1.Gitlab环境准备

安装软件包及版本要求：

• Ubuntu/Debian/CentOS/RHEL

• Git version >= 2.7.3

• Ruby version >= 2.1.0

• gcc >= 4.8.1

• Redis >= 2.8.0

• MySQL or PostgreSQ

注意：强烈建议按官方要求使用git用户来安装gitlab，不然会有一些惊喜发生！

1.关闭SElinux和防火墙

# sed -i 's/^SELINUX=.*/#&/;s/^SELINUXTYPE=.*/#&/;/SELINUX=.*/a SELINUX=disabled' /etc/sysconfig/selinux
# setenforce 0

2.安装EPEL源

# yum install epel-release -y

3.安装PUIAS源和导入对应key、更新源缓存

# wget -qO- https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/install/centos/PUIAS_6_computational.repo > /etc/yum.repos.d/PUIAS_6_computational.repo
# rpm --import http://springdale.math.ias.edu/data/puias/6/x86_64/os/RPM-GPG-KEY-puias
# rpm -qa gpg*|grep 352c64e5 && rpm -qa gpg*|grep 41a40948
# yum clean all && yum makecache

4.安装Development Tools开发组包和一些必要的包文件

# yum -y groupinstall 'Development Tools'
# yum -y install readline readline-devel ncurses-devel gdbm-devel \
glibc-devel tcl-devel openssl-devel curl-devel expat-devel db4-devel byacc sqlite-devel \
libyaml libyaml-devel libffi libffi-devel libxml2 libxml2-devel libxslt libxslt-devel libicu \
libicu-devel system-config-firewall-tui sudo crontabs logwatch logrotate perl-Time-HiRes \
libcom_err-devel.i686 libcom_err-devel.x86_64 nodejs python-docutils postfix ntp

5.添加系统用户

# 我们添加一个用来管理运行Gitlab的用户git
adduser --system --shell /bin/bash --comment 'GitLab' --create-home --home-dir /home/git/ git
# 我们添加一个用来管理运行Gitlab的用户code
adduser --system --shell /bin/bash --comment 'Gitlab' --create-home --home-dir /home/code/ code
usermod -a -G code work
chmod g+rx /home/code
# 修改git用户的环境变量PATH，以root用户运行
visudo
# 找到下面一行
Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
#修改为
Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin

6.编译安装高版本Git （Git version >= 2.7.3）

# yum -y install zlib-devel perl-CPAN gettext curl-devel expat-devel gettext-devel openssl-devel
# yum -y remove git
#  wget -c https://www.kernel.org/pub/software/scm/git/git-2.8.5.tar.gz &&  tar xf git-*.tar.gz && cd git-* && ./configure --prefix=/usr/local && make -j $(awk '/processor/{i++}END{print i}' /proc/cpuinfo) && make install && cd ../.. && echo "PATH=/usr/local/bin:\$PATH" > /etc/profile.d/git.sh && source /etc/profile.d/git.sh && which git && git version

git version 2.8.5

7.编译安装高版本ruby （ Ruby version >= 2.1.0）

# wget http://chegva.com/gitlab-deb-store/ruby-2.3.3.tar.gz && tar xzf ruby-2.3.3.tar.gz && cd ruby-2.3.3 && ./configure --prefix=/usr/local --disable-install-rdoc && make -j $(awk '/processor/{i++}END{print i}' /proc/cpuinfo) && make install && cd ../.. && ruby -v

ruby 2.3.3p222 (2016-11-21 revision 56859) [x86_64-linux]

8.安装bundler(root用户)

# 修改git用户gem安装源为淘宝
sudo -u git -H gem sources --add https://gems.ruby-china.com/ --remove https://rubygems.org/
sudo -u code -H gem sources --add https://gems.ruby-china.com/ --remove https://rubygems.org/

# 查看git用户当前gems源
sudo -u git -H gem sources -l
sudo -u code -H gem sources -l

# 安装bundler
sudo gem install bundler --no-ri --no-rdoc && bundler -v

9.安装Go （gitlab 8.0 以后的版本需要go语言的支持）

# wget http://chegva.com/gitlab-deb-store/go1.10.3.linux-amd64.tar.gz && tar -C /usr/local -xzf go1.10.3.linux-amd64.tar.gz && ln -sf /usr/local/go/bin/{go,godoc,gofmt} /usr/local/bin/ && go version

go version go1.10.3 linux/amd64

10.安装Node，GitLab 9.X.X 需要使用node >= v4.3.0 编译javascript 和 yarn >= v0.17.0 管理 javascript 的依赖

