GITLAB服务基础
1.GITLAB介绍一个基于GIT的源码托管解决方案
基于Ruby on rails开发
集成了nginx postgreSQL redis sidekiq等组件
2. 资源
官网:https://about.gitlab.com/downloads
清华镜像:https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/
3.安装环境要求
虚拟机centos7 64位
内存2G+
安装版本gitlab_ce_9.0.4
4.安装依赖
sudo yum install curl policycoreutils openssh-server openssh-clients
sudo systemctl enable sshd
sudo systemctl start sshd
sudo yum install postfix
sudo systemctl enable postfix
sudo systemctl start postfix
sudo firewall-cmd --permanent --add-service=http
sudo systemctl>
5.执行安装
rpm -ivh gitlab-ce-8.9.5-ce.0.el7.x86_64.rpm
# 修改配置文件
vim /etc/gitlab/gitlab.rb
external_url 'your_ip_address'
例如:
external_url 'http://192.168.152.140'
# 配置
gitlab-ctl reconfigure
# 访问
http://your_ip_address
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171126155046500-1489180261.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171126155244828-114560888.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171126155259125-1662849307.png
6.常用命令
gitlab-ctl status 查看状态
gitlab-ctl start
gitlab-ctl stop
gitlab-ctl restart
gitlab-ctl tail nginx 查看日志
7.Gitlab组件
nginx:静态Web服务器
gitlab-shell:用于处理Git命令和修改authorized keys列表
gitlab-workhorse:轻量级的反向代理服务器
logrotate:日志文件管理工具
postgresql:数据库
redis:缓存数据库
sidekiq:用于在后台执行队列任务(异步执行)
unicorn:GitLab Rails应用是托管在这个服务器上面的。
8.目录
/var/opt/gitlab/git-data/repositories/:库默认存储目录
/opt/gitlab:应用代码和相应的依赖程序
/var/opt/gitlab:gitlab-ctl reconfigure命令编译后的应用数据和配置文件,不需要人为修改配置
/etc/gitlab:配置文件目录
/var/log/gitlab:此目录下存放了gitlab各个组件产生的日志
/var/opt/gitlab/backups/:备份文件生成的目录
9.变更主配置文件
需要以下操作
1、gitlab-ctl reconfigure 重置配置文件
2、gitlab-ctl show-config 验证配置文件
3、gitlab-ctl restart 重启gitlab服务
10.创建对象
创建gourps
创建用户
创建项目
授权项目用户
创建组:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171126174110765-1523335749.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171126174127843-1836748210.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171126174321593-1955559949.png
创建用户:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171126174509578-1844624262.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171126174521250-1022756079.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171126174528734-634761303.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171126174534734-1845994247.png
把用户加进组:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171126174824875-444049268.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171126174947156-966866794.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171126175048171-23484027.png
创建项目:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171126175215203-1691580567.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171126175247890-1075736941.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171126175309046-1878652990.png
授权项目用户:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171126175413625-468746783.png
属于开发者得KEY
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171127231346690-48430047.png
添加用户到项目中,有两种方式:
既可以在组里添加,也可以再项目中添加,在组中添加会继承到项目中,在项目中添加跟组没关联。
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171127232821565-1303225037.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171127232912269-1538608339.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171127233104003-1948155399.png
一个是针对组,一个是针对项目。
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171127233425175-548567046.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171127233552472-810056407.png
由于dev1和dev2没有密码,需要设置初始密码,接入LDAP(统一账号管理)后就不需要此low b 过程了:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171127233915815-2123874833.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171127234016253-1198246044.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171127234111315-244688462.png
再次登录时,会提示重置密码:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171127234517519-2081006537.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171127234653628-1154113244.png
添加SSH key
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171127235626112-735775377.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171127234942659-1878743305.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171127235108659-479687449.png
此时再次ssh clone代码,现在把权限给打通了:
# git clone git@192.168.152.140:java/app1.git
Cloning into 'app1'...
warning: You appear to have cloned an empty repository.
