Gitlab系列之一、docker compose 部署极狐gitlab

Docker安装 请参考 https://boke.wsfnk.com/archives/262.html

准备gitlab的存放路径,并用 docker compose 部署 gitlab

# 1、创建必要的工作目录
    mkdir /ops/gitlab -p
    cd /ops/gitlab/
    mkdir config logs data

# 2、准备docker-compose.yml文件  (版本可用tag 16.11.10-jh.0 )
[root@ops-gitlab gitlab]# cat docker-compose.yml 
version: '3.6'
services:
  web:
    #image: 'registry.gitlab.cn/omnibus/gitlab-jh:latest'  不用latest是防止启动直接拉取导致服务异常
    image: 'registry.gitlab.cn/omnibus/gitlab-jh:16.8.1-jh.0'
    restart: always
    hostname: 'gitlab.atstm.cc'
    container_name: gitlab
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.atstm.cc'
        # Add any other gitlab.rb configuration here, each on its own line
    ports:
      # 9090是自带的Prometheus,9100是node_export
      - '80:80'
      - '443:443'
      - '22:22'
      #- '9090:9090'
      #- '9100:9100'
    volumes:
      - '/ops/gitlab/config:/etc/gitlab'
      - '/ops/gitlab/logs:/var/log/gitlab'
      - '/ops/gitlab/data:/var/opt/gitlab'
    shm_size: '256m'
    extra_hosts:
      - "ipa.atstm.cc:192.168.60.13"
      - "gitlab.atstm.cc:192.168.60.14"

# 3、启动(确保您在与 docker-compose.yml 相同的目录下并启动极狐GitLab:)
    # docker-compose up -d  老的docker compose启动方式
    docker compose up -d

# 4、查询被初始化的root密码(这是假的哦)
    [root@gitlab ~]# docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
    Password: DyTqWaxg4YQ3FlkuyWeLWq+UFdy0IlbmFLAmi36SMcE1=

    # 直接通过浏览器访问(或者浏览器直接访问ip,访问域名须先自行设置dns解析)
    https://gitlab.atstm.cc

gitlab 集成 FreeIPA 的ldap认证

参考教程 https://docs.gitlab.cn/jh/administration/auth/ldap/#%E9%80%9A%E7%94%A8-ldap-%E8%AE%BE%E7%BD%AE

# 1、编辑gitlab的配置文件,开启ldap
    docker exec -it gitlab bash 
    vi /etc/gitlab/gitlab.rb

external_url 'https://gitlab.atstm.cc'
gitlab_rails['ldap_enabled'] = true
gitlab_rails['prevent_ldap_sign_in'] = false
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
  main:
    label: 'FreeIPA LDAP'
    host: 'ipa.atstm.cc'
    port: 389           # 389 端口通常是http无保护的,636 端口通常是https
    uid: 'uid'          # 若是windows的ad域,则uid字段填写sAMAccountName;若是linux的ldap,则uid字段填写uid
    encryption: 'plain' # 如果开启了tls或ssl则填写对应的tls或ssl,都没有就填写plain
    bind_dn: 'uid=test,cn=users,cn=compat,dc=atstm,dc=cc'    # 设置一个可读的用户,注意这个可以先自行查看 https://boke.wsfnk.com/archives/1290.html
    password: 'test123'
    timeout: '10'
    active_directory: 'false'               # LDAP服务是否是windows的AD,我们是用的OpenLDAP,这里写false
    allow_username_or_email_login: 'true'   # 是否允许用户名或者邮箱认证,如果是则用户输入用户名或邮箱都可
    lowercase_usernames: 'true'             # 启用 LDAP 用户名小写
    block_auto_created_users: 'false'       # 不阻止自动创建用户
    base: 'cn=users,cn=compat,dc=atstm,dc=cc'   # 从哪个位置搜索用户。
EOS

