前言
DevOps 理念落实得最为彻底的一类案例就是 CI/CD(持续集成/持续交付) 系统
CI/CD(持续集成/持续交付) 系统的一个关键环节就是版本控制,因为它是多是工作流的起点
版本控制软件有很多种,比较熟知的开源版本控制软件有 CVS ,SVN 和 Git ,从目前使用情况来看最受欢迎的开源版本控制系统还是 Git
单单看 Git 所专注的版本控制功能,其强大与高效鲜有软件可以与其比拟,但是 Git 没有友好的管理界面和配备服务,大型项目管理的过程中也缺少权限管理的功能
于是世面上有各种基于 Git 的集成软件,GitLab 就是其中优秀的一款
Tip: 当前最新版本为 9.4.0
GitLab 除了具备基本的版本控制能力外,还有内建的 CI/CD 功能,GitLab Pages(类似于 github pages,可以用于写 wiki,或其它帮助文档),管理 issue,基本的 review 功能,时间追踪等功能
这些功能对于一个自动化的运维环境来讲,可以非常明显地提升工作效率
相对于基础的社区版,企业版和企业增强版还提供很多附加的功能,详细可以参考 版本对比
这里就如何快速搭建 gitlab-ce 给出一个过程参考
其它环境下的详细安装过程可以参考 GitLab 的安装
概要
系统环境
代码语言:javascript复制[root@much ~]# hostnamectl
Static hostname: much
Icon name: computer-vm
Chassis: vm
Machine ID: 33dc28f7e76c4903ad9b603b77e29a7c
Boot ID: 16c8f52b10f2442f85308cce86bf08f7
Virtualization: kvm
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-514.21.1.el7.x86_64
Architecture: x86-64
[root@much ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:c2:66:f7 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic enp0s3
valid_lft 86055sec preferred_lft 86055sec
inet6 fe80::2bb7:5b3:9584:d8eb/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:03:d0:2d brd ff:ff:ff:ff:ff:ff
inet 192.168.56.203/24 brd 192.168.56.255 scope global enp0s8
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe03:d02d/64 scope link
valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 52:54:00:16:5e:11 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
link/ether 52:54:00:16:5e:11 brd ff:ff:ff:ff:ff:ff
[root@much ~]# uname -a
Linux much 3.10.0-514.21.1.el7.x86_64 #1 SMP Thu May 25 17:04:51 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@much ~]# 安装并且配置必要的依赖包
代码语言:javascript复制[root@much ~]# yum install curl policycoreutils openssh-server openssh-clients
Loaded plugins: fastestmirror, langpacks
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
base | 3.6 kB 00:00:00
c7-media | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/2): extras/7/x86_64/primary_db | 191 kB 00:00:00
(2/2): updates/7/x86_64/primary_db | 7.8 MB 00:00:00
Determining fastest mirrors
* base: mirrors.tuna.tsinghua.edu.cn
* c7-media:
* extras: centos.ustc.edu.cn
* updates: centos.ustc.edu.cn
Package curl-7.29.0-35.el7.centos.x86_64 already installed and latest version
Package policycoreutils-2.5-11.el7_3.x86_64 already installed and latest version
Package openssh-server-6.6.1p1-35.el7_3.x86_64 already installed and latest version
Package openssh-clients-6.6.1p1-35.el7_3.x86_64 already installed and latest version
Nothing to do
[root@much ~]# systemctl enable sshd
[root@much ~]# systemctl start sshd
[root@much ~]# yum install postfix
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.tuna.tsinghua.edu.cn
* c7-media:
* extras: centos.ustc.edu.cn
* updates: centos.ustc.edu.cn
Package 2:postfix-2.10.1-6.el7.x86_64 already installed and latest version
Nothing to do
[root@much ~]# systemctl enable postfix
[root@much ~]# systemctl start postfix
[root@much ~]# firewall-cmd --permanent --add-service=http
success
[root@much ~]# systemctl reload firewalld
[root@much ~]# gitlab-ce 对 curl policycoreutils openssh-server openssh-clients postfix 这些服务有依赖,需要提前安装和开启
防火墙要打开 http 的访问,否则无法对外提供服务
安装 Gitlab 服务包
代码语言:javascript复制[root@much ~]# yum list all | grep gitlab
[root@much ~]# curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
Detected operating system as centos/7.
Checking for curl...
Detected curl...
Downloading repository file: https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/config_file.repo?os=centos&dist=7&source=script
done.
Installing pygpgme to verify GPG signatures...
