安全:关闭防火墙,selinux
1.安装GItlab所需的依赖包
yum install curl policycoreutils-python openssh-server postfix wget -y
安装gitlab
获取gitlab源码包
选择各种yum源去安装
https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-12.0.3-ce.0.el7.x86_64.rpm我已经准备好了
准备好源码
#这是社区办的,gtilab rpm -ivh gitlab-ce-12.0.3-ce.0.el7.x86_64.rpmyum localinstall gitlab-ce-12.0.3-ce.0.el7.x86_64.rpm
gitlab基础设置
配置gitlab服务,修改域名和邮箱设置参数如下
[root@gitlab-99 ~]#grep -E '^[a-Z]' /etc/gitlab/gitlab.rb
external_url 'http://10.0.0.99'
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = '877348180@qq.com'
gitlab_rails['gitlab_email_display_name'] = 'linux0224'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qq.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "877348180@qq.com"
gitlab_rails['smtp_password'] = "pvthquniqpjvbbch"
gitlab_rails['smtp_domain'] = "smtp.qq.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true修改了gitlab的配置,务必要重新加载gitlab配置
#重新配置gitlab,首次执行会很慢gitlab-ctl reconfigure执行命令,测试是否可以发邮件
gitlab-rails console执行如下命令测试发邮件即可
Notify.test_email('yc_uuu@163.com','美好的一天','hello linux0224').deliver_now
gitlab命令行管理
gitlab-ctl start 启动所有服务
gitlab-ctl stop 停止
gitlab-ctl stop postgresql 停止某个服务
gitlab-ctl restart
gitlab-ctl status
gitlab-ctl reconfigure 重新读取gitlab配置
gitlab-ctl tail 查看gitlab的运行状态,所有服务状态
gitlab-ctl tail redis 只看某个服务的状态
检测gitlab的nginx状态
[root@gitlab-99 ~]#netstat -tunlp|grep nginx
tcp 0 0 0.0.0.0:8060 0.0.0.0:* LISTEN 3303/nginx: master
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3303/nginx: master
[root@gitlab-99 ~]#
[root@gitlab-99 ~]#
[root@gitlab-99 ~]#
[root@gitlab-99 ~]#gitlab-ctl tail nginx
==> /var/log/gitlab/nginx/current <====> /var/log/gitlab/nginx/error.log <====> /var/log/gitlab/nginx/gitlab_access.log <====> /var/log/gitlab/nginx/gitlab_error.log <====> /var/log/gitlab/nginx/access.log <==
gitlab主要配置目录
/var/opt/gitlab/git-data/repositories/ :库默认存储目录
/opt/gitlab :应用代码和相应的依赖程序
/var/opt/gitlab/ : gitlab-ctl reconfigure生成的数据和配置
/etc/gitlab :配置文件目录
/var/log/gitlab:此目录下存放了gitlab各个组件产生的日志
/var/opt/gitlab/backups :备份文件生成的目录
访问gitlab
关闭用户注册
我们GItlab是企业级内部私有代码仓库,所有用户都由管理员创建,而非外部注册,我们可以关闭其功能,保障平台安全。
重新登录之后,注册功能就没了
配置邮件功能
配置邮件服务
账号注册时,进行邮件验证
有分支合并请求时,邮件通知
修改密码等操作,邮件通知
去邮箱中验证
gitlab用户管理
创建组
Gitlab是通过组(group)的概念来统一管理仓库(project)和用户(user),通过创建组,在组下创建仓库,再将用户加入组,从而实现用户和仓库的权限管理。
点击新建群组,在创建组页面中,组路径和名称为必填项,且该两处内容最好一致。
可见性级别,选择私有的即可
Private:只有授权的用户才能看到
Internal:只要登录了gitlab即可看见
Public:公开仓库
创建project项目
查看仪表盘
创建用户
用户创建后,会收到修改密码的邮件。
注意,会跳转到你gitlab设置的服务器url里。
回到root给创建的用户添加到ops组
Gitlab权限管理
Gitlab用户在组中有五种权限:Guest、Reporter、Developer、Master、OwnerGuest:可以创建issue、发表评论,不能读写版本库
