gitlab部署

系统版本

[root@localhost ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux release 9.1 (Plow)

gitlab包位置

https://mirrors.tuna.tsinghua.edu.cn/gitlab-ee/yum/el9/gitlab-ee-16.7.2-ee.0.el9.x86_64.rpm

关闭防火墙

[root@localhost data]# systemctl stop firewalld
[root@localhost data]# systemctl disable firewalld
[root@localhost data]# getenforce 
Enforcing
[root@localhost data]# setenforce 0
[root@localhost data]# getenforce 
Permissive
[root@localhost data]# vim /etc/selinux/config 
[root@localhost data]# cat /etc/selinux/config |grep -v '#'|grep 'SELINUX='
SELINUX=disabled

安装gitlab

[root@localhost data]# yum -y install gitlab-ee-16.7.2-ee.0.el9.x86_64.rpm

许可证生成

ruby安装

[root@localhost data]# yum -y install ruby.x86_64

查看ruby版本

ruby -v

安装gitlab-license

gem install gitlab-license

创建生成ruby证书的源文件 license.rb

require "openssl"
require "gitlab/license"key_pair = OpenSSL::PKey::RSA.generate(2048)
File.open("license_key", "w") { |f| f.write(key_pair.to_pem) }public_key = key_pair.public_key
File.open("license_key.pub", "w") { |f| f.write(public_key.to_pem) }private_key = OpenSSL::PKey::RSA.new File.read("license_key")
Gitlab::License.encryption_key = private_keylicense = Gitlab::License.new
license.licensee = {"Name" => "none","Company" => "none","Email" => "example@test.com",
}
license.starts_at = Date.new(2020, 1, 1) # 开始时间
license.expires_at = Date.new(2050, 1, 1) # 结束时间
license.notify_admins_at = Date.new(2049, 12, 1)
license.notify_users_at = Date.new(2049, 12, 1)
license.block_changes_at = Date.new(2050, 1, 1)
license.restrictions = {active_user_count: 10000,
}puts "License:"
puts licensedata = license.export
puts "Exported license:"
puts data
File.open("GitLabBV.gitlab-license", "w") { |f| f.write(data) }public_key = OpenSSL::PKey::RSA.new File.read("license_key.pub")
Gitlab::License.encryption_key = public_keydata = File.read("GitLabBV.gitlab-license")
$license = Gitlab::License.import(data)puts "Imported license:"
puts $licenseunless $licenseraise "The license is invalid."
endif $license.restricted?(:active_user_count)active_user_count = 10000if active_user_count > $license.restrictions[:active_user_count]raise "The active user count exceeds the allowed amount!"end
endif $license.notify_admins?puts "The license is due to expire on #{$license.expires_at}."
endif $license.notify_users?puts "The license is due to expire on #{$license.expires_at}."
endmodule Gitlabclass GitAccessdef check(cmd, changes = nil)if $license.block_changes?return build_status_object(false, "License expired")endendend
endputs "This instance of GitLab Enterprise Edition is licensed to:"
$license.licensee.each do |key, value|puts "#{key}: #{value}"
endif $license.expired?puts "The license expired on #{$license.expires_at}"
elsif $license.will_expire?puts "The license will expire on #{$license.expires_at}"
elseputs "The license will never expire."
end

