Debian11上安装GitLab

reference-site-list

GitLab 官网: Debian安装 Official Linux package

ubuntu linux下载的deb包存放在哪？

GitLab 官网: 如何重置root密码

GitLab 官网: GitLab Runner 说明文档

steps

安装准备

apt-get update

apt-get install -y curl openssh-server ca-certificates perl

apt-get install -y postfix

# 选择 Internet Site ，然后回车

添加包仓库并安装

curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | bash

EXTERNAL_URL="https://gitlab.xplorist.tech" GITLAB_ROOT_PASSWORD="password" apt-get install gitlab-ee

# 阿里云上下载非常慢 只有10K左右 gitlab-ee amd64 14.4.2-ee.0
# Get:1 https://packages.gitlab.com/gitlab/gitlab-ee/debian buster/main amd64 gitlab-ee amd64 14.4.2-ee.0 [1,037 MB]
# 下载地址：https://packages.gitlab.com/gitlab/gitlab-ee/packages/debian/buster/gitlab-ee_14.4.2-ee.0_amd64.deb/download.deb
# 本地将 gitlab-ee_14.4.2-ee.0_amd64.deb 文件下载好， 然后通过SFTP上传到服务器的 /var/cache/apt/archives 文件夹下，再执行安装命令
cd /var/cache/apt/archives

EXTERNAL_URL="https://gitlab.xplorist.tech" GITLAB_ROOT_PASSWORD="password" apt-get install gitlab-ee

# 添加gitlab自动重启
systemctl enable gitlab-runsvdir.service

设置GitLab

浏览器打开 https://gitlab.xplorist.tech
使用root账号登陆，然后找到右上角的用户图标，点击下拉框中的Edit profile, 再选择Password，就可以修改安装时设置得不够安全的密码
点击左上角的Menu，选择Admin，进入Settings => General => Sign-up restrictions，取消 Sign-up enabled 选中，不允许其他人注册

安装GitLab-runner

在主页网站上安装gitlab-runner

curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh" | bash

apt-get update

# 阿里云下载非常慢， 只有100K左右 gitlab-runner amd64 14.4.0
# Get:1 https://packages.gitlab.com/runner/gitlab-runner/debian buster/main amd64 gitlab-runner amd64 14.4.0 [453 MB]
# 下载地址：https://packages.gitlab.com/runner/gitlab-runner/packages/debian/buster/gitlab-runner_14.4.0_amd64.deb/download.deb
# 本地将 gitlab-runner_14.4.0_amd64.deb 文件下载好， 然后通过SFTP上传到服务器的 /var/cache/apt/archives 文件夹下，再执行安装命令
cd /var/cache/apt/archives

apt-get install gitlab-runner

本地push项目到GitLab

# git客户端 账号全局设置
git config --global user.email "[email protected]"
git config --global user.name "xplorist"
#git config --global http.proxy http://10.244.186.81:8088
#git config --global credential.helper wincred
git config --global credential.helper store

# 进入到keep文件夹
git init
git remote add origin https://gitlab.xplorist.tech/xplorist/keep.git
git add .
git commit -m "init commit"
git push -u origin master:master

GitLab和GitLab-runner进行交互式注册

登录root账号进入https://gitlab.xplorist.tech/admin/runners, 找到shared runner 的token
进入gitlab-runner安装的服务器进行交互式注册

gitlab-runner register

## 交互式注册内容
1.Enter the GitLab instance URL (for example, https://gitlab.com/):
# 输入gitlab的网址
https://gitlab.xplorist.tech

2. Enter the registration token:
# 登录root账号进入http://10.244.186.85/admin/runners，找到shared Runner的token并输入（这里以Shared Runner为例）
dasdfasdfeta

3.Enter a description for the runner:
# 输入此runner的描述
shared_runner

4.Enter tags for the runner (comma-separated):
# 输入此Runner的tags
shared_runner

5.Enter an executor: parallels, ssh, virtualbox, kubernetes, docker-windows, docker, docker-ssh, shell, docker+machine, docker-ssh+machine, custom:
# 输入executor的类型，选择shell, （Windows操作系统下的有效shell为PowerShell）
shell

# 出现下面提示则表示注册成功了
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

在项目中添加.gitlab-ci.yml文件

.gitlab-ci.yml内容

# .gitlab-ci.yml 内容
build:
  stage: build
  before_script:
    - yarn
    #- chmod -R -f 777 /usr/share/nginx/html/keep/
  script:
    #- hexo clean && hexo deploy
    #- hexo generate
    - hexo deploy
    - rsync -av ./public/ /usr/share/nginx/html/keep/
    #- git config --global user.email "[email protected]"
    #- git config --global user.name "xplorist"
    #- hexo deploy
    #- nginx -s reload
  tags:
    - shared_runner
  only:
    - main

