一藐俺、Gitlab概述

1.1 什么是Gitlab

1. 私有化代碼倉庫
2. 擁有精細化的權限控制，安全性能高
3. 主要使用ruby語言盯仪，部分使用Go語言
4. 開源免費

1.2 架構

• nginx：提供web訪問
• Gitlab Page：靜態(tài)資源
• Gitlab Workhorse：處理用戶請求（ruby語言）
• Gitlab Shell：代碼倉庫（git@方式訪問）
• Puma：處理用戶請求（ruby語言）
• PostgreSQL：數(shù)據(jù)庫

二紊搪、Gitlab快速部署

2.1 版本選擇

這里我們選擇gitlab-ce 12.0.3

• ce community edition 社區(qū)版
• ee enterprice edition 企業(yè)版

2.2 安裝要求

#系統(tǒng)要求
Ubuntu (16.04/18.04/20.04)
Debian (9/10)
CentOS (7/8)
openSUSE Leap (15.2)
SUSE Linux Enterprise Server (12 SP2/12 SP5)
Red Hat Enterprise Linux (please use the CentOS packages and instructions)

#硬件要求
##磁盤
存放代碼,比代碼空間大
7.2k以上的磁盤 sas
ssd

##CPU
4 核心 500用戶
8 核心 1000用戶

##內(nèi)存
4 G內(nèi)存 500用戶
8 G內(nèi)存 1000用戶

2.3 Gitlab安裝

#安裝依賴
yum install -y curl openssh-server postfix wget

#關閉防火墻和selinux
systemctl stop firewalld
systemctl enable firewalld
setenforce 0
sed  -i.bak  '/SELINUX=/s#enforcing#disabled#g'   /etc/selinux/config

#下載安裝 gitlab-ce-12.0.3
yum install -y https://mirror.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-12.0.3-ce.0.el7.x86_64.rpm
#本地有安裝包可以直接 yum -y localinstall gitlab-ce-12.0.3-ce.0.el7.x86_64.rpm

#安裝成功提示
It looks like GitLab has not been configured yet; skipping the upgrade script.

       *.                  *.
      ***                 ***
     *****               *****
    .******             *******
    ********            ********
   ,,,,,,,,,***********,,,,,,,,,
  ,,,,,,,,,,,*********,,,,,,,,,,,
  .,,,,,,,,,,,*******,,,,,,,,,,,,
      ,,,,,,,,,*****,,,,,,,,,.
         ,,,,,,,****,,,,,,
            .,,,***,,,,
                ,*,.
  


     _______ __  __          __
    / ____(_) /_/ /   ____ _/ /_
   / / __/ / __/ /   / __ `/ __ \
  / /_/ / / /_/ /___/ /_/ / /_/ /
  \____/_/\__/_____/\__,_/_.___/
  

Thank you for installing GitLab!
GitLab was unable to detect a valid hostname for your instance.
Please configure a URL for your GitLab instance by setting `external_url`
configuration in /etc/gitlab/gitlab.rb file.        #這里提示修改配置文件的url
Then, you can start your GitLab instance by running the following command:
  sudo gitlab-ctl reconfigure   #修改后需要初始化的命令

For a comprehensive list of configuration options please see the Omnibus GitLab readme
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md

#配置訪問的url
vim /etc/gitlab/gitlab.rc
#只需修改其中的一行
……
external_url 'http://gitlab.xiaoyu.com'
……