Loaded plugins: fastestmirror, langpacks
gitlab_gitlab-ce-source/signature | 836 B 00:00:00
Retrieving key from https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
Importing GPG key 0xE15E78F4:
Userid : "GitLab B.V. (package repository signing key) <packages@gitlab.com>"
Fingerprint: 1a4c 919d b987 d435 9396 38b9 1421 9a96 e15e 78f4
From : https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
gitlab_gitlab-ce-source/signature | 951 B 00:00:00 !!!
gitlab_gitlab-ce-source/primary | 175 B 00:00:03
Loading mirror speeds from cached hostfile
* base: mirrors.tuna.tsinghua.edu.cn
* c7-media:
* extras: centos.ustc.edu.cn
* updates: centos.ustc.edu.cn
Package pygpgme-0.3-9.el7.x86_64 already installed and latest version
Nothing to do
Installing yum-utils...
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.tuna.tsinghua.edu.cn
* c7-media:
* extras: centos.ustc.edu.cn
* updates: centos.ustc.edu.cn
Package yum-utils-1.1.31-40.el7.noarch already installed and latest version
Nothing to do
Generating yum cache for gitlab_gitlab-ce...
Importing GPG key 0xE15E78F4:
Userid : "GitLab B.V. (package repository signing key) <packages@gitlab.com>"
Fingerprint: 1a4c 919d b987 d435 9396 38b9 1421 9a96 e15e 78f4
From : https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
The repository is setup! You can now install packages.
[root@much ~]# echo $?
0
[root@much ~]# yum list all | grep gitlab
gitlab-ce.x86_64 9.4.0-ce.0.el7 gitlab_gitlab-ce
[root@much ~]#
[root@much ~]# yum install gitlab-ce
Loaded plugins: fastestmirror, langpacks
gitlab_gitlab-ce/x86_64/signature | 836 B 00:00:00
gitlab_gitlab-ce/x86_64/signature | 1.0 kB 00:00:00 !!!
gitlab_gitlab-ce-source/signature | 836 B 00:00:00
gitlab_gitlab-ce-source/signature | 951 B 00:00:00 !!!
Loading mirror speeds from cached hostfile
* base: mirrors.tuna.tsinghua.edu.cn
* c7-media:
* extras: centos.ustc.edu.cn
* updates: centos.ustc.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package gitlab-ce.x86_64 0:9.4.0-ce.0.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
============================================================================================================================================================================================
Package Arch Version Repository Size
============================================================================================================================================================================================
Installing:
gitlab-ce x86_64 9.4.0-ce.0.el7 gitlab_gitlab-ce 340 M
Transaction Summary
============================================================================================================================================================================================
Install 1 Package
Total download size: 340 M
Installed size: 1.0 G
Is this ok [y/d/N]: y
Downloading packages:
No Presto metadata available for gitlab_gitlab-ce
gitlab-ce-9.4.0-ce.0.el7.x86_64.rpm | 340 MB 00:44:02
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : gitlab-ce-9.4.0-ce.0.el7.x86_64 1/1
*. *.
*** ***
***** *****
.****** *******
******** ********
,,,,,,,,,***********,,,,,,,,,
,,,,,,,,,,,*********,,,,,,,,,,,
.,,,,,,,,,,,*******,,,,,,,,,,,,
,,,,,,,,,*****,,,,,,,,,.
,,,,,,,****,,,,,,
.,,,***,,,,
,*,.
_______ __ __ __
/ ____(_) /_/ / ____ _/ /_
/ / __/ / __/ / / __ `/ __
/ /_/ / / /_/ /___/ /_/ / /_/ /
____/_/__/_____/__,_/_.___/
gitlab: Thank you for installing GitLab!
gitlab: To configure and start GitLab, RUN THE FOLLOWING COMMAND:
sudo gitlab-ctl reconfigure
gitlab: GitLab should be reachable at http://much
gitlab: Otherwise configure GitLab for your system by editing /etc/gitlab/gitlab.rb file
gitlab: And running reconfigure again.
gitlab:
gitlab: For a comprehensive list of configuration options please see the Omnibus GitLab readme
gitlab: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md
gitlab:
It looks like GitLab has not been configured yet; skipping the upgrade script.
Verifying : gitlab-ce-9.4.0-ce.0.el7.x86_64 1/1
Installed:
gitlab-ce.x86_64 0:9.4.0-ce.0.el7
Complete!
[root@much ~]# echo $?
0
[root@much ~]#启动 GitLab ce
代码语言:javascript复制[root@much ~]# gitlab-ctl status
[root@much ~]# gitlab-ctl reconfigure
Starting Chef Client, version 12.12.15
resolving cookbooks for run list: ["gitlab"]
Synchronizing Cookbooks:
- package (0.0.0)
- gitlab (0.0.1)
- runit (0.14.2)
- registry (0.1.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Recipe: gitlab::default
* directory[/etc/gitlab] action create
- change mode from '0755' to '0775'
- restore selinux security context
/sbin/init: unrecognized option '--version'
-.mount loaded active mounted /
Converging 465 resources
* directory[/etc/gitlab] action create (up to date)
* directory[Create /var/opt/gitlab] action create
- create new directory /var/opt/gitlab
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* directory[/opt/gitlab/embedded/etc] action create
- create new directory /opt/gitlab/embedded/etc
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* template[/opt/gitlab/embedded/etc/gitconfig] action create
- create new file /opt/gitlab/embedded/etc/gitconfig
- update content in file /opt/gitlab/embedded/etc/gitconfig from none to 5fe039
--- /opt/gitlab/embedded/etc/gitconfig 2017-07-24 00:12:56.993000000 0800
/opt/gitlab/embedded/etc/.chef-gitconfig20170724-7201-pdd52n 2017-07-24 00:12:56.993000000 0800
@@ -1 1,10 @@
[pack]
threads = 1
[receive]
fsckObjects = true
[repack]
writeBitmaps = true
[transfer]
hideRefs=^refs/tmp/
hideRefs=^refs/keep-around/
- change mode from '' to '0755'
- restore selinux security context
Recipe: gitlab::web-server
* group[Webserver user and group] action create
- create group gitlab-www
* user[Webserver user and group] action create
- create user gitlab-www
Recipe: gitlab::users
* directory[/var/opt/gitlab] action create (up to date)
* group[GitLab user and group] action create
- create group git
* user[GitLab user and group] action create
- create user git
* template[/var/opt/gitlab/.gitconfig] action create
- create new file /var/opt/gitlab/.gitconfig
- update content in file /var/opt/gitlab/.gitconfig from none to 973154
--- /var/opt/gitlab/.gitconfig 2017-07-24 00:12:57.192000000 0800
/var/opt/gitlab/.chef-.gitconfig20170724-7201-161mgmq 2017-07-24 00:12:57.192000000 0800
@@ -1 1,12 @@
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
[user]
name = GitLab
email = gitlab@much
[core]
autocrlf = input
[gc]
auto = 0
- change mode from '' to '0644'
- change owner from '' to 'git'
- change group from '' to 'git'
- restore selinux security context
Recipe: gitlab::gitlab-shell
* ruby_block[directory resource: /var/opt/gitlab/git-data] action run
- execute the ruby block directory resource: /var/opt/gitlab/git-data
* ruby_block[directory resource: /var/opt/gitlab/git-data/repositories] action run
- execute the ruby block directory resource: /var/opt/gitlab/git-data/repositories
* ruby_block[directory resource: /var/opt/gitlab/.ssh] action run
- execute the ruby block directory resource: /var/opt/gitlab/.ssh
* directory[/var/log/gitlab/gitlab-shell/] action create
- create new directory /var/log/gitlab/gitlab-shell/
- change mode from '' to '0700'
- change owner from '' to 'git'
- restore selinux security context
* directory[/var/opt/gitlab/gitlab-shell] action create
- create new directory /var/opt/gitlab/gitlab-shell
- change mode from '' to '0700'
- change owner from '' to 'git'
- restore selinux security context
* templatesymlink[Create a config.yml and create a symlink to Rails root] action create
* template[/var/opt/gitlab/gitlab-shell/config.yml] action create
- create new file /var/opt/gitlab/gitlab-shell/config.yml
- update content in file /var/opt/gitlab/gitlab-shell/config.yml from none to cce2bf
--- /var/opt/gitlab/gitlab-shell/config.yml 2017-07-24 00:12:57.952000000 0800
/var/opt/gitlab/gitlab-shell/.chef-config.yml20170724-7201-18rakrc 2017-07-24 00:12:57.952000000 0800
@@ -1 1,44 @@
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
# GitLab user. git by default
user: git
# Url to gitlab instance. Used for api calls. Should end with a slash.
gitlab_url: "http://127.0.0.1:8080"
http_settings:
# user: someone
# password: somepass
# ca_file: /etc/ssl/cert.pem
# ca_path: /etc/pki/tls/certs
# self_signed_cert: false
# File used as authorized_keys for gitlab user
auth_file: "/var/opt/gitlab/.ssh/authorized_keys"
# Redis settings used for pushing commit notices to gitlab
redis:
bin: /opt/gitlab/embedded/bin/redis-cli
host: 127.0.0.1
port:
socket: /var/opt/gitlab/redis/redis.socket
database:
namespace: resque:gitlab
# Log file.
# Default is gitlab-shell.log in the root directory.
log_file: "/var/log/gitlab/gitlab-shell/gitlab-shell.log"
# Log level. INFO by default
log_level:
# Audit usernames.
# Set to true to see real usernames in the logs instead of key ids, which is easier to follow, but
# incurs an extra API call on every gitlab-shell command.
audit_usernames:
- restore selinux security context
* link[Link /opt/gitlab/embedded/service/gitlab-shell/config.yml to /var/opt/gitlab/gitlab-shell/config.yml] action create
- create symlink at /opt/gitlab/embedded/service/gitlab-shell/config.yml to /var/opt/gitlab/gitlab-shell/config.yml
* link[/opt/gitlab/embedded/service/gitlab-shell/.gitlab_shell_secret] action create
- create symlink at /opt/gitlab/embedded/service/gitlab-shell/.gitlab_shell_secret to /opt/gitlab/embedded/service/gitlab-rails/.gitlab_shell_secret
* execute[/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-keys check-permissions] action run
- execute /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-keys check-permissions
* bash[Set proper security context on ssh files for selinux] action run
- execute "bash" "/tmp/chef-script20170724-7201-1q92aa0"
Recipe: gitlab::gitlab-rails
* directory[/var/log/gitlab] action create
- change owner from 'root' to 'git'
- restore selinux security context
* ruby_block[directory resource: /var/opt/gitlab/gitlab-rails/shared] action run
- execute the ruby block directory resource: /var/opt/gitlab/gitlab-rails/shared
* ruby_block[directory resource: /var/opt/gitlab/gitlab-rails/shared/artifacts] action run
- execute the ruby block directory resource: /var/opt/gitlab/gitlab-rails/shared/artifacts
* ruby_block[directory resource: /var/opt/gitlab/gitlab-rails/shared/lfs-objects] action run
- execute the ruby block directory resource: /var/opt/gitlab/gitlab-rails/shared/lfs-objects
* ruby_block[directory resource: /var/opt/gitlab/gitlab-rails/uploads] action run
- execute the ruby block directory resource: /var/opt/gitlab/gitlab-rails/uploads
* ruby_block[directory resource: /var/opt/gitlab/gitlab-ci/builds] action run
- execute the ruby block directory resource: /var/opt/gitlab/gitlab-ci/builds
* ruby_block[directory resource: /var/opt/gitlab/gitlab-rails/shared/pages] action run
- execute the ruby block directory resource: /var/opt/gitlab/gitlab-rails/shared/pages
* directory[create /var/opt/gitlab/gitlab-rails/etc] action create
- create new directory /var/opt/gitlab/gitlab-rails/etc
- change mode from '' to '0700'
- change owner from '' to 'git'
- restore selinux security context
* directory[create /opt/gitlab/etc/gitlab-rails] action create
- create new directory /opt/gitlab/etc/gitlab-rails
- change mode from '' to '0700'
- change owner from '' to 'git'
- restore selinux security context
* directory[create /var/opt/gitlab/gitlab-rails/working] action create
- create new directory /var/opt/gitlab/gitlab-rails/working
- change mode from '' to '0700'
- change owner from '' to 'git'
- restore selinux security context
* directory[create /var/opt/gitlab/gitlab-rails/tmp] action create
- create new directory /var/opt/gitlab/gitlab-rails/tmp
- change mode from '' to '0700'
- change owner from '' to 'git'
- restore selinux security context
* directory[create /var/opt/gitlab/gitlab-rails/upgrade-status] action create
- create new directory /var/opt/gitlab/gitlab-rails/upgrade-status
- change mode from '' to '0700'
- change owner from '' to 'git'
- restore selinux security context
* directory[create /var/log/gitlab/gitlab-rails] action create
- create new directory /var/log/gitlab/gitlab-rails
- change mode from '' to '0700'
- change owner from '' to 'git'
- restore selinux security context
* directory[/var/opt/gitlab/backups] action create
- create new directory /var/opt/gitlab/backups
- change mode from '' to '0700'
- change owner from '' to 'git'
- restore selinux security context
* directory[/var/opt/gitlab/gitlab-rails] action create
- change owner from 'root' to 'git'
- restore selinux security context
* directory[/var/opt/gitlab/gitlab-ci] action create
- change owner from 'root' to 'git'
- restore selinux security context
* file[/var/opt/gitlab/gitlab-rails/etc/gitlab-registry.key] action create (skipped due to only_if)
* template[/opt/gitlab/etc/gitlab-rails/gitlab-rails-rc] action create
- create new file /opt/gitlab/etc/gitlab-rails/gitlab-rails-rc
- update content in file /opt/gitlab/etc/gitlab-rails/gitlab-rails-rc from none to 15c7d9
--- /opt/gitlab/etc/gitlab-rails/gitlab-rails-rc 2017-07-24 00:12:59.564000000 0800
/opt/gitlab/etc/gitlab-rails/.chef-gitlab-rails-rc20170724-7201-cyydm3 2017-07-24 00:12:59.564000000 0800
@@ -1 1,2 @@
gitlab_user='git'
- restore selinux security context
* file[/opt/gitlab/embedded/service/gitlab-rails/.secret] action delete (up to date)
* file[/var/opt/gitlab/gitlab-rails/etc/secret] action delete (up to date)
* templatesymlink[Create a database.yml and create a symlink to Rails root] action create
* template[/var/opt/gitlab/gitlab-rails/etc/database.yml] action create
- create new file /var/opt/gitlab/gitlab-rails/etc/database.yml
- update content in file /var/opt/gitlab/gitlab-rails/etc/database.yml from none to f96ae4
--- /var/opt/gitlab/gitlab-rails/etc/database.yml 2017-07-24 00:12:59.594000000 0800
/var/opt/gitlab/gitlab-rails/etc/.chef-database.yml20170724-7201-1imtzor 2017-07-24 00:12:59.594000000 0800
@@ -1 1,22 @@
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
production:
adapter: postgresql
encoding: unicode
collation:
database: gitlabhq_production
pool: 10
username: 'gitlab'
password:
host: '/var/opt/gitlab/postgresql'
port: 5432
socket:
sslmode:
sslrootcert:
sslca:
load_balancing: {"hosts":[]}
prepared_statements: true
statements_limit: 1000
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* link[Link /opt/gitlab/embedded/service/gitlab-rails/config/database.yml to /var/opt/gitlab/gitlab-rails/etc/database.yml] action create
- create symlink at /opt/gitlab/embedded/service/gitlab-rails/config/database.yml to /var/opt/gitlab/gitlab-rails/etc/database.yml
* templatesymlink[Create a secrets.yml and create a symlink to Rails root] action create
* template[/var/opt/gitlab/gitlab-rails/etc/secrets.yml] action create
- create new file /var/opt/gitlab/gitlab-rails/etc/secrets.yml
- update content in file /var/opt/gitlab/gitlab-rails/etc/secrets.yml from none to b7ccd5
- suppressed sensitive resource
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* link[Link /opt/gitlab/embedded/service/gitlab-rails/config/secrets.yml to /var/opt/gitlab/gitlab-rails/etc/secrets.yml] action create
- create symlink at /opt/gitlab/embedded/service/gitlab-rails/config/secrets.yml to /var/opt/gitlab/gitlab-rails/etc/secrets.yml
* templatesymlink[Create a resque.yml and create a symlink to Rails root] action create
* template[/var/opt/gitlab/gitlab-rails/etc/resque.yml] action create
- create new file /var/opt/gitlab/gitlab-rails/etc/resque.yml
- update content in file /var/opt/gitlab/gitlab-rails/etc/resque.yml from none to ec4232
--- /var/opt/gitlab/gitlab-rails/etc/resque.yml 2017-07-24 00:12:59.663000000 0800
/var/opt/gitlab/gitlab-rails/etc/.chef-resque.yml20170724-7201-6xk1z2 2017-07-24 00:12:59.663000000 0800
@@ -1 1,3 @@
production:
url: unix:/var/opt/gitlab/redis/redis.socket
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* link[Link /opt/gitlab/embedded/service/gitlab-rails/config/resque.yml to /var/opt/gitlab/gitlab-rails/etc/resque.yml] action create
- create symlink at /opt/gitlab/embedded/service/gitlab-rails/config/resque.yml to /var/opt/gitlab/gitlab-rails/etc/resque.yml
* templatesymlink[Create a aws.yml and create a symlink to Rails root] action delete
* template[/var/opt/gitlab/gitlab-rails/etc/aws.yml] action delete (up to date)
* link[Link /opt/gitlab/embedded/service/gitlab-rails/config/aws.yml to /var/opt/gitlab/gitlab-rails/etc/aws.yml] action delete (up to date)
(up to date)
* templatesymlink[Create a smtp_settings.rb and create a symlink to Rails root] action delete
* template[/var/opt/gitlab/gitlab-rails/etc/smtp_settings.rb] action delete (up to date)
* link[Link /opt/gitlab/embedded/service/gitlab-rails/config/initializers/smtp_settings.rb to /var/opt/gitlab/gitlab-rails/etc/smtp_settings.rb] action delete (up to date)
(up to date)
* templatesymlink[Create a gitlab.yml and create a symlink to Rails root] action create
* template[/var/opt/gitlab/gitlab-rails/etc/gitlab.yml] action create
- create new file /var/opt/gitlab/gitlab-rails/etc/gitlab.yml
- update content in file /var/opt/gitlab/gitlab-rails/etc/gitlab.yml from none to 1666f1
--- /var/opt/gitlab/gitlab-rails/etc/gitlab.yml 2017-07-24 00:12:59.706000000 0800
/var/opt/gitlab/gitlab-rails/etc/.chef-gitlab.yml20170724-7201-1a7q6sx 2017-07-24 00:12:59.704000000 0800
@@ -1 1,466 @@
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
production: &base
#
# 1. GitLab app settings
# ==========================
## GitLab settings
gitlab:
## Web server settings (note: host is the FQDN, do not include http://)
host: much
port: 80
https: false
# Uncommment this line below if your ssh host is different from HTTP/HTTPS one
# (you'd obviously need to replace ssh.host_example.com with your own host).
# Otherwise, ssh host will be set to the `host:` value above
ssh_host:
# WARNING: See config/application.rb under "Relative url support" for the list of
# other files that need to be changed for relative url support
relative_url_root:
# Trusted Proxies
# Customize if you have GitLab behind a reverse proxy which is running on a different machine.
# Add the IP address for your reverse proxy to the list, otherwise users will appear signed in from that address.
trusted_proxies:
# Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
user: git
## Date & Time settings
time_zone:
## Email settings
# Uncomment and set to false if you need to disable email sending from GitLab (default: true)
email_enabled:
# Email address used in the "From" field in mails sent by GitLab
email_from: gitlab@much
email_display_name:
email_reply_to:
email_subject_suffix:
# Email server smtp settings are in [a separate file](initializers/smtp_settings.rb.sample).
## User settings
default_can_create_group: # default: true
username_changing_enabled: # default: true - User can change her username/namespace
## Default theme
## 1 - Graphite
## 2 - Charcoal
## 3 - Green
## 4 - Gray
## 5 - Violet
## 6 - Blue
default_theme: # default: 2
## Automatic issue closing
# If a commit message matches this regular expression, all issues referenced from the matched text will be closed.
# This happens when the commit is pushed or merged into the default branch of a project.
# When not specified the default issue_closing_pattern as specified below will be used.
# Tip: you can test your closing pattern at http://rubular.com
issue_closing_pattern:
## Default project features settings
default_projects_features:
issues:
merge_requests:
wiki:
snippets:
builds:
container_registry:
## Webhook settings
# Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10)
webhook_timeout:
## Repository downloads directory
# When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory.
# The default is 'tmp/repositories' relative to the root of the Rails app.
repository_downloads_path:
usage_ping_enabled:
## Reply by email
# Allow users to comment on issues and merge requests by replying to notification emails.
# For documentation on how to set this up, see https://docs.gitlab.com/ce/administration/reply_by_email.html
incoming_email:
enabled: false
# The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to.
# The placeholder can be omitted but if present, it must appear in the "user" part of the address (before the `@`).
address:
# Email account username
# With third party providers, this is usually the full email address.
# With self-hosted email servers, this is usually the user part of the email address.
user:
# Email account password
password:
# IMAP server host
host:
# IMAP server port
port:
# Whether the IMAP server uses SSL
ssl:
# Whether the IMAP server uses StartTLS
start_tls:
# The mailbox where incoming mail will end up. Usually "inbox".
mailbox: 'inbox'
# The IDLE command timeout.
idle_timeout:
## Build Artifacts
artifacts:
enabled: true
# The location where Build Artifacts are stored (default: shared/artifacts).
path: /var/opt/gitlab/gitlab-rails/shared/artifacts
object_store:
enabled: false
remote_directory: 'artifacts'
connection: {}
## Git LFS
lfs:
enabled:
# The location where LFS objects are stored (default: shared/lfs-objects).
storage_path: /var/opt/gitlab/gitlab-rails/shared/lfs-objects
## Container Registry
registry:
enabled: false
host:
port:
api_url: # internal address to the registry, will be used by GitLab to directly communicate with API
path:
key: /var/opt/gitlab/gitlab-rails/etc/gitlab-registry.key
issuer: omnibus-gitlab-issuer
mattermost:
enabled: false
host:
## GitLab Pages
pages:
enabled: false
path: /var/opt/gitlab/gitlab-rails/shared/pages
host:
port:
https: false
external_http: nil
external_https: nil
## Gravatar
## For Libravatar see: https://docs.gitlab.com/ce/customization/libravatar.html
gravatar:
# gravatar urls: possible placeholders: %{hash} %{size} %{email}
plain_url: # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
ssl_url: # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
## Auxiliary jobs
# Periodically executed jobs, to self-heal GitLab, do external synchronizations, etc.
# Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
cron_jobs:
# Flag stuck CI builds as failed
stuck_ci_jobs_worker:
cron:
# Remove expired build artifacts
expire_build_artifacts_worker:
cron:
# Schedule pipelines in the near future
pipeline_schedule_worker:
cron:
# Periodically run 'git fsck' on all repositories. If started more than
# once per hour you will have concurrent 'git fsck' jobs.
repository_check_worker:
cron:
# Send admin emails once a week
admin_email_worker:
cron:
# Remove outdated repository archives
repository_archive_cache_worker:
cron:
##
# GitLab EE only jobs:
# Snapshot active users statistics
# In addition to refreshing users when they log in,
# periodically refresh LDAP users membership.
# NOTE: This will only take effect if LDAP is enabled
# GitLab LDAP group sync worker
# NOTE: This will only take effect if LDAP is enabled
# Gitlab Geo nodes notification worker
# NOTE: This will only take effect if Geo is enabled
# GitLab Geo repository sync worker
# NOTE: This will only take effect if Geo is enabled
# GitLab Geo file download dispatch worker
# NOTE: This will only take effect if Geo is enabled
#
# 2. GitLab CI settings
# ==========================
gitlab_ci:
# Default project notifications settings:
#
# Send emails only on broken builds (default: true)
all_broken_builds:
#
# Add pusher to recipients list (default: false)
add_pusher:
# The location where build traces are stored (default: builds/). Relative paths are relative to Rails.root
builds_path: /var/opt/gitlab/gitlab-ci/builds
#
# 3. Auth settings
# ==========================
## LDAP settings
# You can inspect a sample of the LDAP users with login access by running:
# bundle exec rake gitlab:ldap:check RAILS_ENV=production
ldap:
enabled: false
sync_time:
host:
port:
uid:
method: # "tls" or "ssl" or "plain"
bind_dn:
password:
active_directory:
allow_username_or_email_login:
base:
user_filter:
## EE only
group_base:
admin_group:
sync_ssh_keys:
sync_time:
## Kerberos settings
kerberos:
# Allow the HTTP Negotiate authentication method for Git clients
enabled:
# Kerberos 5 keytab file. The keytab file must be readable by the GitLab user,
# and should be different from other keytabs in the system.
# (default: use default keytab from Krb5 config)
keytab:
# The Kerberos service name to be used by GitLab.
# (default: accept any service name in keytab file)
service_principal_name:
# Dedicated port: Git before 2.4 does not fall back to Basic authentication if Negotiate fails.
# To support both Basic and Negotiate methods with older versions of Git, configure
# nginx to proxy GitLab on an extra port (e.g. 8443) and uncomment the following lines
# to dedicate this port to Kerberos authentication. (default: false)
use_dedicated_port:
port:
https:
## OmniAuth settings
omniauth:
# Allow login via Twitter, Google, etc. using OmniAuth providers
enabled: false
# Uncomment this to automatically sign in with a specific omniauth provider's without
# showing GitLab's sign-in page (default: show the GitLab sign-in page)
auto_sign_in_with_provider:
