From 53664369ad7de48ec7aa20f0c30adb47796a96fc Mon Sep 17 00:00:00 2001 From: Adam Gradzki Date: Wed, 26 Mar 2014 12:54:45 -0400 Subject: [PATCH 1/8] Initial work on Arch Linux Gitlab Installation --- install/archlinux/README.md | 537 +++++++++++++++++++++++++++++++++++- 1 file changed, 535 insertions(+), 2 deletions(-) diff --git a/install/archlinux/README.md b/install/archlinux/README.md index d3862eb..3a2bcaf 100644 --- a/install/archlinux/README.md +++ b/install/archlinux/README.md @@ -1,5 +1,538 @@ -Welcome to the Archlinux GitLab recipes. Here you will find installation scripts, -guides, how-tos and some useful links that will help you install GitLab on Archlinux. +``` +Distribution : Arch Linux +GitLab version : 6.7 +Web Server : nginx +Init system : systemd +Database : PostgreSQL +Contributors : @nszceta +Additional Notes : +``` + +## Overview + +Please read [requirements.md](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/install/requirements.md) for hardware and platform requirements. + +### Important Notes + +The following steps have been known to work and should be followed from up to bottom. +If you deviate from this guide, do it with caution and make sure you don't violate +any assumptions GitLab makes about its environment. + +**This guide assumes that you run every command as root.** + +#### If you find a bug + +If you find a bug/error in this guide please submit an issue or a Merge Request +following the contribution guide (see [CONTRIBUTING.md](https://gitlab.com/gitlab-org/gitlab-recipes/blob/master/CONTRIBUTING.md)). + +The GitLab installation consists of setting up the following components: + +1. Install the base operating system, packages, and dependencies +2. Ruby +3. System Users +4. GitLab shell +5. Database +6. GitLab +7. Web server +8. Firewall + +---------- + +## 1. Installing the operating system + +We start with a completely clean Arch Linux installation. + +Make sure you have configured a static IP or otherwise dhcp is enabled as follows: + +:: + + systemctl enable dhcpcd + systemctl start dhcpcd + +:: + + pacman -Syu + pacman -S vim readline readline-devel ncurses-devel gdbm-devel glibc-devel tcl-devel openssl-devel curl-devel expat-devel db4-devel byacc sqlite-devel gcc-c++ libyaml libyaml-devel libffi libffi-devel libxml2 libxml2-devel libxslt libxslt-devel libicu libicu-devel system-config-firewall-tui redis sudo wget crontabs logwatch logrotate perl-Time-HiRes git patch + + // TODO: FIX PACKAGE NAMES + +### Configure redis +Make sure redis is started on boot: + + chkconfig redis on + service redis start + +### Install mail server + +In order to receive mail notifications, make sure to install a +mail server. The recommended one is postfix and you can install it with: + + yum -y install postfix + +To use and configure sendmail instead of postfix see [Advanced Email Configurations](configure_email.md). + +### Configure the default editor + +You can choose between editors such as nano, vi, vim, etc. +In this case we will use vim as the default editor for consistency. + + ln -s /usr/bin/vim /usr/bin/editor + +To remove this alias in the future: + + rm -i /usr/bin/editor + + +### Install Git from Source (optional) + +Remove the system Git + + yum -y remove git + +Install the pre-requisite files for Git compilation + + yum install zlib-devel perl-CPAN gettext curl-devel expat-devel gettext-devel openssl-devel + +Download and extract Git 1.9.0 + + mkdir /tmp/git && cd /tmp/git + curl --progress https://git-core.googlecode.com/files/git-1.9.0.tar.gz | tar xz + cd git-1.9.0/ + ./configure + make + make prefix=/usr/local install + +Make sure Git is in your `$PATH`: + + which git + +You might have to logout and login again for the `$PATH` to take effect. + + +---------- + +## 2. Ruby + +The use of ruby version managers such as [RVM](http://rvm.io/), [rbenv](https://github.com/sstephenson/rbenv) or [chruby](https://github.com/postmodern/chruby) with