版权声明:本文由神州数码云基地团队整理撰写,若转载请注明出处。
简介
GitLab 是?个主要由 Ruby on Rails 语?开发的开源应?程序,实现?个?托管的 Git 项?仓库,可通过 Web 界 ?进?访问和管理,简??之就是?个可以私有化部署的?https://github.com/。
Gitlab 官?实际上已经提供了 N 种安装和部署的?式,有直接通过操作系统软件源进?安装的,也有通过 Docker ?式部署的,甚?有通过源代码?式??编译安装的(稍复杂)。
由于官??前构建的软件包和镜像都是基于X86架构的,并没有对ARM64v8进??持,并且在Docker hub中找到 的docker镜像是跑在Ubuntu 系的 Linux 发?版上的。CentOS系统并不是?常?持这类镜像
为了能满?在 CentOs7,Arm64架构的服务器上部署gitLab,这?采?源码编译gitlab的?式
这?安装的gitlab版本为 gitlab-ce:13-12-stable
准备环境
环境要求:
Ruby 2.7.4
redis 6.2.4
git:2.31.1
Go:15.12
Postgres: 11
Node: 14.x
Nginx:1.12.1
安装Ruby
Gitlab-ce:13-12-stable版本 要求 Ruby2.7.4版本
#安装依赖包
$ yum -y install gcc openssl-devel make
#安装ruby
$ weget https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.4.tar.gz
$ tar -xvf ruby-2.7.4.tar.gz
$ cd ruby-2.7.4
$ ./configure --prefix=/usr/local/ruby
$ make
$ make install
#添加环境变量
$ vim /etc/profile
export PATH=$PATH:/usr/local/ruby/bin
$ source /etc/profile
# 替换gem源
# 删除原有源
$ gem sources --remove https://rubygems.org/
# 添加源
$ gem sources -a http://gems.ruby-china.com/
# 查看当前源
$ gem sources -l
安装Git
Gitlab-ce:13-12-stable版本 要求Git2.31.1
官?建议使?Gitaly提供的git版本
安装2.31.1Git
$ wget -O git.tar.gz https://codeload.github.com/git/git/tar.gz/refs/tags/v2.31.1
$ tar -xzvf git.tar.gz
$ mv git /usr/local/bin
$ cd /usr/local/bin/git
$ make prefix=/usr/local/bin/git all
$ make prefix=/usr/local/bin/git install
$ ln -s /usr/local/git/bin/git /usr/bin/git
# github镜像
$ git config --global url."https://hub.fastgit.org".insteadOf https://github.com
安装go
Gitlab-ce:13-12-stable版本 要求 Go15.12
# 安装go15.12,wget下不下来就?动下载上传服务器
$ wget https://dl.google.com/go/go1.15.12.linux-arm64.tar.gz
$ tar -C /usr/local -xzf go1.15.12.linux-arm64.tar.gz
$ ln -sf /usr/local/go/bin/{go,godoc,gofmt} /usr/local/bin/
$ go version
# 使?GOPROXY 代理服务
$ echo 'export GOPROXY=https://goproxy.io' >> /etc/profile
$ source /etc/profile
安装Node和yarn
Gitlab-ce:13-12-stable版本 要求 node >= v12.22.1 推荐14.x,因为更快
Gitlab-ce:13-12-stable版本 要求 yarn = v1.22.x (尚不?持Yarn 2)
$ wget https://nodejs.org/dist/v14.17.3/node-v14.17.3-linux-arm64.tar.xz
$ xz -d node-v14.17.3-linux-arm64.tar.xz
$ tar -xf node-v14.17.3-linux-arm64.tar
$ ln -s ~/node-v14.17.3-linux-arm64/bin/node /usr/bin/node
$ ln -s ~/node-v14.17.3-linux-arm64/bin/npm /usr/bin/npm
$ ln -s ~/node-v14.17.3-linux-arm64/bin/npx /usr/bin/npx
# 安装yarn
$ npm install -g yarn
安装数据库
在 GitLab 13.0 及更?版本中,需要 PostgreSQL 11+
$ yum remove postgresql
$ yum -y install postgresql11 postgresql11-server postgresql11-libs postgresql11-
contrib
$ /usr/pgsql-11/bin/postgresql-11-setup initdb
$ systemctl enable postgresql-11
$ systemctl start postgresql-11
$ vim /var/lib/pgsql/11/data/postgresql.conf
# 找到listen_address那?,解开注释并修改引号内localhost的值为*
listen_address="*"
$ vim /var/lib/pgsql/11/data/pg_hba.conf
# 修改peer为:
trust
# 在?件末尾加上,如果不加上远程连接PostgreSQL会出现no pg_hba.conf...的错误
host all all 0.0.0.0/0 trust
host all all 127.0.0.1/32 trust
local all all trust
# 修改密码
$ psql
> alter user postgres password '密码'
$ \q
$ exit
$ systemctl restart postgresql-11
# 为Gitlab创建?个数据库?户
$ sudo -u postgres psql -d template1 -c "CREATE USER git CREATEDB;"
# 创建pg_trgm扩展
$ sudo -u postgres psql -d template1 -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
# 创建btree_gist扩展(GitLab 13.1+ 需要)
$ sudo -u postgres psql -d template1 -c "CREATE EXTENSION IF NOT EXISTS btree_gist;"
# 创建 GitLab ?产数据库并授予该数据库的所有权限
$ sudo -u postgres psql -d template1 -c "CREATE DATABASE gitlabhq_production OWNER
git;"
安装Redis
Redis版本:6.2.4
$ wget https://download.redis.io/releases/redis-6.2.4.tar.gz
$ tar -zxvf redis-6.2.4.tar.gz
$ cd redis-6.2.4
$ make
# 修改redis配置
$ echo 'ignore-warnings ARM64-COW-BUG' >> redis.conf
# 启动redis
$ src/redis-server
编译 GitLab
从这节开始,介绍GitLab的编译过程
Gitlab-ce:13-12-stable版本部署,需要完成三个部分的编译?作:
- gitLab核?代码
- gitlab-shell
- GitLab-Workhorse
最终得到的主要?录结构:
|-- home
