Gitlab安装和部署-使用Docker

2024-06-26

安装 Gitlab

安装 gitlab-ce 版本，当前最新版本为 17.2.0

配置 external_url

参考 https://docs.gitlab.com/ee/install/docker.html#install-gitlab-using-docker-compose

services:
  gitlab:
    image: gitlab/gitlab-ce
    container_name: gitlab
    restart: always
    hostname: 'gitlab.example.com'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.example.com'
    ports:
      - '80:80'
      - '443:443'
      - '22:22'
    volumes:
      - '/srv/gitlab/config://etc/gitlab'
      - '/srv/gitlab/logs://var/log/gitlab'
      - '/srv/gitlab/data://var/opt/gitlab'
    shm_size: '256m'

停止本地的 sshd 和 nginx 服务，避免 22 、80、443端口备占用：

systemctl stop nginx
systemctl stop sshd

启动 gitlab：

export GITLAB_HOME=/srv/gitlab && docker compose up -d

查看日志：

docker logs -f gitlab

本地配置 /etc/host 文件：

127.0.0.1 gitlab.example.com

打开浏览器访问：https://gitlab.example.com/ ，用户名 root，密码通过下面命令查看：

cat /srv/gitlab/config/initial_root_password

修改默认端口

参考 https://github.com/hutchgrant/gitlab-docker-local/，

services:
  gitlab:
    image: gitlab/gitlab-ce
    container_name: gitlab
    restart: always
    hostname: 'gitlab.example.com'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.example.com:3143'
        gitlab_rails['gitlab_shell_ssh_port'] = 3122
    ports:
      - '3143:443'
      - '3122:22'
    volumes:
      - '/srv/gitlab/config://etc/gitlab'
      - '/srv/gitlab/logs://var/log/gitlab'
      - '/srv/gitlab/data://var/opt/gitlab'
    shm_size: '256m'

配置时区

进入容器，修改配置 /etc/gitlab/gitlab.rb：

# 时区
gitlab_rails['time_zone'] = 'Asia/Shanghai'

解决头像显示异常问题

# 解决头像显示异常问题
gitlab_rails['gravatar_plain_url'] = 'http://cravatar.cn/avatar/%{hash}?s=%{size}&d=identicon'
gitlab_rails['gravatar_ssl_url'] = 'https://cravatar.cn/avatar/%{hash}?s=%{size}&d=identicon'

关闭不需要的服务

GitLab 默认提供了软件包仓库、容器仓库、软件依赖管理，这些可以使用 Nexus 代替

# 关闭容器仓库功能
gitlab_rails['gitlab_default_projects_features_container_registry'] = false
gitlab_rails['registry_enabled'] = false
registry['enable'] = false
registry_nginx['enable'] = false

# 关闭包仓库、依赖管理
gitlab_rails['packages_enabled'] = false
gitlab_rails['dependency_proxy_enabled'] = false

关闭GitLab Pages：

# 关闭GitLab Pages
gitlab_pages['enable'] = false
pages_nginx['enable'] = false

关闭监控和性能基准相关功能：

#关闭监控和性能基准相关功能
prometheus_monitoring['enable'] = false
alertmanager['enable'] = false
node_exporter['enable'] = false
redis_exporter['enable'] = false
postgres_exporter['enable'] = false
pgbouncer_exporter['enable'] = false
gitlab_exporter['enable'] = false
sidekiq['metrics_enabled'] = false

# 关闭使用统计
gitlab_rails['usage_ping_enabled'] = false
gitlab_rails['sentry_enabled'] = false

关闭 KAS、Terraform、Mattermost：

# GitLab KAS
gitlab_kas['enable'] = false
gitlab_rails['gitlab_kas_enabled'] = false

# Terraform
gitlab_rails['terraform_state_enabled'] = false

# Mattermost
mattermost['enable'] = false
mattermost_nginx['enable'] = false

# Kerberos
gitlab_rails['kerberos_enabled'] = false
sentinel['enable'] = false

关闭电子邮件相关功能：

# 关闭电子邮件相关功能
gitlab_rails['smtp_enable'] = false
gitlab_rails['gitlab_email_enabled'] = false
gitlab_rails['incoming_email_enabled'] = false