解释：

tags这里的tags要和注册的gitlab-runner的tag一样
only 指定 gitlab repository 中的指定分支，就是GitLab服务器上的远程分支

配置项目中hexo的配置文件_config.yml中的deploy

deploy:
  type: git
  repo: [email protected]:Xplorist/Xplorist.github.io.git
  branch: master

将wordpress文件夹复制到keep文件夹下

cd /usr/share/nginx/html
mkdir keep

cp /usr/share/nginx/html/index.html /usr/share/nginx/html/keep/index.html

# 将wordpress文件夹复制到keep文件夹下
cp -r /usr/share/nginx/html/wordpress /usr/share/nginx/html/keep/wordpress

# 将原先的wordpress重命名为wordpress_bak
mv /usr/share/nginx/html/wordpress /usr/share/nginx/html/wordpress_bak

# 将picture移动到keep下
mv /usr/share/nginx/html/picture /usr/share/nginx/html/keep/picture
# 将info.php移动到keep下
mv /usr/share/nginx/html/info.php /usr/share/nginx/html/keep/info.php

# 添加访问权限，这儿设置得太大，待优化
chmod -R -f 777 /usr/share/nginx/html/keep/

配置nginx

vi /etc/nginx/conf.d/xplorist.tech.conf

## xplorist.tech.conf编辑开始
    location / {
        root   /usr/share/nginx/html/keep; # 默认路径后面加上/keep
        index  index.html index.htm index.php;
    }

    location ~ \.php$ {
        root /usr/share/nginx/html/keep; # 和上面root一致
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.3-fpm.sock;
    }
## xplorist.tech.conf编辑结束

nginx -s reload

上传keep项目的public文件夹测试hexo效果

将本地开发开发的keep项目生成的public文件夹打包成public.zip后通过SFTP上传到服务器，然后解压

# SFTP上传public.zip到/usr/share/nginx/html

cd /usr/share/nginx/html

unzip public.zip

cp -r /usr/share/nginx/html/public/* /usr/share/nginx/html/keep

gitlab-runner服务器上进行相关配置

如下配置想要达到的效果：

本地提交keep项目的源码到GitLab
GitLab 检测到.gitlabci.yml , 触发GitLab-runner的 shell 执行器，执行 .gitlabci.yml 中的shell脚本
GitLab-runner从 GitLab 仓库 pull 最新的代码，然后执行 .gitlabci.yml 脚本
.gitlabci.yml 脚本中的主要内容就是实现 hexo deploy，在本地生成public文件夹中编译好的静态html网页
然后利用rsync将public文件夹中的内容增量更新到nginx的html文件夹中
hexo deploy会触发hexo项目中的_config.yml中的deploy设置，从而执行hexo deploy命令
hexo deploy中的设置就是将public文件夹中的静态html网页全部push到github.io仓中
git客户端到github的操作则是配置了ssh的方式实现免密，所以github仓库链接也是ssh的链接

安装NodeJS和Yarn

cd ~
curl -sL https://deb.nodesource.com/setup_16.x -o nodesource_setup.sh
bash nodesource_setup.sh
apt-get install -y nodejs

npm install --global yarn

安装rsync

1	apt-get install rsync

安装hexo

1	yarn global add hexo

配置SSH实现免密同步到GitHub pages

生成ssh key

1	ssh-keygen -t ed25519 -C "[email protected]"

复制ssh key到gitlab-runner账号文件夹下

cp -r /root/.ssh /home/gitlab-runner

#cp /root/.ssh/id_ed25519 /home/gitlab-runner/.ssh/id_ed25519
#cp /root/.ssh/id_ed25519.pub /home/gitlab-runner/.ssh/id_ed25519.pub
#cp /root/.ssh/known_hosts /home/gitlab-runner/.ssh/known_hosts

# 添加访问权限，这个权限放得太太，其实不好
chmod -R -f 777 /home/gitlab-runner/.ssh/

在GitHub中配置刚才生成的公钥pub

登录GitHub后，进入Settings 的 SSH and GPG keys, 新增SSH key将公钥复制进去

1	cat /home/gitlab-runner/.ssh/id_ed25519.pub

配置git 客户端全局设置

git config --global user.email "[email protected]"
git config --global user.name "xplorist"
git config --global credential.helper store

# 从GitHub上以ssh的方式 1.clone 2.edit 3.add 4.commit 5.push 一个非公开的小项目，测试SSH免密效果
git clone [email protected]:Xplorist/readme.git
cd readme
vi test.md
git add .
git commit -m "add test"
git push -u origin main:main

