Shulou(Shulou.com)06/03 Report--

First, prepare a Linux host

I used a VMware virtual machine with the following configuration:

IP:192.168.1.159

1. Turn on SSH

Systemctl enable sshd

2. Close SELINUX

Vi / etc/sysconfig/selinux

Modify the scarlet letter below

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing-SELinux security policy is enforced.

# permissive-SELinux prints warnings instead of enforcing.

# disabled-No SELinux policy is loaded.

SELINUX=disabled

# SELINUXTYPE= can take one of three two values:

# targeted-Targeted processes are protected

# minimum-Modification of targeted policy. Only selected processes are protected.

# mls-Multi Level Security protection.

SELINUXTYPE=targeted

3. Install rz

Yum-y install lrzsz

After uploading the file, be sure to use the-be parameter (where-b is-binary uploads in binary mode,-e is-escape forces all control characters of escape), otherwise the uploaded file is incomplete.

Rz-be

4. Install wget

Yum-y install wget

5. Replace the yum source to speed up yum

(1) back up the yum source

Mv / etc/yum.repos.d/CentOS-Base.repo / etc/yum.repos.d/CentOS-Base.repo.backup

(2) download the new CentOS-Base.repo to / etc/yum.repos.d/

Wget-O / etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

Clean the cache

Yum clean all

Regenerate the cache

Yum makecache

First, install GitLab

1. Install the necessary components

Yum install-y curl policycoreutils-python openssh-server

2. Install the GitLab Community package Library

Cd / home

Curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | bash

3. Install GitLab Community Edition

EXTERNAL_URL is the URL visited

EXTERNAL_URL= "http://192.168.1.159" yum install-y gitlab-ce 

After the installation is complete:

Gitlab-ctl reconfigure # makes the configuration file effective but initializes all files except gitlab.rb

Gitlab-ctl status # View status

Gitlab-ctl stop # out of service

Gitlab-ctl start # onwards service

Gitlab-ctl tail # commands for viewing logs (Gitlab default log files are stored in the / var/log/gitlab directory)

Related catalog information

.git / config # version library specific configuration settings, available-- file modification

~ / .gitconfig # user-specific configuration settings are available-- modified by global

/ var/opt/gitlab/git-data/repositories/root # Library default storage directory

/ opt/gitlab # is the application code of gitlab and the corresponding dependent program

/ var/opt/gitlab # this directory contains the compiled application data and configuration files after running the gitlab-ctl reconfigure command. There is no need to modify the configuration manually.

/ etc/gitlab # the configuration files installed as omnibus-gitlab packages are stored in this directory, and the configuration files here need to be manually compiled by the administrator

/ var/log/gitlab # logs generated by various components of gitlab are stored in this directory

/ var/opt/gitlab/backups/ # directory generated by backup files

Related documents

/ opt/gitlab/embedded/service/gitlab-rails/config # configuration file (modify the ip address of clone)

/ etc/gitlab/gitlab.rb # set the relevant options for configuration (the gitlab address is here)

/ var/opt/gitlab/git-data # Git repository data (default

4. Run the service (do not do this step)

Gitlab-ctl start

5. Login test

You need to change your root password to log in for the first time

Change the password to: *

Account number: root

The page after login (this is an IE browser, there is a problem with the display, you need to visit it in a non-IE browser)

II. Chinese GitLab

1. Check the installation version and Chinese version of the package

Installation version check

Cat / opt/gitlab/embedded/service/gitlab-rails/VERSION

Chinese package inspection

Https://gitlab.com/xhang/gitlab

2. The process of Sinicization

If you have the same version of the Chinese label

(1) Clone the Chinese version library

Yum install-y git

Git clone https://gitlab.com/xhang/gitlab.git

(you can specify the version number git clone https://gitlab.com/xhang/gitlab.git-b v10.0.2-zh)

If it has been cloned, update the git fetch

(2) check the version of the Chinese patch

Cat gitlab/VERSION

(2) compare the Chinese label with the original tag, and export the diff file for patch.

Gitlab-ctl stop

Cd / home/gitlab

Git diff v11.1.4 v11.1.4-zh >.. / 11.1.4-zh.diff

Generate 11.1.4-zh.diff file

Since the official version has fewer files than the Chinese package (all the files in the assets directory) will lead to errors in patching, copy these files to the official directory first