| |-- git
| |-- .ssh
| |-- gitlab
| |-- gitlab-shell
| |-- repositories
编译GitLab核?代码
# 为 GitLab创建?个?户 git
$ sudo adduser --disabled-login --gecos 'GitLab' git
$ mkdir -p /home/git/gitlab
$ cd /home/git/gitlab
$ sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-foss.git -b 13-12-
stable gitlab
配置
$ sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml
$ sudo -u git -H vim config/gitlab.yml
主要修改以下属性:
gitlab:
host: 10.126.4.76
port: 80
https: false
# 如果你的git不在这个?录下,则需要进?修改
git:
bin_path: /home/git/bin/git
# Copy the example secrets file
$ sudo -u git -H cp config/secrets.yml.example config/secrets.yml
$ sudo -u git -H chmod 0600 config/secrets.yml
# Make sure GitLab can write to the log/ and tmp/ directories
$ sudo chown -R git log/
$ sudo chown -R git tmp/
$ sudo chmod -R u+rwX,go-w log/
$ sudo chmod -R u+rwX tmp/
# Make sure GitLab can write to the tmp/pids/ and tmp/sockets/ directories
$ sudo chmod -R u+rwX tmp/pids/
$ sudo chmod -R u+rwX tmp/sockets/
# Create the public/uploads/ directory
$ sudo -u git -H mkdir -p public/uploads/
# Make sure only the GitLab user has access to the public/uploads/ directory
# now that files in public/uploads are served by gitlab-workhorse
$ sudo chmod 0700 public/uploads
# Change the permissions of the directory where CI job logs are stored
$ sudo chmod -R u+rwX builds/
# Change the permissions of the directory where CI artifacts are stored
$ sudo chmod -R u+rwX shared/artifacts/
# Change the permissions of the directory where GitLab Pages are stored
$ sudo chmod -R ug+rwX shared/pages/
# Copy the example Puma config
$ sudo -u git -H cp config/puma.rb.example config/puma.rb
# 执?nproc,得到CPU核数,根据核数修改workers和threads
$ nproc
$ sudo -u git -H vim config/puma.rb
# Configure Git global settings for git user
# 'autocrlf' is needed for the web editor
$ sudo -u git -H git config --global core.autocrlf input
# Disable 'git gc --auto' because GitLab already runs 'git gc' when needed
$ sudo -u git -H git config --global gc.auto 0
# Enable packfile bitmaps
$ sudo -u git -H git config --global repack.writeBitmaps true
# Enable push options
$ sudo -u git -H git config --global receive.advertisePushOptions true
# Enable fsyncObjectFiles to reduce risk of repository corruption if the server crashes
$ sudo -u git -H git config --global core.fsyncObjectFiles true
# Configure Redis connection settings
$ sudo -u git -H cp config/resque.yml.example config/resque.yml
# 修改Redis连接地址
$ sudo -u git -H vim config/resque.yml
production:
# Redis (single instance)
url: redis://localhost:6379
##
# Redis + Sentinel (for HA)
#
# Please read instructions carefully before using it as you may lose data:
# http://redis.io/topics/sentinel
#
# You must specify a list of a few sentinels that will handle client connection
# please read here for more information:
https://docs.gitlab.com/ee/administration/redis/index.html
##
# url: redis://master:6379
# sentinels:
# -
# host: replica1
# port: 26379 # point to sentinel, not to redis port
# -
# host: replica2
# port: 26379 # point to sentinel, not to redis port
数据库配置
$ sudo -u git cp config/database.yml.postgresql config/database.yml
$ sudo -u git -H vim config/database.yml
# Make config/database.yml readable to git only(Optional)
$ sudo -u git -H chmod o-rwx config/database.yml
production:
adapter: postgresql
encoding: unicode
database: gitlabhq_production
username: postgres
password: "123"
# 注意,host不要填localhost和127.0.0.1
host: xx.xx.xx
# load_balancing:
# hosts:
# - host1.example.com
# - host2.example.com
# discover:
# nameserver: 1.2.3.4
# port: 8600
# record: secondary.postgresql.service.consul
# interval: 300
编译
先安装需要的依赖:
# 依赖安装:
$ yum install libicu-devel glibc-static libstdc++-static
# rugged 依赖需要:cmake 3以上版本
$ cmake --version
# 卸载旧版本
$ yum remove cmake
#第?种?法?效的话尝试第?种?法,如下.