Reporter:可以克隆代码,不能提交,QA、PM可以赋予这个权限
Developer:可以克隆代码、开发、提交、push,RD可以赋予这个权限
Master:可以创建项目、添加tag、保护分支、添加项目成员、编辑项目,核心RD负责人可以赋予这个权限
Owner:可以设置项目访问权限 - Visibility Level、删除项目、迁移项目、管理组成员,开发组leader可以赋予这个权限Gitlab中的组和项目有三种访问权限:Private、Internal、PublicPrivate:只有组成员才能看到
Internal:只要登录的用户就能看到
Public:所有人都能看到
开源项目和组设置的是Internal
点击添加之后,回到创建用户,刷新查看权限,以可以看到代码仓库了。
配置ssh-key
接着我们就要配置客户端来连接代码仓库了。
[root@zabbix-server-71 /home]#ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:trBXdW083SEfE3aw8BuLUROkXKfJgIjgOKMeGvQVvyU root@zabbix-server-71
The key's randomart image is:
+---[RSA 2048]----+
| .o . . .ooBO+|
| o + . .. O+OB|
| .+ .. E . = Oo*|
|...o. + . + =.|
|o. . ..S . . o |
|o.. + o |
|.. . o |
| . |
| |
+----[SHA256]-----+
[root@zabbix-server-71 /home]#cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD6oxC6YMGx/pshLlqk2jhbB05XT858dRrMBEw/o4lpby2nY8l3uYaCz8CzxnHuUpm46E9rG3782rwbagzDcL1+iA7iYLvQ3EHFrjujPE/aFqf49HmS9B4+iQA1CeWDHKRcx2yx8kg13IoOa4/U3v6z64OAs9hkUlVEorBCT4IiH0UX11sHZyPyBfZWAd/Dm5V/5V3fzau3FV0bE5PGKQS+JTCQYrUA2dwjvp4sId+1XNSARpLoW9vZ9lo2OJPdvMCUVV/THcVFfQAKheIDHEbLdslptjP7U85JGtQ53bkMABPc1mgUKhW4PNgJ7twOZ0Kr3sqmWzKbF3VWwjrRBGAd root@zabbix-server-71
[root@zabbix-server-71 /home]#
![](https://img2024.cnblogs.com/blog/3366197/202407/3366197-20240707222602987-1785723202.png)
halo博客源码实战
需求
1. 本地获取halo源码,进行git版本管理,修改代码文件
2. 上传到gitlab进行远程仓库管理
3. 实现分支合并,代码上传下载
halo源码下载
再第一个环境,确保远程仓库
linux0224/my_halo 项目,中有源码数据
模拟是halo这个项目的维护者基于halo博客的源码去配置 my_halo gitlab仓库模拟开发者,再自己的笔记本上,推代码到gitlab仓库1.下载源码
git clone https://github.com/halo-dev/halo.git
github访问不了- 买个个人梯子,爬楼梯即可- 公司都会默认提供梯子,请放心随便下载互联网的资源转战码云的地址
https://gitee.com/halo-dev/halogit clone https://gitee.com/halo-dev/halo.git
halo下载到本地,就叫做本地仓库Sylar@DESKTOP-G6C412R MINGW64 ~/Desktop
$ ls -dl halo
drwxr-xr-x 1 Sylar 197121 0 Jul 18 14:23 halo/
删除原有远程仓库
git remote remove origin2. 关联你自己的gitlab仓库 my_halo
默认下载的远程仓库,远程地址,还是默认的$ git remote add origin git@10.0.0.99:linux0224/my_halo.gitSylar@DESKTOP-G6C412R MINGW64 ~/Desktop/halo (master)
$ git remote -vSylar@DESKTOP-G6C412R MINGW64 ~/Desktop/halo (master)
$Sylar@DESKTOP-G6C412R MINGW64 ~/Desktop/halo (master)
$ git remote add origin git@10.0.0.99:linux0224/my_halo.gitSylar@DESKTOP-G6C412R MINGW64 ~/Desktop/halo (master)
$Sylar@DESKTOP-G6C412R MINGW64 ~/Desktop/halo (master)
$Sylar@DESKTOP-G6C412R MINGW64 ~/Desktop/halo (master)
$ git remote -v
origin git@10.0.0.99:linux0224/my_halo.git (fetch)
origin git@10.0.0.99:linux0224/my_halo.git (push)3. 推送代码Sylar@DESKTOP-G6C412R MINGW64 ~/Desktop/halo (master)
$ git push -u origin master
Enumerating objects: 40865, done.
