Sysadm:GitLab

From CHG-Wiki
Revision as of 15:38, 17 March 2015 by Libby (talk | contribs) (Added and corrected service and nginx config info erroneously placed on chg-git page.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Following the October 2014 meeting at UCSB, Eros personnel requested that CHG set up a GitLab server to allow free collaboration between us and EROS (who cannot host shared files on their government servers due to security reasons).

Details of the installation are below.

Versions

chg-git, an Ubuntu VM, was created to host the GitLab server.

  • Ubuntu 12.04.5 LTS
  • git version 2.1.2
  • ruby 2.1.2p95 (2014-05-08 revision 45877) [x86_64-linux]
  • psql (PostgreSQL) 9.1.14
  • nginx version: nginx/1.1.19

GitLab Install Prep

Had to install manually, as the Omnibus package did not work.

Selected package 7.4-stable Sudo already installed. All commands successful unless otherwise stated.

Install vim and set as default editor

ewxadmin@chg-git:~$ sudo apt-get install -y vim
ewxadmin@chg-git:~$ sudo update-alternatives --set editor /usr/bin/vim.basic

Required Packages

ewxadmin@chg-git:~$ sudo apt-get install -y build-essential zlib1g-dev libyaml-dev libssl-dev libgdbm-dev libreadline-dev libncurses5-dev libffi-dev curl openssh-server redis-server checkinstall libxml2-dev libxslt-dev libcurl4-openssl-dev libicu-dev logrotate python-docutils pkg-config cmake

Verify git version

ewxadmin@chg-git:~$ sudo apt-get install -y git-core
ewxadmin@chg-git:~$ git --version

Install dependencies

ewxadmin@chg-git:~$ sudo apt-get install -y libcurl4-openssl-dev libexpat1-dev gettext libz-dev libssl-dev build-essential

Download and compile GitLab from source

ewxadmin@chg-git:~$ cd /tmp
ewxadmin@chg-git:/tmp$ curl -L --progress https://www.kernel.org/pub/software/scm/git/git-2.1.2.tar.gz | tar xz
ewxadmin@chg-git:/tmp$ cd git-2.1.2/
ewxadmin@chg-git:/tmp/git-2.1.2$ make prefix=/usr/local all
ewxadmin@chg-git:/tmp/git-2.1.2$ sudo make prefix=/usr/local install

When editing config/gitlab.yml, change the git -> bin_path to /usr/local/bin/git

ewxadmin@chg-git:/tmp/git-2.1.2$ sudo apt-get install -y postfix

Select 'Internet Site' and press enter to confirm the hostname

Download and compile Ruby on Rails

ewxadmin@chg-git:/tmp/git-2.1.2$ mkdir /tmp/ruby && cd /tmp/ruby
ewxadmin@chg-git:/tmp/ruby$ curl -L --progress ftp://ftp.ruby-lang.org/pub/ruby/2.1/ruby-2.1.2.tar.gz | tar xz
ewxadmin@chg-git:/tmp/ruby/$ cd ruby-2.1.2
ewxadmin@chg-git:/tmp/ruby/ruby-2.1.2$ ./configure --disable-install-rdoc
ewxadmin@chg-git:/tmp/ruby/ruby-2.1.2$ make
ewxadmin@chg-git:/tmp/ruby/ruby-2.1.2$ sudo make install

Install the Bundler Gem:

ewxadmin@chg-git:/tmp/ruby/ruby-2.1.2$ sudo gem install bundler --no-ri --no-rdoc

Create a git user for GitLab:

ewxadmin@chg-git:/tmp/ruby/ruby-2.1.2$ sudo adduser --disabled-login --gecos 'GitLab' git

Install PostgreSQL

ewxadmin@chg-git:/tmp/ruby/ruby-2.1.2$ sudo apt-get install -y postgresql postgresql-client libpq-dev
ewxadmin@chg-git:/tmp/ruby/ruby-2.1.2$ sudo -u postgres psql -d template1