优化 PUMA 和 sidekiq

# 禁用 PUMA 集群模式
puma['worker_processes'] = 0
puma['min_threads'] = 1
puma['max_threads'] = 2

# 降低后台守护进程并发数
sidekiq['concurrency'] = 5

优化 postgresql

# 减少 postgresql 数据库缓存
postgresql['shared_buffers'] = "128MB"
# 减少 postgresql 数据库并发数量
postgresql['max_connections'] = 60

使用自签名证书（不建议）

参考 https://github.com/danieleagle/gitlab-https-docker#generating-a-self-signed-certificate ，生成服务端 key：

sudo openssl genrsa -out server-key.pem 4096

生成服务端 csr：

sudo openssl req -new -key server-key.pem -out server.csr

生成服务端证书：

sudo openssl x509 -req -days 365 -in server.csr -signkey server-key.pem -out server-cert.pem

删除 csr 文件：

sudo rm server.csr

拷贝证书文件：

sudo mkdir -p /srv/gitlab/ssl
sudo cp server-*.pem /srv/gitlab/ssl/

修改 docker-compose 文件，添加证书相关配置：

services:
  gitlab:
    image: gitlab/gitlab-ce
    container_name: gitlab
    restart: always
    hostname: 'gitlab.example.com'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.example.com:3143'
        gitlab_rails['gitlab_shell_ssh_port'] = 3122
        nginx['listen_port'] = 443
        nginx['redirect_http_to_https'] = true
        nginx['ssl_certificate'] = "/etc/ssl/certs/gitlab/server-cert.pem"
        nginx['ssl_certificate_key'] = "/etc/ssl/certs/gitlab/server-key.pem"
    ports:
      - '3143:443'
      - '3122:22'
    volumes:
      - '/srv/gitlab/config://etc/gitlab'
      - '/srv/gitlab/logs://var/log/gitlab'
      - '/srv/gitlab/data://var/opt/gitlab'
    shm_size: '256m'

为了从主机或网络上的其他地方的 gitlab 克隆，我们需要告诉 git 接受我们的自签名证书。

git config --global http."https://gitlab.example.com:3143/".sslCAInfo /srv/gitlab/ssl/server-cert.pem

使用外部 Nginx（建议）

修改配置，禁用 nginx：

services:
  gitlab:
    image: gitlab/gitlab-ce
    container_name: gitlab
    restart: always
    hostname: 'gitlab.example.com'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.example.com'
        gitlab_rails['gitlab_shell_ssh_port'] = 3122

        gitlab_workhorse['listen_network'] = "tcp"
        gitlab_workhorse['listen_addr'] = "0.0.0.0:8000"
        nginx['enable'] = false
        unicorn['enable'] = false
    ports:
      - '8000:8000'
      - '3122:22'
    volumes:
      - '/srv/gitlab/config://etc/gitlab'
      - '/srv/gitlab/logs://var/log/gitlab'
      - '/srv/gitlab/data://var/opt/gitlab'
    shm_size: '256m'

本地配置 /etc/host 文件：

127.0.0.1 gitlab.example.com
127.0.0.1 gitlab-registry.example.com

安装 nginx ，为 gitlab.example.com 配置反向代理：

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server {
    listen 80;
    server_name gitlab.example.com;
    rewrite ^ https://$http_host$request_uri? permanent;
}

server {
     listen 443 ssl;
     server_name gitlab.example.com;
     ssl_certificate /etc/nginx/ssl/server-cert.pem;
     ssl_certificate_key /etc/nginx/ssl/server-key.pem;
     ssl_session_timeout 5m;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
     ssl_prefer_server_ciphers on;

     client_max_body_size 1g;
     access_log /var/log/nginx/gitlab.log;

     location / {
        proxy_pass     http://127.0.0.1:8000;
    proxy_read_timeout  90;
      proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      # Websocket connection
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
     }
}

拷贝证书文件到 /etc/nginx/ssl/ 目录：

sudo mkdir -p /etc/nginx/ssl/
sudo cp server-*.pem /etc/nginx/ssl/

使用外部 Redis（可选）

参考 Using a non-packaged Redis instance，进入容器，修改 /etc/gitlab/gitlab.rb

redis['enable'] = false
gitlab_rails['redis_host'] = 'x.x.x.x'
gitlab_rails['redis_port'] = 6379