# 2、重载gitlab配置
    gitlab-ctl reconfigure

# 3、验证ldap是否成功集成
    root@gitlab:/# gitlab-rake gitlab:ldap:check
    Checking LDAP ...
    LDAP: ... Server: ldapmain
    LDAP authentication... Success
    LDAP users with access to your GitLab server (only showing the first 100 results)
        DN: uid=test,cn=users,cn=compat,dc=atstm,dc=cc   uid: test
        DN: uid=admin,cn=users,cn=compat,dc=atstm,dc=cc  uid: admin
    Checking LDAP ... Finished

gitlab 集成 阿里企业邮 的smtp

参考文章 https://docs.gitlab.cn/omnibus/settings/smtp.html

# 1、编辑gitlab的配置文件,开启smtp
    docker exec -it gitlab bash 
    vi /etc/gitlab/gitlab.rb

gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qiye.aliyun.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "test@wsfnk.com"
gitlab_rails['smtp_password'] = 'sxxxxxxx540@'
gitlab_rails['smtp_domain'] = "wsfnk.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = false       # 若是集成qq邮箱,有授权码的,这里用true
gitlab_rails['smtp_tls'] = true
# gitlab_rails['gitlab_email_from'] = 'test@wsfnk.com'

# 2、重载gitlab配置
    gitlab-ctl reconfigure

gitlab 集成 腾讯企业微信邮箱(企微邮) 的smtp

# 1、编辑gitlab的配置文件,开启smtp
    docker exec -it gitlab bash 
    vi /etc/gitlab/gitlab.rb

gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.exmail.qq.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "xx@xx.cn"
gitlab_rails['smtp_password'] = "xxpassword"
gitlab_rails['smtp_domain'] = "xx.cn"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = false       # 企业微信邮箱,未开启其他客户端授权码,故填false(即直接使用邮箱密码即可登录)
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_from'] = 'gitlab@tigocloud.cn'   # 若是不配置这个,可能出现501错误

# 2、重载gitlab配置
    gitlab-ctl reconfigure

gitlab 配置可信 ssl证书(nginx类型的)

# 1、编辑配置文件,开启 http to https
    # 注意ssl的路径,若是docker compose 方式部署的,就在母鸡对于的目录下修改即可,我这里是/ops/gitlab/config/ssl/
    docker exec -it gitlab bash 
    vi /etc/gitlab/gitlab.rb

nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.atstm.cc.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.atstm.cc.key"
#nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
#nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"

# 2、重启gitlab
    gitlab-ctl reconfigure

gitlab 配置内置node_export

# 1、修改配置文件
node_exporter['enable'] = true
node_exporter['home'] = '/var/opt/gitlab/node-exporter'
node_exporter['listen_address'] = '0.0.0.0:9100'

# 2、重载gitlab配置
    gitlab-ctl reconfigure

# 3、去对应的Prometheus加上job
  - job_name: 'gitlab-node'
    static_configs:
      - targets: ['192.168.60.14:9100']

gitlab 配置启用内置 Prometheus

# 1、修改配置文件
prometheus['enable'] = true
prometheus['listen_address'] = '0.0.0.0:9090'

# 2、重载gitlab配置
    gitlab-ctl reconfigure

# 3、浏览器访问
    http://gitlab.atstm.cc:9090/graph

附、极狐git的版本(及tag)

https://packages.gitlab.cn/#browse/search

官方查找tag的教程
    https://gitlab.cn/resources/articles/09091723-86a3-4f63-86e9-feb77b0e4289
声明:本文为原创,作者为 辣条①号,转载时请保留本声明及附带文章链接:https://boke.wsfnk.com/archives/1291.html
谢谢你请我吃辣条谢谢你请我吃辣条

如果文章对你有帮助,欢迎点击上方按钮打赏作者

最后编辑于:2024/11/25作者: 辣条①号

目标:网络规划设计师、系统工程师、ceph存储工程师、云计算工程师。 不负遇见,不谈亏欠!

暂无评论

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注

arrow grin ! ? cool roll eek evil razz mrgreen smile oops lol mad twisted wink idea cry shock neutral sad ???

文章目录