Register

[DevOps] A complete installation guide for GitLab 6.5.1

From our experience of privately hosting GitLab this year, we created a complete manual to address some inconsistencies on the GitLab documentations. This will serve as a reference on how to successfully complete a manual installation of GitLab 6.5.1 server fully tested on CentOS 6.5.

Based on two installation docs by gitlabhq, this guide was created to be an “idiot proof” reference in getting GitLab fully up and running in production mode.  This guide is specific to the 6f6f1588ba5123f156ee3b0635a061745b71fcde revision of Gitlab 6.5.1. It is important to take note that this version of Gitlab strictly limits restoration of backups to the specific version from which the backup was made.

Special credit goes to Jules Leong for the great contribution on the creation of this blog.

 

EPEL and PUIAS Computational repositories

First, you need to add EPEL (Extra Packages for Enterpise Linux) Repository  in your CenOS 6.5 machine by running the command below (Source: wiki.centos.org/AdditionalResources/Repositories):

yum install epel-release

Add PUIAS Computation Repo

Download PUIAS repo:

$ wget -O /etc/yum.repos.d/PUIAS_6_computational.repo https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/install/centos/PUIAS_6_computational.repo

Next download and install the gpg key:

$ wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-puias http://springdale.math.ias.edu/data/puias/6/x86_64/os/RPM-GPG-KEY-puias

$ rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-puias

Verify that the key got installed successfully:

$ rpm -qa gpg*

gpg-pubkey-41a40948-4ce19266

Verify that the EPEL and PUIAS Computational repositories are enabled as shown below:

$ yum repolist

repo id                   repo name                                             status

PUIAS_6_computational             PUIAS computational Base 6 – x86_64                                                    2,018

base                                                    CentOS-6 – Base                                                                                            4,802

epel                                                     Extra Packages for Enterprise Linux 6 – x86_64                                   7,879

extras                                                  CentOS-6 – Extras                                                                                         12

updates                                              CentOS-6 – Updates                                                                                      814

repolist: 15,525

 

Install the required tools for GitLab

$ yum -y update

$ yum -y groupinstall 'Development Tools'

$ yum -y install readline readline-devel ncurses-devel gdbm-devel glibc-devel tcl-devel openssl-devel curl-devel expat-devel db4-devel byacc sqlite-devel libyaml libyaml-devel libffi libffi-devel libxml2 libxml2-devel libxslt libxslt-devel libicu libicu-devel system-config-firewall-tui redis sudo wget crontabs logwatch logrotate perl-Time-HiRes

For reStructuredText markup language support, install the required package python-docutils:

$yum -y install python-docutils

 

Configure redis

Configure redis and make sure it is started on boot:

$ chkconfig redis on

$ service redis start
In order to receive mail notifications, make sure to install a mail server (this is normally pre-installed in CentOS). The recommended one is postfix and you can install it with:

$ yum -y install postfix

 

Install Ruby

The use of ruby version managers such as RVM, rbenv or chruby with GitLab in production frequently leads to hard to diagnose problems. Version managers are not supported and we strongly advise everyone to follow the instructions below to use a system ruby. Remove the old Ruby 1.8 package if present. GitLab only supports the Ruby 2.0+ release series:

$ yum remove ruby

 Remove any other Ruby build if it is still present:

$ cd <your-ruby-source-path>

$ make uninstall

Download Ruby and compile it:

$ mkdir /tmp/ruby && cd /tmp/ruby

$ curl --progress ftp://ftp.ruby-lang.org/pub/ruby/2.1/ruby-2.1.2.tar.gz | tar xz

$ cd ruby-2.1.2

$ ./configure --disable-install-rdoc

$ make

$ make prefix=/usr/local install

Install the Bundler Gem:

$ gem install bundler --no-doc

Logout and login again for the $PATH to take effect. Check that ruby is properly installed with:

$ which ruby

/usr/local/bin/ruby

$ ruby -v

ruby 2.1.2p95 (2014-05-08 revision 45877) [x86_64-linux]

