CentOS-7
- 解决依赖
# 安装依赖 yum install -y curl policycoreutils-python openssh-server # 启动服务 # sshd # 防火墙放行 firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https systemctl reload firewalld
安装一个邮件发送服务# postfix yum install postfix systemctl enable postfix systemctl start postfix
- 安装软件包
script.rpm.sh
#!/bin/bash unknown_os () { echo "Unfortunately, your operating system distribution and version are not supported by this script." echo echo "You can override the OS detection by setting os= and dist= prior to running this script." echo "You can find a list of supported OSes and distributions on our website: https://packages.gitlab.com/docs#os_distro_version" echo echo "For example, to force CentOS 6: os=el dist=6 ./script.sh" echo echo "Please email [email protected] and let us know if you run into any issues." exit 1 } curl_check () { echo "Checking for curl..." if command -v curl > /dev/null; then echo "Detected curl..." else echo "Installing curl..." yum install -d0 -e0 -y curl fi } detect_os () { if [[ ( -z "${os}" ) && ( -z "${dist}" ) ]]; then if [ -e /etc/os-release ]; then . /etc/os-release os=${ID} if [ "${os}" = "poky" ]; then dist=`echo ${VERSION_ID}` elif [ "${os}" = "sles" ]; then dist=`echo ${VERSION_ID}` elif [ "${os}" = "opensuse" ]; then dist=`echo ${VERSION_ID}` elif [ "${os}" = "opensuse-leap" ]; then os=opensuse dist=`echo ${VERSION_ID}` else dist=`echo ${VERSION_ID} | awk -F '.' '{ print $1 }'` fi elif [ `which lsb_release 2>/dev/null` ]; then # get major version (e.g. '5' or '6') dist=`lsb_release -r | cut -f2 | awk -F '.' '{ print $1 }'` # get os (e.g. 'centos', 'redhatenterpriseserver', etc) os=`lsb_release -i | cut -f2 | awk '{ print tolower($1) }'` elif [ -e /etc/oracle-release ]; then dist=`cut -f5 --delimiter=' ' /etc/oracle-release | awk -F '.' '{ print $1 }'` os='ol' elif [ -e /etc/fedora-release ]; then dist=`cut -f3 --delimiter=' ' /etc/fedora-release` os='fedora' elif [ -e /etc/redhat-release ]; then os_hint=`cat /etc/redhat-release | awk '{ print tolower($1) }'` if [ "${os_hint}" = "centos" ]; then dist=`cat /etc/redhat-release | awk '{ print $3 }' | awk -F '.' '{ print $1 }'` os='centos' elif [ "${os_hint}" = "scientific" ]; then dist=`cat /etc/redhat-release | awk '{ print $4 }' | awk -F '.' '{ print $1 }'` os='scientific' else dist=`cat /etc/redhat-release | awk '{ print tolower($7) }' | cut -f1 --delimiter='.'` os='redhatenterpriseserver' fi else aws=`grep -q Amazon /etc/issue` if [ "$?" = "0" ]; then dist='6' os='aws' else unknown_os fi fi fi if [[ ( -z "${os}" ) || ( -z "${dist}" ) ]]; then unknown_os fi # remove whitespace from OS and dist name os="${os// /}" dist="${dist// /}" echo "Detected operating system as ${os}/${dist}." if [ "${dist}" = "8" ]; then _skip_pygpgme=1 else _skip_pygpgme=0 fi } finalize_yum_repo () { if [ "$_skip_pygpgme" = 0 ]; then echo "Installing pygpgme to verify GPG signatures..." yum install -y pygpgme --disablerepo='gitlab_gitlab-ee' pypgpme_check=`rpm -qa | grep -qw pygpgme` if [ "$?" != "0" ]; then echo echo "WARNING: " echo "The pygpgme package could not be installed. This means GPG verification is not possible for any RPM installed on your