Shulou(Shulou.com)06/03 Report--

System environment

Operating system: centos7.6

Gitlab version: 12.6.1

Database version: postgresql9.6

Redis version: 3.2

Architecture diagram

Postgresql database deployment

Install the yum source

Yum-y install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-redhat96-9.6-3.noarch.rpm

Install the database

Yum-y install postgresql96

Yum-y install postgresql96-server postgresql96-devel

Initialize the database

/ usr/pgsql-9.6/bin/postgresql96-setup initdb

Modify the startup file name

Mv / usr/lib/systemd/system/postgresql-9.6.service / usr/lib/systemd/system/postgresql.service

Boot self-start

Systemctl enable postgresql

Set environment variabl

Export PATH=/usr/pgsql-9.6/bin:$PATH

Source / etc/profile

Start the database

Systemctl start postgresql

Modify the configuration file

Vim / var/lib/pgsql/9.6/data/pg_hba.conf

Increase network trust at the end

Host all all 0.0.0.0/0 trust

Vim / var/lib/pgsql/9.6/data/postgresql.conf

Modify listening address

Listen_addresses ='*'

Install the extension

Yum-y install postgresql96-contrib

Note: do not use the default yum install postgresql-contrib installation, because the default installation version is 9.2, which is too low.

Restart the service

Systemctl restart postgresql

Log in to the database for initial setup

[root@localhost ~] # su-postgres

-bash-4.2$ psql

View information

\ l

Exit the database

Lq

View users

\ du

CREATE USER gitlab WITH PASSWORD 'pass'

CREATE DATABASE gitlabhq_production

ALTER ROLE gitlab CREATEROLE CREATEDB

ALTER ROLE gitlab CREATEROLE SUPERUSER

Log out and log in again

Su-postgres

-bash-4.2$ psql gitlabhq_production

Psql (9.6.6)

Type "help" for help.

Postgres=# CREATE EXTENSION pg_trgm

Exit the database restart service

Systemctl restart postgresql

Note: high availability of database can be referred to https://www.cnblogs.com/linkenpark/p/8339936.html

Or the official website https://docs.gitlab.com/ee/administration/high_availability/database.html#configure-using-omnibus-for-high-availability

For redis installation and deployment, please refer to other documents.

NFS file sharing

[root@git-235 gitlab] # cat / etc/exports

/ var/opt/gitlab/.ssh 172.28.13.0 Compact 24 (rw,sync,no_root_squash)

/ var/opt/gitlab/gitlab-rails/uploads 172.28.13.0 Compact 24 (rw,sync,no_root_squash)

/ var/opt/gitlab/gitlab-rails/shared 172.28.13.0 Compact 24 (rw,sync,no_root_squash)

/ var/opt/gitlab/gitlab-ci/builds 172.28.13.0 Compact 24 (rw,sync,no_root_squash)

/ var/opt/gitlab/git-data 172.28.13.0 Compact 24 (rw,sync,no_root_squash)

The server creates a folder

Mkdir-p / var/opt/gitlab/.ssh / var/opt/gitlab/gitlab-rails/uploads / var/opt/gitlab/gitlab-rails/shared / var/opt/gitlab/gitlab-ci/builds / var/opt/gitlab/git-data

Server file authorization

Chmod 777-R / var/opt/

Create a folder in the gitlab application node

Mkdir-p / var/opt/gitlab/.ssh / var/opt/gitlab/gitlab-rails/uploads / var/opt/gitlab/gitlab-rails/shared / var/opt/gitlab/gitlab-ci/builds / var/opt/gitlab/git-data

Mount the directory in the gitlab application node

Mount-t nfs 172.28.13.235:/var/opt/gitlab/.ssh / var/opt/gitlab/.ssh

Mount-t nfs 172.28.13.235:/var/opt/gitlab/gitlab-rails/uploads / var/opt/gitlab/gitlab-rails/uploads

Mount-t nfs 172.28.13.235:/var/opt/gitlab/gitlab-rails/shared / var/opt/gitlab/gitlab-rails/shared

Mount-t nfs 172.28.13.235:/var/opt/gitlab/gitlab-ci/builds / var/opt/gitlab/gitlab-ci/builds

Mount-t nfs 172.28.13.235:/var/opt/gitlab/git-data / var/opt/gitlab/git-data

Modify the mount file in the gitlab application node

Vim / etc/fstab

Gitlab two-node deployment

Git01 configuration

Create a yum repository file for gitlab

Vim / etc/yum.repos.d/gitlab-ce.repo

[gitlab-ce]

Name=Gitlab CE Repository

Baseurl= https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el$releasever/

Gpgcheck=0

Enabled=1

Installation dependency

Yum install-y curl policycoreutils-python openssh-server sudo systemctl enable sshd postfix

Systemctl enable sshd

Systemctl restart sshd

Systemctl enable postfix

Systemctl restart postfix

Yum install gitlab-ce

Yum install-y gitlab-ce

Note: if you cannot access the public network, you can download https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-12.6.1-ce.0.el7.x86_64.rpm by yourself.