 

Create a git user for Gitlab

The adduser command below will create a user named git with a default home directory of /home/git

$ adduser --system --shell /bin/bash --comment 'GitLab' --create-home --home-dir /home/git/ git

Important: In order to include /usr/local/bin to git user’s PATH, one way is to edit the sudoers file. As root run:

$ visudo

Then search for this line:

Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin

and append /usr/local/bin like so:

Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin

 

Install mysql and enable the mysqld service to start on boot

$ yum install -y mysql-server mysql-devel

$ chkconfig mysqld on

$ service mysqld start

 

Secure your installation

Run the following script:

$ mysql_secure_installation

Change root password to  a password of your choice, then enter ‘Y’ for all of the upcoming questions.

Login to MySQL (type the database root password):

$ mysql -u root -p

 

Create a user for GitLab in MySQL

Run the following:

> CREATE USER 'git'@'localhost' IDENTIFIED BY '$password';

Ensure you can use the InnoDB engine which is necessary to support long indexes. If this fails, check your MySQL config files (e.g. /etc/mysql/*.cnf, /etc/mysql/conf.d/*) for the setting “innodb = off”.

> SET storage_engine=INNODB;

Create the GitLab production database:

> CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;

Grant the GitLab user necessary permissions on the table:

> GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `gitlabhq_production`.* TO 'git'@'localhost';

Quit the database session:

> \q

Try connecting to the new database with the new user:

$ sudo -u git -H mysql -u git -p -D gitlabhq_production

Type the password you replaced $password with earlier. Quit the database session:

> \q

 

Install and Configure GitLab

We’ll install GitLab into home directory of the user “git”

$ cd /home/git

Clone the soure GitLab repository

$ sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 6-5-stable gitlab

$ cd /home/git/gitlab

Restore to the specific revision by the original Upraxis Gitlab server

$ sudo -u git -H git reset --hard 6f6f1588ba5123f156ee3b0635a061745b71fcde

Copy the example GitLab config

$ sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml

$ sudo -u git -H vi config/gitlab.yml

 

Change the following lines of code:

 host: 192.168.1.89 <– change ip

 port: 443       <– change port

 https: true     <– make this true

## Gravatar

gravatar:

enabled: true              # Use user avatar image from Gravatar.com (default: true)

ssl_url: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm        <– add this

max_size: 104857600  # modify from 5 mb to 100 mb (max_size: 5242880 to max_size: 104857600)

timeout: 90    # modify from 10 seconds to 1 1/2 minutes (timeout: 10 to timeout: 90)

Make sure GitLab can write to the log/ and tmp/ directories

$ chown -R git {log,tmp}

$ chmod -R u+rwX  {log,tmp}

Create directory for satellites

$ sudo -u git -H mkdir /home/git/gitlab-satellites

$ chmod u+rwx,g+rx,o-rwx /home/git/gitlab-satellites

Make sure GitLab can write to the tmp/pids/ and tmp/sockets/ directories

$ sudo -u git -H mkdir tmp/{pids,sockets}

$ chmod -R u+rwX  tmp/{pids,sockets}

Make sure GitLab can write to the public/uploads/ directory

$ sudo -u git -H mkdir public/uploads

$ chmod -R u+rwX public/uploads

Copy the example Unicorn config

$ sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb

To optimize running unicorn, get the number of cores using the nproc command:

$ nproc
4

 

Enable cluster mode if you expect to have a high load instance

$ sudo -u git -H vi config/unicorn.rb

 

Edit no of workers_processes depending on the number of cores,

worker_processes 4

 

# Copy the example Rack attack config

$ sudo -u git -H cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb

 

# Configure Git global settings for git user, useful when editing via web

# Edit user.email according to what is set in config/gitlab.yml

$ sudo -u git -H git config --global user.name "GitLab"

$ sudo -u git -H git config --global user.email "gitlab@localhost"

$ sudo -u git -H git config --global core.autocrlf input

 

Configure GitLab DB settings

MySQL only:

$ sudo -u git cp config/database.yml.mysql config/database.yml

In MySQL, update username/password in config/database.yml.

