知乎专栏 |
目录
实施DEVOPS首先我们要有一个项目管理工具。
我建议使用 Gitlab,早年我倾向使用Trac,但Trac项目一直处于半死不活状态,目前来看Trac 对于 Ticket管理强于Gitlab,但Gitlab发展的很快,我们可以看到最近的一次升级中Issue 加入了 Due date 选项。Gitlab已经有风投介入,企业化运作,良性发展,未来会超越Redmine等项目管理软件,成为主流。所以我在工具篇采用Gitlab,BTW 我没有使用 Redmine,我认为 Redmine 的发展方向更接近传统项目管理思维。
软件项目管管理,我需要那些功能,Ticket/Issue管理、里程碑管理、内容管理Wiki、版本管理、合并分支、代码审查等等
关于Gitlib的安装配置请参考 http://www.netkiller.cn/project/project/gitlab/index.html
GitLab是一个利用 Ruby on Rails 开发的开源应用程序,实现一个自托管的Git项目仓库,可通过Web界面进行访问公开的或者私人项目。
它拥有与Github类似的功能,能够浏览源代码,管理缺陷和注释。可以管理团队对仓库的访问,它非常易于浏览提交过的版本并提供一个文件历史库。团队成员可以利用内置的简单聊天程序(Wall)进行交流。它还提供一个代码片段收集功能可以轻松实现代码复用,便于日后有需要的时候进行查找。
GitLab 5.0以前版本要求服务器端采用 Gitolite 搭建,5.0版本以后不再使用 Gitolite ,采用自己开发的 gitlab-shell 来实现。如果你觉得安装麻烦可以使用 GitLab Installers 一键安装程序。
目前 gitlab 官方包还不支持,需要手工安装
[root@netkiller gitlab]# curl -L --output /usr/local/bin/gitlab-runner "https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64" [root@netkiller gitlab]# chmod +x /usr/local/bin/gitlab-runner [root@netkiller gitlab]# useradd --comment 'GitLab Runner' --create-home gitlab-runner --shell /bin/bash [root@netkiller gitlab]# sudo chmod 666 /var/run/docker.sock [root@netkiller gitlab]# usermod -aG docker gitlab-runner [root@cloud gitlab]# gitlab-runner install --user=gitlab-runner --working-directory=/home/gitlab-runner Runtime platform arch=amd64 os=linux pid=66582 revision=32fc1585 version=15.2.1 [root@cloud gitlab]# systemctl enable gitlab-runner [root@cloud gitlab]# systemctl start gitlab-runner [root@cloud gitlab]# systemctl status gitlab-runner ● gitlab-runner.service - GitLab Runner Loaded: loaded (/etc/systemd/system/gitlab-runner.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2022-08-10 19:42:39 CST; 6s ago Main PID: 66679 (gitlab-runner) Tasks: 12 (limit: 203532) Memory: 11.3M CPU: 49ms CGroup: /system.slice/gitlab-runner.service └─66679 /usr/local/bin/gitlab-runner run --working-directory /home/gitlab-runner --config /etc/gitlab-runner/config.toml --service gitlab-runner --user gitlab-runner
dnf install langpacks-en glibc-all-langpacks -y localectl set-locale LANG=en_US.UTF-8 sudo systemctl status firewalld sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --permanent --add-service=https sudo systemctl reload firewalld sudo dnf install postfix sudo systemctl enable postfix sudo systemctl start postfix curl -s https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | bash EXTERNAL_URL="http://gitlab.example.com" export LC_ALL=en_US.UTF-8 export LANG=en_US.UTF-8 export LC_CTYPE=UTF-8 dnf install -y gitlab-ce cp /etc/gitlab/gitlab.rb{,.original} gitlab-ctl reconfigure
查看 root 密码
[root@localhost ~]# cat /etc/gitlab/initial_root_password # WARNING: This value is valid only in the following conditions # 1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run). # 2. Password hasn't been changed manually, either via UI or via command line. # # If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password. Password: dpzQFzltaq0BhAwDnugMf6MCFbvItXDvC+RcuN9R+wg= # NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.