Cd / home/gitlab/app

Cp-r assets / opt/gitlab/embedded/service/gitlab-rails/app/

Update 11.1.4-zh.diff to gitlab as a patch

Yum install patch-y

Patch-d / opt/gitlab/embedded/service/gitlab-rails-p1

< 11.1.4-zh.diff 或 cd /opt/gitlab/embedded/service/gitlab-rails git apply /home/11.1.4-zh.diff 强行拷贝过去后git apply可能会出错 用patch打补丁 出现询问时都输入y，注意上图有个失误，导致多了一个rej文件，这个文件一定要重命名掉 cd gitlab-rails/app/assets/javascripts/boards/components/ mv board_delete.js.rej board_delete.js.rej.bak 启动和检查GitLab配置 gitlab-ctl start gitlab-ctl reconfigure 重新登录192.168.1.159 三、用LDAP接入AD 略 四、增加邮件功能 1、修改配置文件gitlab.rb vi /etc/gitlab/gitlab.rb 在gitlab.rb文件中添加下面配置： gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "smtp.********" gitlab_rails['smtp_port'] = 25 gitlab_rails['smtp_user_name'] = "gitlab" gitlab_rails['smtp_password'] = "**********" gitlab_rails['smtp_domain'] = "**********" gitlab_rails['smtp_authentication'] = "login" gitlab_rails['smtp_enable_starttls_auto'] = true gitlab_rails['gitlab_email_from'] = 'gitlab@**********' user['git_user_email'] = "gitlab@**********" 2、修改完，重新配置 gitlab-ctl reconfigure 查看日志 gitlab-ctl tail 五、修改时区 如果不修改默认时间会造成下图的现象，可能会差几个小时 1、修改配置文件gitlab.rb vi /etc/gitlab/gitlab.rb 在gitlab.rb文件中 添加下面配置： gitlab_rails['time_zone'] = 'Asia/Shanghai' 2、修改完，重新配置 gitlab-ctl reconfigure 查看日志 gitlab-ctl tail 六、设置密码输错锁定 1、修改配置文件gitlab.rb vi /etc/gitlab/gitlab.rb 在gitlab.rb文件中修改下面配置： gitlab_rails['rack_attack_git_basic_auth'] = { 'enabled' =>

True

'ip_whitelist' = > ["127.0.0.1"]

'maxretry' = > 300

'findtime' = > 60

'bantime' = > 60

}

Explanation:

# Rack Attack IP banning enabled

'enabled' = > true

# Whitelist requests from 127.0.0.1 for web proxies (NGINX/Apache) with incorrect headers

'ip_whitelist' = > ["127.0.0.1"]

# Limit the number of Git HTTP authentication attempts per IP

'maxretry' = > 300

# Reset the auth attempt counter per IP after 60 seconds

'findtime' = > 60

# Ban an IP for one hour (60s) after too many auth attempts

'bantime' = > 60

2. Reconfigure after modification

Gitlab-ctl reconfigure

View the log

Gitlab-ctl tail

7. Backup

1. Modify the configuration file gitlab.rb

Vi / etc/gitlab/gitlab.rb

In the gitlab.rb file

Modify to the following configuration:

Gitlab_rails ['manage_backup_path'] = true

Gitlab_rails ['backup_path'] = "/ var/opt/gitlab/backups" / / gitlab backup directory

Gitlab_rails ['backup_archive_permissions'] = 0644 / / permissions for generated backup files

Gitlab_rails ['backup_keep_time'] = 7776000 / / backup retention days is 3 months (that is, 90 days, here is 7776000 seconds)

2. Reconfigure after modification

Gitlab-ctl reconfigure

View the log

Gitlab-ctl tail

3. Back up once manually

Gitlab-rake gitlab:backup:create

Cd / var/opt/gitlab/backups directory to view existing backup files

4. Add scheduled tasks for daily backups

Edit crontab

Vi / etc/crontab

Add the following line

0 4 * root / opt/gitlab/bin/gitlab-rake gitlab:backup:create CRON=1

Note: the role of the environment variable CRON=1 is to suppress all progress output of the backup script if no errors occur

Restart the crond service

Systemctl restart crond

Restart the system

Shutdown-r now

VII. Recovery testing

GItLab can only be restored to the same gitlab version as the backup file.

1. Clone a GitLab of the formal environment, and change the server IP to 192.168.1.211.

Slightly

2. Modify the access IP address of GitLab

Vi / etc/gitlab/gitlab.rb

In the gitlab.rb file

Modify to the following configuration:

External_url 'http://192.168.1.221'

After modification, reconfigure

Gitlab-ctl reconfigure

3. Delete an item casually

4. Start the recovery operation

(1) modify the permissions of backup files to 777, otherwise there may be insufficient permissions and cannot be decompressed during recovery.

Cd / var/opt/gitlab/backups

Chmod 777 1550089292_2019_02_14_11.1.4_gitlab_backup.tar

(2) execute commands to stop related data connection services

Gitlab-ctl stop unicorn

Gitlab-ctl stop sidekiq

Gitlab-ctl status

(3) execute the command to restore Gitlab from the backup file

The restore operation of Gitlab will empty all the current data first, and then restore based on the backup data.

Gitlab-rake gitlab:backup:restore BACKUP= backup file number

Gitlab-rake gitlab:backup:restore BACKUP=1550089292_2019_02_14_11.1.4

Enter yes

Enter yes

Recovery complete

(4) finally start Gitlab again

Gitlab-ctl start

Gitlab-ctl status

5. Check the recovery

(1) check command

Gitlab-rake gitlab:check SANITIZE=true

All ok

(2) web page

The previously deleted items have been restored. According to 20GB, it takes 1 hour to recover a total of 200 projects.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.