Change ‘secure password’ with the value you have given to $password. You can keep the double quotes around the password

$ sudo -u git -H vi config/database.yml

Under production settings, change your password: “$password”

MySQL:

Make config/database.yml readable to git only

$ sudo -u git -H chmod o-rwx config/database.yml

 

 

Install Gems

 

$ cd /home/git/gitlab

 

Before installing gems in the /home/git/gitlab directory

 

$ sudo -u git -H vi Gemfile

replace values

find

gem "modernizer",   "2.6.2"

replace with
  
gem "modernizr-rails", "2.7.1"

$ sudo -u git -H vi Gemfile.lock

replace values

find              
modernizr (2.6.2)

replace with
modernizr-rails (2.7.1)

find  
modernizr (= 2.6.2)   

replace with
modernizr-rails (= 2.7.1)

For MySQL (note, the option says “without … postgres”)

Note: As of bundler 1.5.2, you can invoke bundle install -jN (where N the number of your processor cores) and you may enjoy the parallel gems installation with measurable difference in completion time (~60% faster). Check the number of your cores with the command nproc. For more information check this post. First make sure you have bundler >= 1.5.2 (run bundle -v) as it addresses some issues that were fixed in 1.5.2.

(You are on root command line):

$ sudo -u git -H bundle install -jN --deployment --without development test postgres aws

where N is the number of CPU cores. You may remove -j  if you have 1 core (default). i.e. If you have 4 CPU cores:

$ sudo -u git -H bundle install -j4 --deployment --without development test postgres aws

Install GitLab shell

GitLab Shell is an ssh access and repository management software developed specially for GitLab.

# Go to home directory

$ cd /home/git

Clone gitlab shell

$ sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-shell.git -b v1.8.0

$ cd gitlab-shell

$ sudo -u git -H cp config.yml.example config.yml

Edit config and replace gitlab_url with something like ‘http://domain.com/’

$ sudo -u git -H vi config.yml

change                        

gitlab_url: "http://localhost"   

to this
gitlab_url: "https://192.168.1.89/"

Add the following line of code under ca_path: /etc/pki/tls/certs

ca_file: /etc/nginx/ssl/gitlab.crt

Change
self_signed_cert: false   

to  
self_signed_cert: true

 

 

# Do setup

$ sudo -u git -H ./bin/install

#Ensure the correct SElinux contexts are set

$ restorecon -Rv /home/git/.ssh

 

 

Initialize Database and Activate Advanced Features

$ cd /home/git/gitlab

$ sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production

Type yes when you will be prompted with the following message:

This will create the necessary database tables and seed the database.

You will lose any previous data stored in the database.

Do you want to continue (yes/no)? yes

 

Type yes to create the database. Take note of the Administrator: login and password.

Administrator account created:

login.........admin@local.host

password......5iveL!fe

 

 

Install Init Script

 

$ sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab

 

$ sudo vi /etc/init.d/gitlab

 

under this

#! /bin/sh

add this

# chkconfig: – 70 30

 

change

sudo -u “$app_user” -H -i $0 “$@”; exit;

to

exec su – “$app_user” — $0 “$@”; exit;

$ chmod +x /etc/init.d/gitlab

$ chkconfig –add gitlab

 

Sometimes you need to restart in order for the git chkconfig addition to work

 

Make GitLab start on boot:

 

$ chkconfig –level 2345 gitlab on

 

Set up logrotate

 

$ cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab

 

Check Application Status

 

Check if GitLab and its environment are configured correctly:

 

$ sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production

 

Compile assets

 

$ sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production

 

Start your GitLab instance

 

$ service gitlab start

 

 

Configure Nginx

 

You will need a new version of nginx otherwise you might encounter an issue like this. To do so, follow the instructions provided by the nginx wiki and then install nginx with:

 

$ yum -y install nginx

$ chkconfig nginx on

$ wget -O /etc/nginx/conf.d/gitlab.conf https://gitlab.com/gitlab-org/gitlab-ce/raw/master/lib/support/nginx/gitlab-ssl

 

 

$ vi /etc/nginx/conf.d/gitlab.conf

under ### Normal HTTP host

Remove default_server in this line of code:   listen *:80 default_server;

 

 listen *:80;

 

–change YOUR_SERVER_FQDN with 192.168.1.89

server_name 192.168.1.89; ## Replace this with something like gitlab.example.com

 

 

client_max_body_size must be the same or lower than max_size in gitlab-shell/config.yml

 

therefore change:

client_max_body_size 20m;

to

client_max_body_size 100m;

 

 

make sure that under ##Strong  SSL Security the ff

ssl on;

ssl_certificate /etc/nginx/ssl/gitlab.crt

ssl_certificate_key /etc/nginx/ssl/gitlab.key

 

 

Near the end of the file, at

 

## Enable gzip compression as per rails guide:

## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression

## WARNING: If you are using relative urls remove the block below

## See config/application.rb under “Relative url support” for the list of

## other files that need to be changed for relative url support

location ~ ^/(assets)/ {

root /home/git/gitlab/public;

gzip_static on; # to serve pre-gzipped version

expires max;

add_header Cache-Control public;

}

 

add “##” in front of the lines, like below to comment these lines (as they cause problem of icons not appearing in UI)

##  location ~ ^/(assets)/ {

## root /home/git/gitlab/public;

## gzip_static on; # to serve pre-gzipped version

## expires max;

## add_header Cache-Control public;

##  }

 

 

Generate a self-signed SSL certificate:

 

$ mkdir -p /etc/nginx/ssl/

$ cd /etc/nginx/ssl/

$ sudo openssl req -newkey rsa:2048 -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key

 

Generating a 2048 bit RSA private key

……………………………………………………….+++

…+++

writing new private key to ‘gitlab.key’

—–

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [XX]:PH

State or Province Name (full name) []:Metro Manila

Locality Name (eg, city) [Default City]:Makati City

Organization Name (eg, company) [Default Company Ltd]:Cloud Computing

Organizational Unit Name (eg, section) []:DevOps

Common Name (eg, your name or your server’s hostname) []:localhost

Email Address []:somebody@somewhere.com

 

 

$ sudo chmod o-r gitlab.key

 

 

Add nginx user to git group:

 

$ usermod -a -G git nginx

$ chmod g+rx /home/git/

 

Finally start nginx with:

 

$ service nginx start

 

 

Configure the firewall

 

Poke an iptables hole so users can access the web server (http and https ports) and ssh.

 

$ lokkit -s http -s https -s ssh

 

Restart the service for the changes to take effect:

 

$ service iptables restart

 

Done!

Double-check Application Status

 

To make sure you didn’t miss anything run a more thorough check with:

 

$ cd /home/git/gitlab

$ sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production

 

Now, the output will complain that your init script is not up-to-date as follows:

 

Init script up-to-date? … no

Try fixing it:

Redownload the init script

For more information see:

doc/install/installation.md in section “Install Init Script”

Please fix the error above and rerun the checks.

 

Do not mind about that error

 

If all other items are green, then congratulations on successfully installing GitLab!

 

NOTE: Supply SANITIZE=true environment variable to gitlab:check to omit project names from the output of the check command.

Initial Login

 

Visit YOUR_SERVER in your web browser for your first GitLab login. The setup has created an admin account for you. You can use it to log in:

 

admin@local.host

5iveL!fe

 

Important Note: Please go over to your profile page and immediately change the password, so nobody can access your GitLab by using this login information later on.

 

References

https://github.com/gitlabhq/gitlab-recipes/tree/master/install/centos

https://github.com/gitlabhq/gitlabhq/blob/6-5-stable/doc/install/installation.md