GitLab Docker images有2個版本:GitLab Enterprise EditionGitLab Community Edition。本文主要討論的是 GitLab Community Edition 的安裝、配置、使用,官方參考文檔GitLab Docker images

如何安裝、配置Docker,可參考本人Blog Docker Instroduction and Installation on CentOS 7

Preparation

以下爲本人實驗環境的相關信息

Item Content
OS CentOS Linux release 7.2.1511 (Core)
Kernel 3.10.0-327.28.2.el7.x86_64
Docker 1.12.0
Time Zone Asia/Shanghai
[flying@lempstacker ~]$ timedatectl
      Local time: Sat 2016-08-06 21:21:14 CST
  Universal time: Sat 2016-08-06 13:21:14 UTC
        RTC time: Sat 2016-08-06 21:21:14
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: yes
      DST active: n/a

[flying@lempstacker ~]$ date -R
Sat, 06 Aug 2016 21:21:15 +0800
[flying@lempstacker ~]$
[flying@lempstacker ~]$ cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[flying@lempstacker ~]$ uname -r
3.10.0-327.28.2.el7.x86_64
[flying@lempstacker ~]$ docker --version
Docker version 1.12.0, build 8eab29e
[flying@lempstacker ~]$ docker version
Client:
 Version:      1.12.0
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   8eab29e
 Built:        
 OS/Arch:      linux/amd64

Server:
 Version:      1.12.0
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   8eab29e
 Built:        
 OS/Arch:      linux/amd64
[flying@lempstacker ~]$

Dockerfile

此爲創建 GitLab Community EditionDockerfile,基於ubuntu:14.04創建。

默認TAG是latest,若想使用最新的 RC (Release Candidate)版本,可指定TAG爲rc

FROM ubuntu:14.04
MAINTAINER Sytse Sijbrandij

# Install required packages
RUN apt-get update -q \
    && DEBIAN_FRONTEND=noninteractive apt-get install -yq --no-install-recommends \
      ca-certificates \
      openssh-server \
      wget \
      apt-transport-https \
      vim \
      nano

# Download & Install GitLab
# If you run GitLab Enterprise Edition point it to a location where you have downloaded it.
RUN echo "deb https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu/ `lsb_release -cs` main" > /etc/apt/sources.list.d/gitlab_gitlab-ce.list
RUN wget -q -O - https://packages.gitlab.com/gpg.key | apt-key add -
RUN apt-get update && apt-get install -yq --no-install-recommends gitlab-ce

# Manage SSHD through runit
RUN mkdir -p /opt/gitlab/sv/sshd/supervise \
    && mkfifo /opt/gitlab/sv/sshd/supervise/ok \
    && printf "#!/bin/sh\nexec 2>&1\numask 077\nexec /usr/sbin/sshd -D" > /opt/gitlab/sv/sshd/run \
    && chmod a+x /opt/gitlab/sv/sshd/run \
    && ln -s /opt/gitlab/sv/sshd /opt/gitlab/service \
    && mkdir -p /var/run/sshd

# Disabling use DNS in ssh since it tends to slow connecting
RUN echo "UseDNS no" >> /etc/ssh/sshd_config

# Prepare default configuration
RUN ( \
  echo "" && \
  echo "# Docker options" && \
  echo "# Prevent Postgres from trying to allocate 25% of total memory" && \
  echo "postgresql['shared_buffers'] = '1MB'" ) >> /etc/gitlab/gitlab.rb && \
  mkdir -p /assets/ && \
  cp /etc/gitlab/gitlab.rb /assets/gitlab.rb

# Expose web & ssh
EXPOSE 443 80 22

# Define data volumes
VOLUME ["/etc/gitlab", "/var/opt/gitlab", "/var/log/gitlab"]

# Copy assets
COPY assets/wrapper /usr/local/bin/

# Wrapper to handle signal, trigger runit and reconfigure GitLab
CMD ["/usr/local/bin/wrapper"]

可看到可供暴露的端口是443(https)、80(http)、22(ssh),定義的數據卷路徑爲/etc/gitlab/var/opt/gitlab/var/log/gitlab

注意: 该容器默认使用的时区(timezone)是+0000 UTC,可能与您本地的时区不同,具体可通过命令

docker exec -ti gitlab date +'%z %Z'

查看。

Configuration File

GitLab的配置文件(configuration file)在容器中的路徑是/etc/gitlab/gitlab.rb(映射的宿主機文件路徑/srv/gitlab/config/gitlab.rb),具體說明見Configure GitLab

