环境准备
sed -e 's|^mirrorlist=|#mirrorlist=|g' \
-e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' \
-i.bak /etc/yum.repos.d/rocky-*.repo
dnf makecache
setenforce 0
sed -i 's#^SELINUX=.*#SELINUX=disabled#' /etc/sysconfig/selinux
systemctl stop firewalld
部署Docker
curl -o /etc/yum.repos.d/docker-ce.repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
dnf install docker-ce
部署GitLab
[root@gitlab ~]# cat docker-compose.yaml
version: '3.6'
services:
gitlab:
image: gitlab/gitlab-ce:latest
container_name: gitlab
restart: always
hostname: 'gitlab'
environment:
TZ: 'Asia/Shanghai'
GITLAB_OMNIBUS_CONFIG: |
# Add any other gitlab.rb configuration here, each on its own line
external_url 'http://gitlab.sundayhk.com'
gitlab_rails['gitlab_shell_ssh_port'] = 8022
#nginx['listen_port'] = 80
nginx['client_max_body_size'] = '2048m'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qq.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "xxx@qq.com"
gitlab_rails['smtp_password'] = "xxxxxxxxxxxxxx"
gitlab_rails['smtp_domain'] = "smtp.qq.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = false
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'xxx@qq.com'
#gitlab_rails['openssl_verify_mode'] = false
#gitlab_rails['smtp_openssl_verify_mode'] = 'none'
ports:
- '80:80'
- '8443:443'
- '8022:22'
volumes:
- '/data/app_data/gitlab/config:/etc/gitlab'
- '/data/app_data/gitlab/logs:/var/log/gitlab'
- '/data/app_data/gitlab/data:/var/opt/gitlab'
shm_size: '256m'
[root@gitlab ~]# docker compose up -d
获取gitlab root默认密码
[root@gitlab ~]# docker exec gitlab cat /etc/gitlab/initial_root_password | grep ^Password
Password: UCc6hQKMurkvNllkBamAkS+7DCDGxxxxxxxxx=
访问 http://gitlab.sundayhk.com/
使用root和密码登陆
关闭注册 (帐号通过管理员添加)
禁用 Gravatar
邮件配置及测试
上面通过docker-compose.yaml 配置ENV Gitlab邮件相关变量,已经实现邮件配置。
这里也可以直接编辑容器内的gitlab.rb文件实现
[root@gitlab ~]# docker exec -it gitlab bash
root@gitlab:/# vi /etc/gitlab/gitlab.rb
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qq.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "sundayhk@qq.com"
gitlab_rails['smtp_password'] = "bdoowbxxxxxxxxxxxxxx" # 授权码
gitlab_rails['smtp_domain'] = "smtp.qq.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = false
gitlab_rails['smtp_tls'] = true
# gitlab_rails['smtp_pool'] = false
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'sundayhk@qq.com'
每次修改都要重新生成配置文件及重启服务
# gitlab-rake gitlab:check
gitlab-ctl reconfigure
gitlab-ctl restart
邮件测试
root@gitlab:/# gitlab-rails console
--------------------------------------------------------------------------------
Ruby: ruby 3.1.5p253 (2024-04-023 revision 1945f8dc0e) [x86_64-linux]
GitLab: 17.2.1 (b30193cc04c) FOSS
GitLab Shell: 14.37.0
PostgreSQL: 14.11
------------------------------------------------------------[ booted in 59.20s ]
=> #<Mail::Message:513100, Multipart: false, Headers: <Date: Sat, 27 Jul 2024 13:45:40 +0000>, <From: GitLab <sundayhk@qq.com>>, <Reply-To: GitLab <noreply@git.sundayhk.com>>, <To: shaohk@qq.com>, <Message-ID: <66a4fa04941de_11ef2ff8446b4@gitlab.mail>>, <Subject: test>, <Mime-Version: 1.0>, <Content-Type: text/html; charset=US-ASCII>, <Content-Transfer-Encoding: 7bit>, <Auto-Submitted: auto-generated>, <X-Auto-Response-Suppress: All>>
irb(main):012:0>
配置邮件后 添加新用户 则会发邮件 通过链接设置用户密码
部署Gitlab-runner
mkdir -p /data/app_data/gitlab-runner/
wget https://dl.k8s.io/release/v1.28.12/bin/linux/amd64/kubectl
mv kubectl /data/app_data/gitlab-runner/
wget https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.5.0/kustomize_v5.5.0_linux_amd64.tar.gz
tar xf kustomize_v5.5.0_linux_amd64.tar.gz
mv kustomize /data/app_data/gitlab-runner/
# docker-compose.yaml
version: '3'
services:
gitlab-runner:
container_name: gitlab-runner
image: gitlab/gitlab-runner:latest
volumes:
- '/data/app_data/gitlab-runner/config:/etc/gitlab-runner'
- '/var/run/docker.sock:/var/run/docker.sock'
restart: always
docker compose up -d
http://gitlab.sundayhk.com/admin/runners
进入gitlab-runner 容器 再gitlab-runner registry
docker exec -it gitlab-runner bash
注:docker 时常抽风,即使镜像本地存在,也可能docker请求导致失败,建议将docker:20.10.16-git上传到内部的harbor。
docker pull docker:20.10.16-git
docker tag docker:20.10.16-git harbor.sundayhk.com/library/docker:20.10.16-git
docker push harbor.sundayhk.com/library/docker:20.10.16-git
两种注册方法(任选其中一个)
- 交互
root@0fd6071790ef:~# gitlab-runner register --url http://gitlab.sundayhk.com --token glrt-XxbxP1xkTn5-yyhzMzQm
Runtime platform arch=amd64 os=linux pid=56 revision=12030cf4 version=17.5.3
Running in system-mode.
Enter the GitLab instance URL (for example, https://gitlab.com/):
[http://gitlab.sundayhk.com]: # Enter
Verifying runner... is valid runner=XxbxP1xkT
Enter a name for the runner. This is stored only in the local config.toml file:
[0fd6071790ef]: My Docker Runner
Enter an executor: parallels, virtualbox, docker, docker-windows, instance, custom, shell, ssh, docker+machine, kubernetes, docker-autoscaler:
docker # 输入
Enter the default Docker image (for example, ruby:2.7):
docker:20.10.16-git # 输入
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
Configuration (with the authentication token) was saved in "/etc/gitlab-runner/config.toml"
root@0fd6071790ef:~# gitlab-runner restart # 重启服务
- 非交互
gitlab-runner register \
--non-interactive \
--url "http://gitlab.sundayhk.com" \
--token "glrt-XxbxP1xkTn5-yyhzMzQm" \
--executor "docker" \
--docker-image harbor.sundayhk.com/library/docker:20.10.16-git \
--description "docker-runner"
root@0fd6071790ef:/etc/gitlab-runner# gitlab-runner register \
> --non-interactive \
> --url "http://gitlab.sundayhk.com" \
> --token "glrt-XxbxP1xkTn5-yyhzMzQm" \
> --executor "docker" \
> --docker-image harbor.sundayhk.com/library/docker:20.10.16-git \
> --description "docker-runner"
Runtime platform arch=amd64 os=linux pid=739 revision=12030cf4 version=17.5.3
Running in system-mode.