In PostgreSQL

template1=# CREATE USER git CREATEDB;
template1=# CREATE DATABASE gitlabhq_production OWNER git;
template1=# \q

Try connecting to the new database with the new user

sudo -u git -H psql -d gitlabhq_production

Redis

ewxadmin@chg-git:/tmp/ruby/ruby-2.1.2$ sudo apt-get install redis-server
ewxadmin@chg-git:/tmp/ruby/ruby-2.1.2$ sudo cp /etc/redis/redis.conf /etc/redis/redis.conf.orig
ewxadmin@chg-git:/tmp/ruby/ruby-2.1.2$ sed 's/^port .*/port 0/' /etc/redis/redis.conf.orig | sudo tee /etc/redis/redis.conf
ewxadmin@chg-git:/tmp/ruby/ruby-2.1.2$ echo 'unixsocket /var/run/redis/redis.sock' | sudo tee -a /etc/redis/redis.conf
ewxadmin@chg-git:/tmp/ruby/ruby-2.1.2$ sudo service redis-server restart
ewxadmin@chg-git:/tmp/ruby/ruby-2.1.2$ sudo usermod -aG redis git

Installing GitLab Itself

ewxadmin@chg-git:/tmp/ruby/ruby-2.1.2$ cd /home/git
ewxadmin@chg-git:/home/git$ sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 7-4-stable gitlab
ewxadmin@chg-git:/home/git$ cd /home/git/gitlab
ewxadmin@chg-git:/home/git/gitlab$ sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml
ewxadmin@chg-git:/home/git/gitlab$ sudo -u git -H editor config/gitlab.yml

Make sure GitLab can write to the log/ and tmp/ directories

ewxadmin@chg-git:/home/git/gitlab$ sudo chown -R git log/
ewxadmin@chg-git:/home/git/gitlab$ sudo chown -R git tmp/
ewxadmin@chg-git:/home/git/gitlab$ sudo chmod -R u+rwX log/
ewxadmin@chg-git:/home/git/gitlab$ sudo chmod -R u+rwX tmp/

Create directory for satellites

ewxadmin@chg-git:/home/git/gitlab$ sudo -u git -H mkdir /home/git/gitlab-satellites
ewxadmin@chg-git:/home/git/gitlab$ sudo chmod u+rwx,g=rx,o-rwx /home/git/gitlab-satellites
ewxadmin@chg-git:/home/git/gitlab$ sudo chmod -R u+rwX tmp/pids/
ewxadmin@chg-git:/home/git/gitlab$ sudo chmod -R u+rwX tmp/sockets/
ewxadmin@chg-git:/home/git/gitlab$ sudo chmod -R u+rwX  public/uploads

Copy the example Unicorn config

ewxadmin@chg-git:/home/git/gitlab$ sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb

Find number of cores

ewxadmin@chg-git:/home/git/gitlab$ nproc

Copy the example Rack attack config

ewxadmin@chg-git:/home/git/gitlab$ sudo -u git -H cp ewxadmin@chg-git:/home/git/gitlab$ config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb

Git global settings

Configure Git global settings for git user, useful when editing via web Edit user.email according to what is set in gitlab.yml (admin@chg-git.geog.ucsb.edu)

ewxadmin@chg-git:/home/git/gitlab$ sudo -u git -H git config --global user.name "GitLab"
ewxadmin@chg-git:/home/git/gitlab$ sudo -u git -H git config --global user.email "example@example.com"
ewxadmin@chg-git:/home/git/gitlab$ sudo -u git -H git config --global core.autocrlf input

Configure Redis connection settings

ewxadmin@chg-git:/home/git/gitlab$ sudo -u git -H cp config/resque.yml.example config/resque.yml

Configure GitLab DB Settings

ewxadmin@chg-git:/home/git/gitlab$ sudo -u git cp config/database.yml.postgresql config/database.yml

Update username/password in config/database.yml.

sudo -u git -H editor config/database.yml

Make config/database.yml readable to git only

ewxadmin@chg-git:/home/git/gitlab$ sudo -u git -H chmod o-rwx config/database.yml

