Vanitas笔记

部署gitlab企业版本

  • 2024-11-04
  • 作者 Vanitas
  • ~6.15K 字
  1. 1. 环境说明
  2. 2. 部署说明
    1. 2.1. 环境初始化
    2. 2.2. 安装依赖
    3. 2.3. 安装配置postfix
    4. 2.4. 添加gitlab-ee的yum源
    5. 2.5. 安装gitlab-ee
    6. 2.6. 修改配置
    7. 2.7. 为gitlab-ee 生成许可证

环境说明

  • 机器说明: 阿里云ECS:
  • 配置说明: 4核8G 系统盘40G 数据盘200G
  • 系统环境: CentOS 7.9

部署说明

环境初始化

1
2
3
4
5
6
mkfs.ext4 /dev/vdb # 初始化数据盘
mkdir -p /var/opt
mount /dev/vdb  /var/opt/  挂载磁盘到gitlab 数据目录

ls -l /dev/disk/by-uuid/ # 查找/dev/vdb 的uuid

将挂载数据填入/etc/fstab

1
UID=5a68f7dd-0bcc-49cb-b83d-1d0ef236acb9 /var/opt                ext4    defaults        0 0

gitlab-ee版本部署相对简单,参考此处文档部署即可

安装依赖

1
2
3
4
5
6
7
8
9
10
sudo yum install -y curl policycoreutils-python openssh-server perl
# Enable OpenSSH server daemon if not enabled: sudo systemctl status sshd
#sudo systemctl enable sshd
#sudo systemctl start sshd
# 开启sshd
# Check if opening the firewall is needed with: sudo systemctl status firewalld
#sudo firewall-cmd --permanent --add-service=http
#sudo firewall-cmd --permanent --add-service=https
#sudo systemctl reload firewalld   
# 阿里云ECS默认关闭防火墙,无需开启

安装配置postfix

1
2
sudo yum install postfix
sudo systemctl enable postfix

修改posefix配置

/etc/postfix/main.cf

1
2
3
4
5
#inet_interfaces = $myhostname, localhost
inet_interfaces = all

# Enable IPv4, and IPv6 if supported
inet_protocols = all
1
systemctl start postfix

添加gitlab-ee的yum源

1
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh | sudo bash

安装gitlab-ee

1
2
sudo EXTERNAL_URL="http://gitlab.shuli.com" yum install -y gitlab-ee
# 因为是内网环境,所以我们关闭https,也可以选择自签证书

修改配置

修改gitlab.rb:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
external_url 'http://YOUR_GITLAB_DOMAIN/'

gitlab_rails['time_zone'] = 'Asia/Shanghai'

gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "SMTP_ADDRESS"
gitlab_rails['smtp_port'] = 25
gitlab_rails['smtp_user_name'] = "SMTP_ACCOUNT"
gitlab_rails['smtp_password'] = "SMTP_SECRET"
gitlab_rails['smtp_domain'] = "SMTP_DOMAIN"
gitlab_rails['smtp_authentication'] = "plain"
gitlab_rails['smtp_tls'] = false
gitlab_rails['smtp_openssl_verify_mode'] = 'none'
gitlab_rails['smtp_enable_starttls_auto'] = false
gitlab_rails['gitlab_email_from'] = 'SMTP_ACCOUNT'
gitlab_rails['gitlab_email_reply_to'] = 'SMTP_ACCOUNT'

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-EOS
main:
  label: 'LDAP'

  host: ''  # gitlab 使用的ldap host
  port: 389
  uid: 'uid'
  method: 'plain'
  bind_dn: ''  # 有权限的账户
  password: '' # 密码
  timeout: 10
  base: ''     # 基础搜索entry
  allow_username_or_email_login: true
EOS

gitlab_rails['webhook_timeout'] = 30

user['git_user_email'] = "SMTP_ACCOUNT"



替换后执行

1
2
gitlab-ctl reconfigure
gitlab-ctl restart

为gitlab-ee 生成许可证

1
2
3
4
5
yum install centos-release-scl-rh # 添加软件源
yum -y install rh-ruby23 -y  # 安装较高版本的ruby,低版本ruby无法执行脚本
scl enable rh-ruby23 bash

gem install gitlab-license #安装依赖

gitlab-ee-license.rb

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
require "openssl"
require "gitlab/license"

key_pair = OpenSSL::PKey::RSA.generate(2048)
File.open("license_key", "w") { |f| f.write(key_pair.to_pem) }

public_key = key_pair.public_key
File.open("license_key.pub", "w") { |f| f.write(public_key.to_pem) }

private_key = OpenSSL::PKey::RSA.new File.read("license_key")
Gitlab::License.encryption_key = private_key

license = Gitlab::License.new
license.licensee = {
  "Name" => "gitlab",
  "Company" => "shulidata",
  "Email" => "SMTP_ACCOUNT",
}
license.starts_at = Date.new(2020, 1, 1) # 修改开始时间
license.expires_at = Date.new(2099, 1, 1) # 修改结束时间
license.notify_admins_at = Date.new(2099, 12, 1)
license.notify_users_at = Date.new(2099, 12, 1)
license.block_changes_at = Date.new(2100, 1, 1)
license.restrictions = {
  active_user_count: 10000,
}

puts "License:"
puts license

data = license.export
puts "Exported license:"
puts data
File.open("GitLabBV.gitlab-license", "w") { |f| f.write(data) }

public_key = OpenSSL::PKey::RSA.new File.read("license_key.pub")
Gitlab::License.encryption_key = public_key

data = File.read("GitLabBV.gitlab-license")
$license = Gitlab::License.import(data)

puts "Imported license:"
puts $license

unless $license
  raise "The license is invalid."
end

if $license.restricted?(:active_user_count)
  active_user_count = 10000  # 修改活跃人数
  if active_user_count > $license.restrictions[:active_user_count]
    raise "The active user count exceeds the allowed amount!"
  end
end

if $license.notify_admins?
  puts "The license is due to expire on #{$license.expires_at}."
end

if $license.notify_users?
  puts "The license is due to expire on #{$license.expires_at}."
end

module Gitlab
  class GitAccess
    def check(cmd, changes = nil)
      if $license.block_changes?
        return build_status_object(false, "License expired")
      end
    end
  end
end

puts "This instance of GitLab Enterprise Edition is licensed to:"
$license.licensee.each do |key, value|
  puts "#{key}: #{value}"
end

if $license.expired?
  puts "The license expired on #{$license.expires_at}"
elsif $license.will_expire?
  puts "The license will expire on #{$license.expires_at}"
else
  puts "The license will never expire."
end
1
2
3
4
5
6
ruby gitlab-ee-license.rb
ls
GitLabBV.gitlab-license  gitlab-ee-license.rb  gitlab.rb  license_key
# GitLabBV.gitlab-license 为许可证秘钥
\mv license_key.pub  /opt/gitlab/embedded/service/gitlab-rails/.license_encryption_key.pub

修改/opt/gitlab/embedded/service/gitlab-rails/ee/app/models/license.rb

1
2
3
4
5
6
7

def plan
  restricted_attr(:plan).presence || ULTIMATE_PLAN #修改plan
end

def edition
  case restricted_attr(:plan)
1
2
3
gitlab-ctl reconfigure 
gitlab-ctl restart

重启gitlab后使用root用户登录导入许可证即可

本作品采用 知识共享署名-相同方式共享 4.0 国际许可协议 进行许可
,
最后编辑:2024-11-04