如果要訪問或修改該配置文件,可通過如下命令實現

#在名爲gitlab的容器中以交互模式執行/bin/bash命令
docker exec -it gitlab /bin/bash

#編輯配置文件
docker exec -it gitlab vi /etc/gitlab/gitlab.rb

#直接在宿主機中打開
sudo vim /srv/gitlab/config/gitlab.rb

配置操作完成後,可執行如下命令進行配置文件的重載

#重啓名爲gitlab的容器
docker restart gitlab

Run The Image

Gitlab官方提供的Run the image命令如下

sudo docker run --detach \ #--detach 在後臺運行容器
    --hostname gitlab.example.com \ #-h, --hostname 設置容器的主機名
    --publish 443:443 --publish 80:80 --publish 22:22 \ #-p, --publish 將宿主機端口與容器的端口進行映射
    --name gitlab \ #--name 爲該容器設置名稱
    --restart always \ #--restart always 當宿主機系統重啓後會自動啓動該容器
    --volume /srv/gitlab/config:/etc/gitlab \ #-v, --volume 將宿主機文件目錄與容器的文件目錄進行映射掛載
    --volume /srv/gitlab/logs:/var/log/gitlab \
    --volume /srv/gitlab/data:/var/opt/gitlab \
    gitlab/gitlab-ce:latest #鏡像的名稱


#SELinux啓用的情況下
sudo docker run --detach \
    --hostname gitlab.example.com \
    --publish 443:443 --publish 80:80 --publish 22:22 \
    --name gitlab \
    --restart always \
    --volume /srv/gitlab/config:/etc/gitlab:Z \
    --volume /srv/gitlab/logs:/var/log/gitlab:Z \
    --volume /srv/gitlab/data:/var/opt/gitlab:Z \
    gitlab/gitlab-ce:latest

數據存儲路徑,詳見 Where is the data stored?

Local location Container location Usage
/srv/gitlab/data /var/opt/gitlab For storing application data 存儲應用程序數據
/srv/gitlab/logs /var/log/gitlab For storing logs 存儲日誌
/srv/gitlab/config /etc/gitlab For storing the GitLab configuration files 存儲GitLab配置文件

Personal Custom Command

以下是本人根據個人使用偏好編寫的命令,若要設置環境變量可參考Environment Variables

docker run -d \
    --restart always \
    --name gitlab \
    -h gitlab.lempstacker.com \
    -p 443:443 -p 800:80 -p 220:22 \
    -v ~/Gitlab/config:/etc/gitlab:Z \
    -v ~/Gitlab/logs:/var/log/gitlab:Z \
    -v ~/Gitlab/data:/var/opt/gitlab:Z \
    gitlab/gitlab-ce:latest

重要 * docker run中參數-d--rm不可同時指定,會報錯 >Conflicting options: –rm and -d

  • 如果宿主機中端口4438022已經被佔用(可使用命令ss -tnl查看),則需要更改宿主機的映射端口(本例使用800220端口,具體見Expose GitLab on different ports)否則可能報如下錯誤:
    • 端口衝突 >docker: Error response from daemon: driver failed programming external connectivity on endpoint gitlab (87d606c607e9d83031c24e968f72613bdfd9170002256ac1eab6fee8bb866c0e): Error starting userland proxy: listen tcp 0.0.0.0:22: bind: address already in use.
    • 無法使用git clone命令拉取倉庫 >Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

須在容器中文件/etc/gitlab/gitlab.rb(映射的宿主機文件路徑/srv/gitlab/config/gitlab.rb)进行设置,執行命令

docker exec -ti gitlab vi /etc/gitlab/gitlab.rb

編輯文件

#Set external_url 約在文件第11行
# For HTTP
#external_url "http://gitlab.lempstacker.com:800"

# For HTTPS
#external_url "https://gitlab.lempstacker.com:443"

#Set gitlab_shell_ssh_port 約在文件第228行
gitlab_rails['gitlab_shell_ssh_port'] = 220

暫只設置gitlab_shell_ssh_port,操作完成後,執行

docker restart gitlab

重新載入配置。

Open in Browser

容器啓動後,即可通過瀏覽器打開GitLab的Web界面,具體 IP:Port 可通過docker port命令獲取

[flying@lempstacker ~]$ docker port gitlab
22/tcp -> 0.0.0.0:220
443/tcp -> 0.0.0.0:443
80/tcp -> 0.0.0.0:800
[flying@lempstacker ~]$

