[嵌入式]GitLab ARM64源码编译搭建

版权声明:本文由神州数码云基地团队整理撰写，若转载请注明出处。

简介

GitLab 是?个主要由 Ruby on Rails 语?开发的开源应?程序，实现?个?托管的 Git 项?仓库，可通过 Web 界 ?进?访问和管理，简??之就是?个可以私有化部署的?https://github.com/。

Gitlab 官?实际上已经提供了 N 种安装和部署的?式，有直接通过操作系统软件源进?安装的，也有通过 Docker ?式部署的，甚?有通过源代码?式??编译安装的（稍复杂）。

由于官??前构建的软件包和镜像都是基于X86架构的，并没有对ARM64v8进??持，并且在Docker hub中找到 的docker镜像是跑在Ubuntu 系的 Linux 发?版上的。CentOS系统并不是?常?持这类镜像

为了能满?在 CentOs7，Arm64架构的服务器上部署gitLab,这?采?源码编译gitlab的?式

这?安装的gitlab版本为 gitlab-ce:13-12-stable

准备环境

环境要求：

Ruby 2.7.4

redis 6.2.4

git：2.31.1

Go:15.12

Postgres: 11

Node: 14.x

Nginx:1.12.1

安装Ruby

Gitlab-ce:13-12-stable版本 要求 Ruby2.7.4版本

#安装依赖包
$ yum -y install gcc openssl-devel make

#安装ruby
$ weget https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.4.tar.gz
$ tar -xvf ruby-2.7.4.tar.gz
$ cd ruby-2.7.4
$ ./configure --prefix=/usr/local/ruby
$ make
$ make install

#添加环境变量

$ vim /etc/profile
export PATH=$PATH:/usr/local/ruby/bin

$ source /etc/profile
# 替换gem源
# 删除原有源
$ gem sources --remove https://rubygems.org/
# 添加源
$ gem sources -a http://gems.ruby-china.com/
# 查看当前源
$ gem sources -l

安装Git

Gitlab-ce:13-12-stable版本 要求Git2.31.1

官?建议使?Gitaly提供的git版本

安装2.31.1Git

$ wget -O git.tar.gz https://codeload.github.com/git/git/tar.gz/refs/tags/v2.31.1
$ tar -xzvf git.tar.gz
$ mv git /usr/local/bin
$ cd /usr/local/bin/git
$ make prefix=/usr/local/bin/git all
$ make prefix=/usr/local/bin/git install
$ ln -s /usr/local/git/bin/git /usr/bin/git
# github镜像
$ git config --global url."https://hub.fastgit.org".insteadOf https://github.com

安装go

Gitlab-ce:13-12-stable版本 要求 Go15.12

# 安装go15.12，wget下不下来就?动下载上传服务器
$ wget https://dl.google.com/go/go1.15.12.linux-arm64.tar.gz
$ tar -C /usr/local -xzf go1.15.12.linux-arm64.tar.gz
$ ln -sf /usr/local/go/bin/{go,godoc,gofmt} /usr/local/bin/
$ go version
# 使?GOPROXY 代理服务
$ echo 'export GOPROXY=https://goproxy.io' >> /etc/profile
$ source /etc/profile

安装Node和yarn

Gitlab-ce:13-12-stable版本 要求 node >= v12.22.1 推荐14.x，因为更快

Gitlab-ce:13-12-stable版本 要求 yarn = v1.22.x （尚不?持Yarn 2）

$ wget https://nodejs.org/dist/v14.17.3/node-v14.17.3-linux-arm64.tar.xz
$ xz -d node-v14.17.3-linux-arm64.tar.xz
$ tar -xf node-v14.17.3-linux-arm64.tar
$ ln -s ~/node-v14.17.3-linux-arm64/bin/node /usr/bin/node
$ ln -s ~/node-v14.17.3-linux-arm64/bin/npm /usr/bin/npm
$ ln -s ~/node-v14.17.3-linux-arm64/bin/npx /usr/bin/npx