Counting objects: 100% (40865/40865), done.
Delta compression using up to 20 threads
Compressing objects: 100% (13450/13450), done.
Writing objects: 100% (40865/40865), 43.39 MiB | 48.24 MiB/s, done.
Total 40865 (delta 21360), reused 40812 (delta 21323), pack-reused 0
remote: Resolving deltas: 100% (21360/21360), done.
To 10.0.0.99:linux0224/my_halo.git* [new branch] master -> master
branch 'master' set up to track 'origin/master'.
配置本地机器的ssh-key,到远程仓库
gitlab创建小组\用户
目前已经有了linux0224小组linux0224/chaoge
linux0224/wenjie
gitlab项目创建
git@10.0.0.99:linux0224/my_halo.git
http://10.0.0.99/linux0224/my_halo.git
运维推送代码到gitlab(chaoge账号)
保护master分支(不允许开发者提交)
# 目前还没保护的状态,试试wenjie推代码,直接推送到master分支准备一个文杰的机器
文杰windows开发,macos,linux系统模拟文杰使用linux机器开发,推送代码到远程仓库,master
linux 10.0.0.511.先设置公钥到wenjie账户2. 先克隆远程的代码,下载一份到本地
继续写新代码,看懂11111
[root@db-51 /home/wenjie]#yum install git -ygit clone git@10.0.0.99:linux0224/my_halo.git想下载远程仓库的私有代码准备好一个机器的公钥,添加到有访问改项目的用户设置中,添加ssh-keydb-51 机器作为客户端,ssh-key添加到了 wenjie账号里的 settings设置wenjie用户,属于 linux0224组的成员my_halo这个项目,属于linux0224组的项目因此可以下载源码了这个逻辑,看懂 66666休息会,琢磨下,动手实践下目前,开发者wenjie再 db-51机器上,拉取了最新的代码
[root@db-51 /home/wenjie]#git clone git@10.0.0.99:linux0224/my_halo.git
Cloning into 'my_halo'...
remote: Enumerating objects: 40865, done.
remote: Counting objects: 100% (40865/40865), done.
remote: Compressing objects: 100% (13413/13413), done.
remote: Total 40865 (delta 21360), reused 40865 (delta 21360)
Receiving objects: 100% (40865/40865), 43.39 MiB | 53.67 MiB/s, done.