GitLab in production frequently leads to hard to diagnose problems. Version managers are not supported and we stronly advise everyone to follow the instructions below to use a system ruby. + +Remove the old Ruby 1.8 package if present. Gitlab 6.7 only supports the Ruby 2.0.x release series: + + yum remove ruby + +Remove any other Ruby build if it is still present: + + cd + make uninstall + +Download Ruby and compile it: + + mkdir /tmp/ruby && cd /tmp/ruby + curl --progress ftp://ftp.ruby-lang.org/pub/ruby/2.0/ruby-2.0.0-p451.tar.gz | tar xz + cd ruby-2.0.0-p451 + ./configure --disable-install-rdoc + make + make prefix=/usr/local install + +Install the Bundler Gem: + + gem install bundler --no-ri --no-rdoc + +Logout and login again for the `$PATH` to take effect. Check that ruby is properly +installed with: + + which ruby + # /usr/local/bin/ruby + ruby -v + # ruby 2.0.0p451 (2014-02-24 revision 45167) [x86_64-linux] + +---------- + +## 3. System Users + +Create a `git` user for Gitlab: + + adduser --system --shell /sbin/nologin --comment 'GitLab' --create-home --home-dir /home/git/ git + +For extra security, the shell we use for this user does not allow logins via a terminal. + +**Important:** In order to include `/usr/local/bin` to git user's PATH, one way is to edit the sudoers file. As root run: + + visudo + +Then search for this line: + + Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin + +and append `/usr/local/bin` like so: + + Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin + +Save and exit. + +---------- + +## 4. GitLab shell + +GitLab Shell is a ssh access and repository management application developed specifically for GitLab. + + + # Go to home directory + cd /home/git + + # Clone gitlab shell + sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-shell.git -b v1.9.1 + + cd gitlab-shell + + sudo -u git -H cp config.yml.example config.yml + + # Edit config and replace gitlab_url + # with something like 'http://domain.com/' + sudo -u git -H editor config.yml + + # Do setup + sudo -u git -H /usr/local/bin/ruby ./bin/install + +---------- + +## 5. Database + +### 5.1 MySQL + +Install `mysql` and enable the `mysqld` service to start on boot: + + yum install -y mysql-server mysql-devel + chkconfig mysqld on + service mysqld start + +Secure MySQL by entering a root password and say "Yes" to all questions: + + /usr/bin/mysql_secure_installation + +Create a new user and database for GitLab: + + # Login to MySQL + mysql -u root -p + # Type the database root password + # Create a user for GitLab. (change supersecret to a real password) + CREATE USER 'git'@'localhost' IDENTIFIED BY 'supersecret'; + + # Create the GitLab production database + CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`; + + # Grant the GitLab user necessary permissopns on the table. + GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `gitlabhq_production`.* TO 'git'@'localhost'; + + # Quit the database session + \q + +Try connecting to the new database with the new user: + + mysql -u git -p -D gitlabhq_production + # Type the password you replaced supersecret with earlier + # Quit the database session + \q + +### 5.2 PostgreSQL + +Install `postgresql-server` and the `postgreqsql-devel` libraries: + + yum install postgresql-server postgresql-devel + +Initialize the database: + + service postgresql initdb + +Start the service and configure service to start on boot: + + service postgresql start + chkconfig postgresql on + +Configure the database user and password: + + su - postgres + psql -d template1 + psql (8.4.13) + + template1=# CREATE USER git WITH PASSWORD 'your-password-here'; + CREATE ROLE + template1=# CREATE DATABASE gitlabhq_production OWNER git; + CREATE DATABASE + template1=# \q + exit # exit uid=postgres, return to root + +Test the connection as the gitlab (uid=git) user. You should be root to begin this test: + + whoami + +Attempt to log in to Postgres as the git user: + + sudo -u git psql -d gitlabhq_production -U git -W + +If you see the following: + + gitlabhq_production=> + +Your password has been accepted successfully and you can type \q to quit. + + +---------- +## 6. GitLab + + # We'll install GitLab into home directory of the user "git" + cd /home/git + +### Clone the Source + + # Clone GitLab repository + sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 6-7-stable gitlab + +**Note:** You can change `6-7-stable` to `master` if you want the *bleeding edge* version, but do so with caution! + +### Configure it + + cd /home/git/gitlab + + # Copy the example GitLab config + sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml + + # Make sure to change "localhost" to the fully-qualified domain name of your + # host serving GitLab where necessary + # + # If you installed Git from source, change the git bin_path to /usr/local/bin/git + sudo -u git -H editor config/gitlab.yml + + # Make sure GitLab can write to the log/ and tmp/ directories + sudo chown -R git log/ + sudo chown -R git tmp/ + sudo chmod -R u+rwX log/ + sudo chmod -R u+rwX tmp/ + + # Create directory for satellites + sudo -u git -H mkdir /home/git/gitlab-satellites + + # Create directories for sockets/pids and make sure GitLab can write to them + sudo -u git -H mkdir tmp/pids/ + sudo -u git -H mkdir tmp/sockets/ + sudo chmod -R u+rwX tmp/pids/ + sudo chmod -R u+rwX tmp/sockets/ + + # Create public/uploads directory otherwise backup will fail + sudo -u git -H mkdir public/uploads + sudo chmod -R u+rwX public/uploads + + # Copy the example Unicorn config + sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb + + # Enable cluster mode if you expect to have a high load instance + # Ex. change amount of workers to 3 for 2GB RAM server + sudo -u git -H editor config/unicorn.rb + + # Copy the example Rack attack config + sudo -u git -H cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb + + # Configure Git global settings for git user, useful when editing via web + # Edit user.email according to what is set in gitlab.yml + sudo -u git -H git config --global user.name "GitLab" + sudo -u git -H git config --global user.email "gitlab@localhost" + sudo -u git -H git config --global core.autocrlf input + +**Important Note:** +Make sure to edit both `gitlab.yml` and `unicorn.rb` to match your setup. + +### Configure GitLab DB settings + + # For MySQL + sudo -u git -H cp config/database.yml{.mysql,} + + # Make sure to update username/password in config/database.yml. + # You only need to adapt the production settings (first part). + # If you followed the database guide then please do as follows: + # Change 'secure password' with the value you have given to $password + # You can keep the double quotes around the password + sudo -u git -H editor config/database.yml + + or + + # For PostgreSQL + sudo -u git -H cp config/database.yml{.postgresql,} + + # Make config/database.yml readable to git only + sudo -u git -H chmod o-rwx config/database.yml + +### Install Gems + + cd /home/git/gitlab + + # For MySQL (note, the option says "without ... postgres") + sudo -u git -H /usr/local/bin/bundle install --deployment --without development test postgres aws + + # Or for PostgreSQL (note, the option says "without ... mysql") + sudo -u git -H bundle install --deployment --without development test mysql aws + +### Initialize Database and Activate Advanced Features + + sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production + + # Type 'yes' to create the database tables. + + # When done you see 'Administrator account created:' + +Type 'yes' to create the database. +When done you see 'Administrator account created:' + +### Install Init Script + +Download the init script (will be /etc/init.d/gitlab): + + wget -O /etc/init.d/gitlab https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/init/sysvinit/centos/gitlab-unicorn + chmod +x /etc/init.d/gitlab + chkconfig --add gitlab + +Make GitLab start on boot: + + chkconfig gitlab on + +### Set up logrotate + + sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab + +### Check Application Status + +Check if GitLab and its environment are configured correctly: + + sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production + +### Start your GitLab instance: + + service gitlab start + +## Compile assets + + sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production + +## 7. Configure the web server + +Use either Nginx or Apache, not both. Official installation guide recommends nginx. + +### Nginx + +You will need a new version of nginx otherwise you might encounter an issue like [this][issue-nginx]. +To do so, follow the instructions provided by the [nginx wiki][nginx-centos] and then install nginx with: + + yum update + yum -y install nginx + chkconfig nginx on + wget -O /etc/nginx/conf.d/gitlab.conf https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/web-server/nginx/gitlab-ssl + +Edit `/etc/nginx/conf.d/gitlab` and replace `git.example.com` with your FQDN. Make sure to read the comments in order to properly set up ssl. + +Add `nginx` user to `git` group: + + usermod -a -G git nginx + chmod g+rx /home/git/ + +Finally start nginx with: + + service nginx start + +### Apache + +We will configure apache with module `mod_proxy` which is loaded by default when +installing apache and `mod_ssl` which will provide ssl support: + + yum -y install httpd mod_ssl + chkconfig httpd on + wget -O /etc/httpd/conf.d/gitlab.conf https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/web-server/apache/gitlab-ssl.conf + mv /etc/httpd/conf.d/ssl.conf{,.bak} + mkdir /var/log/httpd/logs/ + +Open `/etc/httpd/conf.d/gitlab.conf` with your editor and replace `git.example.org` with your FQDN. Also make sure the path to your certificates is valid. + +Add `LoadModule ssl_module /etc/httpd/modules/mod_ssl.so` in `/etc/httpd/conf/httpd.conf`. + +#### SELinux + +To configure SELinux read the **SELinux modifications** section in [README](https://gitlab.com/gitlab-org/gitlab-recipes/blob/master/web-server/apache/README.md). + +Finally, start apache: + + service httpd start + +**Note:** +If you want to run other websites on the same system, you'll need to add in `/etc/httpd/conf/httpd.conf`: + + NameVirtualHost *:80 + + # If you add NameVirtualHost *:443 here, you will also have to change + # the VirtualHost statement in /etc/httpd/conf.d/gitlab.conf + # to + NameVirtualHost *:443 + Listen 443 + + +## 8. Configure the firewall + +Poke an iptables hole so users can access the web server (http and https ports) and ssh. + + lokkit -s http -s https -s ssh + +Restart the service for the changes to take effect: + + service iptables restart + + +## Done! + +### Double-check Application Status + +To make sure you didn't miss anything run a more thorough check with: + + cd /home/git/gitlab + sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production + +Now, the output will complain that your init script is not up-to-date as follows: + + Init script up-to-date? ... no + Try fixing it: + Redownload the init script + For more information see: + doc/install/installation.md in section "Install Init Script" + Please fix the error above and rerun the checks. + +Do not mind about that error if you are sure that you have downloaded the up-to-date file from https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/init/sysvinit/centos/gitlab-unicorn and saved it to `/etc/init.d/gitlab`. + +If all other items are green, then congratulations on successfully installing GitLab! +However there are still a few steps left. + +## Initial Login + +Visit YOUR_SERVER in your web browser for your first GitLab login. +The setup has created an admin account for you. You can use it to log in: + + admin@local.host + 5iveL!fe + +**Important Note:** +Please go over to your profile page and immediately change the password, so +nobody can access your GitLab by using this login information later on. + +**Enjoy!