筆記：gitlab-ce 替換（2）

筆記二

以gitlab的9.4.3版本爲例子
[toc]

1、nginx/apache 替換 gitlab-nginx

• 修改 /etc/gitlab/gitlab.rb:

nginx['enable'] = false

## 填寫用戶，
## nginx：nginx.conf 裏查看 user（默認是 www www）
## apache：httpd.conf 裏查看 User與Group （默認是 daemon daemon）
web_server['external_users'] = ['www']


## 如果是apache，必須配置以下,nginx不寫
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "127.0.0.1:8181"

• 修改apache/nginx配置文件

apache 配置

# This configuration has been tested on GitLab 8.2
# Note this config assumes unicorn is listening on default port 8080 and
# gitlab-workhorse is listening on port 8181. To allow gitlab-workhorse to
# listen on port 8181, edit /etc/gitlab/gitlab.rb and change the following:
#
# gitlab_workhorse['listen_network'] = "tcp"
# gitlab_workhorse['listen_addr'] = "127.0.0.1:8181"
#
#Module dependencies
# mod_rewrite
# mod_proxy
# mod_proxy_http
<VirtualHost *:80>
  ServerName YOUR_SERVER_FQDN
  ServerSignature Off

  ProxyPreserveHost On

  # Ensure that encoded slashes are not decoded but left in their encoded state.
  # http://doc.gitlab.com/ce/api/projects.html#get-single-project
  AllowEncodedSlashes NoDecode

  <Location />
    # New authorization commands for apache 2.4 and up
    # http://httpd.apache.org/docs/2.4/upgrading.html#access
    Require all granted

    #Allow forwarding to gitlab-workhorse
    ProxyPassReverse http://127.0.0.1:8181
    ProxyPassReverse http://YOUR_SERVER_FQDN/
  </Location>

  # Apache equivalent of nginx try files
  # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
  # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
  RewriteEngine on

  #Forward all requests to gitlab-workhorse except existing files like error documents
  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
  RewriteCond %{REQUEST_URI} ^/uploads/.*
  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]

  # needed for downloading attachments
  DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public

  #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
  ErrorDocument 404 /404.html
  ErrorDocument 422 /422.html
  ErrorDocument 500 /500.html
  ErrorDocument 502 /502.html
  ErrorDocument 503 /503.html

  # It is assumed that the log directory is in /var/log/httpd.
  # For Debian distributions you might want to change this to
  # /var/log/apache2.
  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
  ErrorLog /var/log/httpd/logs/YOUR_SERVER_FQDN_error.log
  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_forwarded.log common_forwarded
  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN_access.log combined env=!dontlog
  CustomLog /var/log/httpd/logs/YOUR_SERVER_FQDN.log combined

</VirtualHost>

---

nginx 配置

## GitLab 8.3+
##
## Lines starting with two hashes (##) are comments with information.
## Lines starting with one hash (#) are configuration parameters that can be uncommented.
##
##################################
##        CONTRIBUTING          ##
##################################
##
## If you change this file in a Merge Request, please also create
## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
##
###################################
##         configuration         ##
###################################
##
## See installation.md#using-https for additional HTTPS configuration details.

upstream gitlab-workhorse {
  server unix:/var/opt/gitlab/gitlab-workhorse/socket;
}

## Normal HTTP host
server {
  ## Either remove "default_server" from the listen line below,
  ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
  ## to be served if you visit any address that your server responds to, eg.
  ## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
  listen 0.0.0.0:80 default_server;
  listen [::]:80 default_server;
  server_name YOUR_SERVER_FQDN; ## Replace this with something like gitlab.example.com
  server_tokens off; ## Don't show the nginx version number, a security best practice
  root /opt/gitlab/embedded/service/gitlab-rails/public;

  ## See app/controllers/application_controller.rb for headers set

  ## Individual nginx logs for this GitLab vhost
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;

  location / {
    client_max_body_size 0;
    gzip off;

    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_http_version 1.1;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;

    proxy_pass http://gitlab-workhorse;
  }
}

2、mysql 替換 gitlab-postgres

注意：gitlab-ce-9.4.3-ce.0.el7.x86_64.rpm 爲例子，當然，更高版本應該也沒問題的。

提示：官方英文文檔提到 gitlab 社區版是不支持mysql的，只有企業版支持。（當然，不影響你配置下面的東西）

（1）給gitlab設置一個權限帳號，再建個庫

mysql> grant all privileges on *.* to gitlab@"localhost" identified by "lzour";
mysql> flush privileges;
mysql> CREATE DATABASE IF NOT EXISTS `gitlab` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_general_ci`;

