Gitlab单机
关键字说明
- 字体代表
- 字体代表
实验明细
docker-compose.yaml
yaml
# 可参考 https://hub.docker.com/r/gitlab/gitlab-ce
# 内置变量,可参考 https://blog.csdn.net/weixin_44749269/article/details/134937579
version: '3'
networks:
gitlab-network:
driver: bridge
volumes:
gitlab-runner-data:
services:
redis:
image: registry.cn-shanghai.aliyuncs.com/odboy/ops:redis-7.4.0-alpine3.20
container_name: gitlab-redis
hostname: gitlab-redis.odboy.local
restart: unless-stopped
command: redis-server --requirepass redisadmin --appendonly yes --protected-mode yes --loglevel notice --databases 100 --always-show-logo no --rdbcompression yes --rdbchecksum yes --replica-serve-stale-data yes --replica-read-only yes --jemalloc-bg-thread yes
environment:
TZ: Asia/Shanghai
LANG: en_US.UTF-8
volumes:
- "./gitlab-redis:/data"
networks:
- gitlab-network
ports:
- "16379:6379"
healthcheck:
test: [ "CMD", "redis-cli", "ping" ]
interval: 1s
timeout: 3s
retries: 30
gitlab:
image: registry.cn-shanghai.aliyuncs.com/odboy/ops:gitlab-ce-14.8.2
#image: registry.cn-shanghai.aliyuncs.com/odboy/ops:gitlab-ce-16.11.3
#image: registry.cn-shanghai.aliyuncs.com/odboy/ops:gitlab-ce-17.2.2
#image: registry.cn-shanghai.aliyuncs.com/odboy/ops:gitlab-ce-17.3.1
restart: unless-stopped
container_name: gitlab-core
environment:
TZ: Asia/Shanghai
# 这个环境变量千万不能加, 为什么呢?因为它会影响数据库, 留着是为了警示自己
# LANG: en_US.UTF-8
CI_REGISTRY: 192.168.235.100:22250
CI_REGISTRY_USER: gitlabadmin
CI_REGISTRY_PASSWORD: gitlabadmin
GITLAB_OMNIBUS_CONFIG: |
# ================ 主服务 ================
# 设置url地址, web站点访问地址
external_url 'http://192.168.235.100:20080'
# 设置ssh地址, ssh访问地址
gitlab_rails['gitlab_shell_ssh_port'] = 20022
# 设置时区
gitlab_rails['time_zone'] = 'Asia/Shanghai'
# 开启大文件存储
gitlab_rails['lfs_enabled'] = true
# ================ Nginx配置 ================
# Gitlab默认用这个端口号作为其Nginx的监听端口
nginx['listen_port'] = 20080
nginx['client_max_body_size'] = '1024m'
# nginx进程数
nginx['worker_processes'] = 4
# 设置是否监听https
nginx['listen_https'] = false
# ================ http服务器 ================
# http服务器, worker=cpu核数+1
puma['worker_processes'] = 4
puma['worker_timeout'] = 90
# ================ Sidekip是Gitlab的异步任务队列 ================
# 设置sidekiq并发数, 默认值25。
sidekiq['concurrency'] = 5
sidekiq['max_concurrency'] = 5
# ================ API限流 ================
# 关闭速率限制
gitlab_rails['api_rate_limit_enabled'] = false
# 每个周期内请求限制(例如,每分钟请求数)
gitlab_rails['api_rate_limit_requests_per_period'] = 100
# 周期时间(秒)
gitlab_rails['api_rate_limit_period'] = 60
gitlab_rails['api_rate_limit_cache_key'] = 'api_rate_limit'
# ================ 数据库 ================
# 使用内置的postgresql
postgresql['enable'] = true
# 设置数据库缓存, 默认256MB, 这里设置为1GB
postgresql['shared_buffers'] = "1GB"
# 设置数据库并发数
postgresql['max_worker_processes'] = 4
# 设置数据库连接池大小
gitlab_rails['db_pool'] = 10
# 使用外置的redis(单实例、或主从集群)
redis['enable'] = false
gitlab_rails['redis_host'] = "gitlab-redis.odboy.local"
gitlab_rails['redis_port'] = 6379
gitlab_rails['redis_password'] = "redisadmin"
gitlab_rails['redis_database'] = 1
# ================ 禁用 容器仓库 ================
registry['enable'] = false
registry_nginx['enable'] = false
#registry_nginx['listen_port'] = 22250
#registry_external_url 'http://192.168.235.100:22250'
gitlab_rails['gitlab_default_projects_features_container_registry'] = false
gitlab_rails['registry_enabled'] = false
# ================ 关闭 包仓库、依赖管理 ================
gitlab_rails['packages_enabled'] = false
gitlab_rails['dependency_proxy_enabled'] = false
# ================ 关闭 GitLab Pages ================
gitlab_pages['enable'] = false
pages_nginx['enable'] = false
# ================ 关闭 邮箱 ================
gitlab_rails['smtp_enable'] = false
gitlab_rails['smtp_address'] = "smtp.qq.com"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "tianjun@odboy.cn"
gitlab_rails['smtp_password'] = "xxxxxxxxxxxx"