$ sudo apt-get autoremove cmake (慎?)
#安装新版本
$ cd /home/git
$ wget https://cmake.org/files/LatestRelease/cmake-3.21.0-linux-aarch64.tar.gz
$ tar -zxvf cmake-3.21.0-linux-aarch64.tar.gz
$ vim /etc/profile
export PATH=$PATH:/home/git/cmake-3.21.0-linux-aarch64/bin
# re2依赖:
$ git clone https://github.com/google/re2.git
$ cd re2
$ make & make install
进?编译:
$ cd home/git/gitlab
$ sudo -u git -H bundle config set --local deployment 'true'
$ sudo -u git -H bundle config set --local without 'development test mysql aws
kerberos'
$ sudo -u git -H bundle install
编译GitLabShell
$ sudo -u git -H bundle exec rake gitlab:shell:install RAILS_ENV=production
# By default, the gitlab-shell config is generated from your main GitLab config.
# You can review (and modify) the gitlab-shell config as follows:
$ sudo -u git -H editor /home/git/gitlab-shell/config.yml
编译GitLab-Workhorse
$ sudo -u git -H bundle exec rake "gitlab:workhorse:install[/home/git/gitlabworkhorse]" RAILS_ENV=production
安装GitLab ??
$ cd /home/git
$ sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-pages.git
$ cd gitlab-pages
$ sudo -u git -H git checkout v$(</home/git/gitlab/GITLAB_PAGES_VERSION)
$ sudo -u git -H make
安装Gitaly
$ cd /home/git/gitlab
$ sudo -u git -H bundle exec rake
"gitlab:gitaly:install[/home/git/gitaly,/home/git/repositories]" RAILS_ENV=production
# Restrict Gitaly socket access
$ sudo chmod 0700 /home/git/gitlab/tmp/sockets/private
$ sudo chown git /home/git/gitlab/tmp/sockets/private
# If you are using non-default settings, you need to update config.toml
$ cd /home/git/gitaly
$ sudo -u git -H editor config.toml
# 启动gitaly
$ echo 'gitlab_path=/home/git/gitlab' >> /etc/profile
$ echo 'gitaly_path=/home/git/gitaly' >> /etc/profile
$ source /etc/profile
$ sudo -u git -H sh -c "$gitlab_path/bin/daemon_with_pidfile
$gitlab_path/tmp/pids/gitaly.pid \
$gitaly_path/_build/bin/gitaly $gitaly_path/config.toml >>
$gitlab_path/log/gitaly.log 2>&1 &"
# 初始话数据库
$ cd /home/git/gitlab
$ sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production
启动服务
# 安装初始化脚本
$ sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab
# 设置 Logrotate
$ sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab
# 检查 GitLab 及其环境是否配置正确
$ sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
# 编译 GetText PO ?件
$ sudo -u git -H bundle exec rake gettext:compile RAILS_ENV=production
# 编译
$ sudo -u git -H yarn install --production --pure-lockfile
$ sudo -u git -H bundle exec rake gitlab:assets:compile RAILS_ENV=production
NODE_ENV=production
# 如果rake失败并出现JavaScript heap out of memory错误,请尝试设置NODE_OPTIONS。
$ sudo -u git -H bundle exec rake gitlab:assets:compile RAILS_ENV=production
NODE_ENV=production NODE_OPTIONS="--max_old_space_size=4096"
# 启动服务
$ sudo service gitlab start
# or
$ sudo /etc/init.d/gitlab restart
到这?GitLab的服务就已经启动了,还差前端??,接下来安装Nginx,部署前端??
