基于 AlmaLinux 9 安装 GitLab 社区版实战

原创

远哥制造

修改于 2024-11-05 21:13:12

940

修改于 2024-11-05 21:13:12

文章被收录于专栏：远哥制造

0x00. 前言

本文是一个系列，本篇为系列文章的第一篇：基于 AlmaLinux 9 安装 GitLab 社区版实战

第二篇：基于 AlmaLinux 9 配置 GitLab 社区版实战

三年前，自己的工作方向踏入互联网，当时团队内使用的就是私有 GitLab 实例，虽然公司内部也有私有 GitHub 实例

但现在看来，使用 GitLab 对比 GitHub 还是存在优势的（比如 GitLab 有社区版），自己也完全熟悉了 GitLab 的开发流

图源：https://www.liquidweb.com/help-docs/how-to-install-gitlab-gui-linux-almalinux/

简单搜了下社区的文章，部署的版本相对老旧。本文将基于最新 AlmaLinux OS 和 GitLab 版本，介绍其搭建方法，供参考

0x01. 安装前检查

计划在腾讯云购买的轻量机 cn-tx-bj7-a9 上安装，AlmaLinux 9.4 版本，配置为 4C4G60G，详细参数如下

参照官方文档：https://docs.gitlab.com/ee/install/requirements.html

1. OS

最新 AlmaLinux 9.4 版本

[root@cn-tx-bj7-a9 ~]# cat /etc/redhat-release 
AlmaLinux release 9.4 (Seafoam Ocelot)

2. CPU

四个核心

[root@cn-tx-bj7-a9 ~]# cat /proc/cpuinfo 
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 85
model name      : Intel(R) Xeon(R) Platinum 8255C CPU @ 2.50GHz
stepping        : 5
microcode       : 0x1
cpu MHz         : 2494.140
cache size      : 36608 KB
physical id     : 0
siblings        : 4
core id         : 0
cpu cores       : 4
apicid          : 0
initial apicid  : 0
fpu             : yes
fpu_exception   : yes
cpuid level     : 13
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl cpuid tsc_known_freq pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti fsgsbase bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx avx512f avx512dq rdseed adx smap clflushopt clwb avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 arat avx512_vnni
bugs            : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa itlb_multihit mmio_stale_data retbleed gds
bogomips        : 4988.28
clflush size    : 64
cache_alignment : 64
address sizes   : 46 bits physical, 48 bits virtual
power management:

processor       : 1
vendor_id       : GenuineIntel
cpu family      : 6
model           : 85
model name      : Intel(R) Xeon(R) Platinum 8255C CPU @ 2.50GHz
stepping        : 5
microcode       : 0x1
cpu MHz         : 2494.140
cache size      : 36608 KB
physical id     : 0
siblings        : 4
core id         : 1
cpu cores       : 4
apicid          : 1
initial apicid  : 1
fpu             : yes
fpu_exception   : yes
cpuid level     : 13
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl cpuid tsc_known_freq pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti fsgsbase bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx avx512f avx512dq rdseed adx smap clflushopt clwb avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 arat avx512_vnni
bugs            : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa itlb_multihit mmio_stale_data retbleed gds
bogomips        : 4988.28
clflush size    : 64
cache_alignment : 64
address sizes   : 46 bits physical, 48 bits virtual
power management:

processor       : 2
vendor_id       : GenuineIntel
cpu family      : 6
model           : 85
model name      : Intel(R) Xeon(R) Platinum 8255C CPU @ 2.50GHz
stepping        : 5
microcode       : 0x1
cpu MHz         : 2494.140
cache size      : 36608 KB
physical id     : 0
siblings        : 4
core id         : 2
cpu cores       : 4
apicid          : 2
initial apicid  : 2
fpu             : yes
fpu_exception   : yes
cpuid level     : 13
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl cpuid tsc_known_freq pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti fsgsbase bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx avx512f avx512dq rdseed adx smap clflushopt clwb avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 arat avx512_vnni
bugs            : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa itlb_multihit mmio_stale_data retbleed gds
bogomips        : 4988.28
clflush size    : 64
cache_alignment : 64
address sizes   : 46 bits physical, 48 bits virtual
power management:

processor       : 3
vendor_id       : GenuineIntel
cpu family      : 6
model           : 85
model name      : Intel(R) Xeon(R) Platinum 8255C CPU @ 2.50GHz
stepping        : 5
microcode       : 0x1
cpu MHz         : 2494.140
cache size      : 36608 KB
physical id     : 0
siblings        : 4
core id         : 3
cpu cores       : 4
apicid          : 3
initial apicid  : 3
fpu             : yes
fpu_exception   : yes
cpuid level     : 13
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl cpuid tsc_known_freq pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti fsgsbase bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx avx512f avx512dq rdseed adx smap clflushopt clwb avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 arat avx512_vnni
bugs            : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa itlb_multihit mmio_stale_data retbleed gds
bogomips        : 4988.28
clflush size    : 64
cache_alignment : 64
address sizes   : 46 bits physical, 48 bits virtual
power management:

3. RAM

四个 G 的内存，还追加了 5G 的交换分区

[root@cn-tx-bj7-a9 ~]# free -mh
               total        used        free      shared  buff/cache   available
Mem:           3.6Gi       1.3Gi       609Mi        12Mi       1.9Gi       2.2Gi
Swap:          5.0Gi       1.4Gi       3.6Gi

4. DISK

一块 60G 的系统盘，并没有使用到 LVM

[root@cn-tx-bj7-a9 ~]# lsblk
NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINTS
sr0     11:0    1 70.6M  0 rom  
vda    253:0    0   60G  0 disk 
└─vda1 253:1    0   60G  0 part /
[root@cn-tx-bj7-a9 ~]# fdisk -l
Disk /dev/vda: 60 GiB, 64424509440 bytes, 125829120 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x59000bba

Device     Boot Start       End   Sectors Size Id Type
/dev/vda1  *     2048 125829086 125827039  60G 83 Linux
[root@cn-tx-bj7-a9 ~]# lsblk
NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINTS
sr0     11:0    1 70.6M  0 rom  
vda    253:0    0   60G  0 disk 
└─vda1 253:1    0   60G  0 part /
[root@cn-tx-bj7-a9 ~]# df -h | grep -v overlay
Filesystem      Size  Used Avail Use% Mounted on
devtmpfs        4.0M     0  4.0M   0% /dev
tmpfs           1.8G   24K  1.8G   1% /dev/shm
tmpfs           732M  1.6M  731M   1% /run
/dev/vda1        59G   26G   32G  45% /
tmpfs           366M     0  366M   0% /run/user/0
[root@cn-tx-bj7-a9 ~]# df -Th | grep -v overlay
Filesystem     Type      Size  Used Avail Use% Mounted on
devtmpfs       devtmpfs  4.0M     0  4.0M   0% /dev
tmpfs          tmpfs     1.8G   24K  1.8G   1% /dev/shm
tmpfs          tmpfs     732M  1.7M  731M   1% /run
/dev/vda1      ext4       59G   26G   32G  45% /
tmpfs          tmpfs     366M     0  366M   0% /run/user/0

0x02. 安装前准备

虽然自己业余经常使用 docker 部署项目，但为了稳定性考虑这里还是使用安装 rpm 包的方法

参照官方文档：https://docs.gitlab.com/omnibus/ 和 https://about.gitlab.com/install/#almalinux

1. 安装依赖包

[root@cn-tx-bj7-a9 ~]# dnf install -y curl policycoreutils openssh-server perl

检查 sshd 和 firewalld 状态

[root@cn-tx-bj7-a9 ~]# systemctl status sshd firewalld
● sshd.service - OpenSSH server daemon
     Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: enabled)
     Active: active (running) since Thu 2024-10-10 22:48:02 CST; 3 weeks 1 day ago
       Docs: man:sshd(8)
             man:sshd_config(5)
   Main PID: 984 (sshd)
      Tasks: 1 (limit: 23180)
     Memory: 8.4M
        CPU: 21min 17.312s
     CGroup: /system.slice/sshd.service
             └─984 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"
             
● firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: enabled)
     Active: active (running) since Thu 2024-10-10 22:52:11 CST; 3 weeks 1 day ago
       Docs: man:firewalld(1)
   Main PID: 5968 (firewalld)
      Tasks: 2 (limit: 23180)
     Memory: 18.4M
        CPU: 28min 6.256s
     CGroup: /system.slice/firewalld.service
             └─5968 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid

因为自己只使用云防火墙，所以 firewalld 这里配置为信任区域，请勿在生产环境中使用

[root@cn-tx-bj7-a9 ~]# firewall-cmd --list-all
trusted (active)
  target: ACCEPT
  icmp-block-inversion: no
  interfaces: eth0
  sources: 
  services: 
  ports: 
  protocols: 
  forward: yes
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

这里就不安装 Postfix (or Sendmail) 了，未来会通过 SMTP 接入腾讯云企业邮箱（https://docs.gitlab.com/omnibus/settings/smtp）

