本章我们对gitlab的一些配置文件中的常用配置项进行介绍
修改git创库位置:
sudo rsync -av /var/opt/gitlab/git-data /data/gitlab/复制
rsync 可用于替换cp与mv命令、该命令主要将原本默认在gitlab 上创建新的仓库时所存放的系统路径
默认在/var/opt/gitlab/git-data 这里我把它修改成了 data/gitlab/
修改备份路径位置:
sudo rsync -av /var/opt/gitlab/backups /data/gitlab/复制
修改配置文件:
vim /etc/gitlab/gitlab.rb复制
注意修改这个文件后整个gitlab配置需要重新加载这个文件才能生效、一般仅在安装gitlab 第一次配置时将所有配置都配置完成。
gitlab.rb 文件内容
external_url
#可以访问GitLab的URL、是对外进行范围的host
external_url 'GENERATED_EXTERNAL_URL'复制
这个特别要主要如果要对外使用请一定要使用外网ip 非80端口则需要加上端口号、这个端口号需要和下面的nginx端口一致、否则将无法正常访问到gitlab
配置ssh方式拉取代码的host
# 这里是用于修改我们使用ssh方式去上传/拉取gitlab代码的地址、默认取external_url中的值
# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
# gitlab_rails['gitlab_ssh_user'] = ''复制
这里就是我们仓库的连接
建议和external_url 一致这个如果配置不正确或者不一致会导致你无法上传代码与拉取代码、端口建议与nginx一致、如果不配置会默认使用 external_url参数作为连接路径
在gitlab配置完成了再进行ssh拉取代码方法
gitlab 修改Clone with HTTP 地址
如果配置了域名访问gitlab私有仓库,但是在项目clone这里,显示的还是ip地址,并且还带端口,每次访问,clone都需要自己修改,比较不方便。
修改方法:
sudo vim opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml复制
重启 gitlab
sudo gitlab-ctl restart复制
重新访问就发现已经可以了
修改代码仓库存储位置
修改gitlab配置文件,找到git_data_dirs
vim /etc/gitlab/gitlab.rb
# 进入后使用进入末行模式 输入/git_data_dirs
# 进行查找关键字
#查看下一个匹配,按下n(小写n)
#跳转到上一个匹配,按下N(大写N)复制
修改path为自己的目录(需要先创建目录)
重新加载后,会发现在/opt/gitlab/git_data目录下多出一个repositories目录
由于配置文件内容较多下面整理了一些常用的配置项说明
gitlab 数据库设置
##gitlab 数据库设置
# gitlab_rails['db_adapter'] = "postgresql"
# gitlab_rails['db_encoding'] = "unicode"
# gitlab_rails['db_collation'] = nil
# 数据库
# gitlab_rails['db_database'] = "gitlabhq_production"
# 数据库账号
# gitlab_rails['db_username'] = "gitlab"
# 数据库密码
# gitlab_rails['db_password'] = nil
# 数据库host
# gitlab_rails['db_host'] = nil
# postgresql 端口号
# gitlab_rails['db_port'] = 5432
# gitlab_rails['db_socket'] = nil
# gitlab_rails['db_sslmode'] = nil
# gitlab_rails['db_sslcompression'] = 0
# gitlab_rails['db_sslrootcert'] = nil
# gitlab_rails['db_sslcert'] = nil
# gitlab_rails['db_sslkey'] = nil
# gitlab_rails['db_prepared_statements'] = false
# gitlab_rails['db_statements_limit'] = 1000
# gitlab_rails['db_connect_timeout'] = nil
# gitlab_rails['db_keepalives'] = nil
# gitlab_rails['db_keepalives_idle'] = nil
# gitlab_rails['db_keepalives_interval'] = nil
# gitlab_rails['db_keepalives_count'] = nil
# gitlab_rails['db_tcp_user_timeout'] = nil
# gitlab_rails['db_application_name'] = nil
# postgresql的相关配置
# postgresql['ha'] = false
# postgresql['dir'] = "/var/opt/gitlab/postgresql"
# postgresql['log_directory'] = "/var/log/gitlab/postgresql"
# postgresql['log_destination'] = nil
# postgresql['logging_collector'] = nil
# postgresql['log_truncate_on_rotation'] = nil
# postgresql['log_rotation_age'] = nil
# postgresql['log_rotation_size'] = nil
# postgresql['username'] = "gitlab-psql"
# postgresql['group'] = "gitlab-psql"
##可以使用命令' gitlab-ctl pg-password-md5 gitlab '生成SQL_USER_PASSWORD_HASH '
# postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
# postgresql['uid'] = nil
# postgresql['gid'] = nil
# postgresql['shell'] = "/bin/sh"
# postgresql['home'] = "/var/opt/gitlab/postgresql"
# postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
# postgresql['sql_user'] = "gitlab"
# postgresql['max_connections'] = 200
# postgresql['md5_auth_cidr_addresses'] = []
# postgresql['trust_auth_cidr_addresses'] = []
# postgresql['wal_buffers'] = "-1"
# postgresql['autovacuum_max_workers'] = "3"
# postgresql['autovacuum_freeze_max_age'] = "200000000"
# postgresql['log_statement'] = nil
# postgresql['track_activity_query_size'] = "1024"
# postgresql['shared_preload_libraries'] = nil
# postgresql['dynamic_shared_memory_type'] = nil
# postgresql['hot_standby'] = "off"复制
gitlab redis设置
