Gitlab Server
Installation
With Docker
mkdir /mygitlab
docker run --detach \
--hostname mygit.example.com\
--publish 80:80 \
--name gitlab \
--volume /mygitlab/config:/etc/gitlab \
--volume /mygitlab/logs:/var/log/gitlab \
--volume /mygitlab/data:/var/opt/gitlab \
--rm \
gitlab/gitlab-ce:17.11.7-ce.0Config
重要檔案與目錄路徑:
- 主設定檔:
/etc/gitlab/gitlab.rb - 所有子服務日誌檔:
/var/log/gitlab/* - 系統密鑰檔:
/etc/gitlab/gitlab-secrets.json
Custom port
1- docker command
- 使用非標準埠時,host 與 container 必須使用相同埠號。
- 如果只修改 docker 啟動參數的外部 port,而不修改 gitlab.rb,服務可以正常啟動,首頁與帳號登入也正常,不過網頁上的專案 URL 位址會不正確。
docker run --detach \
--hostname 10.4.1.76 \
--publish 6080:6080 \
--name gitlab \
--volume /myapp/gitlab/config:/etc/gitlab \
--volume /myapp/gitlab/logs:/var/log/gitlab \
--volume /myapp/gitlab/data:/var/opt/gitlab \
...2- Edit gitlab.rb
- 變更 port 會影響 container 的通訊埠,且必須與 docker 啟動參數 --publish 的內部 port 相同。
nginx['listen_port'] = 6080
external_url 'http://10.4.1.76:6080'LDAP (Windows AD)
gitlab.rb :
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP'
host: 'ad03.example.com'
port: 389 # LDAP服务端口389,如果LDAP基于SSL在端口通常为636
uid: 'sAMAccountName' # LDAP中用戶名的對應屬性,通常為'sAMAccountName'
bind_dn: 'yourdomain\your-ad-user' # 同步用户帳戶, 格式為 'domain\username'
password: 'ThisIsPassword' # 同步用户帳戶密碼
encryption: 'plain' # 'start_tls' or 'simple_tls' or 'plain'
verify_certificates: false # 如果使用SSL,則設定true
active_directory: true # 如果是 使用 Windows Active Directory LDAP server 設定為 true
allow_username_or_email_login: false # 是否允許Email登入
lowercase_usernames: false # 是否將用戶轉成小寫
block_auto_created_users: True # 是否自動建立帳號
base: 'OU=YOURDOMAIN,DC=example,DC=com' # 搜索LDAP用户是的BaseDN
user_filter: ''
EOS
SMTP
gitlab-ctl commands
# Check the services
> gitlab-ctl status
run: alertmanager: (pid 820) 3073s; run: log: (pid 619) 3108s
run: gitaly: (pid 291) 3170s; run: log: (pid 309) 3169s
run: gitlab-exporter: (pid 799) 3075s; run: log: (pid 567) 3126s
run: gitlab-kas: (pid 452) 3158s; run: log: (pid 464) 3155s
run: gitlab-workhorse: (pid 791) 3075s; run: log: (pid 513) 3138s
run: logrotate: (pid 260) 3182s; run: log: (pid 268) 3181s
run: nginx: (pid 540) 3133s; run: log: (pid 550) 3132s
run: postgres-exporter: (pid 828) 3073s; run: log: (pid 738) 3100s
run: postgresql: (pid 316) 3164s; run: log: (pid 449) 3161s
run: prometheus: (pid 809) 3074s; run: log: (pid 606) 3112s
run: puma: (pid 467) 3152s; run: log: (pid 475) 3148s
run: redis: (pid 272) 3176s; run: log: (pid 288) 3173s
run: redis-exporter: (pid 801) 3074s; run: log: (pid 588) 3120s
run: sidekiq: (pid 479) 3145s; run: log: (pid 488) 3144s
run: sshd: (pid 36) 3192s; run: log: (pid 35) 3192s
> gitlab-ctl status postgresql
run: postgresql: (pid 316) 3748s; run: log: (pid 449) 3745s# Reload the configuration
> gitlab-ctl reconfigure# Restart the service puma
> gitlab-ctl restart puma
# Restart all services
> gitlab-ctl restartBackup & Restore
- https://docs.gitlab.com/install/docker/backup/
- https://docs.gitlab.com/administration/backup_restore/
注意:除了使用指令 gitlab-backup 以外,還需要另外備份系統目錄裡 /etc/gitlab 的兩個檔案
1. gitlab.rb (主要設定檔)