GitLab Runner
curl -sL "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh" | sudo bash dnf install gitlab-runner
配置文件 /etc/gitlab-runner/config.toml
[root@localhost ~]# systemctl restart gitlab-runner
Docker 安装有个小缺点,不能使用 22 端口,因为 22 端口已经被宿主主机占用。
export GITLAB_HOME=/srv/gitlab
sudo docker run --detach \ --hostname gitlab.example.com \ --publish 443:443 --publish 80:80 --publish 22:22 \ --name gitlab \ --restart always \ --volume $GITLAB_HOME/config:/etc/gitlab \ --volume $GITLAB_HOME/logs:/var/log/gitlab \ --volume $GITLAB_HOME/data:/var/opt/gitlab \ gitlab/gitlab-ce:latest
配置对外url,域名或者ip,公网能访问即可
vim /mnt/gitlab/etc/gitlab.rb 添加一下配置: external_url 'http://127.0.0.1' (你的域名或者ip地址)
配置邮箱
vim /mnt/gitlab/etc/gitlab.rb gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "smtp.qq.com" gitlab_rails['smtp_port'] = 465 gitlab_rails['smtp_user_name'] = "13721218@qq.com" (替换成自己的QQ邮箱) gitlab_rails['smtp_password'] = "xxxxx" gitlab_rails['smtp_domain'] = "smtp.qq.com" gitlab_rails['smtp_authentication'] = "login" gitlab_rails['smtp_enable_starttls_auto'] = true gitlab_rails['smtp_tls'] = true gitlab_rails['gitlab_email_from'] = '13721218@qq.com' (替换成自己的QQ邮箱,且与smtp_user_name一致)
重新启动gitlab
docker restart gitlab-ce sudo docker logs -f gitlab
修改 /etc/gitlab/gitlab.rb 配置文件
docker exec -it gitlab editor /etc/gitlab/gitlab.rb gitlab | docker restart gitlab
宿主主机开放 80/443 端口
systemctl status firewalld firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https systemctl reload firewalld
创建工作目录
[root@localhost ~]# mkdir -p /opt/gitlab/{config,data,logs} [root@localhost ~]# cd /opt/gitlab/
安装 gitlab
[root@localhost gitlab]# vim docker-compose.yaml version: '3.9' services: gitlab: image: 'gitlab/gitlab-ce:latest' container_name: "gitlab" restart: unless-stopped privileged: true hostname: 'gitlab.example.com' environment: TZ: 'Asia/Shanghai' GITLAB_OMNIBUS_CONFIG: | external_url 'https://gitlab.example.com' gitlab_rails['time_zone'] = 'Asia/Shanghai' gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "smtp.netkiller.cn" gitlab_rails['smtp_port'] = 465 gitlab_rails['smtp_user_name'] = "netkiller@netkiller.cn" gitlab_rails['smtp_password'] = "******" gitlab_rails['smtp_domain'] = "netkiller.cn" gitlab_rails['smtp_authentication'] = "login" gitlab_rails['smtp_enable_starttls_auto'] = true gitlab_rails['smtp_tls'] = true gitlab_rails['gitlab_email_from'] = 'netkiller@netkiller.cn' gitlab_rails['gitlab_shell_ssh_port'] = 22 ports: - '80:80' - '443:443' - '23:22' volumes: - /opt/gitlab/config:/etc/gitlab - /opt/gitlab/logs:/var/log/gitlab - /opt/gitlab/data:/var/opt/gitlab
启动
[root@gitlab gitlab]# docker compose up
例 116.1. Docker 部署 GitLab 查看登陆密码
Neo-iMac:docker neo$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a762c0c8c950 gitlab/gitlab-ce:latest "/assets/wrapper" 14 minutes ago Up 14 minutes (healthy) 0.0.0.0:80->80/tcp, 22/tcp, 0.0.0.0:443->443/tcp gitlab 433a04f60108 sonarqube:community "/opt/sonarqube/bin/…" 10 days ago Up 15 minutes 0.0.0.0:9000->9000/tcp sonarqube ea753b0905f7 postgres:latest "docker-entrypoint.s…" 10 days ago Up 15 minutes 5432/tcp postgresql Neo-iMac:docker neo$ docker exec -it gitlab cat /etc/gitlab/initial_root_password # WARNING: This value is valid only in the following conditions # 1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run). # 2. Password hasn't been changed manually, either via UI or via command line. # # If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password. Password: LnfGjN5ySHSyTev8VSqCNFna0m43i3oF6FTU8QThoSQ= # NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.