##gitlab redis设置
# gitlab_rails['redis_host'] = "127.0.0.1"
# gitlab_rails['redis_port'] = 6379
# gitlab_rails['redis_ssl'] = false
# 密码
# gitlab_rails['redis_password'] = nil
# 数据库
# gitlab_rails['redis_database'] = 0
# gitlab_rails['redis_enable_client'] = true
##redis本地unix socket
# gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"
##redis sentinel支持
# gitlab_rails['redis_sentinels'] = [
# {'host' => '127.0.0.1', 'port' => 26379},
# ]复制
nginx配置
##gitlab nginx设置
# nginx['enable'] = true
# nginx['client_max_body_size'] = '250m'
# nginx['redirect_http_to_https'] = false
# nginx['redirect_http_to_https_port'] = 80
##默认情况下包含了大多数根CA证书
# nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"
##启用/禁用双向SSL客户端身份验证
# nginx['ssl_verify_client'] = "off"
##如果ssl_verify_client on,表示客户端证书链中的验证深度
# nginx['ssl_verify_depth'] = "1"
# nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
# nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256"
# nginx['ssl_prefer_server_ciphers'] = "on"
##ssl 协议
# nginx['ssl_protocols'] = "TLSv1.2 TLSv1.3"
##ssl session缓存
# nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m"
##ssl session 失效时间分钟
# nginx['ssl_session_timeout'] = "5m"
## dhparams.pem的路径
# nginx['ssl_dhparam'] = nil
# nginx['listen_addresses'] = ['*', '[::]']
##默认强制web浏览器总是使用HTTPS通信,hsts强制安全传输技术(Http Strict Transport Security)
##max age
# nginx['hsts_max_age'] = 31536000
##是否支持子域名
# nginx['hsts_include_subdomains'] = false
##默认情况下,在进行跨源请求时剥离路径信息
# nginx['referrer_policy'] = 'strict-origin-when-cross-origin'
##是否支持gzip
# nginx['gzip_enabled'] = true
##只有在使用反向代理时才重写,默认不写为80
# nginx['listen_port'] = nil
##仅当反向代理通过HTTP进行内部通信时才覆盖
# nginx['listen_https'] = nil复制
日志管理
## gitlab 日志管理
##在200 MB的日志数据之后进行循环
# logging['svlogd_size'] = 200 * 1024 * 1024
##保留30个循环的日志文件
# logging['svlogd_num'] = 30
##保留24小时
# logging['svlogd_timeout'] = 24 * 60 * 60
##压缩日志的格式gzip
# logging['svlogd_filter'] = "gzip"
##使用udp传输log信息
# logging['svlogd_udp'] = nil
##为log信息自定义前缀
# logging['svlogd_prefix'] = nil
##每天循环写日志
# logging['logrotate_frequency'] = "daily"
##当日志增长超过size字节时,甚至在指定的时间间隔(每日、每周、每月或每年)轮换日志
# logging['logrotate_maxsize'] = nil
##默认为log的大小循环写日志
# logging['logrotate_size'] = nil
##保留30个log
# logging['logrotate_rotate'] = 30
##日志压缩
# logging['logrotate_compress'] = "compress"
##log的方式,复制截断
# logging['logrotate_method'] = "copytruncate"
##默认没有postrotate命令
# logging['logrotate_postrotate'] = nil
##文件使用日期扩展名,如production.log-2016-03-09.gz
# logging['logrotate_dateformat'] = nil复制
监视服务配置
##启用监视服务
# monitoring_role['enable'] = true
# prometheus['enable'] = true
# prometheus['monitor_kubernetes'] = true
# prometheus['username'] = 'gitlab-prometheus'
# prometheus['group'] = 'gitlab-prometheus'
# prometheus['uid'] = nil
# prometheus['gid'] = nil
# prometheus['shell'] = '/bin/sh'
# prometheus['home'] = '/var/opt/gitlab/prometheus'
# prometheus['log_directory'] = '/var/log/gitlab/prometheus'
# prometheus['rules_files'] = ['/var/opt/gitlab/prometheus/rules/*.rules']
# prometheus['scrape_interval'] = 15
# prometheus['scrape_timeout'] = 15
# prometheus['external_labels'] = { }
# prometheus['env_directory'] = '/opt/gitlab/etc/prometheus/env'
# prometheus['env'] = {
# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }
##自定义 Prometheus flags