system. " echo "To fix this, add a repository with pygpgme. Usualy, the EPEL repository for your system will have this. " echo "More information: https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F" echo # set the repo_gpgcheck option to 0 sed -i'' 's/repo_gpgcheck=1/repo_gpgcheck=0/' /etc/yum.repos.d/gitlab_gitlab-ee.repo fi fi echo "Installing yum-utils..." yum install -y yum-utils --disablerepo='gitlab_gitlab-ee' yum_utils_check=`rpm -qa | grep -qw yum-utils` if [ "$?" != "0" ]; then echo echo "WARNING: " echo "The yum-utils package could not be installed. This means you may not be able to install source RPMs or use other yum features." echo fi echo "Generating yum cache for gitlab_gitlab-ee..." yum -q makecache -y --disablerepo='*' --enablerepo='gitlab_gitlab-ee' echo "Generating yum cache for gitlab_gitlab-ee-source..." yum -q makecache -y --disablerepo='*' --enablerepo='gitlab_gitlab-ee-source' } finalize_zypper_repo () { zypper --gpg-auto-import-keys refresh gitlab_gitlab-ee zypper --gpg-auto-import-keys refresh gitlab_gitlab-ee-source } main () { detect_os curl_check yum_repo_config_url="https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/config_file.repo?os=${os}&dist=${dist}&source=script" if [ "${os}" = "sles" ] || [ "${os}" = "opensuse" ]; then yum_repo_path=/etc/zypp/repos.d/gitlab_gitlab-ee.repo else yum_repo_path=/etc/yum.repos.d/gitlab_gitlab-ee.repo fi echo "Downloading repository file: ${yum_repo_config_url}" curl -sSf "${yum_repo_config_url}" > $yum_repo_path curl_exit_code=$? if [ "$curl_exit_code" = "22" ]; then echo echo echo -n "Unable to download repo config from: " echo "${yum_repo_config_url}" echo echo "This usually happens if your operating system is not supported by " echo "packagecloud.io, or this script's OS detection failed." echo echo "You can override the OS detection by setting os= and dist= prior to running this script." echo "You can find a list of supported OSes and distributions on our website: https://packages.gitlab.com/docs#os_distro_version" echo echo "For example, to force CentOS 6: os=el dist=6 ./script.sh" echo echo "If you are running a supported OS, please email [email protected] and report this." [ -e $yum_repo_path ] && rm $yum_repo_path exit 1 elif [ "$curl_exit_code" = "35" -o "$curl_exit_code" = "60" ]; then echo echo "curl is unable to connect to packagecloud.io over TLS when running: " echo " curl ${yum_repo_config_url}" echo echo "This is usually due to one of two things:" echo echo " 1.) Missing CA root certificates (make sure the ca-certificates package is installed)" echo " 2.) An old version of libssl. Try upgrading libssl on your system to a more recent version" echo echo "Contact [email protected] with information about your system for help." [ -e $yum_repo_path ] && rm $yum_repo_path exit 1 elif [ "$curl_exit_code" -gt "0" ]; then echo echo "Unable to run: " echo " curl ${yum_repo_config_url}" echo echo "Double check your curl installation and try again." [ -e $yum_repo_path ] && rm $yum_repo_path exit 1 else echo "done." fi if [ "${os}" = "sles" ] || [ "${os}" = "opensuse" ]; then finalize_zypper_repo else finalize_yum_repo fi echo echo "The repository is setup! You can now install packages." } main
