之前在centos6.6平台部署了gitlab,近来又帮朋友在debian上进行了部署,debian之前接触不多,捣鼓之后发现,除依赖包部分有简单区别,其余都相同,完成之际,做个详细点的总结。
示例环境:
| 软件 | 版本 |
|---|---|
| CentOS 6.7 | x86_64 |
| Git | 2.6.2 |
| Ruby | 2.2.3 |
| Node.js | 4.2.2 |
| Redis | 3.0.5 |
| MariaDB | 10.0.21 |
| GitLab | 8.0.5汉化版 |
| GitLab Shell | 2.6.6 |
| Nginx | 1.8.0 |
| Go | 1.5.1 |
| Gitlab-git-http-server | 0.2.14 |
一、修改Yum源为阿里云提高下载速度
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
二、安装依赖软件包
yum -y install libicu-devel patch gcc-c++ readline-devel zlib-devel libffi-devel openssl-devel make autoconf automake libtool bison libxml2-devel libxslt-devel libyaml-devel zlib-devel openssl-devel cpio expat-devel gettext-devel curl-devel perl-ExtUtils-CBuilder perl-ExtUtils-MakeMaker cmake pcre-devel
三、安装Git
查看当前git版本
git --version
如果git版本小于1.7.10则先卸载
rpm -e --nodeps git
下载最新git源码包并编译安装
cd /App/src/
wget https://www.kernel.org/pub/software/scm/git/git-2.6.2.tar.xz
tar Jxf git-2.6.2.tar.xz
cd git-2.6.2
./configure --prefix=/App/git #此处应增加--with-curl参数
make && make install
echo \'export PATH=/App/git/bin:$PATH\' >> /etc/profile
四、安装Ruby
cd /App/src/
wget https://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.3.tar.gz
tar zxf ruby-2.2.3.tar.gz
cd ruby-2.2.3
./configure --prefix=/App/ruby --disable-install-rdoc
make && make install
echo \'export PATH=/App/ruby/bin:$PATH\' >> /etc/profile
退出shell重新登录后修改RubyGems 镜像为淘宝提高下载速度
gem sources --add https://ruby.taobao.org/ --remove https://rubygems.org/
gem install bundler --no-ri --no-rdoc
五、安装Node.js
cd /App/src/
wget
tar zxf node-v4.2.2-linux-x64.tar.gz
mv node-v4.2.2-linux-x64 /App/nodejs
echo \'export PATH=/App/nodejs/bin:$PATH\' >> /etc/profile
六、安装Go
cd /App/src/
#下载go1.5.1.linux-amd64.tar.gz至此
tar zxf go1.5.1.linux-amd64.tar.gz
mv go /App/
cat >> /etc/profile << EOF
export GOROOT=/App/go
export GOARCH=amd64
export GOOS=linux
export GOBIN=\$GOROOT/bin
export GOPATH=/root/code/go
export PATH=\$GOBIN:\$PATH
EOF
七、安装Redis
cd /App/src/
wget http://download.redis.io/releases/redis-3.0.5.tar.gz
tar zxf redis-3.0.5.tar.gz
cd redis-3.0.5
make PREFIX=/App/redis install
echo \'export PATH=/App/redis/bin:$PATH\' >> /etc/profile
添加Redis配置 /App/redis/redis.conf
daemonize yes
pidfile /App/redis/redis.pid
port 6379
tcp-backlog 60000
timeout 0
tcp-keepalive 60
loglevel warning
logfile "/App/redis/redis.log"
syslog-enabled no
databases 16
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir /App/redis
slave-serve-stale-data yes
repl-diskless-sync yes
repl-diskless-sync-delay 5
repl-ping-slave-period 10
repl-timeout 60
repl-disable-tcp-nodelay no
slave-priority 100
maxclients 60000
maxmemory-policy noeviction
appendonly no
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
lua-time-limit 5000
slowlog-log-slower-than 10000
slowlog-max-len 128
latency-monitor-threshold 0
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-entries 512
list-max-ziplist-value 64
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
hll-sparse-max-bytes 3000