恢复配置文件,首次配置请跳过这步
cat > /srv/gitlab-runner/config.toml << EOF concurrent = 1 check_interval = 0 [session_server] session_timeout = 1800 [[runners]] name = "microservice" url = "https://gitlab.netkiller.cn/" token = "cSB87csLVQnP-JfiU3rX" executor = "shell" [runners.custom_build_dir] [runners.cache] [runners.cache.s3] [runners.cache.gcs] [runners.cache.azure] EOF
安装 gitlab-runner
version: '3.9' services: gitlab-runner: container_name: "gitlab-runner" image: gitlab/gitlab-runner:alpine restart: unless-stopped depends_on: - gitlab privileged: true volumes: - /srv/gitlab-runner:/etc/gitlab-runner - /var/run/docker.sock:/var/run/docker.sock - /bin/docker:/bin/docker
启动 Gitlab runner
[root@netkiller gitlab]# docker compose up -d
注册 gitlab-runner 到 Gitlab
docker exec -it gitlab-runner gitlab-runner register docker exec -it gitlab-runner gitlab-runner registe--url https://gitlab.netkiller.cn/ --registration-token GR13489417SgFtcXMtuyPSqNn9TCoCo
例 116.2. Docker 部署 gitlab-runner 注册演示
[root@localhost gitlab]# docker-compose exec gitlab-runner gitlab-runner register Runtime platform arch=amd64 os=linux pid=77 revision=8b63c432 version=14.3.1 Running in system-mode. Enter the GitLab instance URL (for example, https://gitlab.com/): http://192.168.30.12/ Enter the registration token: suDmuiYsdYoEvhX1ppBy Enter a description for the runner: [1d9ca588f551]: development Enter tags for the runner (comma-separated): shell Registering runner... succeeded runner=suDmuiYs Enter an executor: shell, ssh, docker+machine, docker-ssh+machine, custom, parallels, virtualbox, kubernetes, docker, docker-ssh: shell Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded! [root@localhost gitlab]#
yum localinstall -y https://downloads-packages.s3.amazonaws.com/centos-6.6/gitlab-ce-7.10.0~omnibus.2-1.x86_64.rpm gitlab-ctl reconfigure cp /etc/gitlab/gitlab.rb{,.original}
停止 GitLab 服务
# gitlab-ctl stop ok: down: logrotate: 1s, normally up ok: down: nginx: 0s, normally up ok: down: postgresql: 0s, normally up ok: down: redis: 0s, normally up ok: down: sidekiq: 1s, normally up ok: down: unicorn: 0s, normally up
启动 GitLab 服务
# gitlab-ctl start ok: run: logrotate: (pid 3908) 0s ok: run: nginx: (pid 3911) 1s ok: run: postgresql: (pid 3921) 0s ok: run: redis: (pid 3929) 1s ok: run: sidekiq: (pid 3933) 0s ok: run: unicorn: (pid 3936) 1s
配置gitlab
# vim /etc/gitlab/gitlab.rb external_url 'http://gitlab.example.com'
SMTP配置
gitlab_rails['gitlab_email_enabled'] = true gitlab_rails['gitlab_email_from'] = 'openunix@163.com' gitlab_rails['gitlab_email_display_name'] = 'Neo' gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com' gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "smtp.163.com" gitlab_rails['smtp_user_name'] = "openunix@163.com" gitlab_rails['smtp_password'] = "password" gitlab_rails['smtp_domain'] = "163.com" gitlab_rails['smtp_authentication'] = "login"
任何配置文件变化都需要运行 # gitlab-ctl reconfigure
WEB管理员
# Username: root # Password: 5iveL!fe
curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-ci-multi-runner/script.rpm.sh | sudo bash sudo yum install gitlab-ci-multi-runner