在瀏覽器URL中輸入0.0.0.0:800即可正常打開,注意不要使用代理(Proxy),否則會出錯。

[flying@lempstacker ~]$ curl -I http://0.0.0.0:800
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 06 Aug 2016 13:57:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 98
Connection: keep-alive
Cache-Control: no-cache
Location: http://0.0.0.0:800/users/sign_in
Set-Cookie: _gitlab_session=924a45ce58c2c92cfb757dadab64748b; path=/; HttpOnly
Status: 302 Found
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Request-Id: 11d9b6dd-4fdb-4432-87d5-78ba72211106
X-Runtime: 0.012105
X-Xss-Protection: 1; mode=block

[flying@lempstacker ~]$

也可通過本機IP:Port實現,本機IP爲192.168.1.6 (可通過命令ip addr查看)

[flying@lempstacker ~]$ curl -I http://192.168.1.6:800
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 06 Aug 2016 13:57:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 102
Connection: keep-alive
Cache-Control: no-cache
Location: http://192.168.1.6:800/users/sign_in
Set-Cookie: _gitlab_session=397cf5ff3a75410dcffb71432093b175; path=/; HttpOnly
Status: 302 Found
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Request-Id: 2d75a7e3-d8a3-4045-90a2-a89b2cad173a
X-Runtime: 0.012429
X-Xss-Protection: 1; mode=block

[flying@lempstacker ~]$

官方文檔After starting a container提示初始用戶名、密碼是

username: `root`
password: `5iveL!fe`

重要: 請務必在/etc/hosts中添加如下信息

0.0.0.0 gitlab.lempstacker.com

否則無法解析該域名,在git clone時會報錯 >ssh: Could not resolve hostname gitlab.lempstacker.com: Name or service not known

[flying@lempstacker ~]$ ping -c 5 gitlab.lempstacker.com
ping: unknown host gitlab.lempstacker.com
[flying@lempstacker ~]$ sudo vim /etc/hosts
[flying@lempstacker ~]$ sudo systemctl restart network
[flying@lempstacker ~]$ ping -c 5 gitlab.lempstacker.com
PING gitlab.lempstacker.com (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.041 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.044 ms
64 bytes from localhost (127.0.0.1): icmp_seq=4 ttl=64 time=0.032 ms
64 bytes from localhost (127.0.0.1): icmp_seq=5 ttl=64 time=0.052 ms

--- gitlab.lempstacker.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 0.032/0.045/0.058/0.010 ms
[flying@lempstacker ~]$

Interface Overview

初次打開頁面後,頁面提示Change your password,根據要求輸入自定義的新密碼即可:

密碼更新完成後,頁面自動跳轉至登錄頁(sign in):

進入 Projects 頁面,可創建New projectNew group

側邊欄

頁面右上角分別是Admin AreaTodosNew projectProfile按鈕

Create New Project

提示需要添加SSH Key,如何創建SSH Key,可參考本人Blog Compile Install And Configure Git On CentOS7

點擊add an SSH key鏈接跳轉到SSH Keys頁面,有提示 >Don’t paste the private part of the SSH key. Paste the public part, which is usually contained in the file ‘~/.ssh/id_rsa.pub’ and begins with ‘ssh-rsa’.

將公鑰文件~/.ssh/id_rsa.pub中內容貼入文本框中,設置title後,點擊Add key按鈕即可。

Project創建完成後即可看到

Git Clone repository

Vis SSH

ssh地址 ssh://git@gitlab.lempstacker.com:220/root/docker_gitlab_test.git

[flying@lempstacker ~]$ git clone ssh://git@gitlab.lempstacker.com:220/root/docker_gitlab_test.git
Cloning into 'docker_gitlab_test'...
The authenticity of host '[gitlab.lempstacker.com]:220 ([0.0.0.0]:220)' can't be established.
ECDSA key fingerprint is 8d:ca:b3:10:97:44:14:69:27:f2:6a:be:98:ad:9f:16.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[gitlab.lempstacker.com]:220,[0.0.0.0]:220' (ECDSA) to the list of known hosts.
remote: Counting objects: 3, done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (3/3), done.
Checking connectivity... done.
[flying@lempstacker ~]$ tree docker_gitlab_test/
docker_gitlab_test/

