第1章 gitlab安装部署
1.官方网站
https://about.gitlab.com/install/#centos-7
2.安装依赖
yum -y install policycoreutils-python.x86_64 openssh-server curl
3.安装gitlab
方法1:添加清华源,然后安装
cat > /etc/yum.repos.d/gitlab-ce.repo <<EOF
[gitlab-ce]
name=gitlab-ce
baseurl=http://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7
repo_gpgcheck=0
gpgcheck=0
enabled=1
gpgkey=https://packages.gitlab.com/gpg.key
EOF
方法2:直接下载指定版本的清华源rpm包
https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/
安装命令
yum -y install gitlab-ce
4.修改配置文件
修改external_url为本机IP
vim /etc/gitlab/gitlab.rb
external_url 'http://10.0.0.200'
5.重新加载配置并启动
这一步耗时比较长,耐心等待
gitlab-ctl reconfigure
6.gitlab常用命令
查看当前状态
gitlab-cli status
启动服务
gitlab-cli start
停止服务
gitlab-cli stop
停止单个服务
gitlab-ctl stop nginx
启动单个服务
gitlab-ctl start nginx
查看服务日志
gitlab-ctl tail
7.web页面访问
初次登陆gitlab需要我们设置密码,密码长度不低于8位
设置完密码之后我们就可以登陆了,用户名为root,密码为刚才设置的密码:
登录后的界面:
第2章 gitlab权限说明
1.用户-项目组-项目说明
1.项目由项目组来创建,而不是由用户创建
2.用户通过加入到不同的组,来实现对项目的访问或者提交
3.项目可以设置为只有项目组可以查看,所有登陆用户可以查看和谁都可以看三种
2.建议的操作流程
1.创建组
2.基于组创建项目
3.创建用户,分配组,分配权限
3.说明图
第3章 gitlab权限实验
1.需求分析
文字版
1.创建2个组
dev
ops
2.创建2个项目
ansible
game
3.创建3个用户
cto
olya_ops
oldya_dev
4.分配权限
cto 对所有组都有权限,拥有合并分支的权限
oldya_dev 对dev组有所有权限,可以推拉代码
oldya_ops 对ops组有所有权限,可以推拉代码,对dev组有拉取代码的权限
图表版
2.创建组
2.1 创建dev组
2.2 创建ops组
2.3 检查
3.创建项目
3.1 创建game项目
<img src="https://img.haomeiwen.com/i14248468/5378c5da17467800.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240" />
3.2 创建ansible项目
4.创建用户
4.1 创建cto用户
创建密码
4.2 创建oldya_dev用户
修改密码
4.3 创建oldya_ops用户
修改密码
4.4 检查
5.授权
5.1 dev组添加用户
添加cto账户
添加oldya_dev用户
添加oldya_ops用户
检查
5.2 ops组添加用户
添加cto用户
添加ops用户
检查
6.取消用户注册
7.dev用户拉取上传测试
7.1 dev用户登陆并修改密码
<img src="/Users/zhangya/Library/Application Support/typora-user-images/image-20200805204446773.png" alt="image-20200805204446773" style="zoom: 67%;" />
<img src="https://img.haomeiwen.com/i14248468/db679982ac46eba6.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240" style="zoom:50%;" />
7.2 添加SSH公匙
要想dev用户能免密克隆上传项目,需要将开发者电脑的ssh公钥上传到项目的仓库中
生成SSH密钥对
ssh-keygen -f /root/.ssh/id_rsa -N ''
复制公钥
[root@web-7 ~]# cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZS9kTGlim0k8zhCSPWp/gsg7ll5ymn91bS7ADuTp4B+5fkt3Tyo+TdgUKD786mkyNH9bJK3W3rwN5SviQJCOKemPVCJCzmewbdubweeZ/ZfXQFZ/iOvB6uiWD1THbfEG8OUxT7OVQiVffwhyXdtGnifcpu/hNWmDWDArFXlR7fvT84QpIOvWC8TKpHM//6EsQgPv4lfM1oLOXNEcoW7DGmQhuWkhiYBzjiYxfRfZo6H5G0WNMwx1piC9MnLbbIBxRp201gtPJZjykSe8le2wJiUU0i6DAObjSo2Nfshwjdc020qaCKFG/1sH9GsUzLBJ3l44Tuj6HdPH/0poejCxP root@web-7
将公钥信息添加到项目里
7.3 克隆项目
git克隆命令
[root@web-7 ~]# git clone git@10.0.0.200:dev/game.git
正克隆到 'game'...
The authenticity of host '10.0.0.200 (10.0.0.200)' can't be established.
ECDSA key fingerprint is SHA256:FD6YcWj3q66GnZZX7Qa36YpguJn7g70H3sJQu9Y7OcM.
ECDSA key fingerprint is MD5:e8:e1:ab:63:d4:91:1a:c4:f6:3e:fb:cf:27:93:40:f0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.200' (ECDSA) to the list of known hosts.
