Linux运维笔记|自动化运维攻城狮
部署社区版gitlab
- 安装gitlab的依赖项
yum install -y curl openssh-server openssh-clients postfix cronie policycoreutils-python
- 启动postfix,并设置为开机启动
systemctl start postfix
systemctl enable postfix
- 设置防火墙
firewall-cmd --add-service=http --permanent
firewall-cmd --reload
- 获取rpm包
wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-11.4.14-ce.0.el7.x86_64.rpm
- 安装RPM包
rpm -i gitlab-ce-11.4.14-ce.0.el7.x86_64.rpm
- 根据提示
gitlab-ctl reconfigure
- 修改配置文件gitlab.rb
external_url 'http://gitlab.imdst.com'
git_data_dirs({
"default" => {
"path" => "/data/gitlab/data"
}
})
- 如何使用自建Nginx需要修改如下配置gitlab.rb
nginx['enable'] = false
web_server['external_users'] = ['www']
gitlab_rails['trusted_proxies'] = [ '127.0.0.1' ]
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "127.0.0.1:8181"
- 重载配置
gitlab-ctl reconfigure
gitlab-ctl restart
- 查看gitlab版本
head -1 /opt/gitlab/version-manifest.txt
覆盖汉化包
- 下载汉化包
https://gitlab.com/xhang
wget https://gitlab.com/xhang/gitlab/-/archive/11-4-stable-zh/gitlab-11-4-stable-zh.zip
- 解压覆盖
unzip gitlab-11-4-stable-zh.zip
cd gitlab-11-4-stable-zh
cp -r /opt/gitlab/embedded/service/gitlab-rails{,.ori} #备份
\cp -fr * /opt/gitlab/embedded/service/gitlab-rails/
- 重载配置
```
gitlab-ctl reconfigure
gitlab-ctl restart
Nginx配置
- nginx.conf 增加如下配置
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Remove private_token from the request URI
# In: /foo?private_token=unfiltered&authenticity_token=unfiltered&rss_token=unfiltered&...
# Out: /foo?private_token=[FILTERED]&authenticity_token=unfiltered&rss_token=unfiltered&...
map $request_uri $temp_request_uri_1 {
default $request_uri;
~(?i)^(?<start>.*)(?<temp>[\?&]private[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
}
# Remove authenticity_token from the request URI
# In: /foo?private_token=[FILTERED]&authenticity_token=unfiltered&rss_token=unfiltered&...
# Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&rss_token=unfiltered&...
map $temp_request_uri_1 $temp_request_uri_2 {
default $temp_request_uri_1;
~(?i)^(?<start>.*)(?<temp>[\?&]authenticity[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
}
# Remove rss_token from the request URI
# In: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&rss_token=unfiltered&...
# Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&rss_token=[FILTERED]&...
map $temp_request_uri_2 $filtered_request_uri {
default $temp_request_uri_2;
~(?i)^(?<start>.*)(?<temp>[\?&]rss[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
}
# A version of the referer without the query string
map $http_referer $filtered_http_referer {
default $http_referer;
~^(?<temp>.*)\? $temp;
}
- gitlab.imdst.com.conf
upstream gitlab-workhorse {
server 127.0.0.1:8181;
}
server {
listen 80;
server_name gitlab.imdst.com;
return 307 https://gitlab.imdst.com$request_uri;
}
server {
listen 443 ssl;
server_name gitlab.imdst.com;
index index.html index.htm index.php;
access_log /data/logs/gitlab.imdst.com.acc.log access;
error_log /data/logs/gitlab.imdst.com.err.log;
add_header Strict-Transport-Security "max-age=31536000";
server_tokens off;
client_max_body_size 0;
ssl_prefer_server_ciphers on;
ssl on;
keepalive_timeout 70;
ssl_certificate ./sslkey/gitlab.imdst.com.crt;
ssl_certificate_key ./sslkey/gitlab.imdst.com.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;preload" always;
if ($http_host = "") {
set $http_host_with_default "gitlab.imdst.com";
}
if ($http_host != "") {
set $http_host_with_default $http_host;
}
location ~ (\.git/gitlab-lfs/objects|\.git/info/lfs/objects/batch$) {
proxy_cache off;
proxy_pass http://gitlab-workhorse;
proxy_request_buffering off;
}
location ~ ^/(assets)/ {
root /opt/gitlab/embedded/service/gitlab-rails/public;
expires max;
add_header Cache-Control public;
}
error_page 404 /404.html;
error_page 500 /500.html;
error_page 502 /502.html;
location ~ ^/(404|500|502)(-custom)?\.html$ {
root /opt/gitlab/embedded/service/gitlab-rails/public;
internal;
}
location / {
proxy_pass http://127.0.0.1:8181;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_read_timeout 300; # Some requests take more than 30 seconds.
proxy_connect_timeout 300; # Some requests take more than 30 seconds.
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header Host $http_host_with_default;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
}
}
登陆
- 首次登陆提示修改密码
- 使用root登陆
邮件配置
- 邮件配置
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.163.com"
gitlab_rails['smtp_port'] = 25
gitlab_rails['smtp_user_name'] = "aaa@163.com"
gitlab_rails['smtp_password'] = "dfasfasdfdsfa"
gitlab_rails['smtp_domain'] = "163.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = false
### Email Settings
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'aaa@163.com'
gitlab_rails['gitlab_email_display_name'] = 'aaa'
gitlab_rails['gitlab_email_reply_to'] = 'aaa@163.com'
gitlab_rails['gitlab_email_subject_suffix'] = 'gitlab'
# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0"
- 测试发邮件
gitlab-rails console
-------------------------------------------------------------------------------------
GitLab: 11.4.14 (c69471c)
GitLab Shell: 8.3.3
postgresql: 9.6.8
-------------------------------------------------------------------------------------
Loading production environment (Rails 4.2.10)
irb(main):001:0> Notify.test_email('leoiceo@qq.com', 'Message Subject', 'Message Body').deliver_now
修改默认备份目录
- 首先创建自定义存放目录
mkdir /data/backup/gitlab
chown git.git /data/backup -R
- 编辑修改配置文件/etc/gitlab/gitlab.rb
gitlab_rails['manage_backup_path'] = true
gitlab_rails['backup_path'] = "/data/backup/gitlab/"
gitlab_rails['backup_archive_permissions'] = 0644
# gitlab_rails['backup_pg_schema'] = 'public'
###! The duration in seconds to keep backups before they are allowed to be deleted (7天)
gitlab_rails['backup_keep_time'] = 604800
重载配置
gitlab-ctl reconfigure配置脚本,每3小时备份一次,删除7天前的备份,并且同步到异地
#!/bin/bash
gitlab-rake gitlab:backup:create RAILS_ENV=production
if [ -d /data/backup/gitlab/ ];then
cd /data/backup/gitlab/
find . -mtime +7 -exec rm -f {} \;
fi
remote_ipaddr="172.16.51.127"
ssh_cmd="ssh -p 22022 -o StrictHostKeyChecking=no -o PasswordAuthentication=no"
rsync_args="-q -rtl --progress --bwlimit=30000"
today=`date +"%Y%m%d"`
remote_dir="/data/remote_backup"
/usr/bin/rsync $rsync_args -e "$ssh_cmd" /data/backup/gitlab/ root@${remote_ipaddr}:$remote_dir/gitlab/