Centos6.7 minimal安装GitLab8.3.4配置LDAP、发邮件以及升级到GitLab8.5.4

建议使用非root帐户安装，先同步系统时间：

ntpdate cn.pool.ntp.org

一、建立用户gitlab

注意：centos下，adduser和useradd的命令效果是同样的，但ubunut下，useradd只建立用户不生成用户主目录，adduser会用向导提示你一步步建立一个完整的用户：

[gitlab@localhost ~]$ su root
Password:
[root@localhost gitlab]# cd ~
[root@localhost ~]# passwd gitlab
Changing password for user gitlab.
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]# su gitlab
[gitlab@localhost root]$ cd ~
[gitlab@localhost ~]$

 

 

二、安装gitlab

访问 https://about.gitlab.com/downloads/#centos6：

 

按照第一步安装必要的依赖。若是你不想用sendmail或者postfix做为发送邮件的服务端，你能够不安装postfix，而使用内置的smtp配置第三方的邮箱便可，或者是你的企业邮箱：

1. Install and configure the necessary dependencies

sudo yum install curl openssh-server openssh-clients postfix cronie
sudo service postfix start
sudo chkconfig postfix on
sudo lokkit -s http -s ssh

 

 

第二步我使用的是下载rpm包的方式安装，而不是使用官方的脚本：

2. Add the GitLab package server and install the package

rpm包到这里下载，https://packages.gitlab.com/gitlab/gitlab-ce

包很大比较慢，不建议使用wget或者curl，建议下载到本地再上传到服务器。

下载完成后，

sudo rpm -i gitlab-ce-8.5.4-ce.0.el6.x86_64.rpm

 

三、配置LDAP认证

编辑配置文件。注意，最后那个EOS的注释要取消掉：

sudo vim /etc/gitlab/gitlab.rb

## For setting up LDAP
## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#setting-up-ldap-sign-in
## Be careful not to break the identation in the ldap_servers block. It is in
## yaml format and the spaces must be retained. Using tabs will not work.

 gitlab_rails['ldap_enabled'] = true
 gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
   main: # 'main' is the GitLab 'provider ID' of this LDAP server
     label: 'LDAP'
     host: '192.168.100.100'
     port: 389
     uid: 'sAMAccountName'
     method: 'plain' # "tls" or "ssl" or "plain"
     bind_dn: 'cn=your_ldap_name,ou=your_ou_name,dc=your_2nd_domain,dc=your_1st_domain'
     password: 'yourpassword'
     active_directory: true
     allow_username_or_email_login: false
     block_auto_created_users: false
     base: 'dc=tima,dc=local'
     user_filter: ''
#     ## EE only
#     group_base: ''
#     admin_group: ''
#     sync_ssh_keys: false
#
#   secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
#     port: 389
#     uid: 'sAMAccountName'
#     method: 'plain' # "tls" or "ssl" or "plain"
#     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
#     password: '_the_password_of_the_bind_user'
#     active_directory: true
#     allow_username_or_email_login: false
#     block_auto_created_users: false
#     base: ''
#     user_filter: ''
#     ## EE only
#     group_base: ''
#     admin_group: ''
#     sync_ssh_keys: false
 EOS

 

 

四、取消用户注册功能

注意：因为你们呼声很高，彷佛从7.7版开始，gitlab默认启用了用户注册功能，而且在 /etc/gitlab/gitlab.rb 中找不到

#gitlabrails['gitlabsignup_enabled'] = false

#gitlabrails[

'signinenabled'] = false

配置部分了，可是能够登陆root帐户在GUI下的Admin Area 中配置，以下：

 

五、配置发送邮件功能

邮件发送其实没必要要用到postfix或sendmail，因此我是先停掉了postfix，以避免配置过程当中的错误日志产生误导：

sudo service postfix status
sudo service postfix stop
sudo service postfix disable
sudo chkconfig postfix off
sudo chkconfig

编辑配置文件：

sudo vim /etc/gitlab/gitlab.rb

取消注释并修改：

################################
# GitLab email server settings #
################################
# see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/smtp.md#smtp-settings
# Use smtp instead of sendmail/postfix.

 gitlab_rails['smtp_enable'] = true
 gitlab_rails['smtp_address'] = "smtp.yourdomain.com"
 gitlab_rails['smtp_port'] = 25 #465 for SSL
 gitlab_rails['smtp_user_name'] = "your_mail_sender_name"
 gitlab_rails['smtp_password'] = "your_password"
 gitlab_rails['smtp_domain'] = "smtp.yourdomain.com"
 gitlab_rails['smtp_authentication'] = "login"
 gitlab_rails['smtp_enable_starttls_auto'] = true
 gitlab_rails['smtp_tls'] = false
 gitlab_rails['smtp_openssl_verify_mode'] = 'none' # Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert', see http://api.rubyonrails.org/classes/ActionMailer/Base.html
# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"