2. gitlab-secrets.json (系統密鑰檔) : 用來解密資料庫的資料
With Docker
- 備份檔 (
編號_日期_版本_gitlab_backup.tar) 要先複製到 container 的目錄/var/opt/gitlab/backups(預設)
# Backup
docker exec -it <container-name> gitlab-backup create
# Backup DB only
docker exec -it <container-name> gitlab-backup create SKIP=artifacts,repositories,registry,uploads,builds,pages,lfs,packages,terraform_state
# Verify the backup file
docker exec -it <container-name> ls /var/opt/gitlab/backups
# Restore
docker exec -it <container-name> bash
> gitlab-ctl stop puma
> gitlab-ctl stop sidekiq
> gitlab-ctl status
> gitlab-backup restore BACKUP=1704810663_2024_01_09_17.11.1
# Restore DB only
> gitlab-backup restore BACKUP=1704810663_2024_01_09_17.11.1 SKIP=artifacts,repositories,registry,uploads,builds,pages,lfs,packages,terraform_state
> gitlab-ctl restart
> gitlab-rake gitlab:check SANITIZE=true
> gitlab-rake gitlab:artifacts:check
> gitlab-rake gitlab:lfs:check
> gitlab-rake gitlab:uploads:check
# Restart the container
docker restart <container-name>Upgrade & Patch
- Upgrade 17.11 to 18: https://docs.gitlab.com/update/versions/gitlab_18_changes/
Pre-checks
1- Check the general configuration:
# With Docker
docker exec -it <container-name> gitlab-rake gitlab:check | tee mylogs/check.250916.out2- Confirm that encrypted database values can be decrypted:
如果出現任何 failures 將會影響 Gitlab 的管理功能,請確定檔案 gitlab-secrets.json 是原始的版本,檔案內含有相關的密鑰,如果遺失,雖然系統仍可以透過備份檔回復,一般用戶也可以正常 pull/push 專案,但管理員將沒有權限操作大部分的網站管理功能。參閱詳細資訊
# With Docker
docker exec -it <container-name> gitlab-rake gitlab:doctor:secrets | tee mylogs/doctor_secrets.250916.out3- Check the status of all background database migrations.
gitlab-psql -c "SELECT job_class_name, table_name, column_name, job_arguments FROM batched_background_migrations WHERE status NOT IN(3, 6);"
# With Docker
docker exec -it <container-name> gitlab-psql -c "SELECT job_class_name, table_name, column_name, job_arguments FROM batched_background_migrations WHERE status NOT IN(3, 6);"4- In GitLab UI, check that:
- Users can sign in.
- The project list is visible.
- Project issues and merge requests are accessible.
- Users can clone repositories from GitLab.
- Users can push commits to GitLab.
Post-installation
Disable Gravatar Service (optional)
Enter Admin Mode > Settings > General > Account and limit
- Gravatar enabled: 不勾選
Container Log Rotation
如果使用 Docker 環境建置系統,在服務啟用後,container 的 log 檔在一段時間後可能會耗盡系統可用空間。要設定 container log 自動循環,啟動時需要增加幾個參數。
docker run --detach \
...
--log-driver json-file \
--log-opt max-size=10m \
--log-opt max-file=3 \
...
Troubleshooting
Troubleshoot Tips
- Check the container log:
docker logs -f <container-name>,檢視服務在啟動後的整個程序執行狀況。 - Check the status of the services :
gitlab-ctl status,注意每個服務的運行時間秒數,如果特定服務顯示特別短秒數,表示該服務異常且一直再重啟。 - Check the nginx's log :
/var/log/nginx/error.log,這裡可以查出是否有通訊埠衝突異常。
HTTP 502
- 記憶體至少需要 4GB,如果不足可能無法初始化所有服務。
- 通訊埠衝突,檢查 host 與 container 是否有相同 port 衝突。Gitlab 內建多個服務,啟動會開啟相應的 port,例如 puma 預設使用 8080。要檢查不同內建服務的預設 port 號,可以檢視
gitlab.rb。
HTTP 500
- 變更 Admin 的參數設定時發生
- 檢查
gitlab-secrets.json(系統密鑰檔)是否與系統初始化時相同。