[toc]

高可用gitlab服务器搭建

环境准备,单节点部署

CentOS7.4	64C	192G
CentOS7.4	64C	192G

服务器时间同步

 ~]# ntpdate ntp.aliyun.com

确保SELinux 是关闭的

 ~]# getenforce 
Disabled

配置postfix

 ~]# yum -y install postfix
~]# sed -i 's/inet_interfaces = localhost/inet_interfaces = all/g' /etc/postfix/main.cf
~]# systemctl start postfix
~]# systemctl restart postfix

配置gitlab-ce yum源并安装

 ~]# vim /etc/yum.repos.d/gitlab-ce.repo
[gitlab-ce]
name=Gitlab CE Repository
baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el$releasever/
gpgcheck=0
enabled=1

 ~]# yum clean all
~]# yum makecache 
~]# yum -y install gitlab-ce

gitlab 配置

 ~]# cd /etc/gitlab/
~]# cp gitlab.rb{,.bak}

gitlab 配置文件

 # 地址配置
external_url 'https://gitdb.novogene.com'

 # ldap AD域配置
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
  main:
    label: '诺禾AD'
    host: 'xx.xxx.xx.xxx'
    port: 3xx
    uid: 'sAMAccountName'
    method: 'plain'
    bind_dn: 'CN=xxx,OU=xxx,DC=xxx,DC=xxx'
    password: 'xxxxxxxx'
    active_directory: true
    allow_username_or_email_login: ture
    block_auto_created_users: false
    base: 'OU=xxx,DC=xxx,DC=xxx'
    user_filter: ''
EOS

 # gitlab 邮件配置
gitlab_rails['smtp_enable'] = true;
gitlab_rails['smtp_address'] = 'smtp.exmail.qq.com';
gitlab_rails['smtp_port'] = 465;
gitlab_rails['smtp_user_name'] = "xx@xxxxx.com"
gitlab_rails['smtp_password'] = "xxxxxxx"
gitlab_rails['smtp_domain'] = 'smtp.exmail.qq.com';
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_from'] = 'xxx@xxxxxx.com'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitdb.pem"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitdb.key"
nginx['redirect_http_to_https_port'] = 80
nginx['listen_port'] = 443

gitlab服务启动

 ~]# gitlab-ctl start

lsyncd 主从同步配置

 ~]#  /etc/lsyncd.conf 
settings {
    logfile ="/var/log/lsyncd/lsyncd.log",
    statusFile ="/var/log/lsyncd/lsyncd.status",
    inotifyMode = "Modify",
    maxProcesses = 20,
    }

 sync {
    default.rsync,
    source    = "/var/opt/gitlab",
    target    = "root@172.30.1.17:/var/opt/gitlab/",
    exclude = { "backups", "gitlab-ci", "sockets","gitlab.yml","redis","postmaster.pid "},
    maxDelays = 5,
    delay = 30,
    -- init = true,
    rsync     = {
        binary = "/usr/bin/rsync",
        archive = true,
        compress = true,
        bwlimit   = 2000
        -- rsh = "/usr/bin/ssh -p 22 -o StrictHostKeyChecking=no"
        }
    }

 sync {
    default.rsync,
    source    = "/etc/gitlab/",
    target    = "root@172.30.1.17:/etc/gitlab/",
    maxDelays = 5,
    delay = 30,
    -- init = true,
    rsync     = {
        binary = "/usr/bin/rsync",
        archive = true,
        compress = true,
        bwlimit   = 2000
        -- rsh = "/usr/bin/ssh -p 22 -o StrictHostKeyChecking=no"
        }
    }

 ! Configuration File for keepalived
global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id node1
   }
vrrp_script chk_gitlab {
    script "/bin/bash /usr/local/keepalived/etc/keepalived/check_gitlab.sh"
    interval 5
    weight -20
}

 vrrp_instance VI_1 {
    state BACKUP
    interface em1
    virtual_router_id 55
    priority 100
    nopreempt
    advert_int 1
    notify_master "/usr/local/keepalived/etc/keepalived/message.sh  master"
    notify_backup "/usr/local/keepalived/etc/keepalived/message.sh  backup"
    notify_fault  "/usr/local/keepalived/etc/keepalived/message.sh  fault"
    unicast_src_ip 172.30.1.16
    unicast_peer {
     172.30.1.17
    }
    track_script {
       chk_gitlab
    }
    authentication {
        auth_type PASS
        auth_pass xxxxxxxx
    }
    virtual_ipaddress {
        172.30.1.20
    }
}

keepalived 检测脚本

 #!/bin/bash
package() {
    rpm -qf /usr/bin/curl &> /dev/null || yum -y install curl &> /dev/null
}
package
gitlab_state () { 
    /usr/bin/curl -s  https://gitdb.novogene.com/users/sign_in | grep "Username" &> /dev/null
}
gitlab_state ; gitlab_state_num=$? ; echo $gitlab_state_num
gitlab_state2 () {
   /usr/bin/curl -s  https://gitdb.novogene.com/users/sign_in | grep "Password" &> /dev/null
}
kill_keepalived () {
      kill -9 `cat /var/run/keepalived.pid`
}
if [ $gitlab_state_num -ne 0 ] ; then
   echo "`date +"%Y-%m-%d-%H-%M-%S"` gitlab_status_one_check problem " >> /var/log/keepalived/check_gitlab.log
   gitlab_state2 ; gitlab_state2_num=$? ; echo $gitlab_state2_num 
   if [ $gitlab_state2_num -ne 0 ] ; then
        echo "`date +"%Y-%m-%d-%H-%M-%S"`  gitlab_status2_one_check problem" >> /var/log/keepalived/check_gitlab.log     
        sleep 1
   fi
fi
gitlab_state ; gitlab_state_num=$? ; echo $gitlab_state_num
if [ $gitlab_state_num -ne 0 ] ; then
    echo "`date +"%Y-%m-%d-%H-%M-%S"` gitlab_status_two_check problem " >> /var/log/keepalived/check_gitlab.log
    gitlab_state2 ; gitlab_state2_num=$? ; echo $gitlab_state2_num 
    if [ $gitlab_state2_num -ne 0 ] ; then
        echo "`date +"%Y-%m-%d-%H-%M-%S"` gitlab_status2_two_check problem " >> /var/log/keepalived/check_gitlab.log
        echo "gitdb jiqun change node1" | mutt -s "gitdb.novogene.com" renjin@novogene.com
        kill_keepalived
   fi
fi

git 客户端常用命令

 # git config --global user.name "name" #设置全局用户名
# git config --global user.email  xxx@novogene.com # 设置全局邮箱
# git config --global --list #列出用户全局设置
# git add index.html / . #添加指定文件、目录或当前目录下所有数据到暂存区
# git commit -m "xx" #提交文件到工作区
# git status #查看工作区的状态
# git push #提交代码到服务器
# git pull # 获取代码到本地
# git log # 查看操作日志
# vim .gitignore  # 定义忽略文件
# git rest --hard HEAD^^ # git版本回滚，HEAD为当前版本，加一个^为上一个，^^为上上一个版本
# git reflog # 获取每次提交的ID,可以使用--hard根据提交的ID进行版本回退
# git reset --hard 5ae4b06 #回退到指定id的版本
# git branch # 查看当前所处的分支
# git checkout -b develop # 创建并切换到一个新分支
# git checkout  develop #切换分支

git缓存区与工作区等概念

工作区: clone 的代码或者开发自己编写的代码文件所在的目录，通常是代码所在的一个服务的目录名称;

