[分享] Centos7如何进行Gitlab源码安装?

英文官网只有ubuntu的源码安装,怎么能没有centos呢?动手能力强的小伙伴,可以试试源码安装极狐Gitlab,话不多说直接上干货!

Centos7环境进行源码安装Gitlab-jh-14.4.4


软件要求

Ruby:2.7
Go:1.1.6
Git:2.33.x
Node.js:12.22.1

GitLab 目录结构

这是您按照此页面的说明最终得到的主要目录结构:

|-- home
|   |-- git
|       |-- .ssh
|       |-- gitlab
|       |-- gitlab-shell
|       |-- repositories
  • /home/git/.ssh- 包含 OpenSSH 设置。具体来说,authorized_keys 由 GitLab Shell 管理的文件。
  • /home/git/gitlab - GitLab 核心软件。
  • /home/git/gitlab-shell- GitLab 的核心附加组件。维护 SSH 克隆和其他功能。
  • /home/git/repositories- 按命名空间组织的所有项目的裸存储库。这是为所有项目维护推送/拉取的 Git 存储库的地方。**该区域包含项目的关键数据。

GItlab在config/gitlab.yml 和gitlab shell在config.yml 中配置存储库的默认位置。

概述:

1. 包和依赖:

构建依赖

apt install yum install
build-essential yum groupinstall “Development Tools”
zlib1g-dev zlib-devel
libyaml-dev libyaml-devel
libssl-dev openssl-devel
libgdbm-dev gdbm-devel
libreadline-dev readline-devel
libncurses5-dev ncurses-libs,ncurses-devel
libffi-dev libffi-devel
openssh-server openssh-server
checkinstall
libxml2-dev libxml2-devel
libxslt-dev libxslt-devel
libcurl4-openssl-dev curl,libcurl-devel
libicu-dev libicu-devel
logrotate logrotate
python-docutils python-docutils
pkg-config
cmake cmake
libre2-dev re2-devel
libexpat1-dev expat-devel
gettext gettext
libpcre2-dev pcre2-devel
git-core git
bzip2
sqlite-devel
yum install -y zlib-devel libyaml-devel openssl-devel gdbm-devel readline-devel ncurses-libs ncurses-devel \
libffi-devel  openssh-server libxml2-devel libxslt-devel curl libcurl-devel libicu-devel libicu-devel \
logrotate python-docutils python-docutils python-docutils  gcc-c++ re2-devel expat-devel \
gettext pcre2-devel git bzip2 sqlite-devel telnet

升级cmake

yum remove cmake -y
wget https://cmake.org/files/v3.5/cmake-3.5.2.tar.gz
tar -xvf cmake-3.5.2.tar.gz
cd cmake-3.5.2
./bootstrap --prefix=/usr
gmake
gmake install

如果您想使用 Kerberos 进行用户身份验证,请安装libkrb5-dev (如果您不知道 Kerberos 是什么,您可以假设您不需要它):

sudo yum install libkrb5-dev

Git

wget https://www.kernel.org/pub/software/scm/git/git-2.33.0.tar.gz
tar -xzvf git-2.33.0.tar.gz
cd git-2.33.0/
./configure
make prefix=/usr/local all
make prefix=/usr/local install

删除系统Git及其依赖项

yum remove -y git
ln -s /usr/local/bin/git /usr/bin/git

GraphicsMagick

需要安装 GraphicsMagick。

yum install -y GraphicsMagick

邮件服务器

yum install -y postfix

Exiftool

需要用exiftool从上传的图像中删除 EXIF 数据。

yum install -y perl-Image-ExifTool

2. Ruby

下载 Ruby 并编译它:

mkdir /tmp/ruby && cd /tmp/ruby
wget  https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.4.tar.gz
tar xzf ruby-2.7.4.tar.gz
cd ruby-2.7.4

./configure --disable-install-rdoc --enable-shared --prefix=/usr
sudo make
sudo make install

3. Go

Gitlab-shell、gitaly、workhourse依赖。

# Remove former Go installation folder
sudo rm -rf /usr/local/go

wget "https://golang.org/dl/go1.16.10.linux-amd64.tar.gz"
sudo tar -C /usr/local -xzf go1.16.10.linux-amd64.tar.gz
sudo ln -sf /usr/local/go/bin/{go,gofmt} /usr/local/bin/
rm go1.16.10.linux-amd64.tar.gz