# yum remove -y nodejs*

# wget https://nodejs.org/dist/v8.11.2/node-v8.11.2-linux-x64.tar.xz --no-check-certificate && tar xvf node-v8.11.2-linux-x64.tar.xz && mv node-v8.11.2-linux-x64 /usr/local/nodejs && echo "PATH=/usr/local/nodejs/bin:\$PATH" >/etc/profile.d/nodejs.sh && . /etc/profile.d/nodejs.sh && node -v

v8.11.2

11.安装yarn （ yarn >= v0.17.0 ）

# curl --silent --location https://dl.yarnpkg.com/rpm/yarn.repo | sudo tee /etc/yum.repos.d/yarn.repo && yum install -y yarn && yarn

yarn install v1.12.3

12.安装re2，要fq，内网有直接使用

# git clone https://code.chegva.com/golang-pkgs/https-github-com-google-re2.git re2  && cd re2 && git checkout master -f && make && make test && make install

13.安装redis（Redis version >= 2.8.0）

# yum install -y redis.x86_64 && cd /home/work/app/redis/etc/ && cp redis_5001.conf redis_6379.conf && sed -i 's/port 5001/port 6379/g' redis_6379.conf && sed -i '3iunixsocket /home/work/app/redis/redis6379.sock' redis_6379.conf && sed -i '3ibind 127.0.0.1' redis_6379.conf && su - work -c "/home/work/app/redis/redis-server /home/work/app/redis/etc/redis_6379.conf"

/home/work/app/redis/redis-server 127.0.0.1:6379

[root@study config]# egrep -v "^(#|$|[ ]*#)" resque.yml
development:
  url: redis://localhost:6379
test:
  url: redis://localhost:6379
production:
  url: unix:/home/work/app/redis/redis6379.sock

2.安装GitLab-CE

建议用git用户来安装，不然会有很多意想不到的问题，由于生产之前用的是别的用户安装的gitlab，这里没用使用git，比如用code，踩了很多坑，最后组件基本都是手动安装。

1.克隆gitlab-ce源码

# 将gitlab安装到code用户的HOME目录
cd /home/code && sudo -u code -H git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 9-3-stable code

# 生产环境不要用master分支，用stable

2.配置Gitlab-CE

# 进入gitlab目录
cd /home/code/code/

# 复制gitlab.yml(Gitlab的主配置文件)
sudo -u code -H cp config/gitlab.yml.example config/gitlab.yml

# 修改gitlab.yml
  gitlab:
    host: code.chegva.com  #修改32行为使用域名或IP
    port: 443  #开启https    
    https: true
# 复制 secrets文件
sudo -u code -H cp config/secrets.yml.example config/secrets.yml
sudo -u code -H chmod 0600 config/secrets.yml

# 修改 log/ 和 tmp/ 文件夹权限
sudo chown -R code log/ tmp/
sudo chmod -R u+rwX,go-w log/
sudo chmod -R u+rwX tmp/

# 修改 tmp/pids/ 和 tmp/sockets/ 文件夹权限
sudo chmod -R u+rwX tmp/pids/
sudo chmod -R u+rwX tmp/sockets/

# 创建 public/uploads/ 文件夹
sudo -u code -H mkdir public/uploads/

# 修改 public/uploads/ 文件夹权限，只有git用户有访问权限
sudo chmod 0700 public/uploads

# 修改 CI build traces are stored 文件夹的权限
sudo chmod -R u+rwX builds/

# 修改shared/artifacts/文件夹的权限
sudo chmod -R u+rwX shared/artifacts/

# 修改shared/pages/文件夹的权限
sudo chmod -R ug+rwX shared/pages/

# 查询CPU核心数
nproc
24

# 如果你想搭建一个高负载的Gitlab实例,可启用集群模式.
# 修改'worker_processes'参数,至少要跟cpu核心数一样.
# 修改监听地址和端口，要和下文 gitlab-shell/config.yml 中配置一致
sudo -u code -H cp  config/unicorn.rb.example config/unicorn.rb
sudo -u code -H sed -ri "s/^(worker_processes ).*/\1 $(nproc)/" config/unicorn.rb
sudo -u code -H sed -ri "s/^(timeout ).*/\1 300/" config/unicorn.rb
sudo -u code -H vim config/unicorn.rb
    worker_processes 24
    listen "your_IP:8080", :tcp_nopush => true

# 复制Rack attack 配置文件
sudo -u code -H cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb

# 为 git 用户配置用户和邮件
sudo -u code -H git config --global user.name "code"
sudo -u code -H git config --global user.email "code@code.be.xiaomi.com"

