安裝 GitLab

GitLab 架構及組建

架構

組建介紹

1. GitLab Workhorse：輕量級別代理服務器，用來處理大的 HTTP 請求，比如文件上傳下載如 Git Push/Pull ，其它請求會反向代理到 GitLab Rails 應用，即反向代理給後端的 unicorn
2. Nginx：提供網頁服務（ Web Service ）
3. PostgreSQL：資料庫 （ SQL Server ）
4. Redis：
5. Sidekiq：Sidekiq 使用多線程處理後台任務（異步）。這個進程啟動的時候會使用整個 Rails 堆棧（200MB+），但是它會在內存泄漏的情況下增加。一個用戶非常活躍的服務器上（10,000個活躍用戶），Sidekiq 進程會占用 1GB+ 的內存
6. Unicorn（ GitLab Rails ）：GitLab自身的 WEB 服務器：Ruby Web Server，托管 GitLab Rails 服務。增加 unicorn 的 workers 數量，可以減少應用的響應時間並提高處理並发請求的能力。對於大部分實例，建議的配置：CPU 核心數 + 1 = unicorn workers 數
7. GitLab Shell：從 shell 而不是網頁前台（ http ）接受命令
8. Gitaly：提供高層次的 Git RPC 服務已訪問 Git 倉庫

安裝方法

yum install -y curl policycoreutils-python openssh-server
systemctl enable sshd
systemctl start sshd
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
systemctl reload firewalld

yum install postfix
systemctl enable postfix
systemctl start postfix

curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | bash

EXTERNAL_URL="https://gitlab.beckyeh.com" yum install -y gitlab-ce

設定 GitLab

GitLab 設定檔以及 CLI 指令

/opt/gitlab # GitLab 安裝位置
/etc/gitlab/gitlab.rb # GitLab 主要配置文件
/var/opt/gitlab/git-data/repositories/ # 代碼倉庫保存位置
/var/opt/gitlab/backups/ # 代碼倉庫備份位置
/var/log/gitlab/ # 日志位置
/var/opt/gitlab/postgresql/data/ # postgresql 數據及設定目錄
/var/opt/gitlab/redis # Redis 配置目錄
/var/opt/gitlab/gitlab-rails/etc/unicorn.rb  # unicorn 配置文件

/opt/gitlab/bin/gitlab-ctl status # 查看狀態
/opt/gitlab/bin/gitlab-ctl stop
/opt/gitlab/bin/gitlab-ctl start
#/opt/gitlab/bin/gitlab-ctl show-config #查看當前配置
/opt/gitlab/bin/gitlab-ctl help # 獲取命令行幫助
cat /opt/gitlab/version-manifest.json | grep build_version # 查看版本

GitLab 設定檔

# domain 設定
external_url 'https://awoogitlab.awoo.org'

# nginx 設定
nginx['redirect_http_to_https'] = true
nginx['redirect_http_to_https_port'] = 8888
nginx['ssl_certificate'] = "/etc/gitlab/ssl/awoogitlab.awoo.org.pem"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/awoogitlab.awoo.org.key"

# time_zone
gitlab_rails['time_zone'] = 'Asia/Taipei'

### Email Settings
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = '[email protected]'
gitlab_rails['gitlab_email_display_name'] = 'GitLab system'
gitlab_rails['gitlab_email_reply_to'] = '[email protected]'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "mail.beckyeh.com"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "[email protected]"
gitlab_rails['smtp_password'] = ",hS+v6,LQUG7y-gm"
gitlab_rails['smtp_domain'] = "mail.beckyeh.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
# gitlab_rails['smtp_tls'] = true