而后reconfigure：

sudo gitlab-ctl reconfigure

同时可能须要检查如下两个配置文件是否与你配置的信息一致：

sudo vim /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml

sudo vim /opt/gitlab/embedded/service/gitlab-rails/config/initializers/smtp_settings.rb

SecureCRT另开session观察日志输出：

sudo tail -f /var/log/gitlab/gitlab-rails/production.log

 

测试邮件推送功能是否正常：

使用ldap帐户登陆到gitlab，建立一个项目如pythonweb，这时候默认的group是你的用户名，若是你想用别的项目，能够点击Create a group，添加一个group，建立完成后个人git路径是：

git@172.16.224.246:openstack/pythonweb.git

第一次配的时候应该是

git@localhost:openstack/pythonweb.git

 

这里的localhost是不合理的，别人提交代码的时还得修改为ip或者域名，这个能够在配置文件里修改默认值：

sudo vim /etc/gitlab/gitlab.rb

在最顶部修改以下：

## Url on which GitLab will be reachable.
external_url 'http://172.16.224.246'  #这里是ip地址或者域名

 

回到gitlab界面，点击左下角的settings--services--Emails on push, 勾选Active，Recipients填写本项目更新须要推送知晓的人员，多个用空格或者逗号隔开：

 

本机添加git目录并push到远程主机：

我在windows下，使用cygwin，cygwin配置能够参考：

https://xstarcd.github.io/wiki/cygwin/index.html（我同事）

http://www.cnblogs.com/astwish/articles/3700459.html

git使方法推荐廖雪峰老师的git教程。

 

第一次提交项目前会要求添加SSH key，点击add an SSH key，能够添加本身的公钥到（公钥能够有多个）：

 

本机生成SSH key，并复制蓝底部分到上面的key框中：

$

ssh-keygen -t rsa -C valiant.jiang@timanetworks.com

#email要填你登陆gitlab的ldap关联的email
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ONE/.ssh/id_rsa):
/home/ONE/.ssh/id_rsa already exists.
Overwrite (y/n)? n #我是no 由于已经有了不想再改

ONE@DESKTOP-BGP4M01 ~$ 

cat ~/.ssh/id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0V2KJgXp3O0p/5pE2apMJLg9W9ePQF8cOFUo03nEIX6IRjrHGmZjMX8napr9lJRU676pgJhekW/gbyn1DuSyBxurPe65vr/MpQMCMq/Pd00tA/z3irT5DIvfhLb+xhaTMJcT7UIBNvSjw4pUb2la3cKJzkbV01RzbESoNnpEqtnZsVY8Ys1WNHzRkgxO+EGQphf9HdEanRxOoIUKmOKtVUA8oiCpz0z6yyWnNFYnL6OMeviYiJ26n7eKTV5pqUmQtbzc3sKNTXsi+1Cw+3l1/l8Mbro2o6NGQP4lNfJGjFU6Q3t/uV4l+mpP11r0cqfzjF4gegxk0G9NiIomgAHmp valiant.jiang@timanetworks.com

ONE@DESKTOP-BGP4M01 ~$

 

按照project页面的提示，设置全局的免密钥代码提交帐户：

 

git config --global user.name "Valiant Jiang"

git config --global user.email valiant.jiang@timanetworks.com

git clone git@172.16.224.246:openstack/pythonweb.git
cd pythonweb
touch README.md
git add README.md
git commit -m "add README"
git push -u origin master

作完这一步，应该就能够收到系统发给你的push报告邮件了：

 

 

 

六、升级到最新稳定版

针对不一样的安装方式，GitLab官方提供了不一样的升级方法，咱们是手动安装的omnibus包，因此用下面的连接升级：

 

 

 

https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/update/README.md#updating-from-gitlab-66-and-higher-to-the-latest-version

Updating from GitLab 6.6 and higher to the latest version

The procedure can also be used to upgrade from a CE omnibus package to an EE omnibus package.

First, download the latest CE or EE (license key required) package to your GitLab server.

Stop services but leave postgresql running for the database migrations and create a backup

sudo gitlab-ctl stop unicorn
sudo gitlab-ctl stop sidekiq
sudo gitlab-ctl stop nginx
sudo gitlab-rake gitlab:backup:create

Install the latest package

# Ubuntu/Debian:
sudo dpkg -i gitlab_x.x.x-omnibus.xxx.deb

# CentOS:
sudo rpm -Uvh gitlab-x.x.x_xxx.rpm

Reconfigure GitLab (includes running database migrations) and restart all services

sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart

Done!

Trouble? Check status details

sudo gitlab-ctl status
sudo gitlab-rake gitlab:check SANITIZE=true

 

 

七、实用连接

log文件详解：http://doc.gitlab.com/ee/logs/logs.html

ldap配置：http://doc.gitlab.com/ce/integration/ldap.html

smtp配置：http://doc.gitlab.com/omnibus/settings/smtp.html

各版本升级地址：https://about.gitlab.com/update/

本次升级地址：https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/update/README.md#updating-from-gitlab-66-and-higher-to-the-latest-version