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
aof-rewrite-incremental-fsync yes
启动Redis
/App/redis/bin/redis-server /App/redis/redis.conf
八、安装配置MariaDB
cd /App/src/
wget http://mirrors.ctyun.cn/MariaDB/mariadb-10.0.21/source/mariadb-10.0.21.tar.gz
tar zxf mariadb-10.0.21.tar.gz
cd mariadb-10.0.21
cmake . \
-DCMAKE_BUILD_TYPE:STRING=Release \
-DCMAKE_INSTALL_PREFIX:PATH=/App/mariadb \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci \
-DWITH_EMBEDDED_SERVER:BOOL=OFF \
-DWITH_UNIT_TESTS:BOOL=OFF \
-LAH
make && make install
cp support-files/mysql.server /etc/init.d/mariadb
chmod u+x /etc/init.d/mariadb
echo \'export PATH=/App/mariadb/bin:$PATH\' >> /etc/profile
修改MariaDB配置 /etc/my.cnf
[client]
port = 3306
socket = /tmp/mysql.sock
[mysqld]
user = mysql
port = 3306
socket = /tmp/mysql.sock
server-id = 1
log-bin = bin.log
log-error = error.log
pid-file = mysql.pid
long_query_time = 1
slow_query_log
slow_query_log_file = slow.log
binlog_cache_size = 4M
binlog_format = mixed
max_binlog_cache_size = 16M
max_binlog_size = 1G
expire_logs_days = 30
ft_min_word_len = 4
back_log = 4096
max_allowed_packet = 64M
max_connections = 65536
max_connect_errors = 100
join_buffer_size = 1M
read_buffer_size = 1M
read_rnd_buffer_size = 1M
sort_buffer_size = 1M
query_cache_size = 64M
table_open_cache = 2048
thread_cache_size = 256
max_heap_table_size = 64M
tmp_table_size = 64M
thread_stack = 192K
connect_timeout = 600
interactive_timeout = 600
wait_timeout = 600
thread_concurrency = 8
local-infile = 0
skip-show-database
skip-name-resolve
skip-external-locking
#*** MyISAM
key_buffer_size = 512M
bulk_insert_buffer_size = 64M
myisam_sort_buffer_size = 32M
myisam_max_sort_file_size = 1G
myisam_repair_threads = 1
myisam_recover
#*** INNODB
innodb_buffer_pool_size = 4G
innodb_additional_mem_pool_size = 32M
innodb_data_file_path = ibdata:32M:autoextend
innodb_read_io_threads = 8
innodb_write_io_threads = 8
innodb_file_per_table = 1
innodb_flush_log_at_trx_commit = 2
innodb_lock_wait_timeout = 120
innodb_log_buffer_size = 8M
innodb_log_file_size = 256M
innodb_log_files_in_group = 3
innodb_max_dirty_pages_pct = 10
innodb_thread_concurrency = 16
#innodb_force_recovery = 4
#*** Replication Slave
#read-only
#skip-slave-start
relay-log = relay.log
log-slave-updates
[mysqldump]
quick
max_allowed_packet = 32M
[mysql]
no-auto-rehash
[myisamchk]
key_buffer_size = 512M
sort_buffer_size = 512M
read_buffer = 8M
write_buffer = 8M
[mysqlhotcopy]
interactive-timeout
[mysqld_safe]
open-files-limit = 60000
初始化MariaDB
useradd -s /bin/false -M mysql
/App/mariadb/scripts/mysql_install_db --basedir=/App/mariadb --datadir=/App/mariadb/data --user=mysql
启动MariaDB
/etc/init.d/mariadb start
登录MariaDB创建数据库并授权
mysql -uroot -p
CREATE DATABASE `gitlabhq_production`;
