3. 远程仓库Gitlab

一、Gitlab概述

1.1 什么是Gitlab

1. 私有化代码仓库
2. 拥有精细化的权限控制，安全性能高
3. 主要使用ruby语言，部分使用Go语言
4. 开源免费

1.2 架构

• nginx：提供web访问
• Gitlab Page：静态资源
• Gitlab Workhorse：处理用户请求（ruby语言）
• Gitlab Shell：代码仓库（git@方式访问）
• Puma：处理用户请求（ruby语言）
• PostgreSQL：数据库

二、Gitlab快速部署

2.1 版本选择

这里我们选择gitlab-ce 12.0.3

• ce community edition 社区版
• ee enterprice edition 企业版

2.2 安装要求

#系统要求
Ubuntu (16.04/18.04/20.04)
Debian (9/10)
CentOS (7/8)
openSUSE Leap (15.2)
SUSE Linux Enterprise Server (12 SP2/12 SP5)
Red Hat Enterprise Linux (please use the CentOS packages and instructions)

#硬件要求
##磁盘
存放代码,比代码空间大
7.2k以上的磁盘 sas
ssd

##CPU
4 核心 500用户
8 核心 1000用户

##内存
4 G内存 500用户
8 G内存 1000用户

2.3 Gitlab安装

#安装依赖
yum install -y curl openssh-server postfix wget

#关闭防火墙和selinux
systemctl stop firewalld
systemctl enable firewalld
setenforce 0
sed  -i.bak  '/SELINUX=/s#enforcing#disabled#g'   /etc/selinux/config

#下载安装 gitlab-ce-12.0.3
yum install -y https://mirror.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-12.0.3-ce.0.el7.x86_64.rpm
#本地有安装包可以直接 yum -y localinstall gitlab-ce-12.0.3-ce.0.el7.x86_64.rpm

#安装成功提示
It looks like GitLab has not been configured yet; skipping the upgrade script.

       *.                  *.
      ***                 ***
     *****               *****
    .******             *******
    ********            ********
   ,,,,,,,,,***********,,,,,,,,,
  ,,,,,,,,,,,*********,,,,,,,,,,,
  .,,,,,,,,,,,*******,,,,,,,,,,,,
      ,,,,,,,,,*****,,,,,,,,,.
         ,,,,,,,****,,,,,,
            .,,,***,,,,
                ,*,.
  


     _______ __  __          __
    / ____(_) /_/ /   ____ _/ /_
   / / __/ / __/ /   / __ `/ __ \
  / /_/ / / /_/ /___/ /_/ / /_/ /
  \____/_/\__/_____/\__,_/_.___/
  

Thank you for installing GitLab!
GitLab was unable to detect a valid hostname for your instance.
Please configure a URL for your GitLab instance by setting `external_url`
configuration in /etc/gitlab/gitlab.rb file.        #这里提示修改配置文件的url
Then, you can start your GitLab instance by running the following command:
  sudo gitlab-ctl reconfigure   #修改后需要初始化的命令

For a comprehensive list of configuration options please see the Omnibus GitLab readme
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md

#配置访问的url
vim /etc/gitlab/gitlab.rc
#只需修改其中的一行
……
external_url 'http://gitlab.xiaoyu.com'
……

