gitlab部署

系统版本

[root@localhost ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux release 9.1 (Plow)

gitlab包位置

https://mirrors.tuna.tsinghua.edu.cn/gitlab-ee/yum/el9/gitlab-ee-16.7.2-ee.0.el9.x86_64.rpm

关闭防火墙

[root@localhost data]# systemctl stop firewalld
[root@localhost data]# systemctl disable firewalld
[root@localhost data]# getenforce 
Enforcing
[root@localhost data]# setenforce 0
[root@localhost data]# getenforce 
Permissive
[root@localhost data]# vim /etc/selinux/config 
[root@localhost data]# cat /etc/selinux/config |grep -v '#'|grep 'SELINUX='
SELINUX=disabled

安装gitlab

[root@localhost data]# yum -y install gitlab-ee-16.7.2-ee.0.el9.x86_64.rpm 

许可证生成

ruby安装
[root@localhost data]# yum -y install ruby.x86_64 
查看ruby版本
ruby -v
安装gitlab-license
gem install gitlab-license
创建生成ruby证书的源文件 license.rb
require "openssl"
require "gitlab/license"
 
key_pair = OpenSSL::PKey::RSA.generate(2048)
File.open("license_key", "w") { |f| f.write(key_pair.to_pem) }
 
public_key = key_pair.public_key
File.open("license_key.pub", "w") { |f| f.write(public_key.to_pem) }
 
private_key = OpenSSL::PKey::RSA.new File.read("license_key")
Gitlab::License.encryption_key = private_key
 
license = Gitlab::License.new
license.licensee = {
  "Name" => "none",
  "Company" => "none",
  "Email" => "[email protected]",
}
license.starts_at = Date.new(2020, 1, 1) # 开始时间
license.expires_at = Date.new(2050, 1, 1) # 结束时间
license.notify_admins_at = Date.new(2049, 12, 1)
license.notify_users_at = Date.new(2049, 12, 1)
license.block_changes_at = Date.new(2050, 1, 1)
license.restrictions = {
  active_user_count: 10000,
}
 
puts "License:"
puts license
 
data = license.export
puts "Exported license:"
puts data
File.open("GitLabBV.gitlab-license", "w") { |f| f.write(data) }
 
public_key = OpenSSL::PKey::RSA.new File.read("license_key.pub")
Gitlab::License.encryption_key = public_key
 
data = File.read("GitLabBV.gitlab-license")
$license = Gitlab::License.import(data)
 
puts "Imported license:"
puts $license
 
unless $license
  raise "The license is invalid."
end
 
if $license.restricted?(:active_user_count)
  active_user_count = 10000
  if active_user_count > $license.restrictions[:active_user_count]
    raise "The active user count exceeds the allowed amount!"
  end
end
 
if $license.notify_admins?
  puts "The license is due to expire on #{$license.expires_at}."
end
 
if $license.notify_users?
  puts "The license is due to expire on #{$license.expires_at}."
end
 
module Gitlab
  class GitAccess
    def check(cmd, changes = nil)
      if $license.block_changes?
        return build_status_object(false, "License expired")
      end
    end
  end
end
 
puts "This instance of GitLab Enterprise Edition is licensed to:"
$license.licensee.each do |key, value|
  puts "#{key}: #{value}"
end
 