Email 設定驗證方法

[root@gitlab ~]# gitlab-rails console
--------------------------------------------------------------------------------
 GitLab:       13.3.4 (aebc07f48e8) FOSS
 GitLab Shell: 13.6.0
 PostgreSQL:   11.7
--------------------------------------------------------------------------------
Loading production environment (Rails 6.0.3.1)
irb(main):001:0> Notify.test_email('[email protected]', 'test', 'test').deliver_now
Notify#test_email: processed outbound mail in 0.9ms
Delivered mail [email protected] (2363.5ms)
Date: Thu, 03 Sep 2020 16:35:35 +0800
From: GitLab system 
Reply-To: GitLab system 
To: [email protected]
Message-ID: <[email protected]>
Subject: test
Mime-Version: 1.0
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit
Auto-Submitted: auto-generated
X-Auto-Response-Suppress: All


test

=> #, >, >, , >, , , , , , >
irb(main):002:0> exit

LDAP 驗證：

gitlab-rake gitlab:ldap:check

備份及還原

備份

備份設定檔

因為備份指令並不會備份設定檔，所以需要手動另行備份，所有的設定預設都在 /etc/gitlab/ 底下。
其中最重要的就是 /etc/gitlab/gitlab.rb 以及 /etc/gitlab/gitlab-secrets.json 這兩個檔案。
/etc/gitlab/gitlab-secrets.json 包含了資料庫的加密金鑰、二次驗證的金鑰、GitLab CI 的金鑰等訊息。

備份指令

使用備份指令時會依照 /etc/gitlab/gitlab.rb 中的設定執行

# gitlab_rails['manage_backup_path'] = true
gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"

###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#backup-archive-permissions
gitlab_rails['backup_archive_permissions'] = 0644

###! The duration in seconds to keep backups before they are allowed to be deleted
gitlab_rails['backup_keep_time'] = 604800

備份指令：

gitlab-rake gitlab:backup:create

2020-09-03 20:02:27 +0800 -- Dumping database ...
Dumping PostgreSQL database gitlabhq_production ... [DONE]
2020-09-03 20:02:28 +0800 -- done
2020-09-03 20:02:28 +0800 -- Dumping repositories ...
2020-09-03 20:02:28 +0800 -- done
2020-09-03 20:02:28 +0800 -- Dumping uploads ...
2020-09-03 20:02:28 +0800 -- done
2020-09-03 20:02:28 +0800 -- Dumping builds ...
2020-09-03 20:02:28 +0800 -- done
2020-09-03 20:02:28 +0800 -- Dumping artifacts ...
2020-09-03 20:02:28 +0800 -- done
2020-09-03 20:02:28 +0800 -- Dumping pages ...
2020-09-03 20:02:28 +0800 -- done
2020-09-03 20:02:28 +0800 -- Dumping lfs objects ...
2020-09-03 20:02:28 +0800 -- done
2020-09-03 20:02:28 +0800 -- Dumping container registry images ...
2020-09-03 20:02:28 +0800 -- done
Creating backup archive: 1599134548_2020_09_03_13.3.4_gitlab_backup.tar ... done
Uploading backup archive to remote storage  ... skipped
Deleting tmp directories ... done
done
done
done
done
done
done
done
done
Deleting old backups ... skipping
Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data
and are not included in this backup. You will need these files to restore a backup.
Please back them up manually.
Backup task is done.

設定到 cronjob：

0 2 * * * /opt/gitlab/bin/gitlab-rake gitlab:backup:create CRON=1

備份到遠端雲空間的方法請參考此連結 ：https://docs.gitlab.com/ee/raketasks/backup_restore.html

還原

1. 備份前先暫停 GitLab 服務

   gitlab-ctl stop

2. 如果是新安裝的 GitLab，把 /etc/gitlab/ 內的檔案還原後，需執行以下指令

   gitlab-ctl reconfigure

3. 將指令的備份檔放入 /etc/gitlab/gitlab.rb 中所設定的備份目錄

4. 執行以下還原指令：

   gitlab-ctl start postgresql
   gitlab-ctl start redis
   gitlab-ctl start  gitlab-workhorse
   gitlab-ctl start gitaly
   [root@gitlab backups]# ll /var/opt/gitlab/backups/
   total 276
   -rw-------. 1 git git 235520 Sep  3 20:02 1599134548_2020_09_03_13.3.4_gitlab_backup.tar
   
   gitlab-rake gitlab:backup:restore BACKUP=1599134548_2020_09_03_13.3.4

   [root@gitlab ~]# gitlab-backup restore BACKUP=1599134548_2020_09_03_13.3.4
   Unpacking backup ... done
   Before restoring the database, we will remove all existing
   tables to avoid future upgrade problems. Be aware that if you have
   custom tables in the GitLab database these tables and all data will be
   removed.
   