# ll
total 0
drwxr-xr-x 3 root root 18 Nov 27 23:57 app1
#
创建分支:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128000538519-493664286.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128000602831-231601095.png
主分支已创建:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128000739425-1666296247.png
拉分支:
# cd app1/
# git pull
remote: Counting objects: 3, done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (3/3), done.
From 192.168.152.140:java/app1
* master -> origin/master
# ll
total 4
-rw-r--r-- 1 root root 6 Nov 28 00:10 readme
#
11.安装git windows客户端,并授权
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128001504659-820647026.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128001536144-1545844674.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128001616800-120370429.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128001900097-1030970995.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128002002050-357900032.png
使用dev2登录,把ssh key加入:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128002402456-1001207748.png
Windows客户端也可以了:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128002622956-1786760846.png
以上操作都是个人SSH KEY。
12.SSH KEY管理
个人SSH KEY
Deploy KEY
创建SSH KEY
将公钥导入用户SSHKEY
创建deploy key
将deploy key导入gitlab并在项目中允许
ssh key文件全局唯一
开发者KEY:
只能下载代码,不能上传代码,是给jenkins用得。
13.Case
在gitlab上创建一个库
用git上传文件
创建一个分支
在分支上开发
发出merge request
Accept merge
创建一个开发计划:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128233927065-1831715184.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128232304597-1859874350.png
Issue管理:
创建milestone
创建issue
创建分支
合并分支
Todos
Fix #issue_id
Close #issue_id
创建里程碑:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128232458003-501922012.png
创建任务:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128234116597-1204961644.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128234120550-1110084070.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128234324019-689845618.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128234621628-1700917361.png
使用dev1登录进去就能看到分配过来得任务:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128234812190-1781587428.png
dev1上传内容:
# cd app1/
# ll
total 4
-rw-r--r-- 1 root root 6 Nov 28 00:10 readme
# git checkout -b shouye
Switched to a new branch 'shouye'
# git status
# On branch shouye
nothing to commit, working directory clean
# echo "<h1>welcome to shenzhen</h1>" > index.html
# git add .
# git commit -m "shouye"
shouye
Committer: root <root@localhost.localdomain>
Your name and email address were configured automatically based
on your username and hostname. Please check that they are accurate.
You can suppress this message by setting them explicitly:
git config --global user.name "Your Name"
git config --global user.email you@example.com
After doing this, you may fix the>
git commit --amend --reset-author
1 file changed, 1 insertion(+)
create mode 100644 index.html
# git config --global user.name "dev1"
# git config --global user.name "dev1@126.com"
# git branch
master
* shouye
# git push origin shouye
Counting objects: 4, done.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 297 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To git@192.168.152.140:java/app1.git
* shouye -> shouye
现在有两个分支了:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128235533784-166375343.png
合并分支:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128235706987-578980829.png
提交:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128235819378-2030849095.png
登录pm:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171128235959550-2101832209.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171129000230519-1490018756.png
如果没问题,就可以同意执行合并。
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171129000237159-836975902.png
登录dev1,标识任务1已完成:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171129000527409-734105172.png
登录pm,查看进度:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171129000706019-313901720.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171129000911503-2093772920.png
完成后,关闭issues:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171129001032222-96437641.png
把master上代码更新下来:
# git checkout master
Switched to branch 'master'
# git pull
remote: Counting objects: 1, done.
remote: Total 1 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (1/1), done.
From 192.168.152.140:java/app1
c647c6b..837506amaster -> origin/master
Updating c647c6b..837506a
Fast-forward
index.html | 1 +
1 file changed, 1 insertion(+)
create mode 100644 index.html
开发新闻模块:
# git checkout -b news
Switched to a new branch 'news'