# Sync user's email address from the specified Omniauth provider every time the user logs
# in (default: nil). And consequently make this field read-only.
# CAUTION!
# This allows users to login without having a user account first. Define the allowed
# providers using an array, e.g. ["saml", "twitter"]
# User accounts will be created automatically when authentication was successful.
allow_single_sign_on: ["saml"]
# Locks down those users until they have been cleared by the admin (default: true).
block_auto_created_users:
# Look up new users in LDAP servers. If a match is found (same uid), automatically
# link the omniauth identity with the LDAP account. (default: false)
auto_link_ldap_user:
# Allow users with existing accounts to login and auto link their account via SAML
# login, without having to do a manual login first and manually add SAML
# (default: false)
auto_link_saml_user: null
# Set different Omniauth providers as external so that all users creating accounts
# via these providers will not be able to have access to internal projects. You
# will need to use the full name of the provider, like `google_oauth2` for Google.
# Refer to the examples below for the full names of the supported providers.
# (default: [])
external_providers: null
## Auth providers
# Uncomment the following lines and fill in the data of the auth provider you want to use
# If your favorite auth provider is not listed you can use others:
# see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations
# The 'app_id' and 'app_secret' parameters are always passed as the first two
# arguments, followed by optional 'args' which can be either a hash or an array.
# Documentation for this is available at https://docs.gitlab.com/ce/integration/omniauth.html
providers:
# - { name: 'google_oauth2', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET',
# args: { access_type: 'offline', approval_prompt: '' } }
# - { name: 'twitter', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET'}
# - { name: 'github', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET',
# args: { scope: 'user:email' } }
# Shared file storage settings
shared:
path: /var/opt/gitlab/gitlab-rails/shared
# Gitaly settings
# This setting controls whether GitLab uses Gitaly
# Eventually Gitaly use will become mandatory and
# this option will disappear.
gitaly:
token: ""
#
# 4. Advanced settings
# ==========================
## Repositories settings
repositories:
# Paths where repositories can be stored. Give the canonicalized absolute pathname.
# NOTE: REPOS PATHS MUST NOT CONTAIN ANY SYMLINK!!!
storages: {"default":{"path":"/var/opt/gitlab/git-data/repositories","gitaly_address":"unix:/var/opt/gitlab/gitaly/gitaly.socket"}}
## Backup settings
backup:
path: "/var/opt/gitlab/backups" # Relative paths are relative to Rails.root (default: tmp/backups/)
archive_permissions: # Permissions for the resulting backup.tar file (default: 0600)
keep_time: # default: 0 (forever) (in seconds)
pg_schema: # default: nil, it means that all schemas will be backed up
upload:
# Fog storage connection settings, see http://fog.io/storage/ .
connection:
# The remote 'directory' to store your backups. For S3, this would be the bucket name.
remote_directory:
multipart_chunk_size:
encryption:
storage_class:
## GitLab Shell settings
gitlab_shell:
path: /opt/gitlab/embedded/service/gitlab-shell/
hooks_path: /opt/gitlab/embedded/service/gitlab-shell/hooks/
# Git over HTTP
upload_pack:
receive_pack:
# If you use non-standard ssh port you need to specify it
ssh_port:
# Git import/fetch timeout
git_timeout: 800
## Git settings
# CAUTION!
# Use the default values unless you really know what you are doing
git:
bin_path: /opt/gitlab/embedded/bin/git
# The next value is the maximum memory size grit can use
# Given in number of bytes per git object (e.g. a commit)
# This value can be increased if you have very large commits
max_size:
# Git timeout to read a commit, in seconds
timeout:
## GitLab Geo settings (EE-only)
geo_primary_role:
enabled: false
geo_secondary_role:
enabled: false
monitoring:
# Time between sampling of unicorn socket metrics, in seconds
unicorn_sampler_interval: 10
# IP whitelist controlling access to monitoring endpoints
ip_whitelist:
- 127.0.0.0/8
#
# 5. Extra customization
# ==========================
extra:
rack_attack:
git_basic_auth:
development:
<<: *base
test:
<<: *base
gravatar:
enabled: true
gitlab:
host: localhost
port: 80
# When you run tests we clone and setup gitlab-shell
# In order to setup it correctly you need to specify
# your system username you use to run GitLab
# user: YOUR_USERNAME
repositories:
storages:
default: { "path": "tmp/tests/repositories/" }
gitlab_shell:
path: tmp/tests/gitlab-shell/
hooks_path: tmp/tests/gitlab-shell/hooks/
issues_tracker:
redmine:
title: "Redmine"
project_url: "http://redmine/projects/:issues_tracker_id"
issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
jira:
title: "JIRA"
url:
