文章目录
Docker安装 请参考 https://boke.wsfnk.com/archives/262.html
准备gitlab的存放路径,并用 docker compose 部署 gitlab
# 1、创建必要的工作目录
mkdir /ops/gitlab -p
cd /ops/gitlab/
mkdir config logs data
# 2、准备docker-compose.yml文件 (版本可用tag 16.11.10-jh.0 )
[root@ops-gitlab gitlab]# cat docker-compose.yml
version: '3.6'
services:
web:
#image: 'registry.gitlab.cn/omnibus/gitlab-jh:latest' 不用latest是防止启动直接拉取导致服务异常
image: 'registry.gitlab.cn/omnibus/gitlab-jh:16.8.1-jh.0'
restart: always
hostname: 'gitlab.atstm.cc'
container_name: gitlab
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.atstm.cc'
# Add any other gitlab.rb configuration here, each on its own line
ports:
# 9090是自带的Prometheus,9100是node_export
- '80:80'
- '443:443'
- '22:22'
#- '9090:9090'
#- '9100:9100'
volumes:
- '/ops/gitlab/config:/etc/gitlab'
- '/ops/gitlab/logs:/var/log/gitlab'
- '/ops/gitlab/data:/var/opt/gitlab'
shm_size: '256m'
extra_hosts:
- "ipa.atstm.cc:192.168.60.13"
- "gitlab.atstm.cc:192.168.60.14"
# 3、启动(确保您在与 docker-compose.yml 相同的目录下并启动极狐GitLab:)
# docker-compose up -d 老的docker compose启动方式
docker compose up -d
# 4、查询被初始化的root密码(这是假的哦)
[root@gitlab ~]# docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
Password: DyTqWaxg4YQ3FlkuyWeLWq+UFdy0IlbmFLAmi36SMcE1=
# 直接通过浏览器访问(或者浏览器直接访问ip,访问域名须先自行设置dns解析)
https://gitlab.atstm.cc
gitlab 集成 FreeIPA 的ldap认证
参考教程 https://docs.gitlab.cn/jh/administration/auth/ldap/#%E9%80%9A%E7%94%A8-ldap-%E8%AE%BE%E7%BD%AE
# 1、编辑gitlab的配置文件,开启ldap
docker exec -it gitlab bash
vi /etc/gitlab/gitlab.rb
external_url 'https://gitlab.atstm.cc'
gitlab_rails['ldap_enabled'] = true
gitlab_rails['prevent_ldap_sign_in'] = false
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main:
label: 'FreeIPA LDAP'
host: 'ipa.atstm.cc'
port: 389 # 389 端口通常是http无保护的,636 端口通常是https
uid: 'uid' # 若是windows的ad域,则uid字段填写sAMAccountName;若是linux的ldap,则uid字段填写uid
encryption: 'plain' # 如果开启了tls或ssl则填写对应的tls或ssl,都没有就填写plain
bind_dn: 'uid=test,cn=users,cn=compat,dc=atstm,dc=cc' # 设置一个可读的用户,注意这个可以先自行查看 https://boke.wsfnk.com/archives/1290.html
password: 'test123'
timeout: '10'
active_directory: 'false' # LDAP服务是否是windows的AD,我们是用的OpenLDAP,这里写false
allow_username_or_email_login: 'true' # 是否允许用户名或者邮箱认证,如果是则用户输入用户名或邮箱都可
lowercase_usernames: 'true' # 启用 LDAP 用户名小写
block_auto_created_users: 'false' # 不阻止自动创建用户
base: 'cn=users,cn=compat,dc=atstm,dc=cc' # 从哪个位置搜索用户。
EOS
# 2、重载gitlab配置
gitlab-ctl reconfigure
# 3、验证ldap是否成功集成
root@gitlab:/# gitlab-rake gitlab:ldap:check
Checking LDAP ...
LDAP: ... Server: ldapmain
LDAP authentication... Success
LDAP users with access to your GitLab server (only showing the first 100 results)
DN: uid=test,cn=users,cn=compat,dc=atstm,dc=cc uid: test
DN: uid=admin,cn=users,cn=compat,dc=atstm,dc=cc uid: admin
Checking LDAP ... Finished
gitlab 集成 阿里企业邮 的smtp
参考文章 https://docs.gitlab.cn/omnibus/settings/smtp.html
# 1、编辑gitlab的配置文件,开启smtp
docker exec -it gitlab bash
vi /etc/gitlab/gitlab.rb
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qiye.aliyun.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "test@wsfnk.com"
gitlab_rails['smtp_password'] = 'sxxxxxxx540@'
gitlab_rails['smtp_domain'] = "wsfnk.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = false # 若是集成qq邮箱,有授权码的,这里用true
gitlab_rails['smtp_tls'] = true
# gitlab_rails['gitlab_email_from'] = 'test@wsfnk.com'
# 2、重载gitlab配置
gitlab-ctl reconfigure
gitlab 集成 腾讯企业微信邮箱(企微邮) 的smtp
# 1、编辑gitlab的配置文件,开启smtp
docker exec -it gitlab bash
vi /etc/gitlab/gitlab.rb
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.exmail.qq.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "xx@xx.cn"
gitlab_rails['smtp_password'] = "xxpassword"
gitlab_rails['smtp_domain'] = "xx.cn"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = false # 企业微信邮箱,未开启其他客户端授权码,故填false(即直接使用邮箱密码即可登录)
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_from'] = 'gitlab@tigocloud.cn' # 若是不配置这个,可能出现501错误
# 2、重载gitlab配置
gitlab-ctl reconfigure
gitlab 配置可信 ssl证书(nginx类型的)
# 1、编辑配置文件,开启 http to https
# 注意ssl的路径,若是docker compose 方式部署的,就在母鸡对于的目录下修改即可,我这里是/ops/gitlab/config/ssl/
docker exec -it gitlab bash
vi /etc/gitlab/gitlab.rb
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.atstm.cc.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.atstm.cc.key"
#nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
#nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
# 2、重启gitlab
gitlab-ctl reconfigure
gitlab 配置内置node_export
# 1、修改配置文件
node_exporter['enable'] = true
node_exporter['home'] = '/var/opt/gitlab/node-exporter'
node_exporter['listen_address'] = '0.0.0.0:9100'
# 2、重载gitlab配置
gitlab-ctl reconfigure
# 3、去对应的Prometheus加上job
- job_name: 'gitlab-node'
static_configs:
- targets: ['192.168.60.14:9100']
gitlab 配置启用内置 Prometheus
# 1、修改配置文件
prometheus['enable'] = true
prometheus['listen_address'] = '0.0.0.0:9090'
# 2、重载gitlab配置
gitlab-ctl reconfigure
# 3、浏览器访问
http://gitlab.atstm.cc:9090/graph
附、极狐git的版本(及tag)
https://packages.gitlab.cn/#browse/search
官方查找tag的教程
https://gitlab.cn/resources/articles/09091723-86a3-4f63-86e9-feb77b0e4289
如果文章对你有帮助,欢迎点击上方按钮打赏作者
暂无评论