安装Nginx
Gitlab-ce:13-12-stable版本 要求 Nginx1.12.1
$ cd /home/git
$ wget https://nginx.org/download/nginx-1.12.1.tar.gz
$ tar -zxvf nginx-1.12.1.tar.gz
$ cd nginx-1.12.1
$ ./configure --with-http_stub_status_module --with-http_ssl_module --withhttp_realip_module
$ make
$ make install
# 会安装到/usr/local/nginx
# 修改config
$ cd /usr/local/nginx
$ echo '' > config/nginx.conf
$ vim config/nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
## GitLab
##
## Lines starting with two hashes (##) are comments with information.
## Lines starting with one hash (#) are configuration parameters that can be
uncommented.
##
##################################
## CONTRIBUTING ##
##################################
##
## If you change this file in a merge request, please also create
## a merge request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
##
###################################
## configuration ##
###################################
##
## See installation.md#using-https for additional HTTPS configuration details.
upstream gitlab-workhorse {
# GitLab socket file,
# for Omnibus this would be: unix:/var/opt/gitlab/gitlab-workhorse/sockets/socket
server unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket fail_timeout=0;
}
map $http_upgrade $connection_upgrade_gitlab {
default upgrade;
'' close;
}
## NGINX 'combined' log format with filtered query strings
log_format gitlab_access $remote_addr - $remote_user [$time_local] "$request_method
$gitlab_filtered_request_uri $server_protocol" $status $body_bytes_sent
"$gitlab_filtered_http_referer" "$http_user_agent";
## Remove private_token from the request URI
# In: /foo?
private_token=unfiltered&authenticity_token=unfiltered&feed_token=unfiltered&...
# Out: /foo?private_token=
[FILTERED]&authenticity_token=unfiltered&feed_token=unfiltered&...
map $request_uri $gitlab_temp_request_uri_1 {
default $request_uri;
~(?i)^(?<start>.*)(?<temp>[\?&]private[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=
[FILTERED]$rest";
}
## Remove authenticity_token from the request URI
# In: /foo?private_token=
[FILTERED]&authenticity_token=unfiltered&feed_token=unfiltered&...
# Out: /foo?private_token=[FILTERED]&authenticity_token=
[FILTERED]&feed_token=unfiltered&...
map $gitlab_temp_request_uri_1 $gitlab_temp_request_uri_2 {
default $gitlab_temp_request_uri_1;
~(?i)^(?<start>.*)(?<temp>[\?&]authenticity[\-_]token)=[^&]*(?<rest>.*)$
"$start$temp=[FILTERED]$rest";
}
## Remove feed_token from the request URI
# In: /foo?private_token=[FILTERED]&authenticity_token=
[FILTERED]&feed_token=unfiltered&...
# Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&feed_token=
[FILTERED]&...
map $gitlab_temp_request_uri_2 $gitlab_filtered_request_uri {
default $gitlab_temp_request_uri_2;
~(?i)^(?<start>.*)(?<temp>[\?&]feed[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=
[FILTERED]$rest";
}
## A version of the referer without the query string
map $http_referer $gitlab_filtered_http_referer {
default $http_referer;
~^(?<temp>.*)\? $temp;
}
## Normal HTTP host
server {
## Either remove "default_server" from the listen line below,
## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
## to be served if you visit any address that your server responds to, eg.
## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
listen 0.0.0.0:80 default_server;
listen [::]:80 default_server;
server_name xx.xx.xx.xx; ## Replace this with something like gitlab.example.com
server_tokens off; ## Don't show the nginx version number, a security best practice
## See app/controllers/application_controller.rb for headers set
## Real IP Module Config
## http://nginx.org/en/docs/http/ngx_http_realip_module.html
real_ip_header X-Real-IP; ## X-Real-IP or X-Forwarded-For or proxy_protocol
real_ip_recursive off; ## If you enable 'on'
## If you have a trusted IP address, uncomment it and set it
# set_real_ip_from YOUR_TRUSTED_ADDRESS; ## Replace this with something like
192.168.1.0/24
## Individual nginx logs for this GitLab vhost
access_log /var/log/nginx/gitlab_access.log gitlab_access;
error_log /var/log/nginx/gitlab_error.log;
location / {
client_max_body_size 0;
gzip off;
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade_gitlab;
proxy_pass http://gitlab-workhorse;
}
error_page 404 /404.html;
error_page 422 /422.html;
error_page 500 /500.html;
error_page 502 /502.html;
error_page 503 /503.html;
location ~ ^/(404|422|500|502|503)\.html$ {
# Location to the GitLab's public directory,
# for Omnibus this would be: /opt/gitlab/embedded/service/gitlab-rails/public.
root /home/git/gitlab/public;
internal;
}
}
}
注意将server_name修改为你的ip或者域名
最后启动Nginx,完成部署
$ sbin/nginx
登陆GitLab
ps:第?次登陆的时候会进?root账户密码的设置。
|