# echo 'news center' > news.html
# git add .
# git commit -m 'close #2'
# 使用dev1合并代码,根本合并不成功,没有权限。
# git checkout master
Switched to branch 'master'
# git merge news
Updating 837506a..397b0d0
Fast-forward
news.html | 1 +
1 file changed, 1 insertion(+)
create mode 100644 news.html
# git log
commit 397b0d0221e827a323bb4772965e41489f35ab3f
Author: dev1@126.com <root@localhost.localdomain>
Date: Wed Nov 29 00:23:19 2017 +0800
close #2
commit 837506a1c303433a7e903527bf57cc94c38be816
Merge: c647c6b 3e3d02b
Author: pm <pm@126.com>
Date: Wed Nov 29 00:03:20 2017 +0800
Merge branch 'shouye' into 'master'
shouye
See merge request !1
commit 3e3d02b3681d1b6997caa4b0fcb5488172996474
Author: root <root@localhost.localdomain>
Date: Tue Nov 28 23:49:51 2017 +0800
shouye
commit c647c6bf695887166b3ee9d022c0737f0eb0a6a0
Author: Administrator <admin@example.com>
Date: Tue Nov 28 00:06:48 2017 +0800
first commit
# git push origin master
Counting objects: 4, done.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 318 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
remote: GitLab: You are not allowed to push code to protected branches on this project.
To git@192.168.152.140:java/app1.git
! master -> master (pre-receive hook declined)
error: failed to push some refs to 'git@192.168.152.140:java/app1.git'
# 只能老实得提交到news分支。
root登录,查看权限:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171129003035737-2130218252.png
老老实实提交代码:
# git branch
* master
news
shouye
# git checkout news
Switched to branch 'news'
# git push origin news
Counting objects: 4, done.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 318 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To git@192.168.152.140:java/app1.git
* news -> news
使用dev1登录,创建一个merge request:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171129003417565-1615341883.png
不用修改,直接提交:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171129003512237-870763934.png
使用pm登录,只有pm有权限:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171129003728909-2142841282.png
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171129003807769-1632439802.png
查看没问题后,同意:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171129003858347-2133752480.png
加上close #2可以自动关闭任务。
目前只剩下两个任务了:
https://images2018.cnblogs.com/blog/1025100/201711/1025100-20171129004205784-1630751344.png
切换回主分支,把代码拉下来:
# git checkout master
Switched to branch 'master'
Your branch is ahead of 'origin/master' by 1 commit.
(use "git push" to publish your local commits)
# git pull
remote: Counting objects: 1, done.
remote: Total 1 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (1/1), done.
From 192.168.152.140:java/app1
837506a..7dc87eemaster -> origin/master
Updating 397b0d0..7dc87ee
Fast-forward
# ll
total 12
-rw-r--r-- 1 root root 29 Nov 29 00:20 index.html
-rw-r--r-- 1 root root 12 Nov 29 00:24 news.html
-rw-r--r-- 1 root root6 Nov 28 00:
14.备份管理
备份配置:
vim /etc/gitlab/gitlab.rb
# 配置文件中加入
gitlab_rails['backup_path'] = '/data/backups/gitlab'
gitlab_rails['backup_keep_time'] = 604800
# 保存7天得备份
# 如果自定义备份目录需要赋予git权限
mkdir -p /data/backups/gitlab
chown -R git.git /data/backups/gitlab
# 重新加载配置文件,重启服务
gitlab-ctl reconfigure
gitlab-ctl restart
# 定时任务Crontab中加入
0 2 * * * /usr/bin/gitlab-rake gitlab:backup:create
手动操作:
# /usr/bin/gitlab-rake gitlab:backup:create
Dumping database ...
Dumping PostgreSQL database gitlabhq_production ...
done
Dumping repositories ...
* java/app1 ...
* java/app1.wiki ...
done
Dumping uploads ...
done
Dumping builds ...
done
Dumping artifacts ...
done
Dumping lfs objects ...
done
Dumping container registry images ...