#初始化gitlab
gitlab-ctl reconfigure    #此过程大概需要三分钟
#出现下列内容表示初始化成功
Chef Client finished, 509/1343 resources updated in 03 minutes 47 seconds
gitlab Reconfigured!
#查看各个组件状态
[root@gitlab ~]# gitlab-ctl status | column -t
run:  alertmanager:       (pid  3754)  98s;   run:  log:  (pid  3423)  182s
run:  gitaly:             (pid  3679)  104s;  run:  log:  (pid  2934)  304s
run:  gitlab-monitor:     (pid  3722)  103s;  run:  log:  (pid  3343)  215s
run:  gitlab-workhorse:   (pid  3700)  105s;  run:  log:  (pid  3254)  243s
run:  grafana:            (pid  3848)  98s;   run:  log:  (pid  3641)  124s
run:  logrotate:          (pid  3281)  236s;  run:  log:  (pid  3290)  235s
run:  nginx:              (pid  3262)  242s;  run:  log:  (pid  3273)  239s
run:  node-exporter:      (pid  3708)  104s;  run:  log:  (pid  3321)  227s
run:  postgres-exporter:  (pid  3840)  98s;   run:  log:  (pid  3481)  171s
run:  postgresql:         (pid  3046)  297s;  run:  log:  (pid  3093)  296s
run:  prometheus:         (pid  3731)  102s;  run:  log:  (pid  3393)  195s
run:  redis:              (pid  2892)  310s;  run:  log:  (pid  2902)  309s
run:  redis-exporter:     (pid  3725)  102s;  run:  log:  (pid  3362)  204s
run:  sidekiq:            (pid  3227)  250s;  run:  log:  (pid  3240)  247s
run:  unicorn:            (pid  3197)  256s;  run:  log:  (pid  3220)  253s

修改hosts解析，添加

10.0.0.75  gitlab.xiaoyu.com

浏览器访问gitlab.xiaoyu.com，出现此页面表示gitlab安装与配置成功

2.4浏览器登录与查看

设置root密码（密码：12345678）

登录账户：root
密码：12345678

出现此页面登录成功

2.5汉化

#下载汉化包
#汉化包下载地址：https://gitlab.com/xhang/gitlab
[root@gitlab ~]# wget https://gitlab.com/xhang/gitlab/-/archive/12-0-stable-zh/gitlab-12-0-stablezh.tar.gz
#注意：这里汉化包版本必须与gitlab版本一致
[root@gitlab ~]# rpm -qa |grep gitlab  #查看gitlab版本
gitlab-ce-12.0.3-ce.0.el7.x86_64
[root@gitlab ~]# tar xf gitlab-12-0-stablezh.tar.gz
[root@gitlab ~]# cat gitlab-12-0-stable-zh-41b50258f316227928028e6eb7bc1492a0cdbe97/VERSION 
12.0.9    #查看汉化包的版本

#停止gitlab，进行中文汉化
[root@gitlab ~]# gitlab-ctl stop
[root@gitlab ~]# \cp -r gitlab-12-0-stable-zh-41b50258f316227928028e6eb7bc1492a0cdbe97/* /opt/gitlab/embedded/service/gitlab-rails/

#修改后重新初始化并启动
[root@gitlab ~]# gitlab-ctl reconfigure
[root@gitlab ~]# gitlab-ctl start

浏览器访问gitlab.xaoyu.com

此时并未完全汉化，需要在网页中将gitlab配置为简体中文

刷新后就会发现修改成功

三、Gitlab用户、组与项目

3.1 基础关系

3.2验证项目隶属于该组，是否可以设置只对该组成员可见

1. 分别创建用户组dev-group-001与ops-group-001

   
   

2. 创建项目

   
   
   
   
   
   
   
   

3. 创建用户

   
   
   
   
   
   
   
   
   
   
   
   

4. 将用户添加到群组

   
   
   
   
   
   

5. 切换用户，查看可见项目

   
   
   
   

gitlab的权限分配较为精细化，这里只是简单的演示了用户，用户组和项目三者的关系，其它功能不具体一一演示了。

四、提交代码到gitlab

4.1 在上传代码前我们可以先配置ssh密钥

#生成密钥
[root@gitlab ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:hCEY2GNKc+y1fwNS9qhw28hEWY4mwAOoJzcfX9hqX3k root@gitlab
The key's randomart image is:
+---[RSA 2048]----+
|=+oo. +.         |
|o=*o =o=         |
|oo=ooo=++        |
|+ +o+=.+o.       |
| + o=oBoS  .     |
|    .=+o oo E    |
|     . .....     |
|        .        |
|                 |
+----[SHA256]-----+