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, CREATE TEMPORARY TABLES, DROP, INDEX, ALTER, LOCK TABLES ON `gitlabhq_production`.* TO \'git\'@\'127.0.0.1\' IDENTIFIED BY \'PASSWORD\';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, CREATE TEMPORARY TABLES, DROP, INDEX, ALTER, LOCK TABLES ON `gitlabhq_production`.* TO \'git\'@\'localhost\' IDENTIFIED BY \'PASSWORD\';
FLUSH PRIVILEGES;
QUIT;
九、安装配置GitLab
useradd --system -s /bin/bash --comment \'GitLab\' -m -d /home/git git
修改git家目录权限否则访问 gitlab.socket 报权限错误
chmod 755 /home/git
切换至git用户
su - git
git clone https://gitlab.com/larryli/gitlab.git -b 8-0-zh gitlab
#此处若无法clone,可根据地址自行下载包解压至此
配置GitLab
cd gitlab/
cp config/gitlab.yml.example config/gitlab.yml
修改 gitlab.yml
配置将行host: localhost 修改为本机IP地址或者域名如为域名确保域名映射本机地址需修改 /etc/hosts 文件。
修改 gitlab.yml 配置git路径行 bin_path: /usr/bin/git 为 bin_path: /App/git/bin/git
新建卫星目录拷贝示例文件修改权限
mkdir -p /home/git/gitlab-satellites
cp config/secrets.yml.example config/secrets.yml
chmod 0600 config/secrets.yml
chmod -R u+rwX,go-w log/
chmod -R u+rwX tmp/
chmod -R u+rwX tmp/pids/
chmod -R u+rwX tmp/sockets/
chmod -R u+rwX public/uploads/
chmod 0750 public/uploads/
chmod -R ug+rwX,o-rwx /home/git/repositories/ #目录没有的需要自行创建,权限必须严格依此配置,否则后期创建项目,无法成功执行
chmod -R ug-s /home/git/repositories/
find /home/git/repositories/ -type d -print0 | xargs -0 chmod g+s
cp config/unicorn.rb.example config/unicorn.rb
cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb
git config --global core.autocrlf input
cp config/resque.yml.example config/resque.yml
#修改Redis相关配置 config/resque.yml 文件
production: unix:/var/run/redis/redis.sock #改为 production: redis://127.0.0.1:6379
数据库配置
cp config/database.yml.mysql config/database.yml
#修改 config/database.yml 前段 PRODUCTION 部分内容 password: "secure password" #修改为password: "PASSWORD"
chmod o-rwx config/database.yml
修改 Gemfile 首行内容 source "https://rubygems.org" 修改为 source "https://ruby.taobao.org"
bundle install --deployment --without development test postgres aws kerberos
十、安装GitLab Shell
bundle exec rake gitlab:shell:install[v2.6.6] REDIS_URL=redis://127.0.0.1:6379 RAILS_ENV=production
十一、安装gitlab-git-http-server
cd /home/git
git clone https://gitlab.com/gitlab-org/gitlab-git-http-server.git -b 0.2.14
cd gitlab-git-http-server
make
#注意GitLab 8.0对应0.2.14版安装最新版可能有未知问题本人首次安装最新版0.3.0时clone代码报错
十二、初始化数据库并激活高级功能GITLAB_ROOT_PASSWORD 值为管理员 root 登录密码本例设为 newpassword
bundle exec rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD=newpassword
十三、切换为root用户后拷贝服务脚本
exit
cp /home/git/gitlab/lib/support/init.d/gitlab /etc/init.d/
十四、root权限配置Logrotate
cp /home/git/gitlab/lib/support/logrotate/gitlab /etc/logrotate.d/
十五、检查应用状态
su - git
cd gitlab/
bundle exec rake gitlab:env:info RAILS_ENV=production
十六、编译静态文件
bundle exec rake assets:precompile RAILS_ENV=production
十七、切换至root用户安装Nginx
exit
cd /App/src/
wget http://nginx.org/download/nginx-1.8.0.tar.gz
tar zxf nginx-1.8.0.tar.gz
cd nginx-1.8.0
./configure \
--prefix=/App/nginx \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--without-http_auth_basic_module \
--without-http_autoindex_module \
--without-http_browser_module \