使用外部 Postgres（可选）

参考 Using a non-packaged PostgreSQL database management server

在 Postgres 修改 /var/lib/pgsql/data/pg_hba.conf 令其支持密码登录

# "local" is for Unix domain socket connections only
local   all             all                                     peer
# IPv4 local connections:
host    all             all             127.0.0.1/32            ident
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 ident
host    all             all             ::1/128                 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local   replication     all                                     peer

数据库执行以下 sql 命令：

-- 重新加载 pg_hba.conf
SELECT pg_reload_conf();

-- 创建 gitlab 角色
CREATE ROLE gitlab WITH LOGIN SUPERUSER;
ALTER ROLE gitlab PASSWORD 'your-db-passwd';

-- 创建 gitlabhq_production 数据库
CREATE DATABASE gitlabhq_production OWNER gitlab;

其中，在 gitlab 安装阶段需要赋予其 SUPERUSER 权限，安装完成后可以将该权限去除:

ALTER ROLE gitlab WITH NOSUPERUSER;

进入容器，修改 /etc/gitlab/gitlab.rb

postgresql['enable'] = false

gitlab_rails['db_adapter'] = 'postgresql'
gitlab_rails['db_database'] = "gitlabhq_production"
gitlab_rails['db_encoding'] = 'utf8'
gitlab_rails['db_host'] = 'x.x.x.x'
gitlab_rails['db_port'] = '5432'
gitlab_rails['db_username'] = 'USERNAME'
gitlab_rails['db_password'] = 'PASSWORD'

数据库名称：gitlabhq_production

使配置生效：

gitlab-ctl reconfigure

设置数据库：

# Remove 'sudo' if you are the 'git' user
sudo gitlab-rake gitlab:setup

完整配置

修改默认端口，配置时区，关闭不需要的服务，优化数据库，使用外部 Nginx：

services:
  gitlab:
    image: gitlab/gitlab-ce
    container_name: gitlab
    restart: always
    hostname: 'gitlab.wesine.com.cn'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.wesine.com.cn'
        gitlab_rails['gitlab_shell_ssh_port'] = 3122

    # 使用外部 Niginx
        gitlab_workhorse['listen_network'] = "tcp"
        gitlab_workhorse['listen_addr'] = "0.0.0.0:8000"
        nginx['enable'] = false
        unicorn['enable'] = false

        # 时区
        gitlab_rails['time_zone'] = 'Asia/Shanghai'
        # 解决头像显示异常问题
        gitlab_rails['gravatar_plain_url'] = 'http://gravatar.loli.net/avatar/%{hash}?s=%{size}&d=identicon'
        gitlab_rails['gravatar_ssl_url'] = 'https://gravatar.loli.net/avatar/%{hash}?s=%{size}&d=identicon'

        # 关闭容器仓库功能
        gitlab_rails['gitlab_default_projects_features_container_registry'] = false
        gitlab_rails['registry_enabled'] = false
        registry['enable'] = false
        registry_nginx['enable'] = false

        # 关闭包仓库、依赖管理
        gitlab_rails['packages_enabled'] = false
        gitlab_rails['dependency_proxy_enabled'] = false

        # 关闭GitLab Pages
        gitlab_pages['enable'] = false
        pages_nginx['enable'] = false

        #关闭监控和性能基准相关功能
        prometheus_monitoring['enable'] = false
        alertmanager['enable'] = false
        node_exporter['enable'] = false
        redis_exporter['enable'] = false
        postgres_exporter['enable'] = false
        pgbouncer_exporter['enable'] = false
        gitlab_exporter['enable'] = false
        sidekiq['metrics_enabled'] = false

        # 关闭使用统计
        gitlab_rails['usage_ping_enabled'] = false
        gitlab_rails['sentry_enabled'] = false

        # 关闭电子邮件相关功能
        gitlab_rails['smtp_enable'] = false
        gitlab_rails['gitlab_email_enabled'] = false
        gitlab_rails['incoming_email_enabled'] = false

        # GitLab KAS
        gitlab_kas['enable'] = false
        gitlab_rails['gitlab_kas_enabled'] = false

        # Terraform
        gitlab_rails['terraform_state_enabled'] = false

        # Mattermost
        mattermost['enable'] = false
        mattermost_nginx['enable'] = false

        # Kerberos
        gitlab_rails['kerberos_enabled'] = false
        sentinel['enable'] = false

        # 减少 postgresql 数据库缓存
        postgresql['shared_buffers'] = "128MB"
        # 减少 postgresql 数据库并发数量
        postgresql['max_connections'] = 60