# 安装yarn
$ npm install -g yarn

安装数据库

在 GitLab 13.0 及更?版本中，需要 PostgreSQL 11+

$ yum remove postgresql
$ yum -y install postgresql11 postgresql11-server postgresql11-libs postgresql11-
contrib
$ /usr/pgsql-11/bin/postgresql-11-setup initdb
$ systemctl enable postgresql-11
$ systemctl start postgresql-11
$ vim /var/lib/pgsql/11/data/postgresql.conf

# 找到listen_address那?，解开注释并修改引号内localhost的值为*
listen_address="*"

$ vim /var/lib/pgsql/11/data/pg_hba.conf
# 修改peer为:
trust
# 在?件末尾加上,如果不加上远程连接PostgreSQL会出现no pg_hba.conf...的错误
host    all                all              0.0.0.0/0            trust
host    all                all              127.0.0.1/32         trust
local   all                all                                   trust

# 修改密码
$ psql
> alter user postgres password '密码'
$ \q
$ exit
$ systemctl restart postgresql-11

# 为Gitlab创建?个数据库?户
$ sudo -u postgres psql -d template1 -c "CREATE USER git CREATEDB;"
# 创建pg_trgm扩展
$ sudo -u postgres psql -d template1 -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
# 创建btree_gist扩展（GitLab 13.1+ 需要）
$ sudo -u postgres psql -d template1 -c "CREATE EXTENSION IF NOT EXISTS btree_gist;"
# 创建 GitLab ?产数据库并授予该数据库的所有权限
$ sudo -u postgres psql -d template1 -c "CREATE DATABASE gitlabhq_production OWNER
git;"

安装Redis

Redis版本：6.2.4

$ wget https://download.redis.io/releases/redis-6.2.4.tar.gz
$ tar -zxvf redis-6.2.4.tar.gz
$ cd redis-6.2.4
$ make

# 修改redis配置
$ echo 'ignore-warnings ARM64-COW-BUG' >> redis.conf
# 启动redis
$ src/redis-server

编译 GitLab

从这节开始，介绍GitLab的编译过程

Gitlab-ce:13-12-stable版本部署，需要完成三个部分的编译?作:

1. gitLab核?代码
2. gitlab-shell
3. GitLab-Workhorse

最终得到的主要?录结构：

|-- home
|   |-- git
|       |-- .ssh
|       |-- gitlab
|       |-- gitlab-shell
|       |-- repositories

编译GitLab核?代码

# 为 GitLab创建?个?户 git
$ sudo adduser --disabled-login --gecos 'GitLab' git

$ mkdir -p /home/git/gitlab
$ cd /home/git/gitlab
$ sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-foss.git -b 13-12-
stable gitlab

配置

$ sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml
$ sudo -u git -H vim config/gitlab.yml

主要修改以下属性：

gitlab:
   host: 10.126.4.76
   port: 80
   https: false
 
 # 如果你的git不在这个?录下，则需要进?修改
 git:
   bin_path: /home/git/bin/git

# Copy the example secrets file
$ sudo -u git -H cp config/secrets.yml.example config/secrets.yml
$ sudo -u git -H chmod 0600 config/secrets.yml

# Make sure GitLab can write to the log/ and tmp/ directories
$ sudo chown -R git log/
$ sudo chown -R git tmp/
$ sudo chmod -R u+rwX,go-w log/
$ sudo chmod -R u+rwX tmp/

# Make sure GitLab can write to the tmp/pids/ and tmp/sockets/ directories
$ sudo chmod -R u+rwX tmp/pids/
$ sudo chmod -R u+rwX tmp/sockets/

# Create the public/uploads/ directory
$ sudo -u git -H mkdir -p public/uploads/

# Make sure only the GitLab user has access to the public/uploads/ directory
# now that files in public/uploads are served by gitlab-workhorse
$ sudo chmod 0700 public/uploads
# Change the permissions of the directory where CI job logs are stored
$ sudo chmod -R u+rwX builds/