--without-http_empty_gif_module \
--without-http_geo_module \
--without-http_limit_conn_module \
--without-http_limit_req_module \
--without-http_map_module \
--without-http_memcached_module \
--without-http_referer_module \
--without-http_split_clients_module \
--without-http_ssi_module \
--without-http_userid_module \
--without-mail_imap_module \
--without-mail_pop3_module \
--without-mail_smtp_module \
--without-poll_module \
--without-select_module
make && make install
useradd -s /bin/false nginx
修改Nginx配置 /App/nginx/conf/nginx.conf
user nginx nginx;
worker_processes auto;
error_log logs/error.log error;
pid logs/nginx.pid;
worker_rlimit_nofile 65536;
events
{
use epoll;
accept_mutex off;
worker_connections 65536;
}
http
{
include mime.types;
default_type text/html;
charset UTF-8;
server_names_hash_bucket_size 128;
client_header_buffer_size 4k;
large_client_header_buffers 4 32k;
client_max_body_size 20m;
open_file_cache max=65536 inactive=60s;
open_file_cache_valid 80s;
open_file_cache_min_uses 1;
log_format main \'$remote_addr - $remote_user [$time_local] "$request" \'
\'$status $body_bytes_sent "$http_referer" \'
\'"$http_user_agent" "$http_x_forwarded_for"\';
access_log logs/access.log main;
sendfile on;
server_tokens off;
keepalive_timeout 60;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 64k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
upstream gitlab
{
server unix:/home/git/gitlab/tmp/sockets/gitlab.socket fail_timeout=0;
}
upstream gitlab-git-http-server
{
server unix:/home/git/gitlab/tmp/sockets/gitlab-git-http-server.socket fail_timeout=0;
}
server {
listen 80;
server_name _;
root /home/git/gitlab/public;
location /
{
try_files $uri $uri/index.html $uri.html @gitlab;
}
location /uploads/
{
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://gitlab;
}
location @gitlab
{
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://gitlab;
}
location ~ [-\/\w\.]+\.git\/
{
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitlab-git-http-server;
}
location ~ ^/(assets)/
{
root /home/git/gitlab/public;
gzip_static on;
expires max;
add_header Cache-Control public;
}
error_page 502 /502.html;
}
}
十八、SMTP相关配置
复制smtp示例配置
cp /home/git/gitlab/config/initializers/smtp_settings.rb.sample /home/git/gitlab/config/initializers/smtp_settings.rb
修改 smtp_settings.rb
将 enable_starttls_auto: true 修改为 enable_starttls_auto: false 将openssl_verify_mode: \'peer\' 删除或添加 #注释
其余按照自己的邮箱正常配置即可。
在gitlab/config/gitlab.yml中也需配置发件地址。
十九、启动GitLab实例
/etc/init.d/gitlab start
修改gitlab.yml后需要重启来生效。
安装实践:
1.gitlab-shell的执行文件起始行为#!/usr/bin/env ruby,执行拉取、推送操作调用gitlab-shell时,会报#!/usr/bin/env ruby找不到,这里要改成ruby的具体路径,例:#!/App/ruby/bin/ruby
2.以下命令要做软连接到指定路径
/usr/bin/git-cvsserver -> /App/git/bin/git-cvsserver
/usr/bin/git-receive-pack -> /App/git/bin/git-receive-pack
/usr/bin/git-shell -> /App/git/bin/git-shell
/usr/bin/git-upload-archive -> /App/git/bin/git-upload-archive
/usr/bin/git-upload-pack -> /App/git/bin/git-upload-pack