Creating backup archive: 1511969386_gitlab_backup.tar ... done
Uploading backup archive to remote storage... skipped
Deleting tmp directories ... done
done
done
done
done
done
done
Deleting old backups ... done. (0 removed)
# cd /data/backups/gitlab/
# ll
total 112
-rw------- 1 git git 112640 Nov 29 23:29 1511969386_gitlab_backup.tar
# date -d @1511969386
Wed Nov 29 23:29:46 CST 2017
策略建议:本地保留三到七天,在异地备份永久保存
恢复操作:
# 停止数据写入服务,只需要停止这两个服务
gitlab-ctl stop unicorn
gitlab-ctl stop sidekiq
# 执行恢复数据操作
gitlab-rake gitlab:backup:restore BACKUP=1511969386
date -d @1511969386
实战操作:
https://images2017.cnblogs.com/blog/1025100/201711/1025100-20171129233902323-341701438.png
执行上面得恢复操作命令,并重启服务:
# 停止数据写入服务,只需要停止这两个服务
gitlab-ctl stop unicorn
gitlab-ctl stop sidekiq
# 执行恢复数据操作
gitlab-rake gitlab:backup:restore BACKUP=1511969386
date -d @1511969386
# gitlab-ctl restart
ok: run: gitlab-workhorse: (pid 4473) 1s
ok: run: logrotate: (pid 4479) 0s
ok: run: nginx: (pid 4485) 1s
ok: run: postgresql: (pid 4492) 0s
ok: run: redis: (pid 4500) 1s
ok: run: sidekiq: (pid 4504) 0s
ok: run: unicorn: (pid 4507) 0s
https://images2017.cnblogs.com/blog/1025100/201711/1025100-20171129234754542-447019379.png
恢复实战:
手工备份
/usr/bin/gitlab-rake gitlab:backup:create
记录系统状态
系统变更
进行恢复
15.邮件配置
gitlab_rails['time_zone'] = 'Asia/Shanghai'
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'luchuangao@126.com'
gitlab_rails['gitlab_email_display_name'] = 'gitlab'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.126.com"
gitlab_rails['smtp_port'] = 25
gitlab_rails['smtp_user_name'] = "luchuangao"
gitlab_rails['smtp_password'] = "your_password"
gitlab_rails['smtp_domain'] = "126.com"
gitlab_rails['smtp_authentication'] = "login"
16. gitlab的api调用
gitlab官方介绍:
https://docs.gitlab.com/ee/api/README.html
(1) token做认证:
Token有三种:
[*]OAuth2 tokens
[*]Personal access tokens
[*]Session cookie
https://images2017.cnblogs.com/blog/1025100/201801/1025100-20180103110934737-1521834181.png
(2) 使用
curl --header "PRIVATE-TOKEN: 31x2Rzxe7x7yR1RA8u8-" "http://192.168.8.8/api/v4/groups/18"
17. gitlab项目迁移
把A服务器上的gitlab项目ops导入到B服务器上的gitlab项目中
A服务器:
https://images2017.cnblogs.com/blog/1025100/201801/1025100-20180106200445956-2097548728.png
B服务器:
https://images2017.cnblogs.com/blog/1025100/201801/1025100-20180106200616378-721484724.png
操作命令:
#A服务器操作命令:
cd /var/opt/gitlab/git-data/repositories/
tar -zcf /tmp/ops.tar.gz ops/
scp /tmp/ops.tar.gz root@192.168.182.138:/backup
#B服务器操作命令
cd /var/opt/gitlab/git-data/repositories/
tar -xf /backup/ops.tar.gz -C ./
cd ops/
# 重新生成hooks
## find . -name 'hooks'
#./test.git/hooks
#./test.wiki.git/hooks
find . -name 'hooks' -execdir mv {} hooks-old \;
#导入新的项目
# gitlab-rake gitlab:import:repos
Processing yunwei/demo.git
* demo (yunwei/demo.git) exists
Processing yunwei/demo.wiki.git
* Skipping wiki repo
Processing bigdata/demo.git
* demo (bigdata/demo.git) exists
Processing bigdata/demo.wiki.git
* Skipping wiki repo
Processing ops/test.git
* Created Group ops (10)
* Created test (ops/test.git)
Processing ops/test.wiki.git
* Skipping wiki repo
Done!
注意:一定要把迁移的项目hooks重新生成。
find . -name 'hooks' -execdir mv {} hooks-old \;
参考:https://gitlab.com/gitlab-org/gitlab-ce/issues/2082
页:
[1]