生成证书

[root@localhost data]# ruby license.rb
License:
#<Gitlab::License:0x00007f8c819aedf8>
Exported license:
eyJkYXRhIjoiT0FKSDd6Mmw1S2k1Z3pWb2FJN0E5YSt1ZlE0bkxmN3JtOVQ1
bm5BVkozc29pVXN0cHNwYzdWUmN4amNyXG54dkR3QURDWkRQLzdpandMWFM0
SEozY0FYRVFHakNLbWNNaUxYQXFtanJtVitzZ0pnOGlQY1FCdlo0OUpcblpS
VjU0NkNTWEdQL1kzc081MkU5dGF3dHY1VS9YanNkbzdBczFWNmd2SittelNm
MVowRWZNaHExd0x4V1xuZEFCdk9aUklaOUM0V0xaZjk0SXRDalNjMnVFTk5H
ZkhVWDljZUxhR05wZnpMMlRLRTE3a3ZIc0xIcVdvXG5WVGEyTk83L04xVGt0
UDljTFcwOFNVRUJBZEJlK25adnBEaXNWV3JadC94UXBUVXZSV1kwcUFDU01z
NHNcbmxBYWZabWVCdFoyZUx6bnNUZW1XVnNkUDJjNDh5RTRjaGVMNUU0U3RF
V1N4cmV5bUZGam91QTlRTkF0N1xuRzBLNlV0U2MwZnRmUDNtMXpua29XQlFk
a29nNnN6dERQRTVodC9MN0lGY2txZzZ2OHc4NStlT0RRY0Y3XG4yZDZyaDZO
T1JMeWhGankwQ1Q5b1R5UDJma3VidUxtZjRjaDMrK2xaekMyT2hDdndvOG9p
SE9iSnhqRHRcbitIdGtjTXNEbTZJaFlydjlvcmliWWhNa3RabFVxNHlQRWF1
Ym5YM2k2SDZENVQ3UGRwWDhOUmNPR0VZM1xuQm04SlpDQk1HTThudUREbXY4
L2l6ZDBtczF0ajRrUm1OMnE1T3BOQzdjTVJybUw2YWU3ek9STmdMOWo1XG40
eDNDSWpzWFVXaDFMVmtvSmZqS2ZKVHlObkZneGl6dzg2RUVnMFo2R3VZR1Bj
eUFLL0YzVDRaMHpocEtcbkNRclE5Sy9FLzFQYW16UWlmcDY1UlorVlJlTTlk
ZlArdmVCRGh4V3JPRVpDXG4iLCJrZXkiOiJxeGxZMXNwWVpEMWtlOEk5ZkxY
RFBXdTRjVTBhVm0zaHhPR3VPVit2aWRrc2liT05kd1JGbFlEN1J4cEVcbmZk
L0pmMjRiVmgwWTV0dW8zVkNXTHlRTVRuSFVIa2h5SVV1aGhHNkNCZGQ5aW1O
YkVFYzFESE5ZN3N1NVxuR3lQeWNUSkxIZGxlVjRSUzIvV3VLQkwxRFcwYnRO
NmxCMGJXME5XNjdDWFRteXlFWnQ1bFdBMWtsQ1krXG5xcmRrUzZObW43cTdV
WjNxK0ZJang5Y3pld281S3lCQ2RFbUxGRG5EL2t2a1pEQlMyTTRJTC9MaTAz
dDVcbjAwMlhsb2dTSXFPM1VubGM1TUV4WkMrdnVHNGFNYVFtT29pdUhXbmhq
UVBRb3BlQlBZdENSTTJZRk9oblxuUTIyVVRMdndIUXpERDVaV08rZ2M2MURP
bTBzWWMwNlYvazcyYTZRMjF3PT1cbiIsIml2IjoiMzdGVWxtT2dkZ09ic0Nr
eVFqMk5Pdz09XG4ifQ==
Imported license:
#<Gitlab::License:0x00007f8c819b3038>
This instance of GitLab Enterprise Edition is licensed to:
Name: none
Company: none
Email: example@test.com
The license will expire on 2050-01-01

生成的三个文件，GitLabBV.gitlab-license为许可证

GitLabBV.gitlab-license license_key  license_key.pub

使用许可证

cp license_key.pub /opt/gitlab/embedded/service/gitlab-rails/.license_encryption_key.pub

重启gitlab加载许可证

gitlab-ctl restart

修改证书等级

vi /opt/gitlab/embedded/service/gitlab-rails/ee/app/models/license.rb
# 将
# restricted_attr(:plan).presence || STARTER_PLAN
# 替换成
# restricted_attr(:plan).presence || ULTIMATE_PLAN

