Centos6.7 minimal安装GitLab8.3.4配置LDAP、发邮件以及升级到GitLab8.5.4

建议使用非root账户安装，先同步系统时间：

ntpdate cn.pool.ntp.org

1、创建用户gitlab

注意：centos下，adduser和useradd的命令效果是一样的，但ubunut下，useradd只创建用户不生成用户主目录，adduser会用向导提示你一步步创建一个完整的用户：

[gitlab@localhost ~]$ su root
Password:
[root@localhost gitlab]# cd ~
[root@localhost ~]# passwd gitlab
Changing password for user gitlab.
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]# su gitlab
[gitlab@localhost root]$ cd ~
[gitlab@localhost ~]$

2、安装gitlab

访问 https://about.gitlab.com/downloads/#centos6：

按照第一步安装必要的依赖。如果你不想用sendmail或者postfix作为发送邮件的服务端，你可以不安装postfix，而使用内置的smtp配置第三方的邮箱即可，或者是你的企业邮箱：

1. Install and configure the necessary dependencies

sudo yum install curl openssh-server openssh-clients postfix cronie
sudo service postfix start
sudo chkconfig postfix on
sudo lokkit -s http -s ssh

第二步我使用的是下载rpm包的方式安装，而不是使用官方的脚本：

2. Add the GitLab package server and install the package

rpm包到这里下载，https://packages.gitlab.com/gitlab/gitlab-ce

包很大比较慢，不建议使用wget或者curl，建议下载到本地再上传到服务器。

下载完成后，

sudo rpm -i gitlab-ce-8.5.4-ce.0.el6.x86_64.rpm

3、配置LDAP认证

编辑配置文件。注意，最后那个EOS的注释要取消掉：

sudo vim /etc/gitlab/gitlab.rb

## For setting up LDAP
## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#setting-up-ldap-sign-in
## Be careful not to break the identation in the ldap_servers block. It is in
## yaml format and the spaces must be retained. Using tabs will not work.

 gitlab_rails['ldap_enabled'] = true
 gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
   main: # 'main' is the GitLab 'provider ID' of this LDAP server
     label: 'LDAP'
     host: '192.168.100.100'
     port: 389
     uid: 'sAMAccountName'
     method: 'plain' # "tls" or "ssl" or "plain"
     bind_dn: 'cn=your_ldap_name,ou=your_ou_name,dc=your_2nd_domain,dc=your_1st_domain'
     password: 'yourpassword'
     active_directory: true
     allow_username_or_email_login: false
     block_auto_created_users: false
     base: 'dc=tima,dc=local'
     user_filter: ''
#     ## EE only
#     group_base: ''
#     admin_group: ''
#     sync_ssh_keys: false
#
#   secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
#     port: 389
#     uid: 'sAMAccountName'
#     method: 'plain' # "tls" or "ssl" or "plain"
#     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
#     password: '_the_password_of_the_bind_user'
#     active_directory: true
#     allow_username_or_email_login: false
#     block_auto_created_users: false
#     base: ''
#     user_filter: ''
#     ## EE only
#     group_base: ''
#     admin_group: ''
#     sync_ssh_keys: false
 EOS

4、取消用户注册功能

注意：由于大家呼声很高，似乎从7.7版开始，gitlab默认启用了用户注册功能，并且在 /etc/gitlab/gitlab.rb 中找不到

#gitlabrails['gitlabsignup_enabled'] = false

#gitlabrails[

'signinenabled'] = false

配置部分了，但是可以登录root账户在GUI下的Admin Area 中配置，如下：

5、配置发送邮件功能

邮件发送其实不必要用到postfix或sendmail，所以我是先停掉了postfix，以免配置过程中的错误日志产生误导：

sudo service postfix status
sudo service postfix stop
sudo service postfix disable
sudo chkconfig postfix off
sudo chkconfig

编辑配置文件：

sudo vim /etc/gitlab/gitlab.rb

取消注释并修改：

################################
# GitLab email server settings #
################################
# see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/smtp.md#smtp-settings
# Use smtp instead of sendmail/postfix.

 gitlab_rails['smtp_enable'] = true
 gitlab_rails['smtp_address'] = "smtp.yourdomain.com"
 gitlab_rails['smtp_port'] = 25 #465 for SSL
 gitlab_rails['smtp_user_name'] = "your_mail_sender_name"
 gitlab_rails['smtp_password'] = "your_password"
 gitlab_rails['smtp_domain'] = "smtp.yourdomain.com"
 gitlab_rails['smtp_authentication'] = "login"
 gitlab_rails['smtp_enable_starttls_auto'] = true
 gitlab_rails['smtp_tls'] = false
 gitlab_rails['smtp_openssl_verify_mode'] = 'none' # Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert', see http://api.rubyonrails.org/classes/ActionMailer/Base.html
# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"