gitlab_rails['smtp_domain'] = "smtp.qq.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['gitlab_email_from'] = "tianjun@odboy.cn"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
# ================ 关闭 监控和性能基准相关功能 ================
prometheus_monitoring['enable'] = false
prometheus['enable'] = false
alertmanager['enable'] = false
node_exporter['enable'] = false
redis_exporter['enable'] = false
postgres_exporter['enable'] = false
pgbouncer_exporter['enable'] = false
gitlab_exporter['enable'] = false
grafana['enable'] = false
sidekiq['metrics_enabled'] = false
# ================ 设置gitlab_rails组件的内存消耗 ================
# dirty_decay_ms 脏页延迟回收时间(已使用过的)
# muzzy_decay_ms 脏页延迟回收时间(未使用过的)
gitlab_rails['env'] = {
'MALLOC_CONF' => 'dirty_decay_ms:250,muzzy_decay_ms:250'
}
# ================ 应用性能分析和上报 Usage Statistics ================
gitlab_rails['usage_ping_enabled'] = false
gitlab_rails['sentry_enabled'] = false
grafana['reporting_enabled'] = false
# ================ 关闭对k8s的cd功能 ================
# GitLab-KAS And Terraform
gitlab_kas['enable'] = false
gitlab_rails['gitlab_kas_enabled'] = false
gitlab_rails['terraform_state_enabled'] = false
# ================ 关闭Kerberos和sentinel ================
gitlab_rails['kerberos_enabled'] = false
sentinel['enable'] = false
# ================ 关闭自带聊天Mattermost ================
mattermost['enable'] = false
mattermost_nginx['enable'] = false
networks:
- gitlab-network
ports:
- '20080:20080' # 注意宿主机和容器内部的端口要一致,否则external_url无法访问
- '20443:443'
- '20022:20022'
- '22250:22250'
volumes:
- './gitlab-core/config:/etc/gitlab'
- './gitlab-core/logs:/var/log/gitlab'
- './gitlab-core/data:/var/opt/gitlab'
# - './gitlab-core/registry:/var/opt/gitlab/gitlab-rails/shared/registry'
shm_size: 256mb # set shared memory limit when using docker-compose
privileged: true
depends_on:
- redis
gitlab-runner:
image: registry.cn-shanghai.aliyuncs.com/odboy/ops:gitlab-runner-v14.8.2
#image: registry.cn-shanghai.aliyuncs.com/odboy/ops:gitlab-runner-v16.11.3
#image: registry.cn-shanghai.aliyuncs.com/odboy/ops:gitlab-runner-v17.2.1
#image: registry.cn-shanghai.aliyuncs.com/odboy/ops:gitlab-runner-v17.3.1
container_name: gitlab-runner
hostname: gitlab-runner.odboy.local
restart: unless-stopped
privileged: true
networks:
- gitlab-network
volumes:
# - ./gitlab-runner:/etc/gitlab-runner # 如果要使用这种写法,需要当前的gitlab-runner目录有和容器内/etc/gitlab-runner一样的内容
- gitlab-runner-data:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
- gitlabdocker-compose.yaml(无外部依赖版)
yaml
# 可参考 https://hub.docker.com/r/gitlab/gitlab-ce
# 内置变量,可参考 https://blog.csdn.net/weixin_44749269/article/details/134937579
version: '3'
networks:
network-dev:
driver: bridge
volumes:
gitlab-runner-data:
services:
gitlab:
image: registry.cn-shanghai.aliyuncs.com/odboy/ops:gitlab-ce-14.8.2
restart: unless-stopped
container_name: gitlab-core
environment:
TZ: Asia/Shanghai
GITLAB_OMNIBUS_CONFIG: |
# ================ 主服务 ================
# 设置url地址, web站点访问地址
external_url 'http://192.168.235.100:20080'
# 设置ssh地址, ssh访问地址
gitlab_rails['gitlab_shell_ssh_port'] = 20022
# 设置时区
gitlab_rails['time_zone'] = 'Asia/Shanghai'
# 开启大文件存储
gitlab_rails['lfs_enabled'] = true
# ================ Nginx配置 ================
# Gitlab默认用这个端口号作为其Nginx的监听端口
nginx['listen_port'] = 20080
nginx['client_max_body_size'] = '1024m'
# nginx进程数
nginx['worker_processes'] = 4
# 设置是否监听https
nginx['listen_https'] = false
# ================ http服务器 ================
# http服务器, worker=cpu核数+1
puma['worker_processes'] = 4
puma['worker_timeout'] = 90
# ================ Sidekip是Gitlab的异步任务队列 ================
# 设置sidekiq并发数, 默认值25。
sidekiq['concurrency'] = 5
sidekiq['max_concurrency'] = 5
# ================ API限流 ================
# 关闭速率限制
gitlab_rails['api_rate_limit_enabled'] = false
# 每个周期内请求限制(例如,每分钟请求数)
gitlab_rails['api_rate_limit_requests_per_period'] = 100
# 周期时间(秒)
gitlab_rails['api_rate_limit_period'] = 60