#查看公钥，并复制到gitlab上
[root@gitlab ~]# cat .ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDD2+7OdcaJaKIgIpLtvG64+Qw92gycUHjmsheKNO1YQdMrxRUDl1R9fTAa5GzHKRZs2giFk4J2p5ggyRJaBjzI+WzdrvCWyn9cpYSPGH7zeyMUVqi9U3gnS9i6mQWePOJynjZS1zSfnfmDpId3b7jyCwT0iiAs3AfB9SHnhubuH4+D+pLwAVaCRCQYEj6sP5YuI9gyGmAg9wLD8AmEw3a5hjFUm3qKiOfBV09WAqXBlOAI5/J3rHDQupKSRbVJd08vngRoIprHy5kd90EuRjFWekUc68OWBUxuuWcj9Q65+C+WTmuvjk5njyyhzpJ7gbvUMa4j9uaaJ8wO2kCQBrlP root@gitlab

4.2. git上传代码，git的操作方法可参考2. 企业源代码管理工具-Git - (jianshu.com)

在项目中查看命令行指引部分

#配置用户
[root@gitlab ~]# git config --global user.name "Administrator"
[root@gitlab ~]# git config --global user.email "[email protected]"
[root@gitlab ~]# git config --global --list
user.name=Administrator
[email protected]

#创建本地项目目录
[root@gitlab ~]# mkdir -p project/zhibo/
[root@gitlab ~]# cd project/zhibo/

#初始化目录并书写代码
[root@gitlab ~/project/zhibo]# git init
Initialized empty Git repository in /root/project/zhibo/.git/
[root@gitlab ~/project/zhibo]# echo "
这是一个直播网站
" >zhibo.html

#上传暂存区和本地仓库
[root@gitlab ~/project/zhibo]# git add .
[root@gitlab ~/project/zhibo]# git commit -m "直播app"
[master (root-commit) 3e3935e] 直播app
 1 file changed, 1 insertion(+)
 create mode 100644 zhibo.html

#打标签
[root@gitlab ~/project/zhibo]# git tag -a "v1.0" -m "直播"
[root@gitlab ~/project/zhibo]# git tag
v1.0

#注意，这里添加远程仓库报错（原因是本地没有配置hosts解析）
[root@gitlab ~/project/zhibo]# git remote add origin [email protected]:dev-group-001/zhibo-app.git
[root@gitlab ~/project/zhibo]# git push -u origin master
ssh: connect to host gitlab.xiaoyu.com port 22: Connection refused
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

#配置hosts解析
[root@gitlab ~/project/zhibo]# vim /etc/hosts
[root@gitlab ~/project/zhibo]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.75 gitlab.xiaoyu.com

#提交主分支master到gitlab仓库
[root@gitlab ~/project/zhibo]# git push -u origin master
The authenticity of host 'gitlab.xiaoyu.com (10.0.0.75)' can't be established.
ECDSA key fingerprint is SHA256:tYs4M0qIMJuDUEqZChNA/KlKV4Hkb0XNuDVLekKxe84.
ECDSA key fingerprint is MD5:e0:87:a1:9e:f7:5d:53:ef:e7:df:e2:29:8c:d3:6d:4d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.xiaoyu.com,10.0.0.75' (ECDSA) to the list of known hosts.
Counting objects: 3, done.
Writing objects: 100% (3/3), 255 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To [email protected]:dev-group-001/zhibo-app.git
 * [new branch]      master -> master
Branch master set up to track remote branch master from origin.

#提交标签到远程仓库
[root@gitlab ~/project/zhibo]# git push -u origin --tags
Counting objects: 1, done.
Writing objects: 100% (1/1), 167 bytes | 0 bytes/s, done.
Total 1 (delta 0), reused 0 (delta 0)
To [email protected]:dev-group-001/zhibo-app.git
 * [new tag]         v1.0 -> v1.0

浏览器页面可以看到提交的代码

五、gitlab备份与恢复

5.1 修改配置文件的Backup Settings部分

vim [root@gitlab ~]# vim /etc/gitlab/gitlab.rb 

修改如下图所示：

#重新加载配置文件并重启服务后生效
[root@gitlab ~]# gitlab-ctl reconfigure
[root@gitlab ~]# gitlab-ctl restart

