shell脚本部署gitlab环境

部署一套gitlab环境比较复杂,这里把部署的过程写成了shell脚本,这大大简化的gitlab部署的成本。

前言

在51cto的博客上已介绍过企业级GitLab仓库环境构建,这里利用两个shell脚本来完成gitlib的部署。

shell scripts

以下脚本已在debian 8 x64系统下测试通过。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#!/bin/bash
#Program: config_gitlab.sh
#Author: Neal
#E_mail: 419775240@qq.com
#Date: 2015-12-04
#Version 1.0
#安装,包下载地址 http://mirror.tuna.tsinghua.edu.cn/gitlab-ce/
sudo dpkg -i gitlab-ce_8.2.1-ce.0_amd64.deb
#
# 修改gitlab数据存放目录
sudo vim /var/opt/gitlab/gitlab-shell/config.yml # repos_path: "/data/git-data/repositories"
sudo vim /var/opt/gitlab/gitlab-rails/etc/gitlab.yml
#satellites:
# path: /data/git-data/gitlab-satellites
# ...
#gitlab_shell:
# path: /opt/gitlab/embedded/service/gitlab-shell/
# repos_path: /data/git-data/repositories
#
# 创建数据存放目录并修改权限
sudo mkdir -pv /data/git-data/gitlab-satellites
sudo mkdir -pv /data/git-data/repositories
sudo chown -R git.git /data/git-data/
sudo chmod 2770 /data/git-data/repositories
#
# restart gitlab service
sudo gitlab-ctl restart
  • open gitlab https access
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#!/bin/bash
#Program: open gitbal https access
#Author: Neal
#E_mail: 419775240@qq.com
#Date: 2015-12-04
#此脚本适用于Debian 8 amd64,其他平台未做测试
#Version 1.0
#
# SUBJECT为CA服务的机构信息
SUBJECT="/C=CN/ST=ChongQing/L=YuBei/O=SJKJ/OU=CA/CN=$DOMAIN"
# SUBJECT_GITLAB为gitlab主机的机构信息
SUBJECT_GITLAB="/C=CN/ST=ChongQing/L=YuBei/O=SJKJ/OU=OP/CN=$DOMAIN_GITLAB"
#
#处理依赖
#apt-get -y install openssl
#
## 自建CA
read -p "Enter your CA domain [www.example.com]: " DOMAIN
sudo bash -c 'mkdir -pv /etc/ssl/demoCA/{private,newcerts} > /dev/null'
cd /etc/ssl
# 生成密钥对
sudo bash -c '(umask 077;openssl genrsa -out ./demoCA/private/cakey.pem 2048)'
#sudo bash -c 'ln -s /etc/ssl/demoCA/private/cakey.pem /etc/ssl/demoCA/cakey.pem'
# 生成自签证书
#sudo bash -c 'openssl req -new -x509 -key ./demoCA/private/cakey.pem -out ./demoCA/cacert.pem -days 3650'
sudo bash -c "openssl req -new -subj $SUBJECT -x509 -key ./demoCA/private/cakey.pem -out ./demoCA/cacert.pem -days 3650"
sudo touch ./demoCA/index.txt
sudo bash -c "echo 01 > ./demoCA/serial"
echo -e "\033[33mCertificate services is created...\033[0m"
##自建CA完成
#
#
# 为gitlab主机创建存放私钥和证书的目录,/etc/gitlab/ssl是一个固定目录,不能更改,请参考:
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#enable-https
read -p "Enter your gitlab domain [www.example.com]: " DOMAIN_GITLAB
sudo bash -c 'mkdir -p /etc/gitlab/ssl'
cd /etc/gitlab/ssl
# 生成私钥
sudo bash -c "(umask 077;openssl genrsa -out ${DOMAIN_GITLAB}.key 1024)"
# 生成证书签署请求
sudo bash -c "openssl req -new -subj $SUBJECT_GITLAB -key ${DOMAIN_GITLAB}.key -out ${DOMAIN_GITLAB}.csr"
# CA签署证书
cd /etc/ssl
sudo bash -c "openssl ca -in /etc/gitlab/ssl/${DOMAIN_GITLAB}.csr -out /etc/gitlab/ssl/${DOMAIN_GITLAB}.crt -days 3650"
# 更改目录权限
sudo chmod 700 /etc/gitlab/ssl
#
## 开启gitlab的https支持
sudo vim /etc/gitlab/gitlab.rb #external_url 'https://${DOMAIN_GITLAB}:2443'
sudo bash -c "cat <<- EOF >> /etc/gitlab/gitlab.rb
##### open htts #####################
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = \"/etc/gitlab/ssl/${DOMAIN_GITLAB}.crt\"
nginx['ssl_certificate_key'] = \"/etc/gitlab/ssl/${DOMAIN_GITLAB}.key\"
EOF"
#
sudo gitlab-ctl reconfigure # 使配置生效
sudo gitlab-ctl restart

参考资料

文章目录
  1. 1. 前言
  2. 2. shell scripts
  3. 3. 参考资料
|