暂存区: 用于存储在工作区中对代码进行修改后的文件所保存的地方，使用git add添加;
本地仓库: 用于提交存储在工作区和暂存区中改过的文件地方，使用git commit提交;
远程仓库: 多个开发共同协作提交代码的仓库，即gitlab或github服务器。

macos 安装 git

未安装 Homebrew 的需要先安装Homebrew

 # /usr/bin/ruby -e \ 
"$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

安装git

 # brew install git

CentOS 安装 git

 # yum -y install git

Ubuntu 安装 git

 # apt-get install git

	~]# yum -y install postfix
	~]# sed -i 's/inet_interfaces = localhost/inet_interfaces = all/g' /etc/postfix/main.cf
	~]# systemctl start postfix
	~]# systemctl restart postfix

	~]# vim /etc/yum.repos.d/gitlab-ce.repo
	[gitlab-ce]
	name=Gitlab CE Repository
	baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el$releasever/
	gpgcheck=0
	enabled=1

	~]# yum clean all
	~]# yum makecache
	~]# yum -y install gitlab-ce

	# ldap AD域配置
	gitlab_rails['ldap_enabled'] = true
	gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
	main:
	label: '诺禾AD'
	host: 'xx.xxx.xx.xxx'
	port: 3xx
	uid: 'sAMAccountName'
	method: 'plain'
	bind_dn: 'CN=xxx,OU=xxx,DC=xxx,DC=xxx'
	password: 'xxxxxxxx'
	active_directory: true
	allow_username_or_email_login: ture
	block_auto_created_users: false
	base: 'OU=xxx,DC=xxx,DC=xxx'
	user_filter: ''
	EOS

	# gitlab 邮件配置
	gitlab_rails['smtp_enable'] = true;
	gitlab_rails['smtp_address'] = 'smtp.exmail.qq.com';
	gitlab_rails['smtp_port'] = 465;
	gitlab_rails['smtp_user_name'] = "xx@xxxxx.com"
	gitlab_rails['smtp_password'] = "xxxxxxx"
	gitlab_rails['smtp_domain'] = 'smtp.exmail.qq.com';
	gitlab_rails['smtp_authentication'] = "login"
	gitlab_rails['smtp_enable_starttls_auto'] = true
	gitlab_rails['smtp_tls'] = true
	gitlab_rails['gitlab_email_from'] = 'xxx@xxxxxx.com'
	nginx['redirect_http_to_https'] = true
	nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitdb.pem"
	nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitdb.key"
	nginx['redirect_http_to_https_port'] = 80
	nginx['listen_port'] = 443

	~]# /etc/lsyncd.conf
	settings {
	logfile ="/var/log/lsyncd/lsyncd.log",
	statusFile ="/var/log/lsyncd/lsyncd.status",
	inotifyMode = "Modify",
	maxProcesses = 20,
	}

	sync {
	default.rsync,
	source = "/var/opt/gitlab",
	target = "root@172.30.1.17:/var/opt/gitlab/",
	exclude = { "backups", "gitlab-ci", "sockets","gitlab.yml","redis","postmaster.pid "},
	maxDelays = 5,
	delay = 30,
	-- init = true,
	rsync = {
	binary = "/usr/bin/rsync",
	archive = true,
	compress = true,
	bwlimit = 2000
	-- rsh = "/usr/bin/ssh -p 22 -o StrictHostKeyChecking=no"
	}
	}

	sync {
	default.rsync,
	source = "/etc/gitlab/",
	target = "root@172.30.1.17:/etc/gitlab/",
	maxDelays = 5,
	delay = 30,
	-- init = true,
	rsync = {
	binary = "/usr/bin/rsync",
	archive = true,
	compress = true,
	bwlimit = 2000
	-- rsh = "/usr/bin/ssh -p 22 -o StrictHostKeyChecking=no"
	}
	}