配置 yum 仓库
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh | sudo bash # cat script.rpm.sh | bash
安装
yum install -y gitlab-ee
配置 GitLab
vi /etc/gitlab/gitlab.rb # 配置 Gitlab ####################### # 【配置 GitLab URL】 # GitLab URL:可以访问 GitLab 的 URL # 默认不支持 HTTPS external_url 'http://gitlab.example.com' # 【使用 HTTPS】 # 配置步骤: # 1.指定 GitLab URL # external_url "https://gitlab.example.com" # # 2.创建目录,保存“密钥”和“证书” # mkdir -p /etc/gitlab/ssl # chmod 755 /etc/gitlab/ssl # cp gitlab.example.com.key gitlab.example.com.crt /etc/gitlab/ssl/ # # 注意: # 1.是因为主机名是“gitlab.example.com”,所以私钥是“gitlab.example.com.key”,公共证书是“gitlab.example.com.crt”。 # 2.确保使用完整的证书链,以防止客户端连接时出现SSL错误。 完整的证书链顺序应首先包含服务器证书,然后是所有中间证书,最后是根CA。 # 3.私钥要是包含密码,将会导致直接报错(去除密码:openssl rsa -in certificate_before.key -out certificate_after.key) # # 3. # bash# gitlab-ctl reconfigure # 命令执行成功后,通过地址访问: https://gitlab.example.com # # 4.端口放行 # UFW example (Debian, Ubuntu) sudo ufw allow https # lokkit example (RedHat, CentOS 6) sudo lokkit -s https # firewall-cmd (RedHat, Centos 7) sudo firewall-cmd --permanent --add-service=https sudo systemctl reload firewalld # # 【使用 HTTPS 配置步骤结束】 # 【重定向 HTTP】 # 默认情况下,指定了 external_url 使用“https”,nginx 就不再监听 http。 # external_url "https://gitlab.example.com" # nginx['redirect_http_to_https'] = true # 【自定义 SSL 端口和证书】 # external_url "https://gitlab.example.com:2443" # nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.example.com.crt" # nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.example.com.key" # 【非绑定 web-server】 # 使用非绑定 web-server(不适用绑定好的 nginx),步骤: # 1.开关 # nginx['enable'] = false # # 2.指定例程用户 # web_server['external_users'] = ['www-data'] # web_server['external_users'] = ['nginx'] # # 3.指定代理 # 这个设置是非绑定(绑定使用 real_ip ) # gitlab_rails['trusted_proxies'] = [ '192.168.1.0/24', '192.168.2.1', '2001:0db8::/32' ] # # 4.Apache(选项) # Apache 无法连接到 UNIX 套接字,需要借助 tcp 端口。 # gitlab_workhorse['listen_network'] = "tcp" # gitlab_workhorse['listen_addr'] = "127.0.0.1:8181" # # 【设置监听地址】 # 默认监听所有的本地 ipv4 地址,允许设置一个监听的地址列表 # nginx['listen_addresses'] = ["0.0.0.0", "[::]"] # nginx['listen_addresses'] = ['*', '[::]'] # 【设置监听端口】 # 1.自定义监听端口 # 默认情况下 gitlab 会启用一个 nginx 监听在 external_url 属性定义的端口; # nginx['listen_port'] = 8081 # # 2.在代理后使用 ssl # 代理处(负载均衡、方向代理等)终止 SSL # nginx['listen_port'] = 80 # nginx['listen_https'] = false # 【拒绝传输压缩】 # 默认 Gitlab 允许压缩传输的文本数据 # nginx['gzip_enabled'] = false
编译配置文件
gitlab-ctl reconfigure
启动
gitlab-ctl start
-
登录
登录地址:http://gitlab.example.com
首次登录,需要设置 root 密码。
管理 GitLab
- 创建组
- 创建项目
- 创建用户
GitLab Runner
- 添加 yum 库
# For Debian/Ubuntu/Mint curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh | sudo bash # For RHEL/CentOS/Fedora curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh | sudo bash
-
安装
安装最新版# For Debian/Ubuntu/Mint sudo apt-get install gitlab-runner # For RHEL/CentOS/Fedora sudo yum install gitlab-runner
安装指定版本
# for DEB based systems apt-cache madison gitlab-runner sudo apt-get install gitlab-runner=10.0.0 # for RPM based systems yum list gitlab-runner --showduplicates | sort -r sudo yum install gitlab-runner-10.0.0-1
GitLab