   Do you want to continue (yes/no)? yes
   Removing all tables. Press Ctrl-C within 5 seconds to abort
   2020-09-03 21:17:23 +0800 -- Cleaning the database ...
   ...
   ...
   ...
   ...
   ALTER TABLE
   ALTER TABLE
   ALTER TABLE
   [DONE]
   2020-09-03 21:19:24 +0800 -- done
   2020-09-03 21:19:24 +0800 -- Restoring repositories ...
   2020-09-03 21:19:24 +0800 -- done
   2020-09-03 21:19:24 +0800 -- Restoring uploads ...
   2020-09-03 21:19:24 +0800 -- done
   2020-09-03 21:19:24 +0800 -- Restoring builds ...
   2020-09-03 21:19:24 +0800 -- done
   2020-09-03 21:19:24 +0800 -- Restoring artifacts ...
   2020-09-03 21:19:24 +0800 -- done
   2020-09-03 21:19:24 +0800 -- Restoring pages ...
   2020-09-03 21:19:24 +0800 -- done
   2020-09-03 21:19:24 +0800 -- Restoring lfs objects ...
   2020-09-03 21:19:24 +0800 -- done
   2020-09-03 21:19:24 +0800 -- Restoring container registry images ...
   2020-09-03 21:19:24 +0800 -- done
   This task will now rebuild the authorized_keys file.
   You will lose any data stored in the authorized_keys file.
   Do you want to continue (yes/no)? yes
   
   Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data
   and are not included in this backup. You will need to restore these files manually.
   Restore task is done.

5. 重新執行所有服務：

   gitlab-ctl restart

6. 檢查各組件運作是否正常

   gitlab-rake gitlab:check SANITIZE=true
   
   Checking GitLab subtasks ...
   
   Checking GitLab Shell ...
   
   GitLab Shell: ... GitLab Shell version >= 13.6.0 ? ... OK (13.6.0)
   Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
   Internal API available: OK
   Redis available via internal API: OK
   gitlab-shell self-check successful
   
   Checking GitLab Shell ... Finished
   
   Checking Gitaly ...
   
   Gitaly: ... default ... OK
   
   Checking Gitaly ... Finished
   
   Checking Sidekiq ...
   
   Sidekiq: ... Running? ... yes
   Number of Sidekiq processes ... 1
   
   Checking Sidekiq ... Finished
   
   Checking Incoming Email ...
   
   Incoming Email: ... Reply by email is disabled in config/gitlab.yml
   
   Checking Incoming Email ... Finished
   
   Checking LDAP ...
   
   LDAP: ... LDAP is disabled in config/gitlab.yml
   
   Checking LDAP ... Finished
   
   Checking GitLab App ...
   
   Git configured correctly? ... yes
   Database config exists? ... yes
   All migrations up? ... yes
   Database contains orphaned GroupMembers? ... no
   GitLab config exists? ... yes
   GitLab config up to date? ... yes
   Log directory writable? ... yes
   Tmp directory writable? ... yes
   Uploads directory exists? ... yes
   Uploads directory has correct permissions? ... yes
   Uploads directory tmp has correct permissions? ... skipped (no tmp uploads folder yet)
   Init script exists? ... skipped (omnibus-gitlab has no init script)
   Init script up-to-date? ... skipped (omnibus-gitlab has no init script)
   Projects have namespace: ... can't check, you have no projects
   Redis version >= 4.0.0? ... yes
   Ruby version >= 2.5.3 ? ... yes (2.6.6)
   Git version >= 2.24.0 ? ... yes (2.28.0)
   Git user has default SSH configuration? ... yes
   Active users: ... 1
   Is authorized keys file accessible? ... yes
   GitLab configured to store new projects in hashed storage? ... yes
   All projects are in hashed storage? ... yes
   
   Checking GitLab App ... Finished
   
   Checking GitLab subtasks ... Finished