if $license.expired?
  puts "The license expired on #{$license.expires_at}"
elsif $license.will_expire?
  puts "The license will expire on #{$license.expires_at}"
else
  puts "The license will never expire."
end
生成证书
[root@localhost data]# ruby license.rb
License:
#
Exported license:
eyJkYXRhIjoiT0FKSDd6Mmw1S2k1Z3pWb2FJN0E5YSt1ZlE0bkxmN3JtOVQ1
bm5BVkozc29pVXN0cHNwYzdWUmN4amNyXG54dkR3QURDWkRQLzdpandMWFM0
SEozY0FYRVFHakNLbWNNaUxYQXFtanJtVitzZ0pnOGlQY1FCdlo0OUpcblpS
VjU0NkNTWEdQL1kzc081MkU5dGF3dHY1VS9YanNkbzdBczFWNmd2SittelNm
MVowRWZNaHExd0x4V1xuZEFCdk9aUklaOUM0V0xaZjk0SXRDalNjMnVFTk5H
ZkhVWDljZUxhR05wZnpMMlRLRTE3a3ZIc0xIcVdvXG5WVGEyTk83L04xVGt0
UDljTFcwOFNVRUJBZEJlK25adnBEaXNWV3JadC94UXBUVXZSV1kwcUFDU01z
NHNcbmxBYWZabWVCdFoyZUx6bnNUZW1XVnNkUDJjNDh5RTRjaGVMNUU0U3RF
V1N4cmV5bUZGam91QTlRTkF0N1xuRzBLNlV0U2MwZnRmUDNtMXpua29XQlFk
a29nNnN6dERQRTVodC9MN0lGY2txZzZ2OHc4NStlT0RRY0Y3XG4yZDZyaDZO
T1JMeWhGankwQ1Q5b1R5UDJma3VidUxtZjRjaDMrK2xaekMyT2hDdndvOG9p
SE9iSnhqRHRcbitIdGtjTXNEbTZJaFlydjlvcmliWWhNa3RabFVxNHlQRWF1
Ym5YM2k2SDZENVQ3UGRwWDhOUmNPR0VZM1xuQm04SlpDQk1HTThudUREbXY4
L2l6ZDBtczF0ajRrUm1OMnE1T3BOQzdjTVJybUw2YWU3ek9STmdMOWo1XG40
eDNDSWpzWFVXaDFMVmtvSmZqS2ZKVHlObkZneGl6dzg2RUVnMFo2R3VZR1Bj
eUFLL0YzVDRaMHpocEtcbkNRclE5Sy9FLzFQYW16UWlmcDY1UlorVlJlTTlk
ZlArdmVCRGh4V3JPRVpDXG4iLCJrZXkiOiJxeGxZMXNwWVpEMWtlOEk5ZkxY
RFBXdTRjVTBhVm0zaHhPR3VPVit2aWRrc2liT05kd1JGbFlEN1J4cEVcbmZk
L0pmMjRiVmgwWTV0dW8zVkNXTHlRTVRuSFVIa2h5SVV1aGhHNkNCZGQ5aW1O
YkVFYzFESE5ZN3N1NVxuR3lQeWNUSkxIZGxlVjRSUzIvV3VLQkwxRFcwYnRO
NmxCMGJXME5XNjdDWFRteXlFWnQ1bFdBMWtsQ1krXG5xcmRrUzZObW43cTdV
WjNxK0ZJang5Y3pld281S3lCQ2RFbUxGRG5EL2t2a1pEQlMyTTRJTC9MaTAz
dDVcbjAwMlhsb2dTSXFPM1VubGM1TUV4WkMrdnVHNGFNYVFtT29pdUhXbmhq
UVBRb3BlQlBZdENSTTJZRk9oblxuUTIyVVRMdndIUXpERDVaV08rZ2M2MURP
bTBzWWMwNlYvazcyYTZRMjF3PT1cbiIsIml2IjoiMzdGVWxtT2dkZ09ic0Nr
eVFqMk5Pdz09XG4ifQ==
Imported license:
#
This instance of GitLab Enterprise Edition is licensed to:
Name: none
Company: none
Email: [email protected]
The license will expire on 2050-01-01
生成的三个文件,GitLabBV.gitlab-license为许可证
GitLabBV.gitlab-license license_key  license_key.pub 
使用许可证
cp license_key.pub /opt/gitlab/embedded/service/gitlab-rails/.license_encryption_key.pub
重启gitlab加载许可证
gitlab-ctl restart
修改证书等级
vi /opt/gitlab/embedded/service/gitlab-rails/ee/app/models/license.rb
# 将
# restricted_attr(:plan).presence || STARTER_PLAN
# 替换成
# restricted_attr(:plan).presence || ULTIMATE_PLAN
重新加载配置
gitlab-ctl reconfigure