Resolving deltas: 100% (21360/21360), done.# 不够严重的玩法
# 小公司,master分支一把梭
# 大公司由于业务多,安全性高,人员多,需要做好权限控制
# 小公司人员少,项目不太复杂,权限,部署架构,一切从简# 直接用master写代码,推代码还得身份设置
[root@db-51 /home/wenjie/my_halo]#git config --global user.email "wj335598@163.com"
[root@db-51 /home/wenjie/my_halo]#
[root@db-51 /home/wenjie/my_halo]#
[root@db-51 /home/wenjie/my_halo]#git config --global user.name "wenjie"
[root@db-51 /home/wenjie/my_halo]#
[root@db-51 /home/wenjie/my_halo]#
[root@db-51 /home/wenjie/my_halo]#git config --list
user.email=wj335598@163.com
user.name=wenjie
core.repositoryformatversion=0
core.filemode=true
core.bare=false
core.logallrefupdates=true
remote.origin.url=git@10.0.0.99:linux0224/my_halo.git
remote.origin.fetch=+refs/heads/*:refs/remotes/origin/*
branch.master.remote=origin
branch.master.merge=refs/heads/master[root@db-51 /home/wenjie/my_halo]#
[root@db-51 /home/wenjie/my_halo]#git commit -m '文杰提交了一版代码,直接用的master'
[master ad423b7] 文杰提交了一版代码,直接用的master1 file changed, 1 insertion(+)create mode 100644 wenjie66.py[root@db-51 /home/wenjie/my_halo]#git log -2
commit ad423b759e41652f82fac5f1abe87203ffed43e7
Author: wenjie <wj335598@163.com>
Date: Mon Jul 18 23:04:24 2022 +0800文杰提交了一版代码,直接用的mastercommit 7eef3b700653cecb666ec4509871234b5922eaf6
Author: John Niang <johnniang@fastmail.com>
Date: Mon Jul 11 16:46:12 2022 +0800Change optimization into improvement (#2235)We only have the kind/improvement label.
[root@db-51 /home/wenjie/my_halo]#
[root@db-51 /home/wenjie/my_halo]#
[root@db-51 /home/wenjie/my_halo]## 看懂1111因此,发现gitlab默认对my_halo项目,做了master分支保护
wenjie该用户无法推送数据到master只能用chaoge用户
root用户可以推
保护分支功能,是针对项目而言的
正确的玩法,模拟开发者,创建分支,写代码,推送到自己的分支上,用管理员去合并
开发wenjie开始写代码
1. 克隆代码git clone git@10.0.0.99:linux0224/my_halo.git2. 本地创建分支 wenjie
[root@db-51 /home/wenjie/my_halo]##笔试题,如何创建切切换分支
[root@db-51 /home/wenjie/my_halo]#
[root@db-51 /home/wenjie/my_halo]#git checkout -b wenjie
Switched to a new branch 'wenjie'
[root@db-51 /home/wenjie/my_halo]#
[root@db-51 /home/wenjie/my_halo]#
[root@db-51 /home/wenjie/my_halo]#git branchmaster
* wenjie3. 提交本地版本
[root@db-51 /home/wenjie/my_halo]#
[root@db-51 /home/wenjie/my_halo]#git add .
[root@db-51 /home/wenjie/my_halo]#
[root@db-51 /home/wenjie/my_halo]#git commit -m '分支wenjie 提交了haha.py'
[wenjie f84fc07] 分支wenjie 提交了haha.py1 file changed, 1 insertion(+)create mode 100644 haha.py4. 推送到gitlab,推送wenjie分支的代码
1. 自动帮你创建远程分支了2. 自动生成merge合并的请求url(wenjie,master)[root@db-51 /home/wenjie/my_halo]#git push -u origin wenjie
Counting objects: 4, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 327 bytes | 0 bytes/s, done.
Total 3 (delta 1), reused 0 (delta 0)
remote:
remote: To create a merge request for wenjie, visit:
remote: http://10.0.0.99/linux0224/my_halo/merge_requests/new?merge_request%5Bsource_branch%5D=wenjie
remote:
To git@10.0.0.99:linux0224/my_halo.git* [new branch] wenjie -> wenjie
Branch wenjie set up to track remote branch wenjie from origin.访问改url,向管理员发出,合并wenjie分支到master的请求
http://10.0.0.99/linux0224/my_halo/merge_requests/new?merge_request%5Bsource_branch%5D=wenjie5. 运维去合并laoliu分支
3.试试能推送代码到master上吗?(肯定不能,因为laoliu普通用户,无法推到master分支,设置了分支保护)
无法推送
4.你只能新建分支,然后写代码推送
以及推送到了wenjie分支
创建合并请求,提交PR(pull requests)
发一个url请求
git自动帮你生成了 PR请求
http://10.0.0.99/linux0224/my_halo/merge_requests/new?merge_request%5Bsource_branch%5D=wenjie
chaoge管理员合并了wenjie的请求
删除文杰分支
此时下载最新代码试试,master分支的
[root@db-51 /tmp]#git clone git@10.0.0.99:linux0224/my_halo.git
Cloning into 'my_halo'...
