gitlab:
image: sameersbn/gitlab:10.4.2-1
ports:
- "10022:22"
- "10080:80"
links:
- gitlab-redis:redisio
- gitlab-postgresql:postgresql
environment:
- GITLAB_PORT=80
- GITLAB_SSH_PORT=22
- GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alpha-numeric-string
- GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alpha-numeric-string
- GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alpha-numeric-string
volumes:
- /data/docker/gitlab/gitlab:/home/git/data
restart: always
gitlab-redis:
image: sameersbn/redis
volumes:
- /data/docker/gitlab/redis:/var/lib/redis
restart: always
gitlab-postgresql:
image: sameersbn/postgresql:9.6-2
environment:
- DB_NAME=gitlabhq_production
- DB_USER=gitlab
- DB_PASS=password
- DB_EXTENSION=pg_trgm
volumes:
- /data/docker/gitlab/postgresql:/var/lib/postgresql
restart: always
docker-compose up -d
sudo yum install -y curl policycoreutils-python openssh-server
sudo systemctl enable sshd
sudo systemctl start sshd
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
sudo EXTERNAL_URL="http://192.168.1.123:8181" yum install -y gitlab-ce
sudo vim /etc/gitlab/gitlab.rb
external_url 'http://gitlab.example.com'
,改为你的域名 / IPsudo gitlab-ctl reconfigure
,第一次这个时间会比较久,我花了好几分钟sudo gitlab-ctl start
sudo gitlab-ctl stop
sudo gitlab-ctl restart
http://192.168.1.111:80
root
,并且没有密码,所以第一次访问是让你设置你的 root 密码,我设置为:gitlab123456(至少 8 位数)Access the authenticated user's API
wt93jQzA8yu5a6pfsk3s
,这个 Jenkinsfile 会用到GitLab API token
Guest、Reporter、Developer、Master、Owner
Add user(s) to the group
,比如链接:http://192.168.1.111/admin/groups/组名称
行为 | Guest | Reporter | Developer | Master | Owner |
---|---|---|---|---|---|
浏览组 | ✓ | ✓ | ✓ | ✓ | ✓ |
编辑组 | ✓ | ||||
创建项目 | ✓ | ✓ | |||
管理组成员 | ✓ | ||||
移除组 | ✓ |
Guest、Reporter、Developer、Master、Owner
Guest
:访客Reporter
:报告者; 可以理解为测试员、产品经理等,一般负责提交issue等Developer
:开发者; 负责开发Master
:主人; 一般是组长,负责对Master分支进行维护Owner
:拥有者; 一般是项目经理Members
,比如我有一个组下的项目链接:http://192.168.1.111/组名称/项目名称/settings/members
行为 | Guest | Reporter | Developer | Master | Owner |
---|---|---|---|---|---|
创建issue | ✓ | ✓ | ✓ | ✓ | ✓ |
留言评论 | ✓ | ✓ | ✓ | ✓ | ✓ |
更新代码 | ✓ | ✓ | ✓ | ✓ | |
下载工程 | ✓ | ✓ | ✓ | ✓ | |
创建代码片段 | ✓ | ✓ | ✓ | ✓ | |
创建合并请求 | ✓ | ✓ | ✓ | ||
创建新分支 | ✓ | ✓ | ✓ | ||
提交代码到非保护分支 | ✓ | ✓ | ✓ | ||
强制提交到非保护分支 | ✓ | ✓ | ✓ | ||
移除非保护分支 | ✓ | ✓ | ✓ | ||
添加tag | ✓ | ✓ | ✓ | ||
创建wiki | ✓ | ✓ | ✓ | ||
管理issue处理者 | ✓ | ✓ | ✓ | ||
管理labels | ✓ | ✓ | ✓ | ||
创建里程碑 | ✓ | ✓ | |||
添加项目成员 | ✓ | ✓ | |||
提交保护分支 | ✓ | ✓ | |||
使能分支保护 | ✓ | ✓ | |||
修改/移除tag | ✓ | ✓ | |||
编辑工程 | ✓ | ✓ | |||
添加deploy keys | ✓ | ✓ | |||
配置hooks | ✓ | ✓ | |||
切换visibility level | ✓ | ||||
切换工程namespace | ✓ | ||||
移除工程 | ✓ | ||||
强制提交保护分支 | ✓ | ||||
移除保护分支 | ✓ |
ssh-keygen -t rsa -C "gitnavi@qq.com" -b 4096
cat ~/.ssh/id_rsa.pub
,复制到 gitlab 配置页面官网文档:
gitlab 自己本身维护一套用户系统,第三方认证服务一套用户系统,gitlab 可以将两者关联起来,然后用户可以选择其中一种方式进行登录而已。
所以,gitlab 第三方认证只能用于网页登录,clone 时仍然使用用户在 gitlab 的账户密码,推荐使用 ssh-key 来操作仓库,不再使用账户密码。
重要参数:block_auto_created_users=true 的时候则自动注册的账户是被锁定的,需要管理员账户手动的为这些账户解锁,可以改为 false
编辑配置文件引入第三方:sudo vim /etc/gitlab/gitlab.rb
,在 309 行有默认的一些注释配置
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['google_oauth2', 'facebook', 'twitter', 'oauth2_generic']
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_sync_profile_attributes'] = ['email','username']
gitlab_rails['omniauth_external_providers'] = ['google_oauth2', 'facebook', 'twitter', 'oauth2_generic']
gitlab_rails['omniauth_providers'] = [
{
"name"=> "google_oauth2",
"label"=> "Google",
"app_id"=> "123456",
"app_secret"=> "123456",
"args"=> {
"access_type"=> 'offline',
"approval_prompt"=> '123456'
}
},
{
"name"=> "facebook",
"label"=> "facebook",
"app_id"=> "123456",
"app_secret"=> "123456"
},
{
"name"=> "twitter",
"label"=> "twitter",
"app_id"=> "123456",
"app_secret"=> "123456"
},
{
"name" => "oauth2_generic",
"app_id" => "123456",
"app_secret" => "123456",
"args" => {
client_options: {
"site" => "http://sso.cdk8s.com:9090/sso",
"user_info_url" => "/oauth/userinfo"
},
user_response_structure: {
root_path: ["user_attribute"],
attributes: {
"nickname": "username"
}
}
}
}
]