5.2 手动备份与自动备份

1. 手动备份

#gitlab备份命令
#GitLab 版本>=12.2：    sudo gitlab-backup create
#GitLab 版本<=12.1:      gitlab-rake gitlab:backup:create

###注意，生产环境需要防止备份的时候数据写入，建议关掉数据写入功能的服务（unicorn，sidekiq），或者在特殊的时间段进行备份
[root@gitlab ~]# gitlab-rake gitlab:backup:create
2022-02-24 20:25:28 +0800 -- Dumping database ... 
Dumping PostgreSQL database gitlabhq_production ... [DONE]
2022-02-24 20:25:29 +0800 -- done
2022-02-24 20:25:29 +0800 -- Dumping repositories ...
 * dev-group-001/zhibo-app (@hashed/6b/86/6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b) ... [DONE]
[SKIPPED] Wiki
 * ops-group-001/sys-config (@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35) ... [SKIPPED]
[SKIPPED] Wiki
2022-02-24 20:25:30 +0800 -- done
2022-02-24 20:25:30 +0800 -- Dumping uploads ... 
2022-02-24 20:25:30 +0800 -- done
2022-02-24 20:25:30 +0800 -- Dumping builds ... 
2022-02-24 20:25:30 +0800 -- done
2022-02-24 20:25:30 +0800 -- Dumping artifacts ... 
2022-02-24 20:25:30 +0800 -- done
2022-02-24 20:25:30 +0800 -- Dumping pages ... 
2022-02-24 20:25:30 +0800 -- done
2022-02-24 20:25:30 +0800 -- Dumping lfs objects ... 
2022-02-24 20:25:30 +0800 -- done
2022-02-24 20:25:30 +0800 -- Dumping container registry images ... 
2022-02-24 20:25:30 +0800 -- [DISABLED]
Creating backup archive: 1645705530_2022_02_24_12.0.9_gitlab_backup.tar ... done
Uploading backup archive to remote storage  ... skipped
Deleting tmp directories ... done
done
done
done
done
done
done
done
Deleting old backups ... done. (0 removed)
Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data 
and are not included in this backup. You will need these files to restore a backup.
Please back them up manually.
Backup task is done.

[root@gitlab ~]# ll /var/opt/gitlab/backups/
total 140
-rw-r--r-- 1 git git 143360 Feb 24 20:25 1645705530_2022_02_24_12.0.9_gitlab_backup.tar


###温馨提示
  /etc/gitlab/gitlab-secrets.json和/etc/gitlab/gitlab.rb这两个文件包含敏感信息，不会进行备份，需要手动备份

2. 自动备份

自动备份是通过脚本加上定时任务实现的

[root@gitlab ~]# vim /server/scripts/backup-gitlab.sh
#!/bin/bash
#author :xiaoyu
#desc : backup gitlab all

#1.备份gitlab数据
gitlab-rake gitlab:backup:create

#2.备份gitlab配置和密码文件
tar zcf /backup/gitlab/gitlab-conf-$(date +%F).tar.gz /etc/gitlab/

[root@gitlab ~]# crontab -e
#每天凌晨3点执行gitlab全备份
00 03 * * * sh /server/scripts/backup-gitlab.sh &>/dev/null

5.3 恢复

#停止写入类服务
gitlab-ctl stop unicorn
gitlab-ctl stop sidekiq

#gitlab-rake恢复 (注意备份文件不需要加.tar)
gitlab-rake gitlab:backup:restore BACKUP=备份文件

#新版本: gitlab-backup restore BACKUP=11493107454_2018_04_25_10.6.4-ce
#旧版本: gitlab-rake gitlab:backup:restore BACKUP=备份文件