Install Gems

Parallel gems installation, nproc for the number of cores

ewxadmin@chg-git:/home/git/gitlab$ bundle install -j2
ewxadmin@chg-git:/home/git/gitlab$ sudo -u git -H bundle install --deployment --without development test mysql aws

Install GitLab Shell

ewxadmin@chg-git:/home/git/gitlab$ sudo -u git -H bundle exec rake gitlab:shell:install[v2.0.1] REDIS_URL=unix:/var/run/redis/redis.sock RAILS_ENV=production

You can review (and modify) the gitlab-shell config as follows:

sudo -u git -H editor /home/git/gitlab-shell/config.yml

Initialize Database and Activate Advanced Features

ewxadmin@chg-git:/home/git/gitlab$ sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production

Type 'yes' to create the database tables. When done you see 'Administrator account created:'

Administrator account created:
login.........root
password......5iveL!fe

You can set the Administrator password by supplying it in environmental variable GITLAB_ROOT_PASSWORD, eg.:

sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD=newpassword

Install Init Script

ewxadmin@chg-git:/home/git/gitlab$ sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab

Make GitLab start on boot

ewxadmin@chg-git:/home/git/gitlab$ sudo update-rc.d gitlab defaults 21

Setup Logrotate

ewxadmin@chg-git:/home/git/gitlab$ sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab

Check if GitLab and its environment are configured correctly:

ewxadmin@chg-git:/home/git/gitlab$ sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production

Compile Assets

ewxadmin@chg-git:/home/git/gitlab$ sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production

Start GitLab Instance

ewxadmin@chg-git:/home/git/gitlab$ sudo service gitlab start

Starting and Stopping Services

GitLab can be controlled with:

sudo service gitlab stop
sudo service gitlab start
sudo service gitlab restart

nginx must be controlled separately with:

sudo service nginx stop
sudo service nginx start
sudo service nginx restart

Install nginx

ewxadmin@chg-git:/home/git/gitlab$ sudo apt-get install -y nginx
ewxadmin@chg-git:/home/git/gitlab$ sudo cp lib/support/nginx/gitlab /etc/nginx/sites-available/gitlab
ewxadmin@chg-git:/home/git/gitlab$ sudo ln -s /etc/nginx/sites-available/gitlab /etc/nginx/sites-enabled/gitlab

Make sure to edit the config file to match your setup: Change YOUR_SERVER_FQDN to the fully-qualified domain name of your git host

ewxadmin@chg-git:/home/git/gitlab$ sudo editor /etc/nginx/sites-available/gitlab

Validate your gitlab or gitlab-ssl Nginx config file

ewxadmin@chg-git:/home/git/gitlab$ sudo nginx -t
ewxadmin@chg-git:/home/git/gitlab$ sudo service nginx restart

Got errors regarding Port 80 already being in use. The following command resolved the issue.

ewxadmin@chg-git:/home/git/gitlab$ sudo fuser -k 80/tcp

So, trying again, successfully this time...

ewxadmin@chg-git:/home/git/gitlab$ sudo service nginx restart
ewxadmin@chg-git:/home/git/gitlab$ sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production

The first time I tried that last command, I got an error about not being able to find Gems. Turns out I had changed directories while troubleshooting the previous problem (needed to be specifically in the gitlab directory).


nginx configuration

nginx has a primary configuration file at:

/etc/nginx/nginx.conf

This file imports additional configuration files found in:

/etc/nginx/sites-enabled/

In order to increase the maximum upload size of files pushed to the server, the following line was added to the http directive of the primary configuration file:

client_max_body_size 1024M;

Web Interface

After that, all I need to do is log in at chg-git.geog.ucsb.edu in a web browser and enter the default username and password, then change the password. Passwords for chg-git (server and web browser) shared with Pete.

Notes

  • Greg Ederer increased Unicorn timeout to resolve a common issue. (11/19/2014)

Useful Links