remote: Enumerating objects: 40869, done.
remote: Counting objects: 100% (40869/40869), done.
remote: Compressing objects: 100% (13416/13416), done.
remote: Total 40869 (delta 21361), reused 40864 (delta 21360)
Receiving objects: 100% (40869/40869), 43.39 MiB | 44.83 MiB/s, done.
Resolving deltas: 100% (21361/21361), done.
[root@db-51 /tmp]#
[root@db-51 /tmp]#
[root@db-51 /tmp]#ls[root@db-51 /tmp/my_halo]#
[root@db-51 /tmp/my_halo]#git log -2
commit 8e1d023cfd48a2c010ff9dadf5577d6c93601ab3
Merge: 7eef3b7 f84fc07
Author: chaoge <877348180@qq.com>
Date: Mon Jul 18 23:26:24 2022 +0800Merge branch 'wenjie' into 'master'分支wenjie 提交了haha.pySee merge request linux0224/my_halo!1commit f84fc0719e0d6d9bf6c6882874b8183c7f964849
Author: wenjie <wj335598@163.com>
Date: Mon Jul 18 23:15:34 2022 +0800分支wenjie 提交了haha.py
[root@db-51 /tmp/my_halo]#
[root@db-51 /tmp/my_halo]#
[root@db-51 /tmp/my_halo]## 最新克隆的代码,1 包含 haha.py 2 也看到了提交版本记录 ,完全理解
部署python项目全流程
gitlab阶段
git@10.0.0.99:linux0224/my_flask.gitSylar@DESKTOP-G6C412R MINGW64 ~/Desktop/my_flask (master)
$ git remote -v
origin git@10.0.0.99:linux0224/my_flask.git (fetch)
origin git@10.0.0.99:linux0224/my_flask.git (push)
部署阶段,web7
首次启动
下载代码
[root@web-7 /www]#git clone git@10.0.0.99:linux0224/my_flask.git 准备项目运行环境
# 首次发布脚本
cat >deploy_flask.sh <<'EOF'
#!/bin/bash
cd /www/my_flask
# yum install python3 python3-devel python3-pip -y > /dev/null
# 安装python项目模块
pip3 install flask -i https://pypi.tuna.tsinghua.edu.cn/simple/ > /dev/null#后台启动项目即可
# 重启进程
kill -9 $(ps -ef|grep my_app |grep -v grep |awk '{print $2}')nohup python3 my_app.py > nohup.log 2>&1 &# 检查运行结果
echo "最新的flask项目进程号: $(ps -ef|grep my_app |grep -v grep |awk '{print $2}')"
EOF# 看懂发布重启脚本的开发流程,1111#启动就好访问项目
下次的更新
1.模拟开发,修改了源码,python开发,修改代码了,推送到线上的master分支2. 下载更新代码,重启程序,确保可访问
更新代码,重启程序
cat >restart_flask.sh <<'EOF'
#!/bin/bash
cd /www/my_flask# 更新代码
git pull -u origin master#后台启动项目即可
# 重启进程
kill -9 $(ps -ef|grep my_app |grep -v grep |awk '{print $2}')nohup python3 my_app.py > nohup.log 2>&1 &# 检查运行结果
echo "最新的flask项目进程号: $(ps -ef|grep my_app |grep -v grep |awk '{print $2}')"
# 等几秒就好了
# 睡眠2秒
sleep 2;
echo "本地测试访问结果 $(curl -s 127.0.0.1:5000)"
EOF3.运行脚本,查看手工更新网站的结果
[root@web-7 /www]#
[root@web-7 /www]#bash restart_flask.sh
gitlab备份、恢复
1 修改备份配置
1.修改配置文件
[root@gitlab-99 /etc/gitlab]#grep -E '^[a-Z]' /etc/gitlab/gitlab.rb
gitlab_rails['backup_path'] = "/gitlab_backup/"
gitlab_rails['backup_keep_time'] = 604800
external_url 'http://10.0.0.99'
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = '877348180@qq.com'
gitlab_rails['gitlab_email_display_name'] = 'linux0224'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qq.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "877348180@qq.com"
gitlab_rails['smtp_password'] = "pvthquniqpjvbbch"
gitlab_rails['smtp_domain'] = "smtp.qq.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
2. 重读gitlab配置即可[root@gitlab-99 /etc/gitlab]#gitlab-ctl reconfigure准备备份数据的目录,和配置一致
mkdir -p /gitlab_backup/chown -R git.git /gitlab_backup/3.执行如下备份命令
gitlab-rake gitlab:backup:create4.查看备份的数据
[root@gitlab-99 /etc/gitlab]#ls /gitlab_backup/
1658161288_2022_07_19_12.0.3_gitlab_backup.tar
[root@gitlab-99 /etc/gitlab]#ls /gitlab_backup/ -lh
total 44M
-rw------- 1 git git 44M Jul 19 00:21 1658161288_2022_07_19_12.0.3_gitlab_backup.tar
2 数据恢复
Gitlab的恢复只能恢复到与原本备份文件相同的gitlab版本中,恢复时,需要停止数据库的写入操作,但是保持gitlab是运行的。暂停数据库写入,停止会连接数据库的几个服务# 停止如下仨服务,然后执行恢复gitlab的数据命令即可
gitlab-ctl stop unicorn
gitlab-ctl stop sidekiq
gitlab-ctl stop nginx# 恢复数据,需要制定你自己的备份数据包
# 备份细节,填入文件的名字就好,不要后缀
[root@gitlab-99 /etc/gitlab]#ls /gitlab_backup/
1658161288_2022_07_19_12.0.3_gitlab_backup.targitlab-rake gitlab:backup:restore BACKUP=1658161288_2022_07_19_12.0.3恢复操作,就是删除 所有原有数据,然后恢复该最新的数据
看到如下结果就是正确的
Restore task is done.最后一步,重新读取配置,确认你的gitlab可以访问gitlab-ctl reconfiguregitlab-ctl restart gitlab-ctl status |grep run[root@gitlab-99 /etc/gitlab]#gitlab-ctl status|grep run
run: alertmanager: (pid 60821) 41s; run: log: (pid 3595) 20530s
run: gitaly: (pid 60836) 40s; run: log: (pid 3079) 20596s
run: gitlab-monitor: (pid 60856) 40s; run: log: (pid 3497) 20546s
run: gitlab-workhorse: (pid 60872) 40s; run: log: (pid 3305) 20561s
run: grafana: (pid 60881) 39s; run: log: (pid 3721) 20508s
run: logrotate: (pid 60979) 39s; run: log: (pid 3422) 20556s
run: nginx: (pid 60985) 38s; run: log: (pid 3325) 20560s
run: node-exporter: (pid 60994) 38s; run: log: (pid 3475) 20550s
run: postgres-exporter: (pid 61000) 38s; run: log: (pid 3642) 20524s
run: postgresql: (pid 61010) 37s; run: log: (pid 3163) 20590s
run: prometheus: (pid 61019) 37s; run: log: (pid 3555) 20536s
run: redis: (pid 61034) 36s; run: log: (pid 2960) 20597s
run: redis-exporter: (pid 61038) 36s; run: log: (pid 3522) 20542s
run: sidekiq: (pid 61045) 35s; run: log: (pid 3280) 20565s
run: unicorn: (pid 61051) 35s; run: log: (pid 3259) 20569s