#初始化gitlab
gitlab-ctl reconfigure    #此過程大概需要三分鐘
#出現(xiàn)下列內(nèi)容表示初始化成功
Chef Client finished, 509/1343 resources updated in 03 minutes 47 seconds
gitlab Reconfigured!
#查看各個組件狀態(tài)
[root@gitlab ~]# gitlab-ctl status | column -t
run:  alertmanager:       (pid  3754)  98s;   run:  log:  (pid  3423)  182s
run:  gitaly:             (pid  3679)  104s;  run:  log:  (pid  2934)  304s
run:  gitlab-monitor:     (pid  3722)  103s;  run:  log:  (pid  3343)  215s
run:  gitlab-workhorse:   (pid  3700)  105s;  run:  log:  (pid  3254)  243s
run:  grafana:            (pid  3848)  98s;   run:  log:  (pid  3641)  124s
run:  logrotate:          (pid  3281)  236s;  run:  log:  (pid  3290)  235s
run:  nginx:              (pid  3262)  242s;  run:  log:  (pid  3273)  239s
run:  node-exporter:      (pid  3708)  104s;  run:  log:  (pid  3321)  227s
run:  postgres-exporter:  (pid  3840)  98s;   run:  log:  (pid  3481)  171s
run:  postgresql:         (pid  3046)  297s;  run:  log:  (pid  3093)  296s
run:  prometheus:         (pid  3731)  102s;  run:  log:  (pid  3393)  195s
run:  redis:              (pid  2892)  310s;  run:  log:  (pid  2902)  309s
run:  redis-exporter:     (pid  3725)  102s;  run:  log:  (pid  3362)  204s
run:  sidekiq:            (pid  3227)  250s;  run:  log:  (pid  3240)  247s
run:  unicorn:            (pid  3197)  256s;  run:  log:  (pid  3220)  253s

修改hosts解析蜜葱，添加

10.0.0.75  gitlab.xiaoyu.com

瀏覽器訪問gitlab.xiaoyu.com全景，出現(xiàn)此頁面表示gitlab安裝與配置成功

2.4瀏覽器登錄與查看

設置root密碼（密碼：12345678）

登錄賬戶：root
密碼：12345678

2.5漢化

#下載漢化包
#漢化包下載地址：https://gitlab.com/xhang/gitlab
[root@gitlab ~]# wget https://gitlab.com/xhang/gitlab/-/archive/12-0-stable-zh/gitlab-12-0-stablezh.tar.gz
#注意：這里漢化包版本必須與gitlab版本一致
[root@gitlab ~]# rpm -qa |grep gitlab  #查看gitlab版本
gitlab-ce-12.0.3-ce.0.el7.x86_64
[root@gitlab ~]# tar xf gitlab-12-0-stablezh.tar.gz
[root@gitlab ~]# cat gitlab-12-0-stable-zh-41b50258f316227928028e6eb7bc1492a0cdbe97/VERSION 
12.0.9    #查看漢化包的版本

#停止gitlab，進行中文漢化
[root@gitlab ~]# gitlab-ctl stop
[root@gitlab ~]# \cp -r gitlab-12-0-stable-zh-41b50258f316227928028e6eb7bc1492a0cdbe97/* /opt/gitlab/embedded/service/gitlab-rails/

#修改后重新初始化并啟動
[root@gitlab ~]# gitlab-ctl reconfigure
[root@gitlab ~]# gitlab-ctl start

瀏覽器訪問gitlab.xaoyu.com

此時并未完全漢化牵囤，需要在網(wǎng)頁中將gitlab配置為簡體中文

三爸黄、Gitlab用戶、組與項目

3.1 基礎關系

3.2驗證項目隸屬于該組揭鳞，是否可以設置只對該組成員可見

1. 分別創(chuàng)建用戶組dev-group-001與ops-group-001

   
   

2. 創(chuàng)建項目

   
   
   
   
   
   
   
   

3. 創(chuàng)建用戶

   
   
   
   
   
   
   
   
   
   
   
   

4. 將用戶添加到群組

   
   
   
   
   
   

5. 切換用戶炕贵，查看可見項目

   
   
   
   

gitlab的權限分配較為精細化，這里只是簡單的演示了用戶野崇，用戶組和項目三者的關系称开，其它功能不具體一一演示了。

四、提交代碼到gitlab

4.1 在上傳代碼前我們可以先配置ssh密鑰

#生成密鑰
[root@gitlab ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:hCEY2GNKc+y1fwNS9qhw28hEWY4mwAOoJzcfX9hqX3k root@gitlab
The key's randomart image is:
+---[RSA 2048]----+
|=+oo. +.         |
|o=*o =o=         |
|oo=ooo=++        |
|+ +o+=.+o.       |
| + o=oBoS  .     |
|    .=+o oo E    |
|     . .....     |
|        .        |
|                 |
+----[SHA256]-----+