# prometheus['flags'] = {
# 'storage.tsdb.path' => "/var/opt/gitlab/prometheus/data",
# 'storage.tsdb.retention.time' => "15d",
# 'config.file' => "/var/opt/gitlab/prometheus/prometheus.yml"
# }
##监听的地址
# prometheus['listen_address'] = 'localhost:9090'
##只有当Prometheus和Rails不在同一台服务器上时才需要。
##在多节点架构中,Prometheus将安装在监控节点上,而Rails将安装在Rails节点上。
##这个值应该是GitLab Rails(Puma/Unicorn, Sidekiq)节点可以使用Prometheus的地址。
# gitlab_rails['prometheus_address'] = 'your.prom:9090'复制
node_exporter 配置
node_exporter['enable'] = true
# node_exporter['home'] = '/var/opt/gitlab/node-exporter'
# node_exporter['log_directory'] = '/var/log/gitlab/node-exporter'
# node_exporter['flags'] = {
# 'collector.textfile.directory' => "/var/opt/gitlab/node-exporter/textfile_collector"
# }
# node_exporter['env_directory'] = '/opt/gitlab/etc/node-exporter/env'
# node_exporter['env'] = {
# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }复制
grafana 配置
# 是否开启grafana 默认为true 如果用不到这个建议关闭
# grafana['enable'] = true
# grafana['log_directory'] = '/var/log/gitlab/grafana'
# grafana['home'] = '/var/opt/gitlab/grafana'
# 登录grafana 时的密码
# grafana['admin_password'] = 'admin'
# grafana['allow_user_sign_up'] = false
# grafana['basic_auth_enabled'] = false
# grafana['disable_login_form'] = true
# grafana['gitlab_application_id'] = 'GITLAB_APPLICATION_ID'
# grafana['gitlab_secret'] = 'GITLAB_SECRET'
# grafana['env_directory'] = '/opt/gitlab/etc/grafana/env'
# grafana['allowed_groups'] = []
# grafana['gitlab_auth_sign_up'] = true
# grafana['env'] = {
# 'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/"
# }
# grafana['metrics_enabled'] = false
# grafana['metrics_basic_auth_username'] = 'grafana_metrics' # default: nil
# grafana['metrics_basic_auth_password'] = 'please_set_a_unique_password' # default: nil
# grafana['alerting_enabled'] = false
##smtp设置
#
# grafana['smtp'] = {
# 'enabled' => true,
# 'host' => 'localhost:25',
# 'user' => nil,
# 'password' => nil,
# 'cert_file' => nil,
# 'key_file' => nil,
# 'skip_verify' => false,
# 'from_address' => 'admin@grafana.localhost',
# 'from_name' => 'Grafana',
# 'ehlo_identity' => 'dashboard.example.com',
# 'startTLS_policy' => nil
# }
## Grafana使用报告默认为gitlab_rails['usage_ping_enabled']
# grafana['reporting_enabled'] = true
# grafana['dashboards'] = [
# {
# 'name' => 'GitLab Omnibus',
# 'orgId' => 1,
# 'folder' => 'GitLab Omnibus',
# 'type' => 'file',
# 'disableDeletion' => true,
# 'updateIntervalSeconds' => 600,
# 'options' => {
# 'path' => '/opt/gitlab/embedded/service/grafana-dashboards',
# }
# }
# ]
# grafana['datasources'] = [
# {
# 'name' => 'GitLab Omnibus',
# 'type' => 'prometheus',
# 'access' => 'proxy',
# 'url' => 'http://localhost:9090'
# }
# ]
# 对外的服务地址
# grafana['http_addr'] = 'localhost'
# 端口
# grafana['http_port'] = 3000复制
注意
修改这个配置文件时最好关闭gitlab运行
gitlab-ctl stop复制
然后修改完成后需要重新加载配置文件
gitlab-ctl reconfigure(建议不要使用,会重置到原本配置文件的配置的内容)复制
重启gitlab
gitlab-ctl start复制
文章转载自测试前沿布道者,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
评论
相关阅读
OB 企业版单机版探秘——安装部署
数据库技术闲谈
51次阅读
2025-04-10 11:53:00
Oracle备份恢复之用户管理模式下的冷备
hongg
35次阅读
2025-04-10 08:59:14
MySQL的复制
@天行健
32次阅读
2025-04-09 11:02:22
dg库拉起脚本
www
29次阅读
2025-04-02 10:04:35
日常运维怎么破?GBase 8a这些命令用得到!
GBASE数据库
26次阅读
2025-04-11 16:29:49
MySQL源码学习系列(二)--面试高频问题:general log、slowlog记录顺序
数据库干货铺
25次阅读
2025-03-31 10:00:45
控制器- deployment01
喵呜
24次阅读
2025-03-31 13:45:40
如何使用 Grafana 连接 Easyearch
极限实验室
21次阅读
2025-04-12 23:30:19
如何使用 Nginx 代理 Easysearch 服务
极限实验室
21次阅读
2025-04-05 23:56:34
部署一套完整的prometheus+grafana监控系统详细过程
小周的数据库进阶之路
14次阅读
2025-04-07 09:57:56