账密及登陆

初始账密,账户为root
cat /etc/gitlab/initial_root_password

密码更改

命令行密码更改
# cd /opt/gitlab/bin
# gitlab-rails console
[root@localhost ~]# gitlab-rails console
--------------------------------------------------------------------------------
 Ruby:         ruby 2.7.7p221 (2022-11-24 revision 168ec2b1e5) [x86_64-linux]
 GitLab:       15.7.2 (a72992de385) FOSS
 GitLab Shell: 14.14.0
 PostgreSQL:   13.8
------------------------------------------------------------[ booted in 30.12s ]
Loading production environment (Rails 6.1.6.1)
irb(main):001:0> u=User.where(id:1).first
=> #
irb(main):002:0> User.all
=> #]>
irb(main):003:0> u.password='ghx778899'
=> "ghx778899"
irb(main):004:0> u.password_confirmation='ghx778899'
=> "ghx778899"
irb(main):005:0> u.save!
=> true
irb(main):006:0> exit
页面更改密码
http://192.168.73.150/-/profile/password/edit
填写旧密码,新密码,新密码确认,Save password
登陆gitlab,并上传许可证
http://192.168.73.30/admin/application_settings/general
Add License ➔ Expand ➔ 选择上面的 GitLabBV.gitlab-license 然后上传(Add license)  ➔ 勾选服务条款 ➔ 点击 添加许可证

查看激活信息

http://192.168.73.30/admin/subscription

页面设置为中文

http://192.168.73.150/-/profile/preferences
Localization ➔ Language ➔ 简体中文 ➔ Save changes

关闭任意注册功能

http://192.168.73.30/admin/application_settings/general
注册限制 ➔ 已启用注册功能(勾选框去掉) ➔ 保存更改

更改项目中使用git push或者pull 指向的地址

vi /etc/gitlab/gitlab.rb
将 external_url 'http://gitlab.example.com'
改为 external_url 'http://192.168.73.30'

启用https

配置加密认证文件
输入的密码为: KDJF*lkskd_234KDKlk55
#  openssl genrsa -des3 -out nginx.key 2048  #实际使用中看服务器性能,如果足够好也可以使用4096位秘钥
Generating RSA private key, 1024 bit long modulus
.......++++++
...++++++
e is 65537 (0x10001)
Enter pass phrase for nginx.key:                 #输入密码,自定义,不少于4个字符
Verifying - Enter pass phrase for nginx.key:     #确认密码

# openssl req -new -key nginx.key -out nginx.csr
Enter pass phrase for nginx.key:                             #输入刚刚创建的密码

# openssl rsa -in nginx.key -out nginx_nopass.key
Enter pass phrase for nginx.key:        #之前RSA秘钥创建时的密码
writing RSA key

# openssl x509 -req -days 3650 -in nginx.csr  -signkey nginx.key -out nginx.crt    
Signature ok
subject=/C=CN/ST=ShangHai/L=ShangHai/O=ACBC/OU=Tech/CN=*.mydomain.com/[email protected]
Getting Private key
Enter pass phrase for nginx.key:          #RSA创建时的密码

# ls
nginx.crt  nginx.csr  nginx.key  nginx_nopass.key
配置gitlab配置文件
[root@localhost data]# cp nginx* /etc/gitlab/
[root@localhost data]# ll /etc/gitlab/nginx*
-rw-r--r--. 1 root root 1115  1月 12 19:35 /etc/gitlab/nginx.crt
-rw-r--r--. 1 root root  952  1月 12 19:35 /etc/gitlab/nginx.csr
-rw-------. 1 root root 1854  1月 12 19:35 /etc/gitlab/nginx.key
-rw-------. 1 root root 1704  1月 12 19:35 /etc/gitlab/nginx_nopass.key
[root@localhost data]# chmod 755 /etc/gitlab/nginx*

[root@localhost data]# vim /etc/gitlab/gitlab.rb
external_url 'https://192.168.73.30'
nginx['ssl_certificate'] = "/etc/gitlab/nginx.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/nginx_nopass.key"
重新配置gitlab
[root@localhost data]#  gitlab-ctl reconfigure
重新访问gitlab
gitlab新地址:
https://192.168.73.30

gitlab操作

gitlab状态查看:  gitlab-ctl status
gitlab启动:     gitlab-ctl start
gitlab停止:     gitlab-ctl stop
gitlab重启:     gitlab-ctl restart
gitlab重新加载配置文件: gitlab-ctl reconfigure

你可能感兴趣的:(CICD,运维,gitlab,运维,linux)