restart (up to date)
[2025-03-29T14:06:24+08:00] INFO: env_dir[/opt/gitlab/etc/redis-exporter/env] sending restart action to runit_service[redis-exporter] (delayed)
Recipe: monitoring::redis-exporter* runit_service[redis-exporter] action restart (up to date)
[2025-03-29T14:06:25+08:00] INFO: env_dir[/opt/gitlab/etc/prometheus/env] sending restart action to runit_service[prometheus] (delayed)
Recipe: monitoring::prometheus* runit_service[prometheus] action restart (up to date)
[2025-03-29T14:06:25+08:00] INFO: file[Prometheus config] sending run action to execute[reload prometheus] (delayed)* execute[reload prometheus] action run[2025-03-29T14:06:26+08:00] INFO: execute[reload prometheus] ran successfully- execute /opt/gitlab/bin/gitlab-ctl hup prometheus
[2025-03-29T14:06:26+08:00] INFO: env_dir[/opt/gitlab/etc/alertmanager/env] sending restart action to runit_service[alertmanager] (delayed)
Recipe: monitoring::alertmanager* runit_service[alertmanager] action restart (up to date)
[2025-03-29T14:06:26+08:00] INFO: env_dir[/opt/gitlab/etc/postgres-exporter/env] sending restart action to runit_service[postgres-exporter] (delayed)
Recipe: monitoring::postgres-exporter* runit_service[postgres-exporter] action restart (up to date)
[2025-03-29T14:06:27+08:00] INFO: Cinc Client Run complete in 180.963016661 secondsRunning handlers:
[2025-03-29T14:06:27+08:00] INFO: Running report handlers
Running handlers complete
[2025-03-29T14:06:27+08:00] INFO: Report handlers complete
Infra Phase complete, 581/1612 resources updated in 03 minutes 02 secondsDeprecations:
Your OS, centos-7.7.1908, will be deprecated soon.
Starting with GitLab 17.8, packages will not be built for it.
Switch or upgrade to a supported OS, see https://docs.gitlab.com/ee/administration/package_information/supported_os.html for more information.Update the configuration in your gitlab.rb file or GITLAB_OMNIBUS_CONFIG environment.Notes:
Default admin account has been configured with following details:
Username: root
Password: You didn't opt-in to print initial root password to STDOUT.
Password stored to /etc/gitlab/initial_root_password. This file will be cleaned up in first reconfigure run after 24 hours.NOTE: Because these credentials might be present in your log files in plain text, it is highly recommended to reset the password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.gitlab Reconfigured!
初始化主要做的工作就是启动各个内置服务,比如Prometheus,postgresql,redis等等组件,并告诉你密码存放在了/etc/gitlab/initial_root_password这个文件内,查看此文件:
[root@centos14 bin]# cat /etc/gitlab/initial_root_password
# WARNING: This value is valid only in the following conditions
# 1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run).
# 2. Password hasn't been changed manually, either via UI or via command line.
#
# If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.Password: OlS0EtPMZJAfKMVAq5bVsgO1OA5D5HYxeZ+SPgqjE=111# NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.
打开浏览器,输入前面设定的extend-url,也就是192.168.123.14:19000 ,账号root,密码如上,就可以访问自己搭建的gitlab了:
🆗,如果需要启用https,那么,/etc/gitlab/gitlab.rb这个文件内的external_url 'http://192.168.123.14:19000' 修改为external_url 'https://192.168.123.14:19000' ,并再次执行初始化就可以以https登陆了
注意,这里密码不会在改变了,除非你更改了密码
如果启用https的时候使用的是IP,那么,会报个错,但不影响使用,最好还是使用域名:
Running handlers:
[2025-03-29T14:15:59+08:00] ERROR: Running exception handlers
There was an error running gitlab-ctl reconfigure:letsencrypt_certificate[192.168.123.14] (letsencrypt::http_authorization line 6) had an error: Acme::Client::Error::RejectedIdentifier: acme_certificate[staging] (letsencrypt::http_authorization line 43) had an error: Acme::Client::Error::RejectedIdentifier: Invalid identifiers requested :: Cannot issue for "192.168.123.14": The ACME server can not issue a certificate for an IP address3、
gitlab的启动,重启等管理
Service Management Commands:graceful-killAttempt a graceful stop, then SIGKILL the entire process group.hupSend the services a HUP.intSend the services an INT.killSend the services a KILL.onceStart the services if they are down. Do not restart them if they stop.restartStop the services if they are running, then start them again.restart-exceptRestart all services except: service_name ...service-listList all the services (enabled services appear with a *.)startStart services if they are down, and restart them if they stop.statusShow the status of all the services.stopStop the services, and do not restart them.tailWatch the service logs of all enabled services.termSend the services a TERM.usr1Send the services a USR1.usr2Send the services a USR2.
根据以上,可以得出,启动,重启,可以使用stop,restart,start等等参数,例如,停止gitlab;
[root@centos14 bin]# /opt/gitlab/bin/gitlab-ctl stop
ok: down: alertmanager: 1s, normally up
ok: down: crond: 0s, normally up
ok: down: gitaly: 1s, normally up
ok: down: gitlab-exporter: 0s, normally up
ok: down: gitlab-kas: 0s, normally up
ok: down: gitlab-workhorse: 1s, normally up
ok: down: logrotate: 0s, normally up
ok: down: nginx: 1s, normally up
ok: down: node-exporter: 0s, normally up
ok: down: postgres-exporter: 1s, normally up
ok: down: postgresql: 0s, normally up
ok: down: prometheus: 0s, normally up
ok: down: puma: 0s, normally up
ok: down: redis: 0s, normally up
ok: down: redis-exporter: 1s, normally up
ok: down: registry: 0s, normally up
ok: down: sidekiq: 0s, normally up
启动gitlab:
[root@centos14 bin]# /opt/gitlab/bin/gitlab-ctl start
ok: run: alertmanager: (pid 14237) 0s
ok: run: crond: (pid 14247) 0s
ok: run: gitaly: (pid 14256) 1s
ok: run: gitlab-exporter: (pid 14276) 0s
ok: run: gitlab-kas: (pid 14287) 0s
ok: run: gitlab-workhorse: (pid 14297) 0s
ok: run: logrotate: (pid 14307) 0s
ok: run: nginx: (pid 14313) 1s
ok: run: node-exporter: (pid 14330) 0s
ok: run: postgres-exporter: (pid 14336) 1s
ok: run: postgresql: (pid 14343) 0s
ok: run: prometheus: (pid 14362) 1s
ok: run: puma: (pid 14372) 0s
ok: run: redis: (pid 14377) 0s
ok: run: redis-exporter: (pid 14393) 1s
ok: run: registry: (pid 14402) 0s
ok: run: sidekiq: (pid 14411) 1s
更改密码:
+号旁边的图标,选择edit profile,然后选择password就可以更改密码了
🆗,gitlab这就部署好了!!!!!