#查看公鑰鳖轰，并復制到gitlab上
[root@gitlab ~]# cat .ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDD2+7OdcaJaKIgIpLtvG64+Qw92gycUHjmsheKNO1YQdMrxRUDl1R9fTAa5GzHKRZs2giFk4J2p5ggyRJaBjzI+WzdrvCWyn9cpYSPGH7zeyMUVqi9U3gnS9i6mQWePOJynjZS1zSfnfmDpId3b7jyCwT0iiAs3AfB9SHnhubuH4+D+pLwAVaCRCQYEj6sP5YuI9gyGmAg9wLD8AmEw3a5hjFUm3qKiOfBV09WAqXBlOAI5/J3rHDQupKSRbVJd08vngRoIprHy5kd90EuRjFWekUc68OWBUxuuWcj9Q65+C+WTmuvjk5njyyhzpJ7gbvUMa4j9uaaJ8wO2kCQBrlP root@gitlab

4.2. git上傳代碼清酥，git的操作方法可參考2. 企業(yè)源代碼管理工具-Git - 簡書 (jianshu.com)

在項目中查看命令行指引部分

#配置用戶
[root@gitlab ~]# git config --global user.name "Administrator"
[root@gitlab ~]# git config --global user.email "admin@example.com"
[root@gitlab ~]# git config --global --list
user.name=Administrator
user.email=admin@example.com

#創(chuàng)建本地項目目錄
[root@gitlab ~]# mkdir -p project/zhibo/
[root@gitlab ~]# cd project/zhibo/

#初始化目錄并書寫代碼
[root@gitlab ~/project/zhibo]# git init
Initialized empty Git repository in /root/project/zhibo/.git/
[root@gitlab ~/project/zhibo]# echo "<h1>這是一個直播網(wǎng)站</h1>" >zhibo.html

#上傳暫存區(qū)和本地倉庫
[root@gitlab ~/project/zhibo]# git add .
[root@gitlab ~/project/zhibo]# git commit -m "直播app"
[master (root-commit) 3e3935e] 直播app
 1 file changed, 1 insertion(+)
 create mode 100644 zhibo.html

#打標簽
[root@gitlab ~/project/zhibo]# git tag -a "v1.0" -m "直播"
[root@gitlab ~/project/zhibo]# git tag
v1.0

#注意，這里添加遠程倉庫報錯（原因是本地沒有配置hosts解析）
[root@gitlab ~/project/zhibo]# git remote add origin git@gitlab.xiaoyu.com:dev-group-001/zhibo-app.git
[root@gitlab ~/project/zhibo]# git push -u origin master
ssh: connect to host gitlab.xiaoyu.com port 22: Connection refused
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

#配置hosts解析
[root@gitlab ~/project/zhibo]# vim /etc/hosts
[root@gitlab ~/project/zhibo]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.75 gitlab.xiaoyu.com

#提交主分支master到gitlab倉庫
[root@gitlab ~/project/zhibo]# git push -u origin master
The authenticity of host 'gitlab.xiaoyu.com (10.0.0.75)' can't be established.
ECDSA key fingerprint is SHA256:tYs4M0qIMJuDUEqZChNA/KlKV4Hkb0XNuDVLekKxe84.
ECDSA key fingerprint is MD5:e0:87:a1:9e:f7:5d:53:ef:e7:df:e2:29:8c:d3:6d:4d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.xiaoyu.com,10.0.0.75' (ECDSA) to the list of known hosts.
Counting objects: 3, done.
Writing objects: 100% (3/3), 255 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To git@gitlab.xiaoyu.com:dev-group-001/zhibo-app.git
 * [new branch]      master -> master
Branch master set up to track remote branch master from origin.

#提交標簽到遠程倉庫
[root@gitlab ~/project/zhibo]# git push -u origin --tags
Counting objects: 1, done.
Writing objects: 100% (1/1), 167 bytes | 0 bytes/s, done.
Total 1 (delta 0), reused 0 (delta 0)
To git@gitlab.xiaoyu.com:dev-group-001/zhibo-app.git
 * [new tag]         v1.0 -> v1.0

瀏覽器頁面可以看到提交的代碼

五蕴侣、gitlab備份與恢復

5.1 修改配置文件的Backup Settings部分

vim [root@gitlab ~]# vim /etc/gitlab/gitlab.rb 

修改如下圖所示：

#重新加載配置文件并重啟服務后生效
[root@gitlab ~]# gitlab-ctl reconfigure
[root@gitlab ~]# gitlab-ctl restart

