GitLab部署的最佳实践
# 1,资源需求
- 配置:在越大越好的前提下,建议不低于
8C16G
。 - 存储:建议
100G系统盘
+800G数据盘
。盘的规格越高越好。最低SSD
,其中数据盘可酌情加大,800G数据盘管三五年没问题。- 此处要考虑到备份文件,如果数据目录有100G左右,那么备份文件可能会有八十多G,本地保留不可过多,尽量异地备份。
注意:
- 注意数据盘挂载到/data目录中。
- 注意组件数据目录通过本地挂载进行了软链,此事儿下边详述。
# 2,安装软件
gitlab的安装非常简单,这里不做赘述。
$ yum install -y curl openssh-server postfix cronie
$ curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
$ yum install gitlab-ce
1
2
3
2
3
默认安装当前yum源内的最新版本,如果想要安装指定版本,可运行如下命令:yum install gitlab-ce-11.0.2
。
# 3,准备工作
创建数据相关需求目录:
$ mkdir -p /data/gitlab-all-in-one/{backups,git-data,var-opt-gitlab}
$ useradd git && chown -R git.git /data/gitlab-all-in-one
1
2
2
- 说明:
git-data:
gitlab代码数据目录。backups:
数据备份目录。var-opt-gitlab:
组件数据目录。
重要:
注意组件数据目录在配置文件中默认为:/var/opt/gitlab
,为了与系统盘进行隔离以及数据存储目录统一,需要进行本地挂载处理:
$ echo '/data/gitlab-all-in-one/var-opt-gitlab /var/opt/gitlab none bind 0 0' >> /etc/fstab
$ mkdir /var/opt/gitlab
$ mount -a
1
2
3
2
3
此时系统的 /var/opt/gitlab
最终指向的其实是 /data/gitlab-all-in-one/var-opt-gitlab
。
注意:
这里并不能通过软链
进行处理,实测软链的方式会导致部分组件起不来。
# 4,配置文件
配置文件如下,其余未显示指定的,统一走默认配置:
$ egrep -v '^#|^$' gitlab.rb
external_url 'https://gitlab.eryajf.net'
gitlab_rails['time_zone'] = 'Asia/Shanghai'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.exmail.qq.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "no-reply@eryajf.net"
gitlab_rails['smtp_password'] = "test"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_from'] = 'no-reply@eryajf.com'
gitlab_rails['smtp_domain'] = "exmail.qq.com"
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP'
host: 'ldap.eryajf.net'
port: 389
uid: 'sn'
bind_dn: 'cn=admin,dc=eryajf,dc=net'
password: 'test'
encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
verify_certificates: true
smartcard_auth: false
active_directory: false
allow_username_or_email_login: false
lowercase_usernames: false
block_auto_created_users: false
base: 'ou=staff,dc=eryajf,dc=net'
user_filter: ''
## EE only
group_base: ''
admin_group: ''
sync_ssh_keys: false
EOS
gitlab_rails['manage_backup_path'] = true
gitlab_rails['backup_path'] = "/data/gitlab-all-in-one/backups"
git_data_dirs({
"default" => {
"path" => "/data/gitlab-all-in-one/git-data"
}
})
nginx['enable'] = true
nginx['client_max_body_size'] = '512m'
nginx['redirect_http_to_https'] = true
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
然后通过如下命令重载配置文件:
gitlab-ctl reconfigure
1
当看到:
Running handlers:
Running handlers complete
Chef Infra Client finished, 570/1519 resources updated in 03 minutes 11 seconds
Notes:
Default admin account has been configured with following details:
Username: root
Password: You didn't opt-in to print initial root password to STDOUT.
Password stored to /etc/gitlab/initial_root_password. This file will be cleaned up in first reconfigure run after 24 hours.
NOTE: Because these credentials might be present in your log files in plain text, it is highly recommended to reset the password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.
gitlab Reconfigured!
1
2
3
4
5
6
7
8
9
10
11
12
13
2
3
4
5
6
7
8
9
10
11
12
13
则说明配置完成了。
上次更新: 2024/02/28, 13:00:35