0 directories, 0 files
[flying@lempstacker ~]$

提交代碼

[flying@lempstacker ~]$ cd docker_gitlab_test/
[flying@lempstacker docker_gitlab_test]$ echo 'via ssh' > README.md
[flying@lempstacker docker_gitlab_test]$ git add README.md
[flying@lempstacker docker_gitlab_test]$ git commit -m 'test via ssh'
[master 7a479ec] test via ssh
 1 file changed, 1 insertion(+), 1 deletion(-)
[flying@lempstacker docker_gitlab_test]$ git push
Counting objects: 3, done.
Writing objects: 100% (3/3), 254 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To ssh://git@gitlab.lempstacker.com:220/root/docker_gitlab_test.git
   7726709..7a479ec  master -> master
[flying@lempstacker docker_gitlab_test]$ tree
.
└── README.md

0 directories, 1 file
[flying@lempstacker docker_gitlab_test]$

Via HTTP

直接在配置文件中設置external_url "http://gitlab.lempstacker.com:800"會導致服務不可用,原因尚未查明。

http地址 http://gitlab.lempstacker.com/root/docker_gitlab_test.git,須更改爲http://gitlab.lempstacker.com:800/root/docker_gitlab_test.git

[flying@lempstacker ~]$ git clone http://gitlab.lempstacker.com:800/root/docker_gitlab_test.git
Cloning into 'docker_gitlab_test'...
Username for 'http://gitlab.lempstacker.com:800': root
Password for 'http://root@gitlab.lempstacker.com:800':
remote: Counting objects: 6, done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 6 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (6/6), done.
Checking connectivity... done.
[flying@lempstacker ~]$

提交代碼

[flying@lempstacker ~]$ cd docker_gitlab_test/
[flying@lempstacker docker_gitlab_test]$ tree
.
└── README.md

0 directories, 1 file
[flying@lempstacker docker_gitlab_test]$ echo 'via http' >> README.md
[flying@lempstacker docker_gitlab_test]$ git add README.md
[flying@lempstacker docker_gitlab_test]$ commit -m 'update via http'
bash: commit: command not found...
[flying@lempstacker docker_gitlab_test]$ git commit -m 'update via http'
[master 000d12d] update via http
 1 file changed, 1 insertion(+)
[flying@lempstacker docker_gitlab_test]$ git push
Username for 'http://gitlab.lempstacker.com:800': root
Password for 'http://root@gitlab.lempstacker.com:800':
Counting objects: 3, done.
Writing objects: 100% (3/3), 263 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To http://gitlab.lempstacker.com:800/root/docker_gitlab_test.git
   7a479ec..000d12d  master -> master
[flying@lempstacker docker_gitlab_test]$ tree
.
└── README.md

0 directories, 1 file
[flying@lempstacker docker_gitlab_test]$ cat README.md
via ssh
via http
[flying@lempstacker docker_gitlab_test]$


Version Upgrade

鏡像若有更新,可通過如下命令進行更新

#停止容器運行
docker stop gitlab

#移除存在的容器
docker rm gitlab

#拉取新的鏡像
docker pull gitlab/gitlab-ce:latest

#重新執行創建容器命令

Troubleshooting

使用更新後的鏡像啓動容器可能會遇到問題,具體見官方文檔 Troubleshooting

  • 500 Internal Error 如果出現500頁面,可重啓容器解決

    docker restart gitlab
    
  • Permission problems 如遇到權限問題(permission problem),可通過執行腳本update-permissions解決

    docker exec gitlab update-permissions
    docker restart gitlab
    

Docker自帶log功能,可通過docker logs查看容器運行日誌以診斷(diagnose)是否有潛在問題。

docker logs gitlab

Error Occuring

Error1 IPv4 forwarding is disabled

執行docker run啓動容器時,報錯 >WARNING: IPv4 forwarding is disabled. Networking will not work.

參考WARNING IPv4 forwarding is disabled. Networking will not workDocker networking

Error2 Permission denied

使用SSH方式執行git clone時,密碼輸入後提示 >Permission denied, please try again. Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). fatal: Could not read from remote repository. > Please make sure you have the correct access rights and the repository exists.

通過在容器中的配置文件/etc/gitlab/gitlab.rb中更改參數gitlab_rails['gitlab_shell_ssh_port']爲手動設置的SSH端口,重啓容器解決。

Error3(Unsolved)

curl: (56) Recv failure: Connection reset by peer

在容器中的配置文件/etc/gitlab/gitlab.rb中設置external_url "http://gitlab.lempstacker.com:800"後出現該報錯,瀏覽器無法打開,使用curl無法獲取header信息,只得暫時先將其註釋。


References


Change Logs

  • 2016.08.07 01:15 Sun Asia/Shanghai
    • 初稿完成

  • Note Time: 2016.08.07 01:15 Sun
  • Note Location: Asia/Shanghai
  • Writer: lempstacker