# 'autocrlf' 需要Web编辑器
sudo -u code -H git config --global core.autocrlf input

# 禁止 'git gc --auto' 因为需要时 GitLab 已经运行 'git gc'
sudo -u code -H git config --global gc.auto 0

# Enable packfile bitmaps
sudo -u code -H git config --global repack.writeBitmaps true

# Enable push options
sudo -u code -H git config --global receive.advertisePushOptions true

# 复制 Redis 连接配置文件
sudo -u code -H cp config/resque.yml.example config/resque.yml

# 如果之前修改过redis socket的路径,在这个配置文件里面修改为当前的路径.
sudo -u code -H vim config/resque.yml
-------------------------------------
development: redis://127.0.0.1:6379
test: redis://127.0.0.1:6379
production: unix:/home/work/app/redis/redis6379.sock

注意：确保编辑gitlab.yml与unicorn.rb中设置一致。

3.修改GitLab DB 设置

# 仅限于Mysql：
sudo -u code cp config/database.yml.mysql config/database.yml

# 修改'secure password' 为你设置的密码,没单独设置则不改
sudo -u code -H vim config/database.yml

production:
  adapter: mysql2
  encoding: utf8
  collation: utf8_general_ci
  reconnect: false
  database: gitlabhq_production
  pool: 10
  username: gitlab
  password: skuUuaNRVKfdfxdfdfe
  host: 10.xx.xx.xx
  port: 3306
  # host: localhost
  # socket: /tmp/mysql.sock

# 修改database.yml的权限,确保code用户可以读取该文件.
sudo -u code -H chmod o-rwx config/database.yml

4.安装Gems包

先保证上边的ruby环境和bundler都安装正常，bundler版本>=1.5.2(运行bundle -v查看)

# 进入gitlab目录
cd /home/code/code

gem sources --add https://gems.ruby-china.com/ --remove https://rubygems.org/
# 修改 Gemfile 和 Gemfile.lock
vim Gemfile(Gemfile.lock文件也要改，不然报错)
更改
https://rubygems.org/
为:  
https://gems.ruby-china.com/
# 确保只有 https://gems.ruby-china.com/
gem sources -l
    https://gems.ruby-china.com/

# 升级gem
gem update --system
gem -v

2.7.7

####一定要注意选择自己用的数据库的命令
# 如果使用 MySQL，执行下面的命令 (note, the option says "without ... postgres")
sudo -u code -H bundle install --deployment --without development test postgres aws kerberos

# PostgreSQL (note, the option says "without ... mysql")
###sudo -u git -H bundle install --deployment --without development test mysql aws kerberos

笔记: 如果你想去用 Kerberos 做用户认证, 然后在--without选项中省略Kerberos

如果提示下面的错误：
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
An error occurred while installing mysql2 (0.3.20), and Bundler cannot continue.
Make sure that `gem install mysql2 -v '0.3.20' --source 'https://gems.ruby-china.com/'` succeeds before bundling.

In Gemfile:
  peek-mysql2 was resolved to 1.1.0, which depends on
    mysql2

#解决办法
# rpm -Uvh http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
# yum repolist enabled | grep "mysql.*-community.*"
# yum install mysql-community-devel.x86_64
# gem install mysql2 -v '0.3.20'

5.安装Gitlab-shell

GitLab Shell是专为GitLab开发的ssh访问和仓库管理的软件.

sudo -u code -H mkdir -p /home/code/repositories
sudo chmod -R ug+rwX,o-rwx /home/code/repositories
sudo chmod -R ug-s /home/code/repositories
sudo find /home/code/repositories -type d -print0 | sudo xargs -0 chmod g+s
chown code.work /home/work/app/redis/redis6379.sock

sudo -u code -H bundle exec rake gitlab:shell:install[v$(cat GITLAB_SHELL_VERSION)] REDIS_URL=/home/work/app/redis/redis6379.sock RAILS_ENV=production SKIP_STORAGE_VALIDATION=true

Gitlab::TaskFailedError: fatal: repository 'v5.1.1' does not exist

sudo -u code -H  git clone https://gitlab.com/gitlab-org/gitlab-shell.git
sudo -u code -H  git fetch --all --tags
sudo -u code -H  git checkout v$(</home/code/code/GITLAB_SHELL_VERSION)
sudo -u code -H  bin/compile