2. 添加源

官网一键脚本

[root@cn-tx-bj7-a9 ~]# wget https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh
[root@cn-tx-bj7-a9 ~]# bash script.rpm.sh 
Detected operating system as almalinux/9.
Checking for curl...
Detected curl...
Downloading repository file: https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/config_file.repo?os=almalinux&dist=9&source=script
done.
Installing yum-utils...
gitlab_gitlab-ce-source                                                                                                                                                                        182  B/s | 862  B     00:04    
gitlab_gitlab-ce-source                                                                                                                                                                        3.2 kB/s | 3.1 kB     00:00    
Importing GPG key 0x51312F3F:
 Userid     : "GitLab B.V. (package repository signing key) <packages@gitlab.com>"
 Fingerprint: F640 3F65 44A3 8863 DAA0 B6E0 3F01 618A 5131 2F3F
 From       : https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
gitlab_gitlab-ce-source                                                                                                                                                                        4.9 kB/s | 7.0 kB     00:01    
Importing GPG key 0xF27EAB47:
 Userid     : "GitLab, Inc. <support@gitlab.com>"
 Fingerprint: DBEF 8977 4DDB 9EB3 7D9F C3A0 3CFC F9BA F27E AB47
 From       : https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce-3D645A26AB9FBD22.pub.gpg
gitlab_gitlab-ce-source                                                                                                                                                                         20  B/s | 296  B     00:14    
Package yum-utils-4.3.0-13.el9.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
Generating yum cache for gitlab_gitlab-ce...
Importing GPG key 0x51312F3F:
 Userid     : "GitLab B.V. (package repository signing key) <packages@gitlab.com>"
 Fingerprint: F640 3F65 44A3 8863 DAA0 B6E0 3F01 618A 5131 2F3F
 From       : https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
Importing GPG key 0xF27EAB47:
 Userid     : "GitLab, Inc. <support@gitlab.com>"
 Fingerprint: DBEF 8977 4DDB 9EB3 7D9F C3A0 3CFC F9BA F27E AB47
 From       : https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce-3D645A26AB9FBD22.pub.gpg
Generating yum cache for gitlab_gitlab-ce-source...

The repository is setup! You can now install packages.

3. 下载 rpm 包

可查询全部版本：dnf --showduplicates list gitlab-ce

[root@cn-tx-bj7-a9 ~]# dnf info gitlab-ce
Last metadata expiration check: 0:03:43 ago on Sat 02 Nov 2024 12:09:10 AM CST.
Available Packages
Name         : gitlab-ce
Version      : 17.5.1
Release      : ce.0.el9
Architecture : x86_64
Size         : 1.2 G
Source       : gitlab-ce-17.5.1-ce.0.el9.src.rpm
Repository   : gitlab_gitlab-ce
Summary      : GitLab Community Edition (including NGINX, Postgres, Redis)
URL          : https://about.gitlab.com/
License      : MIT
Description  : GitLab Community Edition (including NGINX, Postgres, Redis)
[root@cn-tx-bj7-a9 ~]# dnf repoquery --location gitlab-ce-17.5.1
Last metadata expiration check: 0:04:04 ago on Sat 02 Nov 2024 12:09:10 AM CST.
https://packages.gitlab.com/gitlab/gitlab-ce/el/9/x86_64/gitlab-ce-17.5.1-ce.0.el9.x86_64.rpm
[root@cn-tx-bj7-a9 ~]# wget https://packages.gitlab.com/gitlab/gitlab-ce/el/9/x86_64/gitlab-ce-17.5.1-ce.0.el9.x86_64.rpm

0x03. 安装

执行安装，这里 EXTERNAL_URL 先使用 HTTP 协议，后续再升级至 HTTPS

[root@cn-tx-bj7-a9 ~]# ls -lh | grep gitlab-ce
-rw-r--r--  1 root root 1.3G Oct 23 18:33 gitlab-ce-17.5.1-ce.0.el9.x86_64.rpm
[root@cn-tx-bj7-a9 ~]# GITLAB_ROOT_EMAIL="root@yuangezhizao.cn" GITLAB_ROOT_PASSWORD="<rm>" EXTERNAL_URL="http://gitlab.yuangezhizao.cn" dnf install gitlab-ce-17.5.1-ce.0.el9.x86_64.rpm

安装完成

通过 gitlab-ctl status 检查状态

[root@cn-tx-bj7-a9 ~]# gitlab-ctl status
run: alertmanager: (pid 3943452) 326588s; run: log: (pid 3942170) 326657s
run: gitaly: (pid 3943232) 326605s; run: log: (pid 3939976) 326813s
run: gitlab-exporter: (pid 3943399) 326590s; run: log: (pid 3941880) 326673s
run: gitlab-kas: (pid 3940293) 326800s; run: log: (pid 3940345) 326797s
run: gitlab-workhorse: (pid 3943202) 326606s; run: log: (pid 3941345) 326700s
run: logrotate: (pid 794233) 2820s; run: log: (pid 3939812) 326823s
run: nginx: (pid 3943215) 326605s; run: log: (pid 3941397) 326696s
down: node-exporter: 0s, normally up, want up; run: log: (pid 3941512) 326692s
run: postgres-exporter: (pid 3943471) 326588s; run: log: (pid 3942247) 326651s
run: postgresql: (pid 3940056) 326807s; run: log: (pid 3940085) 326804s
run: prometheus: (pid 3943414) 326589s; run: log: (pid 3942085) 326661s
run: puma: (pid 3941129) 326713s; run: log: (pid 3941139) 326712s
run: redis: (pid 3939911) 326820s; run: log: (pid 3939938) 326817s
run: redis-exporter: (pid 3943406) 326590s; run: log: (pid 3942007) 326667s
run: sidekiq: (pid 3941207) 326707s; run: log: (pid 3941235) 326706s