# 将生成的 known_hosts 复制到gitlab-runner账号文件夹下
cp /root/.ssh/known_hosts /home/gitlab-runner/.ssh/known_hosts

# 查看连个文件夹内容是否一样
cd /root/.ssh
ls
cd /home/gitlab-runner/.ssh
ls

提交keep项目到服务器

在gitlab.xplorist.tech公网的GitLab中创建keep项目代码仓
提交代码

# 先将keep项目下原来的.git目录剪切到其他文件夹如keep-git-bak中
git init
git remote add origin https://gitlab.xplorist.tech/xplorist/keep.git

# 获取远程分支，并合并远程分支 ps:可以使用 git pull origin main 一步取代
git fetch origin main
git merge origin/main

# 查看本地分支
git branch

# 本地分支是master，直切创建并切换到main分支
git checkout -b main

# 查看本地文件状态
git status

git add .
git commit -m "init commit"

git push -u origin main:main

如果git客户端报错如下

INFO  171 files generated in 1.9 s
INFO  Deploying: git
INFO  Setting up Git deployment...
Initialized empty Git repository in /home/gitlab-runner/builds/xTeKDtDV/0/xplorist/keep/.deploy_git/.git/
*** Please tell me who you are.
Run
  git config --global user.email "[email protected]"
  git config --global user.name "Your Name"
to set your account's default identity.
Omit --global to set the identity only in this repository.
fatal: unable to auto-detect email address (got 'gitlab-runner@iZ2vcevk40p3shxd80kkt7Z.(none)')
FATAL {
  err: Error: Spawn failed
      at ChildProcess.<anonymous> (/home/gitlab-runner/builds/xTeKDtDV/0/xplorist/keep/node_modules/hexo-util/lib/spawn.js:51:21)
      at ChildProcess.emit (node:events:390:28)
      at Process.ChildProcess._handle.onexit (node:internal/child_process:290:12) {
    code: 128
  }
} Something's wrong. Maybe you can find the solution here: %s https://hexo.io/docs/troubleshooting.html

那就到切换到该目录下手动操作

cd /home/gitlab-runner/builds/xTeKDtDV/0/xplorist/keep/public/

git config --global user.email "xplorist163.com"
git config --global user.name "xplorist"

hexo deploy

cp -r /root/.ssh/* /home/gitlab-runner/.ssh

chmod -R -f 777 /home/gitlab-runner/.ssh

cp /root/.gitconfig /home/gitlab-runner/.gitconfig
chmod -R -f 777 /home/gitlab-runner

如果是Permission denied报错如下：

Fetching changes with git depth set to 50...
Reinitialized existing Git repository in /home/gitlab-runner/builds/xTeKDtDV/0/xplorist/keep/.git/
Checking out 73be115a as main...
warning: failed to remove ".deploy_git/2020/12/16/GitLab\344\271\213CI_CD\351\205\215\347\275\256/index.html": Permission denied
warning: failed to remove ".deploy_git/2020/12/18/\351\227\250\346\210\267\347\263\273\347\273\237\344\270\255\347\263\273\347\273\237\347\273\237\350\256\241Matomo\351\205\215\347\275\256/index.html": Permission denied

执行添加权限

1
2
3

rm -rf /home/gitlab-runner/builds/xTeKDtDV/0/xplorist/keep/.deploy_git

chmod -R -f 777 /home/gitlab-runner/builds/xTeKDtDV/

如果hexo deploy报错，就手动执行调用hexo deploy 进行部署到GitHub上github.io库，生成GitHub pages

cd /home/gitlab-runner/builds/y6tSEeXS/0/xplorist/keep/public/
hexo deploy

# 会要求输入账号密码,上面配置了git客户端的全局设置，第一次输入后，以后就会保存密码利用ssh就是实现了免密提交

如果rsync Permission denied报错如下：

1	rsync: mkstemp "/usr/share/nginx/html/keep/2020/12/16/GitLab之CI_CD配置/.index.html.rTEdp0" failed: (13)

就手动初始化同步操作

# 修改文件夹权限
chmod -R -f 777 /usr/share/nginx/html/keep/

# 测试rsync
cd /home/gitlab-runner/builds/xTeKDtDV/0/xplorist/keep
rsync -av ./public/ /usr/share/nginx/html/keep/

最后重启gitlab流水线中的job，看命令行结果

将内网GitLab仓库全部更新为公网的远程仓库

内网GitLab服务结束其过渡的使命，正式全面使用公网GitLab服务器