        # 禁用 PUMA 集群模式
        puma['worker_processes'] = 0
        puma['min_threads'] = 1
        puma['max_threads'] = 2

        # 降低后台守护进程并发数
        sidekiq['concurrency'] = 5

    ports:
      - '8000:8000'
      - '3122:22'
    volumes:
      - '/srv/config://etc/gitlab'
      - '/srv/logs://var/log/gitlab'
      - '/srv/data://var/opt/gitlab'
    shm_size: '256m'

  gitlab-runner:
    image: gitlab/gitlab-runner:latest
    container_name: gitlab-runner
    restart: always
    volumes:
      - '/srv/gitlab-runner://etc/gitlab-runner'
      - '/var/run/docker.sock://var/run/docker.sock'

将上面文件保存为 gitlab.yaml，然后执行安装命令：

docker compose -f gitlab.yaml up -d

启动成功之后，查看容器资源使用情况：

docker stats

结果如下：

CONTAINER ID   NAME            CPU %     MEM USAGE / LIMIT     MEM %     NET I/O          BLOCK I/O        PIDS
f384149bfeab   gitlab          0.21%     2.028GiB / 31.26GiB   6.49%     756kB / 4.66MB   246kB / 12.2MB   123
febd4b504da8   gitlab-runner   0.00%     21.61MiB / 31.26GiB   0.07%     54kB / 330kB     0B / 0B          10

安装 Gitlab Runner

参考部署gitlab-runner，在 docker-compose.yaml 文件中添加：

  gitlab-runner:
    image: gitlab/gitlab-runner
    container_name: gitlab-runner
    restart: always
    volumes:
      - '/srv/gitlab-runner://etc/gitlab-runner'

在管理中心 -> CICD -> Runner ，新建实例 Runner，标签名称设置为 docker-runner，记住 Runner 身份验证令牌

进入 github-runner：

docker exec -it gitlab-runner bash

复制并粘贴以下命令到您的命令行中，注册 runner。

gitlab-runner register --url https://gitlab.example.com --token glrt-JhEv5bxs4ezxY53uyYiz

glrt-JhEv5bxs4ezxY53uyYiz 为新建 Runner 实例时的 Runner 身份验证令牌

如果提示：couldn't execute POST against https://gitlab.example.com/api/v4/runners/verify: Post "https://gitlab.example.com/api/v4/runners/verify": dial tcp 172.28.0.2:443: connect: connection refused，原因是 gitlab.example.com 这个域名无法通过 DNS 解析。

解决办法两种：

给该域名进行 DNS 解析，这个需要自己注册域名
通过 extra_hosts 添加域名映射，可以参考 https://gitee.com/xuxiaowei-com-cn/GitLab/blob/main/docker-compose.yml

自定义网络并添加别名，参考：https://github.com/hutchgrant/gitlab-docker-local/blob/master/docker-compose.yml

services:
  gitlab:
    image: gitlab/gitlab-ce
    container_name: gitlab
    restart: always
    hostname: 'gitlab.example.com'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.example.com'
        gitlab_rails['gitlab_shell_ssh_port'] = 3122

        gitlab_workhorse['listen_network'] = "tcp"
        gitlab_workhorse['listen_addr'] = "0.0.0.0:8000"
        nginx['enable'] = false
        unicorn['enable'] = false

        registry_external_url 'https://gitlab.example.com:4567'
        registry_nginx['enable'] = false
    ports:
      - '8000:8000'
      - '3122:22'
      - '4567:4567'
    networks:
      dev-net:
        aliases:
          - gitlab.example.com
    volumes:
      - '/srv/gitlab/config://etc/gitlab'
      - '/srv/gitlab/logs://var/log/gitlab'
      - '/srv/gitlab/data://var/opt/gitlab'
    shm_size: '256m'

  gitlab-runner:
    image: gitlab/gitlab-runner
    container_name: gitlab-runner
    restart: always
    volumes:
      - '/srv/gitlab-runner://etc/gitlab-runner'
    networks:
      - dev-net

networks:
  dev-net:
    external:
      name: development

不使用域名，而是使用 IP:Port，例如：http://192.168.1.107:8000/

注册一个使用 Docker executor 的 runner

参考使用 Docker 构建 Docker 镜像。要为 CI/CD 作业启用 Docker 命令，您可以使用：

使用 Docker-in-Docker

sudo gitlab-runner register \
 --url https://gitlab.example.com \
 --token glrt-JhEv5bxs4ezxY53uyYiz
  --executor "docker" \
  --docker-privileged \
  --docker-image docker:stable

