在 Debian 7.8 安裝 Gitlab 筆記

gitlab_logo

之前寫過一篇 GitLab 快速安裝筆記,但是這次在 Debian 7.8 上安裝起來遇到蠻多問題,故寫此篇來記錄安裝遇到的問題,也會寫到如何搭配 Nginx 設定。GitLab 分兩種版本,一種是 Community Edition packages 另一種是 Enterprise Edition packages,本篇是記錄 Community 版本安裝步驟,可以到下載頁面選擇您的作業系統,就可以看到安裝方式

$ curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
$ sudo apt-get install gitlab-ce

完成後,請直接透過底下指令重新啟動服務

$ gitlab-ctl reconfigure

下一步驟就是透過帳號 root 及密碼 5iveL! 登入 Gitlab,這時候你會發現為什麼都無法登入,後來找了很久,原來安裝完後,資料庫預設是空的,所以需要搭配底下指令來初始化資料庫

$ gitlab-rake gitlab:setup RAILS_ENV=production

接著打開 /etc/gitlab/gitlab.rb 修改 external_url 設定

## Url on which GitLab will be reachable.
## For more details on configuring external_url see:
## https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#configuring-the-external-url-for-gitlab
external_url 'http://localhost:8088'

後面的 8088 port 就是 Gitlab 內建的 Nginx port,可以任意改成其他 port,不要設定為 80 就好,這樣會噴 port 已經被佔用的錯誤。到這邊打開 https://localhost:8088 就可以看到登入畫面了

Screen Shot 2015-12-12 at 2.14.41 PM

安裝過程請多開一個 Terminal 視窗來監控 Log 狀態

$ gitlab-ctl tail

跟 github 整合帳號

請先申請 Github 帳號,點選右上角個人頭像內的 Settings,接著點選左邊 Applications

Screen Shot 2015-12-12 at 2.30.16 PM

把上述資料填寫完成後,按下送出就可以拿到 Client ID 及 Client Secret 接著到 /etc/gitlab/gitlab.rb 把 Github 相關設定檔打開

gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = false
gitlab_rails['omniauth_block_auto_created_users'] = true
gitlab_rails['omniauth_providers'] = [
    {
      "name" => "github",
      "app_id" => "xxxxxxxx",
      "app_secret" => "xxxxxxxxxxx",
      "url" => "https://github.com/",
      "args" => { "scope" => "user:email" }
    }
]

重新啟動 gitlab-ctl reconfigure,這樣就完成了,更詳細的步驟可以參考 Integrate your server with GitHub,但是這不代表你可以不用註冊帳號,用第三方帳號註冊,GitLab 還是要你先註冊帳號,然後到帳戶設定內,把 Connected Accounts 內的 Github 啟動,這樣才可以用 Github 帳號登入

Screen Shot 2015-12-12 at 2.37.32 PM

GitLab 也支援多個 open source project 平台的匯入功能,像是可以將 Github Project 匯入

Screen Shot 2015-12-12 at 4.25.14 PM

整合 Nginx

Gitlab 內建 Nginx 服務,但是通常都會用自己架設的 Nginx,尤其是我比較喜歡裝 Nginx mainline 的版本,這樣才可以用 Http2。一樣先打開 /etc/gitlab/gitlab.rb,修改底下設定

nginx['enable'] = false
gitlab_workhorse['enable'] = true
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "localhost:8181"
unicorn['listen'] = '127.0.0.1'
unicorn['port'] = 10080

注意將內建的 Nginx 關閉,在 8.2 版本的時候,官方已經將 gitlab_git_http_server 換成 gitlab_workhorse,所以網路上看到的教學文件記得要過濾,GitLab 必須要開啟 unicorn 及 workhorse 服務,才可以跟 Nginx 串接,底下是 Nginx 完整設定檔

upstream gitlab {
  server 127.0.0.1:10080 fail_timeout=0;
}

upstream gitlab-git-http-server {
  server 127.0.0.1:8181 fail_timeout=0;
}

# let gitlab deal with the redirection
server {
  listen 0.0.0.0:80;
  server_name gitlab.wu-boy.com;
  server_tokens off;
  root /opt/gitlab/embedded/service/gitlab-rails/public;