然后reconfigure：

sudo gitlab-ctl reconfigure

同时可能需要检查以下两个配置文件是否与你配置的信息一致：

sudo vim /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml

sudo vim /opt/gitlab/embedded/service/gitlab-rails/config/initializers/smtp_settings.rb

SecureCRT另开session观察日志输出：

sudo tail -f /var/log/gitlab/gitlab-rails/production.log

测试邮件推送功能是否正常：

使用ldap账户登录到gitlab，创建一个项目如pythonweb，这时候默认的group是你的用户名，如果你想用别的项目，可以点击Create a group，添加一个group，创建完成后我的git路径是：

git@172.16.224.246:openstack/pythonweb.git

第一次配的时候应该是

git@localhost:openstack/pythonweb.git

这里的localhost是不合理的，别人提交代码的时还得修改成ip或者域名，这个可以在配置文件里修改默认值：

sudo vim /etc/gitlab/gitlab.rb

在最顶部修改如下：

## Url on which GitLab will be reachable.
external_url 'http://172.16.224.246'  #这里是ip地址或者域名

回到gitlab界面，点击左下角的settings--services--Emails on push, 勾选Active，Recipients填写本项目更新需要推送知晓的人员，多个用空格或者逗号隔开：

本机添加git目录并push到远程主机：

我在windows下，使用cygwin，cygwin配置可以参考：

https://xstarcd.github.io/wiki/cygwin/index.html（我同事）

http://www.cnblogs.com/astwish/articles/3700459.html

git使方法推荐廖雪峰老师的git教程。

第一次提交项目前会要求添加SSH key，点击add an SSH key，可以添加自己的公钥到（公钥可以有多个）：

本机生成SSH key，并复制蓝底部分到上面的key框中：

$

ssh-keygen -t rsa -C valiant.jiang@timanetworks.com

#email要填你登录gitlab的ldap关联的email
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ONE/.ssh/id_rsa):
/home/ONE/.ssh/id_rsa already exists.
Overwrite (y/n)? n  #我是no 因为已经有了不想再改

ONE@DESKTOP-BGP4M01 ~$ 

cat ~/.ssh/id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0V2KJgXp3O0p/5pE2apMJLg9W9ePQF8cOFUo03nEIX6IRjrHGmZjMX8napr9lJRU676pgJhekW/gbyn1DuSyBxurPe65vr/MpQMCMq/Pd00tA/z3irT5DIvfhLb+xhaTMJcT7UIBNvSjw4pUb2la3cKJzkbV01RzbESoNnpEqtnZsVY8Ys1WNHzRkgxO+EGQphf9HdEanRxOoIUKmOKtVUA8oiCpz0z6yyWnNFYnL6OMeviYiJ26n7eKTV5pqUmQtbzc3sKNTXsi+1Cw+3l1/l8Mbro2o6NGQP4lNfJGjFU6Q3t/uV4l+mpP11r0cqfzjF4gegxk0G9NiIomgAHmp valiant.jiang@timanetworks.com

ONE@DESKTOP-BGP4M01 ~$

按照project页面的提示，设置全局的免密钥代码提交账户：

git config --global user.name "Valiant Jiang"

git config --global user.email valiant.jiang@timanetworks.com

git clone git@172.16.224.246:openstack/pythonweb.git
cd pythonweb
touch README.md
git add README.md
git commit -m "add README"
git push -u origin master

做完这一步，应该就可以收到系统发给你的push报告邮件了：

6、升级到最新稳定版

针对不同的安装方式，GitLab官方提供了不同的升级方法，我们是手动安装的omnibus包，所以用下面的链接升级：

https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/update/README.md#updating-from-gitlab-66-and-higher-to-the-latest-version

Updating from GitLab 6.6 and higher to the latest version

The procedure can also be used to upgrade from a CE omnibus package to an EE omnibus package.

First, download the latest CE or EE (license key required) package to your GitLab server.

Stop services but leave postgresql running for the database migrations and create a backup

sudo gitlab-ctl stop unicorn
sudo gitlab-ctl stop sidekiq
sudo gitlab-ctl stop nginx
sudo gitlab-rake gitlab:backup:create

Install the latest package

# Ubuntu/Debian:
sudo dpkg -i gitlab_x.x.x-omnibus.xxx.deb

# CentOS:
sudo rpm -Uvh gitlab-x.x.x_xxx.rpm

Reconfigure GitLab (includes running database migrations) and restart all services

sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart

Done!

Trouble? Check status details

sudo gitlab-ctl status
sudo gitlab-rake gitlab:check SANITIZE=true

7、实用链接

log文件详解：http://doc.gitlab.com/ee/logs/logs.html

ldap配置：http://doc.gitlab.com/ce/integration/ldap.html

smtp配置：http://doc.gitlab.com/omnibus/settings/smtp.html

各版本升级地址：https://about.gitlab.com/update/

本次升级地址：https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/update/README.md#updating-from-gitlab-66-and-higher-to-the-latest-version