编辑 /srv/gitlab/gitlab-runner/config.toml ，或者进入容器：

docker exec -it gitlab-runner nano /etc/gitlab-runner/config.toml

修改 gitlab url 为 IP:Port，添加 maven 缓存，docker 缓存：

concurrent = 10 # 并行执行作业数
check_interval = 0
shutdown_timeout = 0
connection_max_age = "15m0s"

[session_server]
  session_timeout = 1800

[[runners]]
  name = "runner"
  url = "http://192.168.1.107:8000/"
  token = "glrt-bEe2isyLds2kaxxS74hP"
  executor = "docker"
  [runners.cache]
    MaxUploadedArchiveSize = 0
  [runners.docker]
    tls_verify = false
    image = "docker:latest" # 配置默认镜像
    privileged = true
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/root/.m2://root/.m2"] # 配置挂载路径
    shm_size = 0
    network_mtu = 0

重启 gitlab-runner：

docker exec -it gitlab-runner gitlab-runner restart

使用 Docker Socket

要使 Docker 在镜像上下文中可用，您需要将 /var/run/docker.sock 挂载到启动的容器中。要使用 Docker executor 执行此操作，您需要将 "/var/run/docker.sock://var/run/docker.sock" 添加到 [runners.docker] 部分的卷中。

sudo gitlab-runner register \
 --url https://gitlab.example.com \
 --token glrt-JhEv5bxs4ezxY53uyYiz
  --executor "docker" \
  --docker-image docker:latest \
  --docker-volumes /var/run/docker.sock://var/run/docker.sock

修改 /srv/gitlab/gitlab-runner/config.toml ：

concurrent = 10 # 并行执行作业数
check_interval = 0
shutdown_timeout = 0
connection_max_age = "15m0s"

[session_server]
  session_timeout = 1800

[[runners]]
  name = "runner"
  url = "http://192.168.1.107:8000/"
  token = "glrt-bEe2isyLds2kaxxS74hP"
  executor = "docker"
  [runners.cache]
    MaxUploadedArchiveSize = 0
  [runners.docker]
    tls_verify = false
    image = "alpine:latest" # 配置默认镜像
    privileged = false
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    pull_policy = "if-not-present"
    volumes = ["/etc/docker/daemon.json:ro","/var/run/docker.sock","/root/.m2://root/.m2"]
    shm_size = 0
    network_mtu = 0

说明：

在 docker 执行器内是无法访问没有通过 DNS 解析的 gitlab 域名的。需要配置 host 文件，一种方式是挂载 /etc/hosts 文件，另一种方式是添加下面配置：
```
    extra_hosts = ["https://gitlab.example.com:192.168.1.107"]
    network_mode = "host"
```
配置 docker 镜像加速。将 github runner 容器中的 /etc/docker/daemon.json 挂载到 docker-in-docker 中，/etc/docker/daemon.json 内容如下：

{
   "registry-mirrors" : [
    "https://docker.1panel.live"
   ]
}

Maven 缓存。在 docker 容器挂载 /root/.m2目录。

Maven 镜像加速。在宿主机的 /root/.m2 目录下创建 settings.xml，使用阿里云 Maven 仓库。

<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
  <mirrors>
    <mirror>
      <id>alimaven</id>
      <name>aliyun maven</name>
      <url>http://maven.aliyun.com/nexus/content/groups/public/</url>
      <mirrorOf>central</mirrorOf>
    </mirror>
  </mirrors>
</settings>

配置 Gitlab

实例配置

默认语言【实例】

管理中心 -> 设置 -> 偏好设置 -> 本地化 -> 默认语言 -> Chinese, Simplified - 简体中文
Admin Area -> Settings -> Preferences -> Localization -> Default language -> Chinese, Simplified - 简体中文

仅对修改此配置后创建的新用户有效

默认语言【用户】

偏好设置 -> 本地化 -> 语言 -> Chinese, Simplified - 简体中文
Preferences -> Localization -> Language -> Chinese, Simplified - 简体中文

