Shulou(Shulou.com)06/03 Report--

Gitlab is the most popular open source code management tool at present, which is composed of many components, including gitaly, postgresql, redis, unicorn, nginx and so on. You can see its complexity (you can learn about it from the gitlab official website). Therefore, the hardware configuration of the server cannot be too low. Currently, the CVM we use is an instance of c5.2xlarge (8vcpu, 16G) (official software and hardware requirements: https://docs.gitlab.com/ce/install/requirements.html), which is barely easy to use.

Gitlab installation on CentOs7.x is only a rpm package, so installation is very simple. The original installation of Gitlab-ce-8.x on CentOs6.x requires the client version of Git (perl-Git, git version 1.7.9.6 or above).

Here I choose the latest version of 12.5.2 rpm package to demonstrate, here to complain, gitlab version updates are so frequent, I can not keep up with the pace.

Use Tsinghua's download source: https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-12.5.2-ce.0.el7.x86_64.rpm

If you want to know the relevant features of the version of gitlab in use and bug fixes, you can follow gitlab's blog: https://about.gitlab.com/blog/categories/releases/

I. description of the environment:

In order to build gitlab and implement email notification, I also configured postfix+dovecot on the gitlab server

Domain name: demo.com

The mailboxes used for testing are: noreply@demo.com;admin@demo.com;firefly@demo.com

IP: 192.168.59.250

The hosts file is as follows:

[root@mail home] # cat / etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

192.168.59.250 mail.demo.com mail demo.com

192.168.59.250 pop

192.168.59.250 gitlab.demo.com

192.168.59.250 jenkins.demo.com

The hostname is configured as follows:

[root@mail home] # cat / etc/hostname

Mail.demo.com

II. Installation and configuration

1. Start the installation

[root@mail ~] # rpm-ivh gitlab-ce-12.5.2-ce.0.el7.x86_64.rpm

After the installation of the rpm package is complete, you will be prompted that Gitlab has not been configured. You can set up external_url by modifying the / etc/gitlab/gitlab.rb file, and then execute the command gitlab-ctl reconfigure to start the Gitlab instance.

2. Modify the configuration file / etc/gitlab/gitlab.rb

[root@mail home] # cat / etc/gitlab/gitlab.rb | grep-v "^ #" | grep-v "^ $"

# configure one for external access to url

External_url 'http://gitlab.demo.com'

# enable email notification

Gitlab_rails ['gitlab_email_enabled'] = true

Gitlab_rails ['gitlab_email_from'] =' noreply@demo.com'

Gitlab_rails ['gitlab_email_display_name'] =' noreply'

Gitlab_rails ['gitlab_email_reply_to'] =' noreply@demo.com'

# git Warehouse backup path

Gitlab_rails ['backup_path'] = "/ data/git-data/backups"

# backup retention period. The default is 7 days. Expiration will be deleted.

Gitlab_rails ['backup_keep_time'] = 604800

# default storage path of git warehouse data

Git_data_dirs ({

"default" = > {

"path" = > "/ data/git-data"

}

})

# smtp mailbox settings, which are used to send mail to each git account

Gitlab_rails ['smtp_enable'] = true

Gitlab_rails ['smtp_address'] = "mail.demo.com"

Gitlab_rails ['smtp_port'] = 25

Gitlab_rails ['smtp_user_name'] = "noreply@demo.com"

Gitlab_rails ['smtp_password'] = "noreply"

Gitlab_rails ['smtp_domain'] = "demo.com"

Gitlab_rails ['smtp_authentication'] = "login"

-- configure the end split line--

3. Start the service. After completing the above configuration, you can execute the command gitlab-ctl reconfigure to complete the initialization configuration and start the related services.

[root@mail ~] # gitlab-ctl reconfigure

[root@mail ~] # gitlab-ctl status

Run: alertmanager: (pid 20578) 2681s; run: log: (pid 20577) 2681s

Run: gitaly: (pid 20545) 2681s; run: log: (pid 20544) 2681s

Run: gitlab-exporter: (pid 20569) 2681s; run: log: (pid 20568) 2681s

Run: gitlab-workhorse: (pid 20551) 2681s; run: log: (pid 20550) 2681s

Run: grafana: (pid 20576) 2681s; run: log: (pid 20575) 2681s

Run: logrotate: (pid 20560) 2681s; run: log: (pid 20559) 2681s

Run: nginx: (pid 20557) 2681s; run: log: (pid 20556) 2681s

Run: node-exporter: (pid 20566) 2681s; run: log: (pid 20565) 2681s

Run: postgres-exporter: (pid 20580) 2681s; run: log: (pid 20579) 2681s

Run: postgresql: (pid 20549) 2681s; run: log: (pid 20543) 2681s

Run: prometheus: (pid 20582) 2681s; run: log: (pid 20581) 2681s

Run: redis: (pid 20584) 2681s; run: log: (pid 20583) 2681s

Run: redis-exporter: (pid 20570) 2681s; run: log: (pid 20567) 2681s

Run: sidekiq: (pid 20553) 2682s; run: log: (pid 20552) 2682s

Run: unicorn: (pid 20562) 2682s; run: log: (pid 20561) 2682s

You can see that gitlab starts so many services.

4. To access through the local browser, first modify the local hosts (C:\ Windows\ System32\ drivers\ etc\ HOSTS) file to add the following records:

127.0.0.1 localhost

192.168.59.250 mail.demo.com

192.168.59.250 gitlab.demo.com

192.168.59.250 jenkins.demo.com

After the local hosts setting is completed, we can access it by typing: http://gitlab.demo.com in the browser. The password needs to be changed for the first login, and the password length cannot be less than 8 digits, as shown in figure 1.

Figure 1

After logging in successfully, we go to the home page of gitlab, as shown in figure 2.

Figure 2

III. Common settings

1. By default, gitlab allows any email to register, and you can complete registration and login without email confirmation. In order to standardize, we need to make certain restrictions, such as only allowing company email and personal mobile mail to register, as shown in figure 3.

Figure 3

After completing the above setup, we try to register an account named firefly, as shown in figure 4.

Figure 4

After the registration is successful, noreply@demo.com will send a confirmation email to firefly@demo.com, as shown in figures 5 and 6.

Figure 5

Figure 6

Click "Confirm your account" to jump to the login page and enter the user name and password to start the login, as shown in figures 7 and 8.

Figure 7

Figure 8

I wanted to write more content in one article, but there were too many pictures and time was limited, so I could only put it on the next article.

Summary and thinking, Gitlab as the company's code management server, security settings are very necessary. Such as the above modification of the default storage path of the warehouse, the rights management and distribution of each warehouse, regular backup of the warehouse, archiving of access logs (for later audit), modification of the default SSH port of the server, and so on will be shared in the next article.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.