	! Configuration File for keepalived
	global_defs {
	notification_email {
	root@localhost
	}
	notification_email_from Alexandre.Cassen@firewall.loc
	smtp_server 127.0.0.1
	smtp_connect_timeout 30
	router_id node1
	}
	vrrp_script chk_gitlab {
	script "/bin/bash /usr/local/keepalived/etc/keepalived/check_gitlab.sh"
	interval 5
	weight -20
	}

	vrrp_instance VI_1 {
	state BACKUP
	interface em1
	virtual_router_id 55
	priority 100
	nopreempt
	advert_int 1
	notify_master "/usr/local/keepalived/etc/keepalived/message.sh master"
	notify_backup "/usr/local/keepalived/etc/keepalived/message.sh backup"
	notify_fault "/usr/local/keepalived/etc/keepalived/message.sh fault"
	unicast_src_ip 172.30.1.16
	unicast_peer {
	172.30.1.17
	}
	track_script {
	chk_gitlab
	}
	authentication {
	auth_type PASS
	auth_pass xxxxxxxx
	}
	virtual_ipaddress {
	172.30.1.20
	}
	}

	#!/bin/bash
	package() {
	rpm -qf /usr/bin/curl &> /dev/null \|\| yum -y install curl &> /dev/null
	}
	package
	gitlab_state () {
	/usr/bin/curl -s https://gitdb.novogene.com/users/sign_in \| grep "Username" &> /dev/null
	}
	gitlab_state ; gitlab_state_num=$? ; echo $gitlab_state_num
	gitlab_state2 () {
	/usr/bin/curl -s https://gitdb.novogene.com/users/sign_in \| grep "Password" &> /dev/null
	}
	kill_keepalived () {
	kill -9 `cat /var/run/keepalived.pid`
	}
	if [ $gitlab_state_num -ne 0 ] ; then
	echo "`date +"%Y-%m-%d-%H-%M-%S"` gitlab_status_one_check problem " >> /var/log/keepalived/check_gitlab.log
	gitlab_state2 ; gitlab_state2_num=$? ; echo $gitlab_state2_num
	if [ $gitlab_state2_num -ne 0 ] ; then
	echo "`date +"%Y-%m-%d-%H-%M-%S"` gitlab_status2_one_check problem" >> /var/log/keepalived/check_gitlab.log
	sleep 1
	fi
	fi
	gitlab_state ; gitlab_state_num=$? ; echo $gitlab_state_num
	if [ $gitlab_state_num -ne 0 ] ; then
	echo "`date +"%Y-%m-%d-%H-%M-%S"` gitlab_status_two_check problem " >> /var/log/keepalived/check_gitlab.log
	gitlab_state2 ; gitlab_state2_num=$? ; echo $gitlab_state2_num
	if [ $gitlab_state2_num -ne 0 ] ; then
	echo "`date +"%Y-%m-%d-%H-%M-%S"` gitlab_status2_two_check problem " >> /var/log/keepalived/check_gitlab.log
	echo "gitdb jiqun change node1" \| mutt -s "gitdb.novogene.com" renjin@novogene.com
	kill_keepalived
	fi
	fi

	# git config --global user.name "name" #设置全局用户名
	# git config --global user.email xxx@novogene.com # 设置全局邮箱
	# git config --global --list #列出用户全局设置
	# git add index.html / . #添加指定文件、目录或当前目录下所有数据到暂存区
	# git commit -m "xx" #提交文件到工作区
	# git status #查看工作区的状态
	# git push #提交代码到服务器
	# git pull # 获取代码到本地
	# git log # 查看操作日志
	# vim .gitignore # 定义忽略文件
	# git rest --hard HEAD^^ # git版本回滚，HEAD为当前版本，加一个^为上一个，^^为上上一个版本
	# git reflog # 获取每次提交的ID,可以使用--hard根据提交的ID进行版本回退
	# git reset --hard 5ae4b06 #回退到指定id的版本
	# git branch # 查看当前所处的分支
	# git checkout -b develop # 创建并切换到一个新分支
	# git checkout develop #切换分支

	# /usr/bin/ruby -e \
	"$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"