# Change the permissions of the directory where CI artifacts are stored
$ sudo chmod -R u+rwX shared/artifacts/

# Change the permissions of the directory where GitLab Pages are stored
$ sudo chmod -R ug+rwX shared/pages/

# Copy the example Puma config
$ sudo -u git -H cp config/puma.rb.example config/puma.rb

# 执?nproc，得到CPU核数，根据核数修改workers和threads
$ nproc
$ sudo -u git -H vim config/puma.rb


# Configure Git global settings for git user
# 'autocrlf' is needed for the web editor
$ sudo -u git -H git config --global core.autocrlf input

# Disable 'git gc --auto' because GitLab already runs 'git gc' when needed
$ sudo -u git -H git config --global gc.auto 0

# Enable packfile bitmaps
$ sudo -u git -H git config --global repack.writeBitmaps true

# Enable push options
$ sudo -u git -H git config --global receive.advertisePushOptions true

# Enable fsyncObjectFiles to reduce risk of repository corruption if the server crashes
$ sudo -u git -H git config --global core.fsyncObjectFiles true

# Configure Redis connection settings
$ sudo -u git -H cp config/resque.yml.example config/resque.yml

# 修改Redis连接地址
$ sudo -u git -H vim config/resque.yml

production:
  # Redis (single instance)
  url: redis://localhost:6379
  ##
  # Redis + Sentinel (for HA)
  #
  # Please read instructions carefully before using it as you may lose data:
  # http://redis.io/topics/sentinel
  #
  # You must specify a list of a few sentinels that will handle client connection
  # please read here for more information:
https://docs.gitlab.com/ee/administration/redis/index.html
  ##
  # url: redis://master:6379
  # sentinels:
  # -
  # host: replica1
  # port: 26379 # point to sentinel, not to redis port
  # -
  # host: replica2
  # port: 26379 # point to sentinel, not to redis port

数据库配置

$ sudo -u git cp config/database.yml.postgresql config/database.yml
$ sudo -u git -H vim config/database.yml

# Make config/database.yml readable to git only(Optional)
$ sudo -u git -H chmod o-rwx config/database.yml

production:
 adapter: postgresql
 encoding: unicode
 database: gitlabhq_production
 username: postgres
 password: "123"
 # 注意，host不要填localhost和127.0.0.1
 host: xx.xx.xx
 # load_balancing:
 # hosts:
 # - host1.example.com
 # - host2.example.com
 # discover:
 # nameserver: 1.2.3.4
 # port: 8600
 # record: secondary.postgresql.service.consul
 # interval: 300

编译

先安装需要的依赖:

# 依赖安装：
$ yum install libicu-devel glibc-static libstdc++-static

# rugged 依赖需要:cmake 3以上版本
$ cmake --version
# 卸载旧版本
$ yum remove cmake
#第?种?法?效的话尝试第?种?法,如下.
$ sudo apt-get autoremove cmake (慎?)

#安装新版本
$ cd /home/git
$ wget https://cmake.org/files/LatestRelease/cmake-3.21.0-linux-aarch64.tar.gz
$ tar -zxvf cmake-3.21.0-linux-aarch64.tar.gz
$ vim /etc/profile
export PATH=$PATH:/home/git/cmake-3.21.0-linux-aarch64/bin

# re2依赖：
$ git clone https://github.com/google/re2.git
$ cd re2
$ make & make install

进?编译：

$ cd home/git/gitlab
$ sudo -u git -H bundle config set --local deployment 'true'
$ sudo -u git -H bundle config set --local without 'development test mysql aws
kerberos'
$ sudo -u git -H bundle install

编译GitLabShell

$ sudo -u git -H bundle exec rake gitlab:shell:install RAILS_ENV=production

# By default, the gitlab-shell config is generated from your main GitLab config.
# You can review (and modify) the gitlab-shell config as follows:
$ sudo -u git -H editor /home/git/gitlab-shell/config.yml

编译GitLab-Workhorse

$ sudo -u git -H bundle exec rake "gitlab:workhorse:install[/home/git/gitlabworkhorse]" RAILS_ENV=production

安装GitLab ??