Verifying runner... is valid runner=XxbxP1xkT
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
Configuration (with the authentication token) was saved in "/etc/gitlab-runner/config.toml"
root@0fd6071790ef:~# gitlab-runner restart # 重启服务
查看配置并修改
docker cp gitlab-runner:/etc/gitlab-runner/config.toml ./
vim config.toml
docker cp config.toml gitlab-runner:/etc/gitlab-runner/config.toml
systemctl restart gitlab-runner
# vim /data/app_data/gitlab-runner/config/config.toml
# /etc/gitlab-runner/config.toml
concurrent = 1
check_interval = 0
connection_max_age = "15m0s"
shutdown_timeout = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "My Docker Runner"
url = "http://gitlab.sundayhk.com"
id = 3
token = "glrt-XxbxP1xkTn5-yyhzMzQm"
token_obtained_at = 2024-11-21T05:32:19Z
token_expires_at = 0001-01-01T00:00:00Z
executor = "docker"
[runners.custom_build_dir]
enabled = true # 添加
[runners.cache]
MaxUploadedArchiveSize = 0
[runners.cache.s3]
[runners.cache.gcs]
[runners.cache.azure]
[runners.docker]
tls_verify = false
image = "harbor.sundayhk.com/library/docker:20.10.16-git"
privileged = false
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
#volumes = ["/cache"]
volumes = [ "/cache","/var/run/docker.sock:/var/run/docker.sock"] # 修改
shm_size = 0
network_mtu = 0
注意
volumes
属性,这里增加了一个 Unix Socket 地址映射,这样容器中的 docker 命令就可以和宿主机中的 docker 守护程序进行通信了。
systemctl restart gitlab-runner
Gitlab备份与恢复
Gitlab备份
手动备份
[root@gitlab ~]# docker exec gitlab gitlab-rake gitlab:backup:create
[root@gitlab ~]# docker exec gitlab ls /var/opt/gitlab/backups/
1722090118_2024_07_27_17.2.1_gitlab_backup.tar
宿主机定时备份任务
[root@gitlab ~]# crontab -e
# m h dom mon dow command
# gitlab backup
00 02 * * * /data/shell/gitlab_backup.sh > /dev/null 2>&1
备份脚本
[root@gitlab ~]# vim /data/shell/gitlab_backup.sh
#!/bin/bash
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
docker exec gitlab gitlab-rake gitlab:backup:create
Gitlab恢复
[root@gitlab ~]# docker exec -it gitlab bash
# 停止相关数据连接服务
root@gitlab:/# gitlab-ctl stop unicorn
root@gitlab:/# gitlab-ctl stop sidekiq
root@gitlab:/# cd /var/opt/gitlab/backups
root@gitlab:/var/opt/gitlab/backups# ls -l
total 1000
-rw-------. 1 git git 512000 Jul 27 22:22 1722090118_2024_07_27_17.2.1_gitlab_backup.tar
root@gitlab:/var/opt/gitlab/backups# gitlab-rake gitlab:backup:restore
BACKUP=1722090118_2024_07_27_17.2.1
# 启动Gitlab
root@gitlab:/var/opt/gitlab/backups# gitlab-ctl start
报错解决
Running handlers:
[2024-07-27T18:23:17+08:00] ERROR: Running exception handlers
There was an error running gitlab-ctl reconfigure:
gitlab_rails['smtp_tls'] and gitlab_rails['smtp_enable_starttls_auto'] are mutually exclusive. Set one of them to false. SMTP providers usually use port 465 for TLS and port 587 for STARTTLS.
解决:
在配置文件/etc/gitlab/gitlab.rb中,同时配置了smtp_tls和smtp_enable_starttls_auto为true,把其中一个设置为false就行了。
error during connect: Post "http://docker:2375/v1.24/build?buildargs=%7B%7D&cachefrom=%5B%5D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&labels=%7B%7D&memory=0&memswap=0&networkmode=default&rm=1&shmsize=0&t=yunnysunny%2Fcn-alpine%3Amain&target=&ulimits=null&version=1": dial tcp: lookup docker on x.x.x.x:53: no such host
解决:
这是由于我们的 docker 命令运行在 docker 镜像中无法与宿主机中真正的 docker 守护程序进行通信,需要修改一下 gitlab-runner 中 config.toml , 将守护程序监听的 Unix Socket 路径挂载在 runner 启动的容器上
vim /etc/gitlab-runner/config.toml
#volumes = ["/cache"]
volumes = ["/var/run/docker.sock:/var/run/docker.sock","/cache"]