  # include ssl config
  include ssl/gitlab.conf;

  # Increase this if you want to upload larger attachments
  client_max_body_size      20m;

  # individual nginx logs for this vhost
  access_log                /var/log/nginx/gitlab_access.log;
  error_log                 /var/log/nginx/gitlab_error.log;

  # Increase this if you want to upload larger attachments
  client_max_body_size      20m;

  ## Individual nginx logs for this GitLab vhost
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;

  location / {
    ## Serve static files from defined root folder.
    ## @gitlab is a named location for the upstream fallback, see below.
    try_files $uri $uri/index.html $uri.html @gitlab;
  }
  

  ## We route uploads through GitLab to prevent XSS and enforce access control.
  location /uploads/ {
    ## If you use HTTPS make sure you disable gzip compression
    ## to be safe against BREACH attack.
    gzip off;

    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Ssl     on;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_set_header    X-Frame-Options     SAMEORIGIN;

    proxy_pass http://gitlab;
  }

  ## If a file, which is not found in the root folder is requested,
  ## then the proxy passes the request to the upsteam (gitlab unicorn).
  location @gitlab {
    ## If you use HTTPS make sure you disable gzip compression
    ## to be safe against BREACH attack.
    gzip off;

    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Ssl     on;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_set_header    X-Frame-Options     SAMEORIGIN;

    proxy_pass http://gitlab;
  }

  location ~ [-\/\w\.]+\.git\/ {
    ## If you use HTTPS make sure you disable gzip compression
    ## to be safe against BREACH attack.
    gzip off;

    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    # Do not buffer Git HTTP responses
    proxy_buffering off;

    # The following settings only work with NGINX 1.7.11 or newer
    #
    # # Pass chunked request bodies to gitlab-git-http-server as-is
    # proxy_request_buffering off;
    # proxy_http_version 1.1;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Ssl     on;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_pass http://gitlab-git-http-server;
  }

  ## Enable gzip compression as per rails guide:
  ## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
  ## WARNING: If you are using relative urls remove the block below
  ## See config/application.rb under "Relative url support" for the list of
  ## other files that need to be changed for relative url support
  location ~ ^/(assets)/ {
    root /opt/gitlab/embedded/service/gitlab-rails/public;
    gzip_static on; # to serve pre-gzipped version
    expires max;
    add_header Cache-Control public;
  }

  error_page 502 /502.html;
}

如果沒設定 gitlab-git-http-server,這樣 Client 端使用 git clone http://xxx 時就會跳出底下訊息。如果要設定 https 可以參考 gitlab.conf

Fetching changes...
Checking out dbed0c03 as master...
fatal: reference is not a tree: <ssha hash>

Gitlab multiple runner

Gitlab 可以建立 Project 專屬的 CI Runner,請到 Project 內的左邊選單,點選 Settings 接著會看到左邊選單有 Runner 進去後可以看到底下畫面

Screen Shot 2015-12-12 at 4.43.49 PM

中間有 Token 是要讓你建立 Runner 的時候使用,接著在機器內裝 gitlab multiple runner 套件

$ aptitude install gitlab-ci-multi-runner

最後執行 gitlab-ci-multi-runner register

Screen Shot 2015-12-12 at 4.50.11 PM

可以發現 gitlab 支援 Docker build 及基本的 shell command。完成後,請在專案底下建立 .gitlab-ci.yml 檔案,寫入測試步驟即可

before_script:
  - nvm install 4

stages:
  - build
  - test

build:
  stage: build
  script:
    - npm install

test:
  stage: test
  script:
    - npm test

Screen Shot 2015-12-12 at 5.20.54 PM

結論

我建議如果要串 CI Server,還是推薦使用 Jenkins,功能實在差太多了,Gitlab + Jenkins 還是比較妥當,由於 Gitlab CI 現在已經是內建的了,如果是一些單純的流程,還是可以用 Gitlab CI 喔。如果有在用 Docker 請直接參考這篇 使用 Docker 建置 Gitlab CE 的 Source Control 及 CI 環境

Ref: