使用Ubuntu22.04 部署 GitlabCE

安装操作系统

1. 操作系统：Ubuntu 22.04

2. 系统盘：50G    #/dev/sda 默认配置LVM

3. 数据盘：100G  #/dev/sdb1格式化为ext4，配置fstab挂载到/var/opt/gitlab

4. 备份盘：100G #/dev/sdc1格式化为ext4，配置fstab挂载到/var/opt/gitlab-backups

5. 更新安装源

6. 配置主机名hostname文件中增加 gitlab01.owl.local

7. 配置hosts文件，在127.0.0.1后增加gitlab.owl.local

8. 执行hostnamectl命令，确定主机的fqdn名为：gitlab01.owl.local

安装gitlab

使用手动下载指定安装包的形式，【参考】

安装依赖包

sudo apt-get update
sudo apt-get install -y curl openssh-server ca-certificates tzdata perl
sudo apt-get install -y postfix

下载并安装Gitlab

1. gitlab-ce安装包下载地址：https://packages.gitlab.com/gitlab/gitlab-ce

2. 下载 gitlab-ce_17.5.0-ce.0_amd64.deb，

3. 用dpkg执行安装

dpkg -i gitlab-ce_17.5.0-ce.0_amd64.deb

:::
curl -s https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash

网站会自动给出配置apt源的命令，但是所在服务器下载速度很慢，于是就手动下载安装包后上传到服务器。
:::

配置gitlab.rb

以下省略生成ssl证书的过程， 大致上，使用openssl生成一个自签名证书；ldap认证使用的是636端口上的ldaps服务而非389上的ldap，这依赖去ldap/AD服务器的配置。

external_url 'https://gitlab01.owl.local'
gitlab_rails['smtp_enable'] = true
#本例使用钉钉上绑定的阿里邮箱服务，使用其它邮箱配置会有不同，参照不同厂商的文档
gitlab_rails['smtp_address'] = "smtp.em.dingtalk.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "owl@abcd.com"
gitlab_rails['smtp_password'] = "**********"
gitlab_rails['smtp_authentication'] = "login"#gitlab_rails['smtp_enable_starttls_auto'] = true
#gitlab_rails['smtp_tls'] 和 gitlab_rails['smtp_enable_starttls_auto'] 是互斥的. SMTP服务提供商，通常用465给TLS，587给STARTTLS. 不要用STARTTLS了，它落伍了
gitlab_rails['smtp_tls'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'none'
gitlab_rails['gitlab_email_enabled'] = true#上面是登录信息，这里是发邮件出去的时候显示的地址和名称
gitlab_rails['gitlab_email_from'] = 'gitlab01@abcd.com'
gitlab_rails['gitlab_email_display_name'] = 'GitLab01 Server Message'
gitlab_rails['gitlab_email_reply_to'] = 'noreply@abcd.com'
gitlab_rails['gitlab_email_subject_suffix'] = ''gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'main: # 'main' is the GitLab 'provider ID' of this LDAP serverlabel: 'Windows AD'host: '10.1.1.10'port: 636uid: 'sAMAccountName'bind_dn: 'CN=dirlookup,OU=ServiceAccounts,OU=China,DC=owl,DC=local'password: 'IdontHaveIt!'encryption: 'simple_tls' # "start_tls" or "simple_tls" or "plain"verify_certificates: falseallow_username_or_email_login: truelowercase_usernames: trueblock_auto_created_users: falsebase: 'dc=lit,dc=local'user_filter: 'memberOf=CN=gitlab01-users,OU=Groups,OU=Shanghai,OU=China,DC=owl,DC=local'
EOSnginx['enable'] = true
nginx['redirect_http_to_https'] = true
nginx['redirect_http_to_https_port'] = 80
nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"
nginx['ssl_verify_client'] = "off"
nginx['ssl_verify_depth'] = "1"
#使用OPENSSL自签名的10年证书， 自2024/10/22日起
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab01.owl.local.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab01.owl.local.key"
nginx['ssl_protocols'] = "TLSv1.2 TLSv1.3"
#这个要关掉，要不然用自签名的证书会报错
letsencrypt['enable'] = false#备份保留7天
gitlab_rails['backup_keep_time'] = 604800
gitlab_backup_cli['enable'] = true
gitlab_backup_cli['user'] = 'gitlab-backup'
gitlab_backup_cli['group'] = 'gitlab-backup'
gitlab_backup_cli['dir'] = '/var/opt/gitlab-backups'
gitlab_backup_cli['additional_groups'] = %w[git gitlab-psql registry]

变更配置文件后总是要执行 gitlab-ctl reconfigure 以使配置生效

配置备份

手动备份配置文件

每次变更完配置后，需要手动备份一下以下两个文件

mkdir -p /var/opt/gitlab/backups/config
cp /etc/gitlab/gitlab.rb /var/opt/gitlab/backups/config
cp /etc/gitlab/gitlab-secrets.json /var/opt/gitlab/backups/config

配置crontab

0  2 *  *  * /opt/gitlab/bin/gitlab-rake gitlab:backup:create  >/dev/null2>&1