公司之前使用git,都是用sourcetree软件来查看代码,发现不是很方便,这几天搭建了一个gitlab来使用,发现确实很好用,尤其是可以分支与分支之间的compare就特别实用。可以在代码部署之前,再与master分支做下compare,一目了然的看出这次迭代做了哪些修改,对代码再review一遍,下面记录一下使用心得。
一、安装
安装的话,就是根据官网一步一步来,没有什么其他的
https://about.gitlab.com/installation/#centos-6
1. Install and configure the necessary dependencies
On CentOS 6 (and RedHat/Oracle/Scientific Linux 6), the commands below will also open HTTP and SSH access in the system firewall.
sudo yum install -y curl policycoreutils-python openssh-server cronie sudo lokkit -s http -s ssh
Next, install Postfix to send notification emails. If you want to use another solution to send emails please skip this step and configure an external SMTP server after GitLab has been installed.
sudo yum install postfix sudo service postfix start sudo chkconfig postfix on
During Postfix installation a configuration screen may appear. Select 'Internet Site' and press enter. Use your server's external DNS for 'mail name' and press enter. If additional screens appear, continue to press enter to accept the defaults.
2. Add the GitLab package repository and install the package
Add the GitLab package repository.
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh | sudo bash
Next, install the GitLab package. Change `http://gitlab.example.com` to the URL at which you want to access your GitLab instance. Installation will automatically configure and start GitLab at that URL. HTTPS requires additional configuration after installation.
sudo EXTERNAL_URL="http://gitlab.example.com" yum -y install gitlab-ee
二、如果忘记超级管理员账户密码怎么办?
1. 在root用户下,执行
gitlab-rails console production 获得用户数据,修改用户密码 [root@svr34 bin]# gitlab-rails console production Loading production environment (Rails 4.2.5.2) irb(main):001:0> user = User.where(id: 1).first => #<User id: 1, email: "admin@example.com", ... irb(main):002:0> user.password=12345678 => 12345678 irb(main):003:0> user.password_confirmation=12345678 => 12345678 irb(main):004:0> user.save! => true irb(main):005:0> quit
三、修改仓库目录位置
修改gitlab配置文件,找到git_data_dir
# git_data_dirs({
# "default" => {
# "path" => "/mnt/nfs-01/git-data"
# }
# })
git_data_dir "/mnt/git_warehouse"
停止当前gitlab,重新加载配置
gitlab-ctl stop
重新加载后,会发现在/mnt/git_warehouse目录下多出一个repositories目录
最后启动gitlab即可
gitlab-ctl start
四、免密登陆
GitLab 提供了让每个账号使用秘钥登录的功能,配置了账号秘钥之后就可以无密码登录账号了。代码自动部署正是需要这样子的功能了。
通过ssh协议免密登陆,首先在本地机器上生成公钥和私钥对,然后将公钥上传到gitlab的个人账户中的ssh keys中即可
如果完成了以上步骤之后,还不能实现代码自动部署,最可能出现问题的是账号的权限问题了。有两个地方可能出现权限的问题。
-
GitLab 账号的权限
自动部署所绑定的账号需要有权限访问该项目。 -
代码服务器端执行脚本的用户的权限
首先,该用户需要有权限对项目目录进行读写; 然后是,该用户的秘钥信息绑定的是正确的 GitLab 账号
需要注意的是,看有没有权限提交,只看你本地的公钥,添加在gitlab上的该账户的人,对项目有没有权限,如果有,则能提交。比如用户A的密码即使添加在gitlab上的B账户中,只要B账户有对项目进行提交的权限,则A就可以提交。这个和git当前使用的user和email无关,只跟公钥挂在谁头上挂钩
比如,我当前本地git使用的user为
$ git config --global user.name kangjianrong $ git config --global user.email wb-kjr261052@alibaba-inc.com
但实际上的我的公钥添加在gitlab上kangjianrong2的账户下,因为kangjianrong2,也有对项目的提交权限,所以我本地也可以提交。
四、在另外一台服务器上拉git服务器上的代码
有时候需要在另外一台服务器上来拉取git服务器上的代码,但那台服务器上并没有设置git账户,即git config --global user.name为空。我查看gitlab上的文档,deploy_key功能可以不用在gitlab上添加虚拟账户的情况下,直接添加某台服务器的公钥,然后实现该服务器来拉取代码。
gitlab文档介绍如下:
Deploy keys allow read-only or read-write (if enabled) access to one or multiple projects with a single SSH key pair.
This is really useful for cloning repositories to your Continuous Integration (CI) server. By using deploy keys, you don't have to set up a dummy user account.
If you are a project master or owner, you can add a deploy key in the project settings under the section 'Repository'. Specify a title for the new deploy key and paste a public SSH key. After this, the machine that uses the corresponding private SSH key has read-only or read-write (if enabled) access to the project.
You can't add the same deploy key twice using the form. If you want to add the same key to another project, please enable it in the list that says 'Deploy keys from projects available to you'. All the deploy keys of all the projects you have access to are available. This project access can happen through being a direct member of the project, or through a group.
Deploy keys can be shared between projects, you just need to add them to each project.
设置方法,只需要把需要拉取代码的服务器的公钥,直接添加到项目的deploy_key中,则那台服务器就可以直接拉取代码了,非常方便。添加deploy_key的路径在project->setting->repository->deploy_keys中添加。