启用/禁用允许用户注册

管理中心 -> 设置 -> 通用 -> 注册限制 -> 已启用注册功能
Admin Area -> Settings -> General -> Sign-up restrictions -> Sign-up enabled

未登录用户重定向地址

管理中心 -> 设置 -> 通用 -> 登录限制 -> 首页URL
Admin Area -> Settings -> General -> Sign-in restrictions -> Home page URL

将未经身份验证的用户定向到此页面。

限制新建项目可见性

管理中心 -> 设置 -> 通用 -> 可见性与访问控制 -> 限制可见性级别 -> 公开
Admin Area -> Settings -> General -> Visibility and access controls -> Restricted visibility levels -> Public

Private 私有：如果选中，只有管理员能够创建私有群组、项目和代码片段。
Internal 内部：如果选中，则只有管理员能够创建内部群组、项目和代码片段。
Public 公开：如果选中，则只有管理员能够创建公开群组、项目和片段。此外，个人资料仅对经过身份验证的用户可见。

自定义 Git 访问协议

管理中心 -> 设置 -> 通用 -> 可见性与访问控制 -> 启用 Git 访问协议 -> Only HTTP(S)
Admin Area -> Settings -> General -> Visibility and access controls -> Enabled Git access protocols -> Only HTTP(S)

Both SSH and HTTP(S)：可以使用 HTTP(S) 或 SSH 检出、推送代码
Only SSH：只能使用 SSH 检出、推送代码
Only HTTP(S)：只能使用 HTTP(S) 检出、推送代码

导入和导出设置

管理中心 -> 设置 -> 通用 -> 导入源 -> GitHub、Bitbucket Cloud、Bitbucket Server、FogBugz、Repository by URL、GitLab export、Gitea、Manifest file、Gitee
Admin Area -> Settings -> General -> Import and export settings -> GitHub、Bitbucket Cloud、Bitbucket Server、FogBugz、Repository by URL、GitLab export、Gitea、Manifest file、Gitee

流水线计划的最大数量

管理中心 -> 设置 -> CI/CD -> 持续集成和部署 -> CI/CD 限制 -> 流水线计划的最大数量
Admin Area -> Settings -> CI/CD -> Continuous Integration and Deployment -> CI/CD limits -> Maximum number of pipeline schedules

实例级别环境变量

管理中心 -> 设置 -> CI/CD -> 变量 -> 添加变量
Admin Area -> Settings -> CI/CD -> Variables -> Add variable

键	值	描述	说明
`SETTINGS_RAW_URL`	`http://172.25.25.14:48081/repository/raw/settings.xml`	自建 Maven 私库的 settings.xml 配置文件	使用 Nexus 搭建了一个 Maven 私库，包含了众多 Maven (镜像)仓库，用于加速依赖下载

修改初始密码

进入容器：

docker exec -it gitlab bash

获取root用户密码：

cat /etc/gitlab/initial_root_password | grep Password

运行下面命令修改root默认密码为 abcd1234!：

$ gitlab-rails console
u=User.where(id:1).first
new_password='abcd1234!'
u.password=new_password
u.password_confirmation=new_password
u.save!
exit

配置系统服务

脚本：

#!/bin/bash

# Create gitlab systemd service
# First parameter is the linux account username you want the service run under
# Second parameter is the location of your gitlab docker-compose.yml
# Example:  $ sudo sh gitlab_service.sh LINUXUSER /home/youruser/gitlab-docker-local

echo "
[Unit]
Description=Gitlab Service
Requires=docker.service
After=docker.service

[Service]
Type=oneshot
RemainAfterExit=yes
User=$1
WorkingDirectory=$2
ExecStart=/usr/local/bin/docker-compose up -d
ExecStop=/usr/local/bin/docker-compose down
TimeoutStartSec=0