** + +## Links used in this guide + +- [EPEL information](http://www.thegeekstuff.com/2012/06/enable-epel-repository/) +- [SELinux booleans](http://wiki.centos.org/TipsAndTricks/SelinuxBooleans) + + +[EPEL]: https://fedoraproject.org/wiki/EPEL +[PUIAS]: https://puias.math.ias.edu/wiki/YumRepositories6#Computational +[SDL]: https://puias.math.ias.edu +[PU]: http://www.princeton.edu/ +[IAS]: http://www.ias.edu/ +[keys]: https://fedoraproject.org/keys +[issue-nginx]: https://github.com/gitlabhq/gitlabhq/issues/5774 +[nginx-centos]: http://wiki.nginx.org/Install#Official_Red_Hat.2FCentOS_packages ## Useful links From 150e7f1a5c48235f4d20903c5683edf737d84a34 Mon Sep 17 00:00:00 2001 From: Adam Gradzki Date: Wed, 26 Mar 2014 13:01:45 -0400 Subject: [PATCH 2/8] More updates --- install/archlinux/README.md | 124 ++++-------------------------------- 1 file changed, 12 insertions(+), 112 deletions(-) diff --git a/install/archlinux/README.md b/install/archlinux/README.md index 3a2bcaf..7f3b32c 100644 --- a/install/archlinux/README.md +++ b/install/archlinux/README.md @@ -44,30 +44,32 @@ We start with a completely clean Arch Linux installation. Make sure you have configured a static IP or otherwise dhcp is enabled as follows: -:: - systemctl enable dhcpcd systemctl start dhcpcd -:: +Install the basic packages needed for Gitlab: pacman -Syu - pacman -S vim readline readline-devel ncurses-devel gdbm-devel glibc-devel tcl-devel openssl-devel curl-devel expat-devel db4-devel byacc sqlite-devel gcc-c++ libyaml libyaml-devel libffi libffi-devel libxml2 libxml2-devel libxslt libxslt-devel libicu libicu-devel system-config-firewall-tui redis sudo wget crontabs logwatch logrotate perl-Time-HiRes git patch + pacman -S vim readline readline-devel ncurses-devel gdbm-devel glibc-devel \ + tcl-devel openssl-devel curl-devel expat-devel db4-devel byacc sqlite-devel \ + gcc-c++ libyaml libyaml-devel libffi libffi-devel libxml2 libxml2-devel \ + libxslt libxslt-devel libicu libicu-devel system-config-firewall-tui redis \ + sudo wget crontabs logwatch logrotate perl-Time-HiRes git patch // TODO: FIX PACKAGE NAMES ### Configure redis Make sure redis is started on boot: - chkconfig redis on - service redis start + systemctl enable redis + systemctl start redis ### Install mail server In order to receive mail notifications, make sure to install a mail server. The recommended one is postfix and you can install it with: - yum -y install postfix + pacman -S postfix To use and configure sendmail instead of postfix see [Advanced Email Configurations](configure_email.md). @@ -82,68 +84,13 @@ To remove this alias in the future: rm -i /usr/bin/editor - -### Install Git from Source (optional) - -Remove the system Git - - yum -y remove git - -Install the pre-requisite files for Git compilation - - yum install zlib-devel perl-CPAN gettext curl-devel expat-devel gettext-devel openssl-devel - -Download and extract Git 1.9.0 - - mkdir /tmp/git && cd /tmp/git - curl --progress https://git-core.googlecode.com/files/git-1.9.0.tar.gz | tar xz - cd git-1.9.0/ - ./configure - make - make prefix=/usr/local install - -Make sure Git is in your `$PATH`: - - which git - -You might have to logout and login again for the `$PATH` to take effect. - - ---------- ## 2. Ruby The use of ruby version managers such as [RVM](http://rvm.io/), [rbenv](https://github.com/sstephenson/rbenv) or [chruby](https://github.com/postmodern/chruby) with GitLab in production frequently leads to hard to diagnose problems. Version managers are not supported and we stronly advise everyone to follow the instructions below to use a system ruby. -Remove the old Ruby 1.8 package if present. Gitlab 6.7 only supports the Ruby 2.0.x release series: - - yum remove ruby - -Remove any other Ruby build if it is still present: - - cd - make uninstall - -Download Ruby