进入 CI 配置页面 http://git.netkiller.cn/netkiller.cn/www.netkiller.cn/settings/ci_cd
Specific Runners 你将看到 CI 的URL和他的Token
Specify the following URL during the Runner setup: http://git.netkiller.cn/ci
Use the following registration token during setup: wRoz1Y_6CXpNh2JbxN_s
现在回到 GitLab Runner
# gitlab-ci-multi-runner register Running in system-mode. Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/): http://git.netkiller.cn/ci Please enter the gitlab-ci token for this runner: wRoz1Y_6CXpNh2JbxN_s Please enter the gitlab-ci description for this runner: [iZ62yln3rjjZ]: gitlab-ci-1 Please enter the gitlab-ci tags for this runner (comma separated): test Whether to run untagged builds [true/false]: [false]: Registering runner... succeeded runner=wRoz1Y_6 Please enter the executor: docker, docker-ssh, shell, ssh, virtualbox, docker+machine, docker-ssh+machine, kubernetes, parallels: shell Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
回到 Gitlab 页你将看到 Pending 状态变成 Running 状态
升级 GitLab Runner
yum install gitlab-ci-multi-runner
编辑 /etc/gitlab/gitlab.rb 文件
external_url 'https://git.netkiller.cn' nginx['enable'] = true nginx['redirect_http_to_https'] = true nginx['ssl_certificate'] = "/etc/gitlab/ssl/git.netkiller.cn.crt" nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/git.netkiller.cn.key" nginx['listen_https'] = true nginx['http2_enabled'] = true
进入容器
[root@localhost ~]# docker exec -it gitlab bash
重置密码
root@gitlab:~# gitlab-rake "gitlab:password:reset" Enter username: neo Enter password: Confirm password: Password successfully updated for user with username neo.
gitlab-runner register #注册,非交互模式添加 --non-interactive gitlab-runner list #列出配置文件中已注册的配置项 gitlab-runner verify #检查注册 #注销所有配置项 gitlab-runner unregister --all-runners #使用令牌注销 gitlab-runner unregister --url http://gitlab.example.com/ --token XXXXXXXX #使用名称注销 gitlab-runner unregister --name test-runner
[root@gitlab ~]# gitlab-rake gitlab:backup:create
备份数据保存在 /var/opt/gitlab/backups 目录中
[root@gitlab ~]# ls -l /var/opt/gitlab/backups | grep 'Feb 17' -rw------- 1 git git 18946846720 Feb 17 14:14 1645078053_2022_02_17_14.7.2_gitlab_backup.tar -rw------- 1 git git 878822637 Feb 17 13:58 artifacts.tar.gz -rw-r--r-- 1 git git 190 Feb 17 14:07 backup_information.yml -rw------- 1 git git 1500 Feb 17 13:57 builds.tar.gz drwxr-xr-x 2 git git 29 Feb 17 13:57 db -rw------- 1 git git 129802 Feb 17 13:58 lfs.tar.gz -rw------- 1 git git 2404907359 Feb 17 14:07 packages.tar.gz -rw------- 1 git git 156 Feb 17 13:58 pages.tar.gz -rw------- 1 git git 16017027489 Feb 17 14:06 registry.tar.gz drwx------ 3 git git 21 Feb 17 13:57 repositories -rw------- 1 git git 147 Feb 17 13:58 terraform_state.tar.gz -rw------- 1 git git 11061155 Feb 17 13:57 uploads.tar.gz
如需修改备份文件目录,可以通过修改 /etc/gitlab/gitlab.rb 配置文件来修改默认备份目录
gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
修改完成之后使用 gitlab-ctl reconfigure 命令重载配置文件即可
设置备份过期时间,单位是秒
[root@gitlab ~]# vim /etc/gitlab/gitlab.rb gitlab_rails['backup_keep_time'] = 604800
创建定时任务,自动备份 gitlab
[root@gitlab ~]# crontab -e 0 2 * * * /opt/gitlab/bin/gitlab-rake gitlab:backup:create