5.2 手動備份與自動備份

1. 手動備份

#gitlab備份命令
#GitLab 版本>=12.2：    sudo gitlab-backup create
#GitLab 版本<=12.1:      gitlab-rake gitlab:backup:create

###注意焰轻，生產(chǎn)環(huán)境需要防止備份的時候數(shù)據(jù)寫入，建議關掉數(shù)據(jù)寫入功能的服務（unicorn昆雀，sidekiq）辱志，或者在特殊的時間段進行備份
[root@gitlab ~]# gitlab-rake gitlab:backup:create
2022-02-24 20:25:28 +0800 -- Dumping database ... 
Dumping PostgreSQL database gitlabhq_production ... [DONE]
2022-02-24 20:25:29 +0800 -- done
2022-02-24 20:25:29 +0800 -- Dumping repositories ...
 * dev-group-001/zhibo-app (@hashed/6b/86/6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b) ... [DONE]
[SKIPPED] Wiki
 * ops-group-001/sys-config (@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35) ... [SKIPPED]
[SKIPPED] Wiki
2022-02-24 20:25:30 +0800 -- done
2022-02-24 20:25:30 +0800 -- Dumping uploads ... 
2022-02-24 20:25:30 +0800 -- done
2022-02-24 20:25:30 +0800 -- Dumping builds ... 
2022-02-24 20:25:30 +0800 -- done
2022-02-24 20:25:30 +0800 -- Dumping artifacts ... 
2022-02-24 20:25:30 +0800 -- done
2022-02-24 20:25:30 +0800 -- Dumping pages ... 
2022-02-24 20:25:30 +0800 -- done
2022-02-24 20:25:30 +0800 -- Dumping lfs objects ... 
2022-02-24 20:25:30 +0800 -- done
2022-02-24 20:25:30 +0800 -- Dumping container registry images ... 
2022-02-24 20:25:30 +0800 -- [DISABLED]
Creating backup archive: 1645705530_2022_02_24_12.0.9_gitlab_backup.tar ... done
Uploading backup archive to remote storage  ... skipped
Deleting tmp directories ... done
done
done
done
done
done
done
done
Deleting old backups ... done. (0 removed)
Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data 
and are not included in this backup. You will need these files to restore a backup.
Please back them up manually.
Backup task is done.

[root@gitlab ~]# ll /var/opt/gitlab/backups/
total 140
-rw-r--r-- 1 git git 143360 Feb 24 20:25 1645705530_2022_02_24_12.0.9_gitlab_backup.tar


###溫馨提示
  /etc/gitlab/gitlab-secrets.json和/etc/gitlab/gitlab.rb這兩個文件包含敏感信息，不會進行備份狞膘，需要手動備份

2. 自動備份

自動備份是通過腳本加上定時任務實現(xiàn)的

[root@gitlab ~]# vim /server/scripts/backup-gitlab.sh
#!/bin/bash
#author :xiaoyu
#desc : backup gitlab all

#1.備份gitlab數(shù)據(jù)
gitlab-rake gitlab:backup:create

#2.備份gitlab配置和密碼文件
tar zcf /backup/gitlab/gitlab-conf-$(date +%F).tar.gz /etc/gitlab/

[root@gitlab ~]# crontab -e
#每天凌晨3點執(zhí)行gitlab全備份
00 03 * * * sh /server/scripts/backup-gitlab.sh &>/dev/null

5.3 恢復

#停止寫入類服務
gitlab-ctl stop unicorn
gitlab-ctl stop sidekiq

#gitlab-rake恢復 (注意備份文件不需要加.tar)
gitlab-rake gitlab:backup:restore BACKUP=備份文件

#新版本: gitlab-backup restore BACKUP=11493107454_2018_04_25_10.6.4-ce
#舊版本: gitlab-rake gitlab:backup:restore BACKUP=備份文件


#重啟 gitlab
gitlab-ctl restart

六揩懒、gitlab遷移與升級

gitlab在同版本遷移可以通過數(shù)據(jù)的備份與恢復實現(xiàn)，跨版本的話建議先進行同版本遷移后再進行升級挽封，gitlab升級遵循以下原則：

• 升級至之前主要版本的最新次要版本旭从。（這里的主要表示大版本，次要表示小版本）
• 升級到目標主要版本的第一個次要版本场仲。
• 繼續(xù)升級到較新的版本