gitlab_rails['api_rate_limit_cache_key'] = 'api_rate_limit'
# ================ 数据库 ================
# 使用内置的postgresql
postgresql['enable'] = true
# 设置数据库缓存, 默认256MB, 这里设置为1GB
postgresql['shared_buffers'] = "1GB"
# 设置数据库并发数
postgresql['max_worker_processes'] = 4
# 设置数据库连接池大小
gitlab_rails['db_pool'] = 10
# 使用内置的redis
redis['enable'] = true
# ================ 禁用 容器仓库 ================
registry['enable'] = false
registry_nginx['enable'] = false
gitlab_rails['gitlab_default_projects_features_container_registry'] = false
gitlab_rails['registry_enabled'] = false
# ================ 关闭 包仓库、依赖管理 ================
gitlab_rails['packages_enabled'] = false
gitlab_rails['dependency_proxy_enabled'] = false
# ================ 关闭 GitLab Pages ================
gitlab_pages['enable'] = false
pages_nginx['enable'] = false
# ================ 关闭 邮箱 ================
gitlab_rails['smtp_enable'] = false
gitlab_rails['smtp_address'] = "smtp.qq.com"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "tianjun@odboy.cn"
gitlab_rails['smtp_password'] = "xxxxxxxxxxxx"
gitlab_rails['smtp_domain'] = "smtp.qq.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['gitlab_email_from'] = "tianjun@odboy.cn"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
# ================ 关闭 监控和性能基准相关功能 ================
prometheus_monitoring['enable'] = false
prometheus['enable'] = false
alertmanager['enable'] = false
node_exporter['enable'] = false
redis_exporter['enable'] = false
postgres_exporter['enable'] = false
pgbouncer_exporter['enable'] = false
gitlab_exporter['enable'] = false
grafana['enable'] = false
sidekiq['metrics_enabled'] = false
# ================ 设置gitlab_rails组件的内存消耗 ================
# dirty_decay_ms 脏页延迟回收时间(已使用过的)
# muzzy_decay_ms 脏页延迟回收时间(未使用过的)
gitlab_rails['env'] = {
'MALLOC_CONF' => 'dirty_decay_ms:250,muzzy_decay_ms:250'
}
# ================ 应用性能分析和上报 Usage Statistics ================
gitlab_rails['usage_ping_enabled'] = false
gitlab_rails['sentry_enabled'] = false
grafana['reporting_enabled'] = false
# ================ 关闭对k8s的cd功能 ================
# GitLab-KAS And Terraform
gitlab_kas['enable'] = false
gitlab_rails['gitlab_kas_enabled'] = false
gitlab_rails['terraform_state_enabled'] = false
# ================ 关闭Kerberos和sentinel ================
gitlab_rails['kerberos_enabled'] = false
sentinel['enable'] = false
# ================ 关闭自带聊天Mattermost ================
mattermost['enable'] = false
mattermost_nginx['enable'] = false
networks:
- network-dev
ports:
- '20080:20080' # 注意宿主机和容器内部的端口要一致,否则external_url无法访问
- '20443:443'
- '20022:20022'
- '22250:22250'
volumes:
- './gitlab-core/config:/etc/gitlab'
- './gitlab-core/logs:/var/log/gitlab'
- './gitlab-core/data:/var/opt/gitlab'
shm_size: 256mb
privileged: true
gitlab-runner:
image: registry.cn-shanghai.aliyuncs.com/odboy/ops:gitlab-runner-v14.8.2
container_name: gitlab-runner
restart: unless-stopped
privileged: true
networks:
- network-dev
volumes:
- gitlab-runner-data:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
- gitlab获取密码
shell
# 账号 root
docker ps|grep 'gitlab'|grep -v 'runner'|grep -v 'redis'|awk '{print $1}'|xargs -I{} docker exec {} cat /etc/gitlab/initial_root_password|grep 'Password:'效果图
访问地址
text
http://192.168.235.100:20080镜像仓库(优化弃用)
text
docker login --username=gitlabadmin --password=gitlabadmin 192.168.235.100:22250注册runner
TOKEN从哪来
非交互式注册runner
shell
# 参考 https://docs.gitlab.com/runner/register/?tab=Docker
docker ps|grep gitlab|grep -v redis|grep -v gitlab-core|awk '{print $1}'
# 上条命令拿到容器的Id为 4c68527daec4
docker exec -it 4c68527daec4 bash
# 执行命令
gitlab-runner register --non-interactive --url "http://192.168.235.100:20080/" --registration-token "ok8RGwzVkwufekDsfcxz" --executor "shell" --description "shell-runner"注册成功截图
注销runner
shell
# 通过名称注销。若有重名,只注销第一个
gitlab-runner unregister --name shell-runner
# 注销所有
gitlab-runner unregister --all-runners