重新加载配置

gitlab-ctl reconfigure

账密及登陆

初始账密，账户为root
cat /etc/gitlab/initial_root_password

密码更改

命令行密码更改

<root@gitlab ~># cd /opt/gitlab/bin
<root@gitlab bin># gitlab-rails console
[root@localhost ~]# gitlab-rails console
--------------------------------------------------------------------------------Ruby:         ruby 2.7.7p221 (2022-11-24 revision 168ec2b1e5) [x86_64-linux]GitLab:       15.7.2 (a72992de385) FOSSGitLab Shell: 14.14.0PostgreSQL:   13.8
------------------------------------------------------------[ booted in 30.12s ]
Loading production environment (Rails 6.1.6.1)
irb(main):001:0> u=User.where(id:1).first
=> #<User id:1 @root>
irb(main):002:0> User.all
=> #<ActiveRecord::Relation [#<User id:1 @root>]>
irb(main):003:0> u.password='ghx778899'
=> "ghx778899"
irb(main):004:0> u.password_confirmation='ghx778899'
=> "ghx778899"
irb(main):005:0> u.save!
=> true
irb(main):006:0> exit

页面更改密码

http://192.168.73.150/-/profile/password/edit
填写旧密码，新密码，新密码确认，Save password

登陆gitlab，并上传许可证

http://192.168.73.30/admin/application_settings/general
Add License ➔ Expand ➔ 选择上面的 GitLabBV.gitlab-license 然后上传(Add license)  ➔ 勾选服务条款 ➔ 点击 添加许可证

查看激活信息

http://192.168.73.30/admin/subscription

页面设置为中文

http://192.168.73.150/-/profile/preferences
Localization ➔ Language ➔ 简体中文 ➔ Save changes

关闭任意注册功能

http://192.168.73.30/admin/application_settings/general
注册限制 ➔ 已启用注册功能(勾选框去掉) ➔ 保存更改

更改项目中使用git push或者pull 指向的地址

vi /etc/gitlab/gitlab.rb
将 external_url 'http://gitlab.example.com'
改为 external_url 'http://192.168.73.30'

启用https

配置加密认证文件

输入的密码为: KDJF*lkskd_234KDKlk55
#  openssl genrsa -des3 -out nginx.key 2048  #实际使用中看服务器性能，如果足够好也可以使用4096位秘钥
Generating RSA private key, 1024 bit long modulus
.......++++++
...++++++
e is 65537 (0x10001)
Enter pass phrase for nginx.key:                 #输入密码，自定义，不少于4个字符
Verifying - Enter pass phrase for nginx.key:     #确认密码# openssl req -new -key nginx.key -out nginx.csr
Enter pass phrase for nginx.key:                             #输入刚刚创建的密码# openssl rsa -in nginx.key -out nginx_nopass.key
Enter pass phrase for nginx.key:        #之前RSA秘钥创建时的密码
writing RSA key# openssl x509 -req -days 3650 -in nginx.csr  -signkey nginx.key -out nginx.crt    
Signature ok
subject=/C=CN/ST=ShangHai/L=ShangHai/O=ACBC/OU=Tech/CN=*.mydomain.com/emailAddress=admin@mydomain.com
Getting Private key
Enter pass phrase for nginx.key:          #RSA创建时的密码# ls
nginx.crt  nginx.csr  nginx.key  nginx_nopass.key

配置gitlab配置文件

[root@localhost data]# cp nginx* /etc/gitlab/
[root@localhost data]# ll /etc/gitlab/nginx*
-rw-r--r--. 1 root root 1115  1月 12 19:35 /etc/gitlab/nginx.crt
-rw-r--r--. 1 root root  952  1月 12 19:35 /etc/gitlab/nginx.csr
-rw-------. 1 root root 1854  1月 12 19:35 /etc/gitlab/nginx.key
-rw-------. 1 root root 1704  1月 12 19:35 /etc/gitlab/nginx_nopass.key
[root@localhost data]# chmod 755 /etc/gitlab/nginx*[root@localhost data]# vim /etc/gitlab/gitlab.rb
external_url 'https://192.168.73.30'
nginx['ssl_certificate'] = "/etc/gitlab/nginx.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/nginx_nopass.key"

重新配置gitlab

[root@localhost data]#  gitlab-ctl reconfigure

重新访问gitlab

gitlab新地址:
https://192.168.73.30

gitlab操作

gitlab状态查看:  gitlab-ctl status
gitlab启动:     gitlab-ctl start
gitlab停止:     gitlab-ctl stop
gitlab重启:     gitlab-ctl restart
gitlab重新加载配置文件: gitlab-ctl reconfigure