（2）修改gitlab配置 /etc/gitlab/gitlab.rb:

# 禁止 postgresql
postgresql['enable'] = false

# mysql配置 
gitlab_rails['db_adapter'] = 'mysql2'
gitlab_rails['db_encoding'] = 'utf8'
# 如果是不是機，就填公網IP好了
gitlab_rails['db_host'] = '127.0.0.1'
gitlab_rails['db_port'] = '3306'
gitlab_rails['db_username'] = 'gitlab'
gitlab_rails['db_password'] = 'lzour'
gitlab_rails['db_host'] = "127.0.0.1"
gitlab_rails['db_port'] = 3306

（3）配置完後，運行gitlab-ctl reconfigure，會報錯

[root@stone ~]# gitlab-ctl reconfigure

……
Recipe: gitlab::database_migrations
  * bash[migrate gitlab-rails database] action run
    [execute] rake aborted!
              Gem::LoadError: Specified 'mysql2' for database adapter, but the gem is not loaded. Add `gem 'mysql2'` to your Gemfile (and ensure its version is at the minimum required by ActiveRecord).
              /opt/gitlab/embedded/service/gitlab-rails/config/environment.rb:5:in `<top (required)>'
              /opt/gitlab/embedded/bin/bundle:22:in `load'
              /opt/gitlab/embedded/bin/bundle:22:in `<main>'
              Gem::LoadError: mysql2 is not part of the bundle. Add it to Gemfile.
              /opt/gitlab/embedded/service/gitlab-rails/config/environment.rb:5:in `<top (required)>'
              /opt/gitlab/embedded/bin/bundle:22:in `load'
              /opt/gitlab/embedded/bin/bundle:22:in `<main>'
              Tasks: TOP => gitlab:db:configure => environment
              (See full trace by running task with --trace)

    ================================================================================
    Error executing action `run` on resource 'bash[migrate gitlab-rails database]'
    ================================================================================

    Mixlib::ShellOut::ShellCommandFailed
    ------------------------------------

## 根據提示，缺少 mysql2，用ruby的gem工具下載一個，在下載之前，得先配置下ruby的gem與bundle
[root@stone bin]# vim /opt/gitlab/embedded/service/gitlab-rails/.bundle/config

---
BUNDLE_RETRY: "5"
BUNDLE_JOBS: "9"
## 把mysql改成postgres
BUNDLE_WITHOUT: "development:test:postgres"


## gitlab幾乎所有的命令都在此目錄下
[root@stone ~]# cd /opt/gitlab/embedded/bin/

[root@stone bin]# ./gem install mysql2
  Fetching: mysql2-0.4.9.gem (100%)
  Building native extensions.  This could take a while...
  Successfully installed mysql2-0.4.9
  Parsing documentation for mysql2-0.4.9
  Installing ri documentation for mysql2-0.4.9
  Done installing documentation for mysql2 after 0 seconds
  1 gem installed

## 先檢測一下
[root@stone ~]# gitlab-rake gitlab:check
Your bundle is locked to mysql2 (0.3.20), but that version could not be found in any of the sources listed in your Gemfile. If you haven't changed sources, that means the author of mysql2 (0.3.20) has removed it. You'll need to update your bundle to a different version of mysql2 (0.3.20) that hasn't been removed in order to install.
Run `bundle install` to install missing gems.

## 尷尬，人家只要0.3.20版的，好吧
[root@stone bin]# ./gem uninstall mysql2
Successfully uninstalled mysql2-0.4.9

[root@stone bin]# ./gem install mysql2 -v "0.3.20"
Fetching: mysql2-0.3.20.gem (100%)
Building native extensions.  This could take a while...
Successfully installed mysql2-0.3.20
Parsing documentation for mysql2-0.3.20
Installing ri documentation for mysql2-0.3.20
Done installing documentation for mysql2 after 0 seconds
1 gem installed

## 查看一下版本號，0.3.20，成功了
[root@stone bin]# ./gem list | grep mysql
mysql2 (0.3.20)

## 再來檢測一下（又報錯……，又是少東西，好吧）
[root@stone bin]# gitlab-rake gitlab:check
Could not find peek-mysql2-1.1.0 in any of the sources
Run `bundle install` to install missing gems.

[root@stone bin]# ./gem install peek-mysql2 -v 1.1.0
……繼續按提示，把所有東西都裝好，直到檢測(gitlab-rake gitlab:check)不報錯【略】

## 再有不懂的報錯，你就QQ我好了，別的我就不寫了。

## 最後，成功
[root@stone ~]# gitlab-ctl reconfigure
……
Running handlers:
Running handlers complete
Chef Client finished, 11/330 resources updated in 43 seconds
gitlab Reconfigured!

3、redis 替換 gitlab-redis

（1） 準備 - redis 示例安裝目錄 /usr/loacl/redis

---

[root@stone etc]# 將本機兩塊網卡接口地址記錄下來inet xx.xx.xx.xx，inet 127.0.0.1
[root@stone etc]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet xx.xx.xx.xx  netmask 255.255.240.0  broadcast 172.17.239.255
        ether 00:16:3e:10:66:35  txqueuelen 1000  (Ethernet)
        RX packets 6900  bytes 673498 (657.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6525  bytes 1549613 (1.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1  (Local Loopback)
        RX packets 9297  bytes 16797712 (16.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 9297  bytes 16797712 (16.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

---

[root@stone etc]# vim /usr/local/redis/etc/redis.conf
# Redis configuration file example.
#
# Note that in order to read the configuration file, Redis must be
……
## 綁定本機網卡接口地址（ifconfig中的兩個inet）
bind 127.0.0.1 xx.xx.xx.xx
……
## 配置redis密碼
requirepass love

---

[root@stone etc]redis添加密碼後，path/redis stop會出錯，解決方法：
[root@stone etc]# vim /etc/init.d/redis 
……
REDISPORT=6379
EXEC=/usr/local/redis/bin/redis-server
REDIS_CLI=/usr/local/redis/bin/redis-cli

PIDFILE=/var/run/redis.pid
## 添加 PWD=love
PWD=stone
……
## 搜索`shutdown`，在此命令中添加 `-a $PWD`
$REDIS_CLI -a $PWD -p $REDISPORT shutdown

用redis客戶端 RedisDesktopManager 遠程登錄redis成功 （注意開放6379端口）

（2） 配置/etc/gitlab/gitlab.rb

[root@stone etc]# vim /etc/gitlab/gitlab.rb

---

redis['enable'] = false

# 如果redis不是本機，就寫公網IP
gitlab_rails['redis_host'] = '127.0.0.1'
gitlab_rails['redis_port'] = 6379

# 此處的密碼必須加引號，否則會報錯
gitlab_rails['redis_password'] = 'love'

# 沒特別的話，就放在tmp下吧
gitlab_rails['redis_socket'] = '/tmp/redis.sock'

（3） 關閉gitlab-redis,重置gitlab配置

用redis-cli方法關閉，具體位置：/opt/gitlab/embedded/bin/redis-cli

( tip：我這不知道怎麼回事，gitlab-redis總是關不掉，所有我直接”init 6” ……)

[root@stone ~]#gitlab-ctl reconfigure
(成功)

[root@stone ~]# gitlab-ctl status
run: gitaly: (pid 480) 1632s; run: log: (pid 479) 1632s
run: gitlab-monitor: (pid 6271) 18s; run: log: (pid 486) 1632s
run: gitlab-workhorse: (pid 6261) 18s; run: log: (pid 484) 1632s
run: logrotate: (pid 489) 1632s; run: log: (pid 488) 1632s
run: node-exporter: (pid 478) 1632s; run: log: (pid 477) 1632s
run: prometheus: (pid 496) 1632s; run: log: (pid 495) 1632s
run: sidekiq: (pid 6243) 19s; run: log: (pid 490) 1632s
run: unicorn: (pid 6228) 19s; run: log: (pid 494) 1632s
(沒有redis進程，哈，成功)

[root@stone ~]# ps aux | grep redis
root      1184  0.0  0.4 145244  9364 ?        Ssl  17:06   0:00 /usr/local/redis/bin/redis-server 127.0.0.1:6379
root      6437  0.0  0.0 112652   968 pts/0    R+   17:34   0:00 grep --color=auto redis
(只有自己裝的redis，成功)