# verify version
go version

ln -s /usr/local/bin/go /usr/bin/go

4. Node

GitLab 需要使用 Node 来编译 JavaScript assets,使用 yarn来管理 javascript 依赖。目前对这些的最低要求是:

  • node>= v12.22.1(我们推荐Node 14.x,因为它更快)
  • yarn = v1.22.x (尚不支持 Yarn 2)

在很多发行版中,官方包库提供的版本已经过时,所以我们需要通过以下命令进行安装:

# install node v14.x
curl --silent --location https://rpm.nodesource.com/setup_14.x | bash -
sudo yum install -y nodejs

# install yarn
npm install --global yarn

5. 系统用户

为gitlab创建一个git用户

useradd -c 'gitlab' git 
# 设置root权限仅作测试演示使用!!!
echo "git     ALL=(ALL)       NOPASSWD: ALL" >> /etc/sudoers

6. 数据库

在 GitLab 12.1 及更高版本中,仅支持 PostgreSQL。在 GitLab 14.0 及更高版本中,我们需要 PostgreSQL 12+

本文以目前较为主流的云数据库阿里云RDS为例。

  1. 安装pgsql相关依赖
yum install -y centos-release-scl-rh
yum install -y https://yum.postgresql.org/12/redhat/rhel-7-x86_64/postgresql12-libs-12.8-1PGDG.rhel7.x86_64.rpm
yum install -y https://yum.postgresql.org/12/redhat/rhel-7-x86_64/postgresql12-12.8-1PGDG.rhel7.x86_64.rpm
yum install -y https://yum.postgresql.org/12/redhat/rhel-7-x86_64/postgresql12-devel-12.8-1PGDG.rhel7.x86_64.rpm
  1. 创建阿里云RDS-postgresql实例、设置白名单:
  2. 配置RDS
  • 创建高权限账号gitlab
  • 创建pg_trgm扩展
psql -h 'xxxxxx.pg.rds.aliyuncs.com' -p 5432 -U gitlab -d template1 -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
  • 创建btree_gist扩展
psql -h 'xxxxxx.pg.rds.aliyuncs.com' -p 5432 -U gitlab -d template1 -c "CREATE EXTENSION IF NOT EXISTS btree_gist;"
  • 创建 GitLab 生产数据库并授予该数据库的所有权限
psql -h 'xxxxx.pg.rds.aliyuncs.com' -p 5432 -U gitlab -d template1 -c "CREATE DATABASE gitlabhq_production OWNER gitlab;"
  • 尝试使用新用户连接到新数据库
sudo -u git -H psql -h 'xxxxxxxxx.pg.rds.aliyuncs.com' -p 5432 -U gitlab -d gitlabhq_production
  • 检查pg_trgm扩展是否启用
SELECT true AS enabled
FROM pg_available_extensions
WHERE name = 'pg_trgm'
AND installed_version IS NOT NULL;

Output:

 enabled
---------
 t
(1 行记录)
  • 检查btree_gist扩展是否启用:
SELECT true AS enabled
FROM pg_available_extensions
WHERE name = 'btree_gist'
AND installed_version IS NOT NULL;

Output:

enabled
---------
 t
(1 row)
  • 退出数据库会话
gitlabhq_production> \q

7. Redis

有关最低 Redis 要求,请参阅要求页面

文档提供两种方式,自建和公有云服务。

服务自建

  1. 安装redis
 wget https://download.redis.io/releases/redis-6.2.6.tar.gz
 tar xzf redis-6.2.6.tar.gz
 cd redis-6.2.6
 make
 mkdir /etc/redis
 mkdir /var/run/redis
 cp src/redis-server /usr/local/bin/
 cp src/redis-cli /usr/local/bin/
 cp utils/redis_init_script /etc/init.d/redis
  1. 编辑init脚本:
vim /etc/init.d/redis
# 修改如下
REDISPORT=6379
EXEC=/usr/local/bin/redis-server
CLIEXEC=/usr/local/bin/redis-cli
PIDFILE=/var/run/redis_${REDISPORT}.pid
CONF="/etc/redis/redis.conf"
IP=10.0.0.133

......

$CLIEXEC -h $IP -p $REDISPORT shutdown
  1. 找到的模板配置文件复制到 /etc/redis/ 中:
cp redis.conf /etc/redis/redis.conf
  1. 创建redis数据和工作目录
mkdir /var/run/redis/data
  1. 编辑配置文件 /etc/redis/redis.conf
dir /var/run/redis/data
daemonize yes
pidfile /var/run/redis_6379.pid
logfile "/var/log/redis_6379.log"
bind ${your ip address}
  1. 设置开机启动
systemctl enable redis
  1. 启动redis
systemctl start redis

公有云redis服务

  1. 阿里云-云数据库Redis版创建实例
  2. 配置白名单
  3. 配置默认账户密码

8. Gitlab

# We'll install GitLab into the home directory of the user "git"
cd /home/git

Clone 源码:

sudo -u git -H git clone https://gitlab.com/gitlab-jh/gitlab.git -b v14.4.4-jh gitlab

配置Gitlab:

# Go to GitLab installation folder
cd /home/git/gitlab

# Copy the example GitLab config
sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml

# Update GitLab config file, follow the directions at top of file
sudo -u git -H vim config/gitlab.yml
production: &base
  gitlab:
    host: gitlab.taogy.top
    port: 80
    https: false
  git:
    bin_path: /usr/local/bin/git
  email_from: example@example.com

# Copy the example secrets file
sudo -u git -H cp config/secrets.yml.example config/secrets.yml
sudo -u git -H chmod 0600 config/secrets.yml


# Make sure GitLab can write to the log/ and tmp/ directories
sudo chown -R git log/
sudo chown -R git tmp/
sudo chmod -R u+rwX,go-w log/
sudo chmod -R u+rwX tmp/


# Make sure GitLab can write to the tmp/pids/ and tmp/sockets/ directories
sudo chmod -R u+rwX tmp/pids/
sudo chmod -R u+rwX tmp/sockets/

# Create the public/uploads/ directory
sudo -u git -H mkdir public/uploads/

# Make sure only the GitLab user has access to the public/uploads/ directory
# now that files in public/uploads are served by gitlab-workhorse
sudo chmod 0700 public/uploads

# Change the permissions of the directory where CI job traces are stored
sudo chmod -R u+rwX builds/

# Change the permissions of the directory where CI artifacts are stored
sudo chmod -R u+rwX shared/artifacts/

# Change the permissions of the directory where GitLab Pages are stored
sudo chmod -R ug+rwX shared/pages/

# Copy the example Puma config
sudo -u git -H cp config/puma.rb.example config/puma.rb

# Refer to https://github.com/puma/puma#configuration for more information.
# You should scale Puma workers and threads based on the number of CPU
# cores you have available. You can get that number via the `nproc` command.
# Ex. change amount of workers to 3 for 2GB RAM server
sudo -u git -H vim config/puma.rb

# Configure Git global settings for git user
# 'autocrlf' is needed for the web editor
sudo -u git -H git config --global core.autocrlf input

# Disable 'git gc --auto' because GitLab already runs 'git gc' when needed
sudo -u git -H git config --global gc.auto 0

# Enable packfile bitmaps
sudo -u git -H git config --global repack.writeBitmaps true

# Enable push options
sudo -u git -H git config --global receive.advertisePushOptions true

# Enable fsyncObjectFiles to reduce risk of repository corruption if the server crashes
sudo -u git -H git config --global core.fsyncObjectFiles true

# Configure Redis connection settings
sudo -u git -H cp config/resque.yml.example config/resque.yml

# Change the Redis socket path if you are not using the default centos configuration
sudo -u git -H vim config/resque.yml
production:
  # Redis (single instance)
  # url: unix:/var/run/redis/redis.sock
  # password: 'password'
  url: redis://10.0.0.133:6379
  password: 'xxxx'

确保gitlab.yml和puma.rb匹配您的设置。

配置Gitlab数据库:

sudo -u git cp config/database.yml.postgresql config/database.yml

# Remove host, username, and password lines from config/database.yml.
# Once modified, the `production` settings will be as follows:
#
#   production:
#     main:
#       adapter: postgresql
#       encoding: unicode
#       database: gitlabhq_production
#
sudo -u git -H vim config/database.yml

# Remote PostgreSQL only:
# Update username/password in config/database.yml.
# You only need to adapt the production settings (first part).
# If you followed the database guide then please do as follows:
# Change 'secure password' with the value you have given to $password
# You can keep the double quotes around the password
sudo -u git -H vim config/database.yml

# Make config/database.yml readable to git only
sudo -u git -H chmod o-rwx config/database.yml

安装Gems

确保你安装 bundle (run bundle -v):

  • Bundler Version:2.1.4

修改/home/git/gitlab/Gemfile,添加如下字段:

gem 'tencentcloud-sdk-common', git: 'https://github.com/TencentCloud/tencentcloud-sdk-ruby.git', glob: 'tencentcloud-sdk-common/tencentcloud-sdk-common.gemspec'
gem 'tencentcloud-sdk-sms', git: 'https://github.com/TencentCloud/tencentcloud-sdk-ruby.git', glob: 'tencentcloud-sdk-sms/tencentcloud-sdk-sms.gemspec'

修改/home/git/gitlab/Gemfile.lock,添加以下内容:

GIT
  remote: https://github.com/TencentCloud/tencentcloud-sdk-ruby.git
  revision: d9fdc2da0c644e93212834f209fdbc4110f4d7d0
  glob: tencentcloud-sdk-sms/tencentcloud-sdk-sms.gemspec
  specs:
    tencentcloud-sdk-sms (1.0.184)
      tencentcloud-sdk-common (~> 1.0)

GIT
  remote: https://github.com/TencentCloud/tencentcloud-sdk-ruby.git
  revision: d9fdc2da0c644e93212834f209fdbc4110f4d7d0
  glob: tencentcloud-sdk-common/tencentcloud-sdk-common.gemspec
  specs:
    tencentcloud-sdk-common (1.0.184)

安装 gems(如果您想使用 Kerberos 进行用户身份验证,请kerberos--without下面的选项中省略 ):

yum install postgresql-devel
cd /home/git/gitlab/
sudo -u git -H bundle config set --local deployment 'true'
sudo -u git -H bundle config set --local without 'development test mysql aws kerberos'
bundle config unset deployment
sudo -u git -H bundle install

Troubleshooting:

An error occurred while installing pg (1.2.3), and Bundler cannot continue.
Make sure that `gem install pg -v '1.2.3' --source 'https://rubygems.org/'` succeeds before bundling.

In Gemfile:
  activerecord-explain-analyze was resolved to 0.1.0, which depends on
    pg

# 安装依赖
yum install postgresql-devel sqlite-devel

安装Gitlab shell

GitLab Shell 是专门为 GitLab 开发的 SSH 访问和存储库管理软件。

NOTE: 这一步需要Go环境

# Run the installation task for gitlab-shell:
cd /home/git/gitlab/
sudo -u git -H bundle exec rake gitlab:shell:install RAILS_ENV=production

# By default, the gitlab-shell config is generated from your main GitLab config.
# You can review (and modify) the gitlab-shell config as follows:
sudo -u git -H vim /home/git/gitlab-shell/config.yml

确保您的主机名可以通过正确的 DNS 记录或/etc/hosts(“127.0.0.1 主机名”)中的附加行在机器上解析。这可能是必要的,例如,如果您在反向代理后面设置 GitLab。如果无法解析主机名,则最终安装检查失败Check GitLab API access: FAILED. code: 401并使用 拒绝推送提交[remote rejected] master -> master (hook declined)

安装Gitlab Workhorse

cd /home/git/gitlab/
sudo -u git -H bundle exec rake "gitlab:workhorse:install[/home/git/gitlab-workhorse]" RAILS_ENV=production

安装 GitLab-Elasticsearch-indexer

将 Git 存储库索引到 GitLab的Elasticsearch中。

sudo -u git -H bundle exec rake "gitlab:indexer:install[/home/git/gitlab-elasticsearch-indexer]" RAILS_ENV=production

源代码首先被提取到第一个参数指定的路径。然后在其bin目录下构建一个二进制文件。然后您需要更新gitlab.ymlproduction -> elasticsearch -> indexer_path设置以指向该二进制文件。

安装Gitlab Pages(可选)

安装Gitaly

# Fetch Gitaly source with Git and compile with Go
cd /home/git/gitlab/
sudo -u git -H bundle exec rake "gitlab:gitaly:install[/home/git/gitaly,/home/git/repositories]"  RAILS_ENV=production

您可以通过将其作为额外参数提供来指定不同的 Git 存储库:

sudo -u git -H bundle exec rake "gitlab:gitaly:install[/home/git/gitaly,/home/git/repositories,https://example.com/gitaly.git]" RAILS_ENV=production

接下来,确保配置了 Gitaly:

# Restrict Gitaly socket access
sudo chmod 0700 /home/git/gitlab/tmp/sockets/private
sudo chown git /home/git/gitlab/tmp/sockets/private

# If you are using non-default settings, you need to update config.toml
cd /home/git/gitaly
sudo -u git -H vim config.toml

设置 Logrotate

sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab

启动Gitaly

gitlab_path=/home/git/gitlab
gitaly_path=/home/git/gitaly

sudo -u git -H sh -c "$gitlab_path/bin/daemon_with_pidfile $gitlab_path/tmp/pids/gitaly.pid \
  $gitaly_path/_build/bin/gitaly $gitaly_path/config.toml >> $gitlab_path/log/gitaly.log 2>&1 &"

初始化数据库并激活高级功能

cd /home/git/gitlab/
sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production
# Type 'yes' to create the database tables.

# or you can skip the question by adding force=yes
sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production force=yes

# When done, you see 'Administrator account created:'

您可以通过在环境变量提供他们设置管理员/ root密码和电子邮件,GITLAB_ROOT_PASSWORDGITLAB_ROOT_EMAIL分别如下所示。如果您没有设置密码(并且设置为默认密码),请等待将 GitLab 公开到公共互联网,直到安装完成并且您第一次登录服务器。在第一次登录时,您将被迫更改默认密码。此时也可以通过在GITLAB_LICENSE_FILE环境变量中提供完整路径来安装企业版许可证。

sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD=yourpassword GITLAB_ROOT_EMAIL=youremail GITLAB_LICENSE_FILE="/path/to/license"

Secure secrets.yml

secrets.yml文件存储会话和安全变量的加密密钥。备份secrets.yml到安全的地方,但不要将其与数据库备份存储在同一位置。否则,如果您的备份之一遭到破坏,您的secret就会暴露。

安装初始化脚本

下载初始化脚本(/etc/init.d/gitlab):

sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab

如果您使用非默认文件夹或用户进行安装,请复制并编辑默认文件

sudo cp lib/support/init.d/gitlab.default.example /etc/default/gitlab

如果您要将 GitLab 安装在另一个目录中或作为默认用户以外的用户安装,您应该修改/etc/default/gitlab,不要修改/etc/init.d/gitlab,因为升级会发生变化。

检查应用状态

cd /home/git/gitlab/
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production

编译 GetText PO 文件

cd /home/git/gitlab/
sudo -u git -H bundle exec rake gettext:compile RAILS_ENV=production

编译Assets

cd /home/git/gitlab/
sudo -u git -H yarn install --production --pure-lockfile
sudo -u git -H bundle exec rake gitlab:assets:compile RAILS_ENV=production NODE_ENV=production

如果rake错误是JavaScript heap out of memory,请尝试使用NODE_OPTIONS

sudo -u git -H bundle exec rake gitlab:assets:compile RAILS_ENV=production NODE_ENV=production NODE_OPTIONS="--max_old_space_size=4096"

启动您的Gitlab 实例

sudo /etc/init.d/gitlab restart 

9. Nginx

安装

yum install nginx

站点配置

mkdir /etc/nginx/sites-available 
mkdir /etc/nginx/sites-enabled
vim /etc/nginx/nginx.conf
# http下添加
include /etc/nginx/sites-enabled/*;
cd /home/git/gitlab
sudo cp lib/support/nginx/gitlab /etc/nginx/sites-available/gitlab
sudo ln -s /etc/nginx/sites-available/gitlab /etc/nginx/sites-enabled/gitlab
# Change YOUR_SERVER_FQDN to the fully-qualified
# domain name of your host serving GitLab.
#
# Remember to match your paths to GitLab, especially
# if installing for a user other than 'git'.
#
# If using Ubuntu default nginx install:
# either remove the default_server from the listen line
# or else sudo rm -f /etc/nginx/sites-enabled/default
sudo vim /etc/nginx/sites-available/gitlab

修改/etc/nginx/sites-available/gitlab配置文件

server {
  ## Either remove "default_server" from the listen line below,
  ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
  ## to be served if you visit any address that your server responds to, eg.
  ## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
  listen 0.0.0.0:80;
  server_name YOUER_DOMAIN; ## Replace this with something like gitlab.example.com
  server_tokens off; ## Don't show the nginx version number, a security best practice
usermod -a -G git nginx
chmod  g+rx  /home/git/

测试配置

sudo nginx -t

验证安装的版本是否大于 1.12.1:

nginx -v

重启nginx

systemctl restart nginx 

10. 安装后

日志赋权

chmod 666 gitaly_ruby_json.log

检查应用状态

sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production

全为绿即安装成功。恭喜!预先格式化的文本