$ cd /home/git
$ sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-pages.git
$ cd gitlab-pages
$ sudo -u git -H git checkout v$(</home/git/gitlab/GITLAB_PAGES_VERSION)
$ sudo -u git -H make

安装Gitaly

$ cd /home/git/gitlab
$ sudo -u git -H bundle exec rake
"gitlab:gitaly:install[/home/git/gitaly,/home/git/repositories]" RAILS_ENV=production

# Restrict Gitaly socket access
$ sudo chmod 0700 /home/git/gitlab/tmp/sockets/private
$ sudo chown git /home/git/gitlab/tmp/sockets/private

# If you are using non-default settings, you need to update config.toml
$ cd /home/git/gitaly
$ sudo -u git -H editor config.toml

# 启动gitaly

$ echo 'gitlab_path=/home/git/gitlab' >> /etc/profile
$ echo 'gitaly_path=/home/git/gitaly' >> /etc/profile
$ source /etc/profile
$ sudo -u git -H sh -c "$gitlab_path/bin/daemon_with_pidfile
$gitlab_path/tmp/pids/gitaly.pid \
 $gitaly_path/_build/bin/gitaly $gitaly_path/config.toml >>
$gitlab_path/log/gitaly.log 2>&1 &"

# 初始话数据库

$ cd /home/git/gitlab
$ sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production

启动服务

# 安装初始化脚本
$ sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab
# 设置 Logrotate
$ sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab

# 检查 GitLab 及其环境是否配置正确
$ sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production

# 编译 GetText PO ?件
$ sudo -u git -H bundle exec rake gettext:compile RAILS_ENV=production

# 编译
$ sudo -u git -H yarn install --production --pure-lockfile
$ sudo -u git -H bundle exec rake gitlab:assets:compile RAILS_ENV=production
NODE_ENV=production

# 如果rake失败并出现JavaScript heap out of memory错误，请尝试设置NODE_OPTIONS。
$ sudo -u git -H bundle exec rake gitlab:assets:compile RAILS_ENV=production
NODE_ENV=production NODE_OPTIONS="--max_old_space_size=4096"

# 启动服务
$ sudo service gitlab start
# or
$ sudo /etc/init.d/gitlab restart

到这?GitLab的服务就已经启动了，还差前端??，接下来安装Nginx，部署前端??

安装Nginx

Gitlab-ce:13-12-stable版本 要求 Nginx1.12.1

$ cd /home/git
$ wget https://nginx.org/download/nginx-1.12.1.tar.gz
$ tar -zxvf nginx-1.12.1.tar.gz
$ cd nginx-1.12.1
$ ./configure --with-http_stub_status_module --with-http_ssl_module --withhttp_realip_module
$ make
$ make install
# 会安装到/usr/local/nginx

# 修改config
$ cd /usr/local/nginx
$ echo '' > config/nginx.conf
$ vim config/nginx.conf

#user nobody;
worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;


events {
 worker_connections 1024;
}


http {
 include mime.types;
 default_type application/octet-stream;

 #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
 #                '$status $body_bytes_sent "$http_referer" '
 #                '"$http_user_agent" "$http_x_forwarded_for"';
 #access_log logs/access.log main;

 sendfile on;
 #tcp_nopush on;

 #keepalive_timeout 0;
 keepalive_timeout 65;
## GitLab
##
## Lines starting with two hashes (##) are comments with information.
## Lines starting with one hash (#) are configuration parameters that can be
uncommented.
##
##################################
## CONTRIBUTING ##
##################################
##
## If you change this file in a merge request, please also create
## a merge request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
##
###################################
## configuration ##
###################################
##
## See installation.md#using-https for additional HTTPS configuration details.

upstream gitlab-workhorse {
 # GitLab socket file,
 # for Omnibus this would be: unix:/var/opt/gitlab/gitlab-workhorse/sockets/socket
 server unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket fail_timeout=0;
}

map $http_upgrade $connection_upgrade_gitlab {
 default upgrade;
 '' close;
}

## NGINX 'combined' log format with filtered query strings
log_format gitlab_access $remote_addr - $remote_user [$time_local] "$request_method
$gitlab_filtered_request_uri $server_protocol" $status $body_bytes_sent
"$gitlab_filtered_http_referer" "$http_user_agent";

