先更新軟體
# yum update
安裝自己常用的軟體
# yum install screen bash-completion
設定.screenrc ( linux screen 使用心得 )
# vim .screenrc
安裝gitlab
1. 安裝和設定所需的依賴( Install and configure the necessary dependencies )# yum install curl openssh-server => linode已安裝
...
Nothing to do
# systemctl enable sshd => 無反應
# systemctl start sshd => 無反應
# yum install postfix => linode已安裝
...
Nothing to do
# systemctl enable postfix
ln -s '/usr/lib/systemd/system/postfix.service' '/etc/systemd/system/multi-user.target.wants/postfix.service'
# systemctl start postfix => 無反應
# firewall-cmd --permanent --add-service=http => 失敗,但跳過不打緊
FirewallD is not running
# systemctl reload firewalld => 失敗,但跳過不打緊
Job for firewalld.service failed. See 'systemctl status firewalld.service' and 'journalctl -xn' for details.
2. 安裝gitlab ( Add the GitLab package server and install the package )
# curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
...
Generating yum cache for gitlab_gitlab-ce...
Importing GPG key 0xE15E78F4:
Userid : "GitLab B.V. (package repository signing key) <packages@gitlab.com>"
Fingerprint: 1a4c 919d b987 d435 9396 38b9 1421 9a96 e15e 78f4
From : https://packages.gitlab.com/gpg.key
# yum install gitlab-ce
...
Installed:
gitlab-ce.x86_64 0:8.1.2-ce.0.el7
Complete!
3. 設定和啟動GitLab ( Configure and start GitLab )
# sudo gitlab-ctl reconfigure (自動跑,無需設定)
...
gitlab Reconfigured!
4. 打開瀏覽器登入Gitlab ( Browse to the hostname and login )
預設帳號:
Username: root
Password: 5iveL!fe
第一次登陸後他會要你改密碼
這方法比我 2015年年初看到的這個方法
https://github.com/gitlabhq/gitlab-recipes/tree/master/install/centos
還要容易多了
更改GitLab的port
1. 編輯 /etc/gitlab/gitlab.rb# vim /etc/gitlab/gitlab.rb
把
external_url
2. 重啟GitLab
# gitlab-ctl reconfigure
重啟後原本80port就不能訪問了,改用1234 port訪問
更改Gitlab倉庫的port
https://stackoverflow.com/a/26935369 Gitlab with non-standard SSH port (on VM with Iptable forwarding)
修改 /etc/gitlab/gitlab.rb
gitlab_rails['gitlab_shell_ssh_port'] = 766
重新配置gitlab:
# gitlab-ctl reconfigure
然後在gitlab後台可以看到新的倉庫地址,如: ssh://git@git.domain.com:766/group/project.git
測試gitlab是否能連上
$ ssh git@gitlab.com
Welcome to GitLab, @root
Connection to gitlab.com closed.
安裝nginx
# yum install nginx
啟動
# service nginx restart
http://xx.xx:1234/ => 開啟gitlab
http://xx.xx/ => 開啟nginx,與gitlab不衝突
CentOS 7 預設nginx的路徑在 /usr/share/nginx/html
設vhost
https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-server-blocks-on-centos-7
建立vhost路徑
# mkdir -p /var/www/example.com/html
編輯首頁內容
# vim /var/www/example.com/html/index.html # 隨便寫些內容進去
模仿ubuntu格式建立sites-available和sites-enabled資料夾
# mkdir /etc/nginx/sites-available
# mkdir /etc/nginx/sites-enabled
編輯nginx.conf
# vim /etc/nginx/nginx.conf
在 http {} 區塊之間加入
include /etc/nginx/sites-enabled/*.conf;
server_names_hash_bucket_size 64;
編輯vhost設定檔
# vim /etc/nginx/sites-available/example.com.conf
server {
listen 80;
server_name example.com www.example.com;
location / {
root /var/www/example.com/html;
index index.html index.htm;
try_files $uri $uri/ =404;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
啟用設定檔
# ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/example.com.conf
重啟nginx
# service nginx restart
同時開 http://example.com (記得新增DNS或hosts) 和原本網址,可以開啟兩個不同位置的程式
將A主機gitlab的project複製到B主機
A主機gitlab版本 GitLab 7.4.3
B主機gitlab版本 GitLab Community Edition 8.1.2
1. B主機gitlab登入後 => Profile Settings => SSH Keys => ADD SSH KEY => 將 A主機gitlab登陸用戶同名的SSH公鑰 cat ~/.ssh/id_rsa.pub 新增到B主機gitlab SSH Keys上
2. Dashboard => Projects => NEW PROJECT => Import project from 選 ANY REPO BY URL =>
這時候把A主機的git網址貼上,如: http(s)://username:password@gitlab.company.com/group/project.git
即可導入
ps. 這方法雖然方便,但是當專案一大之後導入時間過久
安裝Percona 5.6
https://www.percona.com/doc/percona-server/5.6/installation/yum_repo.html
安裝Percona yum repository ( percona-release )
# yum install http://www.percona.com/downloads/percona-release/redhat/0.1-3/percona-release-0.1-3.noarch.rpm
測試 repository
# yum search percona
...
Percona-Server-server-55.x86_64 : Percona Server: a very fast and reliable SQL database server
Percona-Server-server-56.x86_64 : Percona Server: a very fast and reliable SQL database server
Percona-Server-server-57.x86_64 : Percona Server: a very fast and reliable SQL database server
...
安裝
# yum install Percona-Server-server-56
===============================================================================================================================
Package Arch Version Repository Size
===============================================================================================================================
Installing:
Percona-Server-server-56 x86_64 5.6.28-rel76.1.el7 percona-release-x86_64 18 M
Percona-Server-shared-56 x86_64 5.6.28-rel76.1.el7 percona-release-x86_64 652 k
replacing mariadb-libs.x86_64 1:5.5.44-1.el7_1
Installing for dependencies:
Percona-Server-client-56 x86_64 5.6.28-rel76.1.el7 percona-release-x86_64 5.8 M
libaio x86_64 0.3.109-13.el7 base 24 k
perl-Data-Dumper x86_64 2.145-3.el7 base 47 k
檢查裝好了沒# rpm -qa | grep Percona
Percona-Server-client-56-5.6.28-rel76.1.el7.x86_64
Percona-Server-shared-56-5.6.28-rel76.1.el7.x86_64
Percona-Server-server-56-5.6.28-rel76.1.el7.x86_64
調大linode的swap
由 Arch swap心得 得知,swap大小為ram兩倍(2GB)為佳,如何提高linode上的swap呢?
登陸linode後台 => 先將linode關機(Shut down) => 先將ext4的空間按Edit調小 ( CentOS 7 Disk (24064 MB, ext4) )成24064-1024-512=22528MB => 將swap空間按Edit調大 ( 512MB Swap Image (512 MB, swap) )成2048MB => 重新啟動(Boot)機器
安全
因為用戶是透過ssh去gitlab拉取code的,所以要對sshd服務做些限制,以免外部IP惡意去try伺服器22端口(你ssh登錄成功後會跟你說之前失敗登錄了幾次和最後一次失敗的IP、時間)
https://unix.stackexchange.com/a/406264 + https://unix.stackexchange.com/a/490120 Limit SSH access to specific clients by IP address
編輯 sshd_config 檔案
AllowUsers johndoe@192.168.1.* admin2@192.168.1.*
編輯後需重啟sshd服務
使用TCP包裝器(Using TCP wrappers)
/etc/hosts.deny 禁止所有主機
sshd : ALL
/etc/hosts.allow 加白
sshd : 192.168.1.0/24
sshd : x.x.x.x
gitlab 啟動失敗
https://stackoverflow.com/a/65439226 Gitlab Cannot start runsv is not running
# gitlab-ctl restart
fail: gitlab-git-http-server: runsv not running
fail: logrotate: runsv not running
fail: nginx: runsv not running
fail: postgresql: runsv not running
fail: redis: runsv not running
fail: sidekiq: runsv not running
fail: unicorn: runsv not running
原因:
gitlab-runsvdir 沒跑
# systemctl status gitlab-runsvdir
● gitlab-runsvdir.service - GitLab Runit supervision process
Loaded: loaded (/usr/lib/systemd/system/gitlab-runsvdir.service; disabled; vendor preset: disabled)
Active: inactive (dead)
解法
# systemctl start gitlab-runsvdir
# gitlab-ctl restart
ok: run: gitlab-git-http-server: (pid 24475) 1s
ok: run: logrotate: (pid 24481) 0s
ok: run: nginx: (pid 24488) 1s
ok: run: postgresql: (pid 24493) 0s
ok: run: redis: (pid 24502) 0s
ok: run: sidekiq: (pid 24507) 0s
ok: run: unicorn: (pid 24513) 0s
參考資料:
https://about.gitlab.com/downloads/#centos7 Install a GitLab CE Omnibus package on CentOS 7 (and RedHat/Oracle/Scientific Linux 7)
http://linode.blog6.info/install-os/installcentos2 Linode VPS 2-2 安裝CentOS作業系統
http://serverfault.com/questions/585528/set-gitlab-external-web-port-number Set gitlab external web port number
沒有留言:
張貼留言