[Install]
WantedBy=multi-user.target" > /etc/systemd/system/gitlab.service

systemctl start gitlab
systemctl enable gitlab

注意：该脚本依赖 Docker Service，所有需要先创建 Docker 系统服务。

运行命令：

# sudo sh gitlab_service.sh LINUXUSER PATH_REPO_FOLDER
sudo sh gitlab_service.sh root /opt/docker/gitlab.yaml

测试

访问

访问 https://gitlab.example.com，修改默认密码，创建一个测试用户：test

添加 SSH Key

Add / generate a ssh key

tail ~/.ssh/id_rsa.pub

拷贝并保存到 https://gitlab.example.com/profile/keys

创建新项目

创建一个项目 example ，克隆项目：

git clone ssh://git@gitlab.example.com:3122/root/example.git

测试添加文件并提交：

cd example
git add .
git commit -m "Initial commit"
git push -u origin main

备份

备份数据

参考 Official Docs，备份：

docker exec -it gitlab gitlab-rake gitlab:backup:create

备份后的文件在 /srv/gitlab/data/backups/ ：

$ ls -l --color=auto /srv/gitlab/data/backups/
总用量 532
-rw------- 1 chrony polkitd 542720 7月  12 08:57 1720745862_2024_07_12_17.1.1_gitlab_backup.tar

备份 Gitlab 配置

参考 recommends storing the configuration backups seperate from your application backups：

sudo sh -c 'umask 0077; tar cfz /data/backups/$(date "+%s-gitlab-config.tgz") -C /srv/gitlab config ssl'

备份 Gitlab Runner 配置

sudo sh -c 'umask 0077; tar cfz /data/backups/$(date "+%s-gitlab-runner-ssl.tgz") -C /srv/gitlab-runner .'

定时备份

参考 gitlab_backup.sh，备份脚本：

CONTAINER="gitlab"
TARGET_DIR="/data/backups"
GITLAB_DIR="/srv/gitlab"
RUNNER_DIR="/srv/gitlab-runner"
REMOVE_DAYS=1

mkdir -p $TARGET_DIR

# Backup Application DATA
echo "Backing up GitLab application data"
docker exec -t $CONTAINER gitlab-rake gitlab:backup:create
cp -u $GITLAB_DIR/backups/. $TARGET_DIR/ -a

# Backup configurations, SSH keys, and SSL certs
echo "Backing up GitLab configurations, ssh keys, and ssl certs"
sh -c "umask 0077; tar cf $TARGET_DIR/$(date "+%s-gitlab-config.tar") -C $GITLAB_DIR config ssl"
sh -c "umask 0077; tar cf $TARGET_DIR/$(date "+%s-gitlab-runner.tar") -C $RUNNER_DIR ."

# Remove files older than x days
echo "Removing files older than $REMOVE_DAYS days"
find $TARGET_DIR/*.tar -mtime $REMOVE_DAYS -exec rm {} \;

添加定时任务：

sudo crontab -e

添加脚本，每天早上 2 点定时执行：

0 2 * * * sh /your/directory/gitlab_backup.sh

还原

还原应用数据：

sudo cp /data/backups/1720746362_2024_07_12_17.1.1_gitlab_backup.tar /srv/gitlab/data/backups/
docker exec -it gitlab sh -c 'chown git.git /var/opt/gitlab/backups/*.tar'
docker exec -it gitlab gitlab-rake gitlab:backup:restore

还原配置文件：

sudo tar -xvf /data/backups/1720746535-gitlab-config.tar -C /srv/gitlab
docker exec -it gitlab gitlab-ctl reconfigure

还原 Runner 配置文件：

sudo tar -xvf /data/backups/1720746535-gitlab-runner.tar -C /srv/gitlab-runner
docker exec -it gitlab-runner gitlab-runner restart

重启：

docker-compose restart

完整脚本：

#!/bin/bash

CONTAINER="gitlab"
TARGET_DIR="/srv/gitlab"
RUNNER="gitlab-runner"
RUNNER_DIR="/srv/gitlab-runner"
BACKUP_DIR="/data/backups"

# Restore application data
cp $BACKUP_DIR/*_gitlab_backup.tar $TARGET_DIR/data/backups/
docker exec -it $CONTAINER sh -c 'chown git.git /var/opt/gitlab/backups/*.tar'
docker exec -it $CONTAINER gitlab-rake gitlab:backup:restore

# Restore configurations, ssh keys, SSL
tar -xvf $BACKUP_DIR/*-gitlab-config.tar -C $TARGET_DIR
docker exec -it $CONTAINER gitlab-ctl reconfigure

# Restore Gitlab Runner
tar -xvf $BACKUP_DIR/*-gitlab-runner.tar -C $RUNNER_DIR
docker exec -it $RUNNER gitlab-runner restart

# Restart all containers
docker-compose restart

升级

1、先备份相关文件，特别是数据库

2、修改 docker-compose 文件中 gitlab 版本

3、执行下面命令

docker compose pull
docker compose up -d