七和悦、gitlab優(yōu)化

優(yōu)化的思路是在配置文件中關掉不使用的組件,默認都是true，改為false

[root@gitlab ~]# awk '/true$/' /etc/gitlab/gitlab.rb
# gitlab_rails['gitlab_email_enabled'] = true
# gitlab_rails['gitlab_default_can_create_group'] = true
# gitlab_rails['gitlab_username_changing_enabled'] = true
# gitlab_rails['gitlab_default_projects_features_issues'] = true
# gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
# gitlab_rails['gitlab_default_projects_features_wiki'] = true
# gitlab_rails['gitlab_default_projects_features_snippets'] = true
# gitlab_rails['gitlab_default_projects_features_builds'] = true
# gitlab_rails['gitlab_default_projects_features_container_registry'] = true
# gitlab_rails['incoming_email_enabled'] = true
# gitlab_rails['incoming_email_ssl'] = true
# gitlab_rails['artifacts_enabled'] = true
# gitlab_rails['artifacts_object_store_background_upload'] = true
# gitlab_rails['lfs_enabled'] = true
# gitlab_rails['lfs_object_store_background_upload'] = true
# gitlab_rails['uploads_object_store_background_upload'] = true
# gitlab_rails['impersonation_enabled'] = true
# gitlab_rails['usage_ping_enabled'] = true
#     verify_certificates: true
#     active_directory: true
#     verify_certificates: true
#     active_directory: true
# gitlab_rails['omniauth_block_auto_created_users'] = true
# gitlab_rails['manage_backup_path'] = true
gitlab_rails['manage_backup_path'] = true
# gitlab_rails['auto_migrate'] = true
# gitlab_rails['rake_cache_clear'] = true
# gitlab_rails['redis_enable_client'] = true
# gitlab_rails['smtp_enable'] = true
# gitlab_rails['smtp_enable_starttls_auto'] = true
# gitlab_rails['registry_enabled'] = true
# registry['enable'] = true
# registry['health_storagedriver_enabled'] = true
# registry['storage_delete_enabled'] = true
# gitlab_workhorse['enable'] = true
# unicorn['enable'] = true
# unicorn['tcp_nopush'] = true
# sidekiq['metrics_enabled'] = true
# postgresql['enable'] = true
# redis['enable'] = true
# redis_master_role['enable'] = true
# redis_slave_role['enable'] = true
# redis['master'] = false # by default this is true
# nginx['enable'] = true
# nginx['gzip_enabled'] = true
# nginx['http2_enabled'] = true
# logrotate['enable'] = true
# gitlab_pages['redirect_http'] = true
# gitlab_pages['use_http2'] = true
# gitlab_pages['artifacts_server'] = true
# gitlab_ci['gitlab_ci_all_broken_builds'] = true
# gitlab_ci['gitlab_ci_add_pusher'] = true
# mattermost['service_enable_api_team_deletion'] = true
# prometheus['enable'] = true
# prometheus['monitor_kubernetes'] = true
# alertmanager['enable'] = true
# node_exporter['enable'] = true
# redis_exporter['enable'] = true
# postgres_exporter['enable'] = true
# gitlab_monitor['enable'] = true
# gitlab_monitor['probe_sidekiq'] = true
# prometheus_monitoring['enable'] = true
# grafana['enable'] = true
# grafana['gitlab_auth_sign_up'] = true
# gitaly['enable'] = true
# letsencrypt['auto_renew'] = true
# package['detect_init'] = true
# gitlab_rails['kerberos_enabled'] = true
# gitlab_rails['kerberos_use_dedicated_port'] = true
# gitlab_rails['kerberos_https'] = true
# gitlab_rails['packages_enabled'] = true
# gitlab_rails['packages_object_store_background_upload'] = true
# gitlab_rails['dependency_proxy_enabled'] = true
# gitlab_rails['dependency_proxy_object_store_background_upload'] = true
# redis_sentinel_role['enable'] = true
# sentinel['enable'] = true
# geo_secondary['auto_migrate'] = true
# geo_secondary['db_fdw'] = true
# repmgr['master_on_initialization'] = true
# repmgr['daemon'] = true
# repmgrd['enable'] = true