GitLab

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

# 建议先更新一下
[root@gitlab-test ~]# yum update

# install postfix 邮件相关
[root@gitlab-test ~]# yum -y install postfix
[root@gitlab-test ~]# sudo systemctl start postfix
[root@gitlab-test ~]# sudo systemctl enable postfix

# selinux
[root@gitlab-test ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
[root@gitlab-test ~]# setenforce 0

# add gitlab repository
[root@gitlab-test ~]# sudo curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
[root@gitlab-test ~]# sudo EXTERNAL_URL=192.168.8.220 yum install -y gitlab-ce
[root@gitlab-test ~]# sudo cat /etc/gitlab/initial_root_password
# WARNING: This value is valid only in the following conditions
#          1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run).
#          2. Password hasn't been changed manually, either via UI or via command line.
#
#          If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.

Password: IlIKdqifm6Y5cmpR7+5gt0iPPEWkK/fYgmRkOGdX2F8=

# NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.

# check gitlab status
[root@gitlab-test ~]# gitlab-ctl status
run: alertmanager: (pid 7839) 217s; run: log: (pid 6446) 71718s
run: gitaly: (pid 6570) 71690s; run: log: (pid 5686) 71815s
run: gitlab-exporter: (pid 7848) 216s; run: log: (pid 6306) 71738s
run: gitlab-kas: (pid 7850) 216s; run: log: (pid 5951) 71803s
run: gitlab-workhorse: (pid 7859) 215s; run: log: (pid 6102) 71756s
run: logrotate: (pid 7867) 215s; run: log: (pid 5615) 71827s
run: nginx: (pid 7873) 215s; run: log: (pid 6162) 71750s
run: node-exporter: (pid 7879) 214s; run: log: (pid 6273) 71742s
run: postgres-exporter: (pid 7884) 214s; run: log: (pid 6471) 71712s
run: postgresql: (pid 5742) 71812s; run: log: (pid 5837) 71809s
run: prometheus: (pid 7891) 213s; run: log: (pid 6414) 71724s
run: puma: (pid 7899) 213s; run: log: (pid 6017) 71768s
run: redis: (pid 5618) 71824s; run: log: (pid 5659) 71821s
run: redis-exporter: (pid 7905) 212s; run: log: (pid 6359) 71730s
run: sidekiq: (pid 7913) 212s; run: log: (pid 6056) 71761s

# check firewall
[root@gitlab-test ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2024-02-27 22:52:20 CST; 20h ago
     Docs: man:firewalld(1)
 Main PID: 28241 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─28241 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid

Feb 27 22:52:20 gitlab-test systemd[1]: Starting firewalld - dynamic firewall daemon...
Feb 27 22:52:20 gitlab-test systemd[1]: Started firewalld - dynamic firewall daemon.
Feb 27 22:52:20 gitlab-test firewalld[28241]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will ...g it now.
Feb 28 19:18:48 gitlab-test firewalld[28241]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will ...g it now.
Hint: Some lines were ellipsized, use -l to show in full.

# add firewall rules
[root@gitlab-test ~]# firewall-cmd --permanent --add-port=80/tcp
success
[root@gitlab-test ~]# firewall-cmd --reload
success

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

[root@gitlab-test ~]# cat /etc/gitlab/initial_root_password
# WARNING: This value is valid only in the following conditions
#          1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run).
#          2. Password hasn't been changed manually, either via UI or via command line.
#
#          If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.

Password: IlIKdqifm6Y5cmpR7+5gt0iPPEWkK/fYgmRkOGdX2F8=

# NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18

cat /etc/gitlab/gitlab.rb
gitlab_rails['ldap_enabled'] = true
# gitlab_rails['prevent_ldap_sign_in'] = false
gitlab_rails['ldap_servers'] = YAML.load <<-EOS
  main: # 'main' is the GitLab 'provider ID' of this LDAP server
    label: 'LDAP'
    host: 'test.domain'
    port: 389
    uid: 'uid'
    method: 'plain' # "tls" or "ssl" or "plain"
    bind_dn: 'cn=admin,dc=test,dc=domain'
    password: 'test'
    active_directory: false
    base: 'ou=People,dc=test,dc=domain'
EOS

gitlab-ctl reconfigure
gitlab-rake gitlab:ldap:check RAILS_ENV=production

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

# Download the binary for your system
sudo curl -L --output /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64

# Give it permission to execute
sudo chmod +x /usr/local/bin/gitlab-runner

# Create a GitLab Runner user
sudo useradd --comment 'GitLab Runner' --create-home gitlab-runner --shell /bin/bash

# Install and run as a service
sudo gitlab-runner install --user=gitlab-runner --working-directory=/home/gitlab-runner
sudo gitlab-runner start

sudo gitlab-runner register --url http://gitlab.wd.com/ --registration-token $REGISTRATION_TOKEN