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0)
接收对象中: 100% (3/3), done.
[root@web-7 ~]# ll
总用量 0
drwxr-xr-x 3 root root 35 8月 5 20:54 game
[root@web-7 ~]# ll game/
总用量 4
-rw-r--r-- 1 root root 8 8月 5 20:54 README.md
7.4 创建新分支并修改代码提交
[root@web-7 ~]# cd game/
#创建新分支
[root@web-7 ~/game]# git checkout -b game_v1
切换到一个新分支 'game_v1'
#创建首页文件
[root@web-7 ~/game]# echo "v1" > index.html
#提交修改的文件到暂存区
[root@web-7 ~/game]# git add .
#提交暂存区记录到本地仓库
[root@web-7 ~/game]# git commit -m "create index"
[game_v1 0febf4c] create index
1 file changed, 1 insertion(+)
create mode 100644 index.html
#推送到远程仓库的分支
[root@web-7 ~/game]# git push origin game_v1
Counting objects: 4, done.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 271 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
remote:
remote: To create a merge request for game_v1, visit:
remote: http://10.0.0.200/dev/game/merge_requests/new?merge_request%5Bsource_branch%5D=game_v1
remote:
To git@10.0.0.200:dev/game.git
* [new branch] game_v1 -> game_v1
7.5 gitlab创建合并请求
7.6 cto用户合并分支
使用cto用户登陆,然后将分支合并到master主干
7.7 检查
8.ops用户拉取上传测试
8.1 oldya_ops用户创建SSH密钥对
[root@web-8 ~]# ssh-keygen -f /root/.ssh/id_rsa -N ''
Generating public/private rsa key pair.
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:eUe4jLkE0Hyp0yU3tCkqtGZRf5/i0rDnT415V60Neag root@web-8
The key's randomart image is:
+---[RSA 2048]----+
| .o. o. |
| oo.+ ++ |
| o .+o+=.. |
| . ooo.B + . o.|
| = ..S = + + +|
| o . . B o = =.|
| + + E + o|
| + . . . |
| ... |
+----[SHA256]-----+
[root@web-8 ~]# cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJrUsBKg8bKRhwOBuEMmctufi0c4R7OEMcOR6WvYzR8O20EB8NR4mb/TJg45vOFoKuGT+NIwknvhMGrKAdl6UA1m5C9e1EZVZI13ZbuOsKTiiEyN/kXTzmpgkhyBC2jS8zHkGVJ4w4+QThax9yl5hAbUZBkuccwZJKYktWnRMcbp2Fe/qBBJauenvcvpeWonneOCyeH57FUrQNmYoJpJeW6WwMEs27IhULfjVKC7u78wXRXTGZFlx6lwKymgOevLp0rdZA12E8pnvFBfwzCW1nk+uVwfSSYXYrVBoSAk2D2Qy+YSCxxx9GrjS2tRMFO5iT0Bp7dbgKSl2Hb3sfJoqR root@web-8
8.2 gitlab项目添加公钥信息
8.3 克隆项目
[图片上传失败...(image-886b3f-1598313773268)]
克隆代码
[root@web-8 ~]# git clone git@10.0.0.200:ops/ansible.git
正克隆到 'ansible'...
The authenticity of host '10.0.0.200 (10.0.0.200)' can't be established.
ECDSA key fingerprint is SHA256:FD6YcWj3q66GnZZX7Qa36YpguJn7g70H3sJQu9Y7OcM.
ECDSA key fingerprint is MD5:e8:e1:ab:63:d4:91:1a:c4:f6:3e:fb:cf:27:93:40:f0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.200' (ECDSA) to the list of known hosts.
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0)
接收对象中: 100% (3/3), done.
8.4 创建新分支并修改代码提交
[root@web-8 ~/ansible]# ls
README.md
#切换分支
[root@web-8 ~/ansible]# git checkout -b add_nginx
切换到一个新分支 'add_nginx'
#创建新文件
[root@web-8 ~/ansible]# echo "nginx" >> nginx.yaml
#查看跟踪状态
[root@web-8 ~/ansible]# git status
# 位于分支 add_nginx
# 未跟踪的文件:
# (使用 "git add <file>..." 以包含要提交的内容)
#
# nginx.yaml
提交为空,但是存在尚未跟踪的文件(使用 "git add" 建立跟踪)
#提交更新文件到暂存区
[root@web-8 ~/ansible]# git add .