Then use the local yum installation

Yum localinstall-y gitlab-ce-12.6.1-ce.0.el7.x86_64.rpm

Modify the configuration file

Vim / etc/gitlab/gitlab.rb

External_url 'http://qijian.example.com'

Gitlab_rails ['time_zone'] =' Asia/Shanghai'

Roles ['application_role']

High_availability ['mountpoint'] =' / var/opt/gitlab/git-data'

Postgresql ['enable'] = false

Gitlab_rails ['db_adapter'] = "postgresql"

Gitlab_rails ['db_encoding'] = "utf8"

Gitlab_rails ['db_database'] = "gitlabhq_production"

Gitlab_rails ['db_username'] = "gitlab"

Gitlab_rails ['db_password'] = "pass"

Gitlab_rails ['db_host'] = "172.28.13.235"

Gitlab_rails ['db_port'] = 5432

Redis ['enable'] = false

Gitlab_rails ['redis_host'] = "172.28.13.235"

Gitlab_rails ['redis_port'] = 6379

Gitlab_rails ['redis_password'] = "123456"

Gitlab_rails ['redis_database'] = 0

Nginx ['enable'] = true

Create a startup service

Gitlab startup script

Vim / etc/systemd/system/gitlab.service

[Unit]

Description=gitlab

[Service]

Type=oneshot

RemainAfterExit=yes

ExecStart=/bin/gitlab-ctl start

ExecStop=/bin/gitlab-ctl stop

[Install]

WantedBy=multi-user.target

Boot self-start

Systemctl enable gitlab

Make the configuration effective

Gitlab-ctl reconfigure

Note: if you want to initialize the data again, run gitlab-rake gitlab:setup (generally, the gitlab-ctl reconfigure already initialized data has been executed before)

Gitlab-ctl start

Note: common commands

View the log: gitlab-ctl tail gitlab-rails

Testing environment: gitlab-rake gitlab:check

Git02 configuration

Copy / etc/gitlab/gitlab-secrets.json from git01 to the / etc/gitlab directory of git2

Touch / etc/gitlab/skip-auto-migrations

Cat / etc/gitlab/gitlab.rb

External_url 'http://qijian.example.com'

Gitlab_rails ['time_zone'] =' Asia/Shanghai'

Roles ['application_role']

High_availability ['mountpoint'] =' / var/opt/gitlab/git-data'

Gitlab_rails ['auto_migrate'] = false

Postgresql ['enable'] = false

Gitlab_rails ['db_adapter'] = "postgresql"

Gitlab_rails ['db_encoding'] = "utf8"

Gitlab_rails ['db_database'] = "gitlabhq_production"

Gitlab_rails ['db_username'] = "gitlab"

Gitlab_rails ['db_password'] = "pass"

Gitlab_rails ['db_host'] = "172.28.13.235"

Gitlab_rails ['db_port'] = 5432

Redis ['enable'] = false

Gitlab_rails ['redis_host'] = "172.28.13.235"

Gitlab_rails ['redis_port'] = 6379

Gitlab_rails ['redis_password'] = "123456"

Gitlab_rails ['redis_database'] = 0

Nginx ['enable'] = true

Make the configuration effective

Gitlab-ctl reconfigure

Front-end load balancing

The front end loads the http separately (nginx reverse proxy is available)

[root@git-235 conf.d] # pwd

/ etc/nginx/conf.d

[root@git-235 conf.d] # cat qijian.example.com.conf

Upstream gitlab_backend {

Ip_hash

Server 172.28.13.236:80

Server 172.28.13.237:80

}

Server {

Server_name qijian.example.com

Location / {proxy_pass http://gitlab_backend; proxy_set_header Host $http_host; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;}

}

Web page access test

Http://qijian.example.com/

Ssh (HAproxy agent available, or nginx TCP agent available)

Yum install haproxy-y

[root@git-235 src] # cat / etc/haproxy/haproxy.cfg

Global

Log 127.0.0.1 local2chroot / var/lib/haproxypidfile / var/run/haproxy.pidmaxconn 4000user haproxygroup haproxydaemon# turn on stats unix socketstats socket / var/lib/haproxy/stats level admin

Defaults

Retries 3

Timeout client 360s

Timeout server 360s

Timeout connect 360s

Maxconn 32000

Option redispatch

Option abortonclose

Log global

Timeout queue 1m

Timeout http-request 360s

Timeout check 3s

Listen admin_stats

Bind 0.0.0.0:11011

Mode http

Maxconn 10

Stats refresh 10s

Stats uri / web/status

Stats auth admin:example

Stats hide-version

Listen sshd_22

Bind 0.0.0.0:22

Mode tcp

Balance source

Server sshd_vxi01 172.28.13.236:22 maxconn 2048 check inter 3000 rise 2 fall 3 weight 1

Server sshd_vxi02 172.28.13.237:22 maxconn 2048 check inter 3000 rise 2 fall 3 weight 1

Test verification

Add a client key pair public key to gitlab

Git clone git@qijian.example.com:chanping/front.git

Gitlab Integrated Domain Controller AD Verification

Modify gitlab application to program node configuration file

Gitlab_rails ['ldap_enabled'] = true

Gitlab_rails ['ldap_servers'] = YAML.load

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.