# 更改Gitlab-shell配置
# 默认情况下,gitlab-shell的配置是根据Gitlab的配置生产的.
# 你可以运行下面的命令查看和修改gitlab-shell的配置，
# 监听端口要和/home/git/gitlab/config/unicorn.rb中配置一致
# sudo -u code -H cp /home/code/gitlab-shell/config.yml.example  /home/code/gitlab-shell/config.yml
# sudo -u code -H vim /home/code/gitlab-shell/config.yml
# egrep -v "^(#|$|[ ]*#)" /home/code/gitlab-shell/config.yml
user: code
gitlab_url: "https://code.be.xiaomi.com" #使用https
http_settings:
  self_signed_cert: yes   #如果gitlab_url为https，修改成true
auth_file: "/home/code/.ssh/authorized_keys"
redis:
  bin: /usr/bin/redis-cli
  database: 0
  socket: /home/work/app/redis/redis6379.sock # Comment out this line if you want to use TCP or Sentinel
  namespace: resque:gitlab
log_level: INFO
audit_usernames: false
git_trace_log_file:
然后在gitlab-shell目录中执行：bin/compile

6.安装gitlab-workhorse

sudo -u git -H bundle exec rake "gitlab:workhorse:install[/home/code/gitlab-workhorse]" RAILS_ENV=production

手动方法：
cd /home/code
sudo -u code -H git clone https://gitlab.com/gitlab-org/gitlab-workhorse.git
sudo -u code -H git checkout v$(</home/code/code/GITLAB_WORKHORSE_VERSION)
sudo -u code -H make

7.初始化数据库,激活高级特性（使用已有数据库不配置）

cd /home/git/gitlab
sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production
# 输入 'yes' 以创建数据库表

# 当看到以下内容，表示已经安装完成
Administrator account created:
login:    root
password: your_passwd
== Seed from /home/git/gitlab/db/fixtures/production/010_settings.rb

Note: 你能通过提供环境变量设置 Administrator/root 密码和邮箱, 分别为GITLAB_ROOT_PASSWORD 和 GITLAB_ROOT_EMAIL , 如下所示。如果你不能设置密码(它被设置为默认的) 请等待曝光gitlab到公共互联网直到安装完成和你已经登录到服务器的第一时间。 在第一次登录时，您将被迫更改默认密码。

sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD=yourpassword GITLAB_ROOT_EMAIL=youremail

8.安全设置 secrets.yml

secrets.yml文件为每个会话和安全变量存储密钥.把这个文件备份到别的地方,但是不要和数据库备份放在一块,否则你的数据库备份损坏会导致这个文件丢失.

9.安装Gitlab init脚本

sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab

#复制下面这个配置文件,如果你的gitlab不是安装在/home/git/gitlab目录,根据自己情况修改这个文件。

sudo cp lib/support/init.d/gitlab.default.example /etc/default/gitlab
设置GItlab为自启动

chkconfig gitlab on

10.安装Gitaly

# 取用 Gitaly 源 用Git和Go一起编译
sudo -u code -H bundle exec rake "gitlab:gitaly:install[/home/git/gitaly]" RAILS_ENV=production

#可以通过提供它作为一个额外的参数来指定一个不同的Git仓库:
sudo -u git -H bundle exec rake "gitlab:gitaly:install[/home/git/gitaly,https://example.com/gitaly.git]" RAILS_ENV=production

没有用默认git用户安装，上边的不可用，手动吧：
cd /home/code
sudo -u code -H git clone https://gitlab.com/gitlab-org/gitaly.git
cd gitaly/
sudo -u code -H git checkout v$(</home/code/code/GITALY_SERVER_VERSION)
make

# 限制 Gitaly sockets访问
sudo chmod 0700 /home/git/gitlab/tmp/sockets/private
sudo chown code /home/git/gitlab/tmp/sockets/private

# 如果你正在用non-default 设置 你必须升级config.toml
cd /home/git/gitaly
sudo -u code -H cp  config.toml.example config.toml
sudo -u code -H vim config.toml

socket_path = "/home/code/code/tmp/sockets/private/gitaly.socket"
[[storage]]
name = "default"
path = "/home/micdoe/repositories"

11.设置Logrotate

cd /home/code/code
sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab

12.检查GitLab环境配置

sudo -u code -H bundle exec rake gitlab:env:info RAILS_ENV=production
#初始可以用下边这条命令，迁移就不要用了
sudo -u code -H bundle exec rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD=yourpassword  GITLAB_ROOT_EMAIL=youremail
#gitlab启动后再执行此命令
sudo -u code -H bundle exec rake gitlab:check RAILS_ENV=production

13.生成GitLab前端资源

编译GetText PO文件
# sudo -u code -H bundle exec rake gettext:compile RAILS_ENV=production