#提交暂存区文件到本地仓库
[root@web-8 ~/ansible]# git commit -m "add nginx.yaml"
[add_nginx c368e6a] add nginx.yaml
1 file changed, 1 insertion(+)
create mode 100644 nginx.yaml
#查看状态
[root@web-8 ~/ansible]# git status
# 位于分支 add_nginx
无文件要提交,干净的工作区
#提交本地仓库文件到远程分支
[root@web-8 ~/ansible]# git push origin add_nginx
Counting objects: 4, done.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 280 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
remote:
remote: To create a merge request for add_nginx, visit:
remote: http://10.0.0.200/ops/ansible/merge_requests/new?merge_request%5Bsource_branch%5D=add_nginx
remote:
To git@10.0.0.200:ops/ansible.git
* [new branch] add_nginx -> add_nginx
8.5 登陆gitlab创建合并请求
8.6 cto用户合并分支
8.7 检查
8.8 oldya_ops测试能否修改上传game代码
#ops用户可以正常克隆代码
[root@web-8 ~]# git clone git@10.0.0.200:dev/game.git
正克隆到 'game'...
remote: Enumerating objects: 7, done.
remote: Counting objects: 100% (7/7), done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 7 (delta 0), reused 0 (delta 0)
接收对象中: 100% (7/7), done.
#进入项目目录
[root@web-8 ~]# cd game/
[root@web-8 ~/game]# ls
index.html README.md
#切换新分支
[root@web-8 ~/game]# git checkout -b ops
切换到一个新分支 'ops'
#创建新文件
[root@web-8 ~/game]# touch ops.txt
#检查
[root@web-8 ~/game]# git status
# 位于分支 ops
# 未跟踪的文件:
# (使用 "git add <file>..." 以包含要提交的内容)
#
# ops.txt
提交为空,但是存在尚未跟踪的文件(使用 "git add" 建立跟踪)
#提交新文件到暂存区
[root@web-8 ~/game]# git add .
#提交暂存区文件到本地仓库
[root@web-8 ~/game]# git commit -m "add ops.txt"
[ops 9017ede] add ops.txt
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 ops.txt
#检查
[root@web-8 ~/game]# git status
# 位于分支 ops
无文件要提交,干净的工作区
#提交到远程分支提示报错,没有提交权限
[root@web-8 ~/game]# git push origin ops
> GitLab: You are not allowed to push code to this project.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
[root@web-8 ~/game]#
第4章 gitlab备份
1.备份
编辑配置文件,添加备份路径:
vim /etc/gitlab/gitlab.rb
gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
重新生效配置:
gitlab-ctl reconfigure
创建备份目录:
mkdir /backup
备份命令:
[root@gitlab-200 ~]# gitlab-rake gitlab:backup:create
2020-08-05 07:27:09 +0800 -- Dumping database ...
Dumping PostgreSQL database gitlabhq_production ... [DONE]
2020-08-05 07:27:11 +0800 -- done
2020-08-05 07:27:11 +0800 -- Dumping repositories ...
2020-08-05 07:27:11 +0800 -- done
2020-08-05 07:27:11 +0800 -- Dumping uploads ...
2020-08-05 07:27:11 +0800 -- done
2020-08-05 07:27:11 +0800 -- Dumping builds ...
2020-08-05 07:27:11 +0800 -- done
2020-08-05 07:27:11 +0800 -- Dumping artifacts ...
2020-08-05 07:27:11 +0800 -- done
2020-08-05 07:27:11 +0800 -- Dumping pages ...
2020-08-05 07:27:11 +0800 -- done
2020-08-05 07:27:11 +0800 -- Dumping lfs objects ...
2020-08-05 07:27:12 +0800 -- done
2020-08-05 07:27:12 +0800 -- Dumping container registry images ...
2020-08-05 07:27:12 +0800 -- [DISABLED]
Creating backup archive: 1596583632_2020_08_05_13.2.2_gitlab_backup.tar ... done
Uploading backup archive to remote storage ... skipped
Deleting tmp directories ... done
done
done
done
done
done
done
done
Deleting old backups ... skipping
Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data
and are not included in this backup. You will need these files to restore a backup.
Please back them up manually.
Backup task is done.
刚才备份的时候我们发现有一条警告,意思是有gitlab-secrets.json文件里包含了敏感信息,需要我们手动备份,所以恢复的时候需要将备份文件和这个json文件一起恢复才行。
备份gitlab-secrets.json配置文件
cp /etc/gitlab/gitlab-secrets.json /backup/
查看备份结果:
[root@gitlab-200 ~]# ll /backup/
总用量 220
-rw------- 1 git git 204800 8月 5 07:27 1596583632_2020_08_05_13.2.2_gitlab_backup.tar
-rw------- 1 root root 18771 8月 5 07:30 gitlab-secrets.json
2.恢复
恢复时最好不要有数据写入,所以我们可以先停止服务
gitlab-ctl stop
将json文件复制到指定位置:
cp /backup/gitlab-secrets.json /etc/gitlab/
恢复操作:
gitlab-rake gitlab:backup:restore BACKUP=1596583632_2020_08_05_13.2.2
重新载入配置
gitlab-ctl reconfigure
第5章 gitlab汉化
官方自带中文,只不过翻译的不完整。
网友评论