#重启 gitlab
gitlab-ctl restart

六、gitlab迁移与升级

gitlab在同版本迁移可以通过数据的备份与恢复实现，跨版本的话建议先进行同版本迁移后再进行升级，gitlab升级遵循以下原则：

• 升级至之前主要版本的最新次要版本。（这里的主要表示大版本，次要表示小版本）
• 升级到目标主要版本的第一个次要版本。
• 继续升级到较新的版本

七、gitlab优化

优化的思路是在配置文件中关掉不使用的组件,默认都是true，改为false

[root@gitlab ~]# awk '/true$/' /etc/gitlab/gitlab.rb
# gitlab_rails['gitlab_email_enabled'] = true
# gitlab_rails['gitlab_default_can_create_group'] = true
# gitlab_rails['gitlab_username_changing_enabled'] = true
# gitlab_rails['gitlab_default_projects_features_issues'] = true
# gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
# gitlab_rails['gitlab_default_projects_features_wiki'] = true
# gitlab_rails['gitlab_default_projects_features_snippets'] = true
# gitlab_rails['gitlab_default_projects_features_builds'] = true
# gitlab_rails['gitlab_default_projects_features_container_registry'] = true
# gitlab_rails['incoming_email_enabled'] = true
# gitlab_rails['incoming_email_ssl'] = true
# gitlab_rails['artifacts_enabled'] = true
# gitlab_rails['artifacts_object_store_background_upload'] = true
# gitlab_rails['lfs_enabled'] = true
# gitlab_rails['lfs_object_store_background_upload'] = true
# gitlab_rails['uploads_object_store_background_upload'] = true
# gitlab_rails['impersonation_enabled'] = true
# gitlab_rails['usage_ping_enabled'] = true
#     verify_certificates: true
#     active_directory: true
#     verify_certificates: true
#     active_directory: true
# gitlab_rails['omniauth_block_auto_created_users'] = true
# gitlab_rails['manage_backup_path'] = true
gitlab_rails['manage_backup_path'] = true
# gitlab_rails['auto_migrate'] = true
# gitlab_rails['rake_cache_clear'] = true
# gitlab_rails['redis_enable_client'] = true
# gitlab_rails['smtp_enable'] = true
# gitlab_rails['smtp_enable_starttls_auto'] = true
# gitlab_rails['registry_enabled'] = true
# registry['enable'] = true
# registry['health_storagedriver_enabled'] = true
# registry['storage_delete_enabled'] = true
# gitlab_workhorse['enable'] = true
# unicorn['enable'] = true
# unicorn['tcp_nopush'] = true
# sidekiq['metrics_enabled'] = true
# postgresql['enable'] = true
# redis['enable'] = true
# redis_master_role['enable'] = true
# redis_slave_role['enable'] = true
# redis['master'] = false # by default this is true
# nginx['enable'] = true
# nginx['gzip_enabled'] = true
# nginx['http2_enabled'] = true
# logrotate['enable'] = true
# gitlab_pages['redirect_http'] = true
# gitlab_pages['use_http2'] = true
# gitlab_pages['artifacts_server'] = true
# gitlab_ci['gitlab_ci_all_broken_builds'] = true
# gitlab_ci['gitlab_ci_add_pusher'] = true
# mattermost['service_enable_api_team_deletion'] = true
# prometheus['enable'] = true
# prometheus['monitor_kubernetes'] = true
# alertmanager['enable'] = true
# node_exporter['enable'] = true
# redis_exporter['enable'] = true
# postgres_exporter['enable'] = true
# gitlab_monitor['enable'] = true
# gitlab_monitor['probe_sidekiq'] = true
# prometheus_monitoring['enable'] = true
# grafana['enable'] = true
# grafana['gitlab_auth_sign_up'] = true
# gitaly['enable'] = true
# letsencrypt['auto_renew'] = true
# package['detect_init'] = true
# gitlab_rails['kerberos_enabled'] = true
# gitlab_rails['kerberos_use_dedicated_port'] = true
# gitlab_rails['kerberos_https'] = true
# gitlab_rails['packages_enabled'] = true
# gitlab_rails['packages_object_store_background_upload'] = true
# gitlab_rails['dependency_proxy_enabled'] = true
# gitlab_rails['dependency_proxy_object_store_background_upload'] = true
# redis_sentinel_role['enable'] = true
# sentinel['enable'] = true
# geo_secondary['auto_migrate'] = true
# geo_secondary['db_fdw'] = true
# repmgr['master_on_initialization'] = true
# repmgr['daemon'] = true
# repmgrd['enable'] = true