# sudo -u code -H yarn install --production --pure-lockfile
yarn install v1.12.3
node: relocation error: node: symbol SSL_set_cert_cb, version libssl.so.10 not defined in file libssl.so.10 with link time reference

升级openssl即可：yum update openssl -y

# sudo -u code -H bundle exec rake gitlab:assets:compile RAILS_ENV=production NODE_ENV=production

14.安装Nginx

# yum install -y nginx

# 站点配置，复制示例站点配置
cd /home/code/code
sudo cp lib/support/nginx/gitlab /etc/nginx/conf.d/gitlab.conf


# 编辑配置文件。如果其他用户安装Git，修改gitlab路径
sudo vim /etc/nginx/nginx.conf
user  code;   #修改为git用户
----------------------------------------------------------------------------
sudo vim /etc/nginx/conf.d/gitlab.conf
    server_name YOUR_SERVER_FQDN;       #修改你的域名地址
    listen 80 default_server;  

#检查nginx配置
sudo /usr/sbin/nginx -t
＃启动nginx
sudo systemctl restart nginx


nginx配置如下：
upstream gitlab-workhorse {
  server unix:/home/code/code/tmp/sockets/gitlab-workhorse.socket fail_timeout=0;
}
server {
  listen 0.0.0.0:80;
  server_name code.chegva.com; ## Replace this with something like gitlab.example.com
  server_tokens off; ## Don't show the nginx version number, a security best practice
  return 301 https://$http_host$request_uri;
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;
}
server {
  listen 0.0.0.0:443 ssl;
  server_name code.chegva.com; ## Replace this with something like gitlab.example.com
  server_tokens off; ## Don't show the nginx version number, a security best practice
  ssl on;
  ssl_certificate /etc/nginx/conf/ssl/code.be.xiaomi.com.crt;
  ssl_certificate_key /etc/nginx/conf/ssl/code.be.xiaomi.com.key;
  ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 5m;
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;
  location / {
    client_max_body_size 0;
    gzip off;
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;
    proxy_http_version 1.1;
    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Ssl     on;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_pass http://gitlab-workhorse;
  }
  error_page 404 /404.html;
  error_page 422 /422.html;
  error_page 500 /500.html;
  error_page 502 /502.html;
  error_page 503 /503.html;
  location ~ ^/(404|422|500|502|503)\.html$ {
    root /home/code/code/public;
    internal;
  }
}

15.启动gitlab服务

再检查一次Gitlab的所有组件
sudo -u git/code -H bundle exec rake gitlab:check RAILS_ENV=production
# 如果上面的检查有错误,按照提示修复下,再重启GitLab即可

# /etc/init.d/gitlab status
The GitLab Unicorn web server with pid 29041 is running.
The GitLab Sidekiq job dispatcher with pid 29759 is running.
The GitLab Workhorse with pid 29719 is running.
Gitaly with pid 29715 is running.
GitLab and all its components are up and running.

16.报错解决

1.unicorn sidekiq启动报错: Errno::ENOENT: No such file or directory @ realpath_rec - /home/git

编辑gitlab各组件配置文件，改为指定路径即可，强烈建议按官方的git用户来安装，老版本留的坑，都是泪

2.安装的gitlab 9.3稳定版，但是后端数据库用的是8.11的表结构，数据库表结构异常：

ActiveRecord::StatementInvalid: Mysql2::Error: Table 'gitlabhq_production.project_features' doesn't exist: SHOW FULL FIELDS FROM project_features

(Mysql2::Error: Table 'gitlabhq_production.feature_gates' doesn't exist: SHOW FULL FIELDS FROM feature_gates)

3.nginx启动报错：nginx: error while loading shared libraries: libluajit-5.1.so.2: cannot open shared object file: No such file or directory

wget -c http://luajit.org/download/LuaJIT-2.0.4.tar.gz
tar xzvf LuaJIT-2.0.4.tar.gz
cd LuaJIT-2.0.4
make install PREFIX=/usr/local/luajit

#注意环境变量!
export LUAJIT_LIB=/usr/local/luajit/lib
export LUAJIT_INC=/usr/local/luajit/include/luajit-2.0

# 加软链
ln -s /usr/local/luajit/lib/libluajit-5.1.so.2 /lib64/libluajit-5.1.so.2
ldd $(which /home/xxx/nginx)

参考：http://blog.51cto.com/qiangsh/1767438

安志合个人博客，版权所有 丨 如未注明，均为原创 丨 转载请注明转自：https://chegva.com/3261.html | ☆★★每天进步一点点,加油!★★☆ |