## Remove private_token from the request URI
# In: /foo?
private_token=unfiltered&authenticity_token=unfiltered&feed_token=unfiltered&...
# Out: /foo?private_token=
[FILTERED]&authenticity_token=unfiltered&feed_token=unfiltered&...
map $request_uri $gitlab_temp_request_uri_1 {
 default $request_uri;
 ~(?i)^(?<start>.*)(?<temp>[\?&]private[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=
[FILTERED]$rest";
}

## Remove authenticity_token from the request URI
# In: /foo?private_token=
[FILTERED]&authenticity_token=unfiltered&feed_token=unfiltered&...
# Out: /foo?private_token=[FILTERED]&authenticity_token=
[FILTERED]&feed_token=unfiltered&...
map $gitlab_temp_request_uri_1 $gitlab_temp_request_uri_2 {
 default $gitlab_temp_request_uri_1;
 ~(?i)^(?<start>.*)(?<temp>[\?&]authenticity[\-_]token)=[^&]*(?<rest>.*)$
"$start$temp=[FILTERED]$rest";
}

## Remove feed_token from the request URI
# In: /foo?private_token=[FILTERED]&authenticity_token=
[FILTERED]&feed_token=unfiltered&...
# Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&feed_token=
[FILTERED]&...
map $gitlab_temp_request_uri_2 $gitlab_filtered_request_uri {
 default $gitlab_temp_request_uri_2;
 ~(?i)^(?<start>.*)(?<temp>[\?&]feed[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=
[FILTERED]$rest";
}

## A version of the referer without the query string
map $http_referer $gitlab_filtered_http_referer {
 default $http_referer;
 ~^(?<temp>.*)\? $temp;
}

## Normal HTTP host
server {
 ## Either remove "default_server" from the listen line below,
 ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
 ## to be served if you visit any address that your server responds to, eg.
 ## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
 listen 0.0.0.0:80 default_server;
 listen [::]:80 default_server;
 server_name xx.xx.xx.xx; ## Replace this with something like gitlab.example.com
 server_tokens off; ## Don't show the nginx version number, a security best practice

 ## See app/controllers/application_controller.rb for headers set
 ## Real IP Module Config

 ## http://nginx.org/en/docs/http/ngx_http_realip_module.html
 real_ip_header X-Real-IP; ## X-Real-IP or X-Forwarded-For or proxy_protocol
 real_ip_recursive off; ## If you enable 'on'
 ## If you have a trusted IP address, uncomment it and set it
 # set_real_ip_from YOUR_TRUSTED_ADDRESS; ## Replace this with something like
192.168.1.0/24

 ## Individual nginx logs for this GitLab vhost
 access_log /var/log/nginx/gitlab_access.log gitlab_access;
 error_log /var/log/nginx/gitlab_error.log;

 location / {
 client_max_body_size 0;
 gzip off;

 ## https://github.com/gitlabhq/gitlabhq/issues/694
 ## Some requests take more than 30 seconds.
 proxy_read_timeout 300;
 proxy_connect_timeout 300;
 proxy_redirect off;

 proxy_http_version 1.1;

 proxy_set_header Host $http_host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection $connection_upgrade_gitlab;

 proxy_pass http://gitlab-workhorse;
 }

 error_page 404 /404.html;
 error_page 422 /422.html;
 error_page 500 /500.html;
 error_page 502 /502.html;
 error_page 503 /503.html;
 location ~ ^/(404|422|500|502|503)\.html$ {
 # Location to the GitLab's public directory,
 # for Omnibus this would be: /opt/gitlab/embedded/service/gitlab-rails/public.
 root /home/git/gitlab/public;
 internal;
 }

}
}

注意将server_name修改为你的ip或者域名

最后启动Nginx，完成部署

$ sbin/nginx

登陆GitLab

ps：第?次登陆的时候会进?root账户密码的设置。