and compile it: - - mkdir /tmp/ruby && cd /tmp/ruby - curl --progress ftp://ftp.ruby-lang.org/pub/ruby/2.0/ruby-2.0.0-p451.tar.gz | tar xz - cd ruby-2.0.0-p451 - ./configure --disable-install-rdoc - make - make prefix=/usr/local install - -Install the Bundler Gem: - - gem install bundler --no-ri --no-rdoc - -Logout and login again for the `$PATH` to take effect. Check that ruby is properly -installed with: - - which ruby - # /usr/local/bin/ruby - ruby -v - # ruby 2.0.0p451 (2014-02-24 revision 45167) [x86_64-linux] +Gitlab 6.7 currently supports Ruby 2.0, available in the AUR at `https://aur.archlinux.org/packages/ruby2.0/` ---------- @@ -197,43 +144,7 @@ GitLab Shell is a ssh access and repository management application developed spe ## 5. Database -### 5.1 MySQL - -Install `mysql` and enable the `mysqld` service to start on boot: - - yum install -y mysql-server mysql-devel - chkconfig mysqld on - service mysqld start - -Secure MySQL by entering a root password and say "Yes" to all questions: - - /usr/bin/mysql_secure_installation - -Create a new user and database for GitLab: - - # Login to MySQL - mysql -u root -p - # Type the database root password - # Create a user for GitLab. (change supersecret to a real password) - CREATE USER 'git'@'localhost' IDENTIFIED BY 'supersecret'; - - # Create the GitLab production database - CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`; - - # Grant the GitLab user necessary permissopns on the table. - GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `gitlabhq_production`.* TO 'git'@'localhost'; - - # Quit the database session - \q - -Try connecting to the new database with the new user: - - mysql -u git -p -D gitlabhq_production - # Type the password you replaced supersecret with earlier - # Quit the database session - \q - -### 5.2 PostgreSQL +### 5.1 PostgreSQL Install `postgresql-server` and the `postgreqsql-devel` libraries: @@ -519,20 +430,9 @@ nobody can access your GitLab by using this login information later on. **Enjoy!** -## Links used in this guide - -- [EPEL information](http://www.thegeekstuff.com/2012/06/enable-epel-repository/) -- [SELinux booleans](http://wiki.centos.org/TipsAndTricks/SelinuxBooleans) - +## Additional Information -[EPEL]: https://fedoraproject.org/wiki/EPEL -[PUIAS]: https://puias.math.ias.edu/wiki/YumRepositories6#Computational -[SDL]: https://puias.math.ias.edu -[PU]: http://www.princeton.edu/ -[IAS]: http://www.ias.edu/ -[keys]: https://fedoraproject.org/keys [issue-nginx]: https://github.com/gitlabhq/gitlabhq/issues/5774 -[nginx-centos]: http://wiki.nginx.org/Install#Official_Red_Hat.2FCentOS_packages ## Useful links From babf69572876e73c5fdd279daf897a61f11c49ce Mon Sep 17 00:00:00 2001 From: Adam Gradzki Date: Wed, 26 Mar 2014 16:30:36 -0400 Subject: [PATCH 3/8] Updated Ruby installation instructions --- install/archlinux/README.md | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/install/archlinux/README.md b/install/archlinux/README.md index 7f3b32c..6d4790e 100644 --- a/install/archlinux/README.md +++ b/install/archlinux/README.md @@ -20,6 +20,10 @@ any assumptions GitLab makes about its environment. **This guide assumes that you run every command as root.** +** Never upgrade your packages blindly ** + +** Always test the effects of the package upgrade first and be prepared to downgrade if needed ** + #### If you find a bug If you find a bug/error in this guide please submit an issue or a Merge Request @@ -50,13 +54,8 @@ Make sure you have configured a static IP or otherwise dhcp is enabled as follow Install the basic packages needed for Gitlab: pacman -Syu - pacman -S vim readline readline-devel ncurses-devel gdbm-devel glibc-devel \ - tcl-devel openssl-devel curl-devel expat-devel db4-devel byacc sqlite-devel \ - gcc-c++ libyaml libyaml-devel libffi libffi-devel libxml2 libxml2-devel \ - libxslt libxslt-devel libicu libicu-devel system-config-firewall-tui redis \ - sudo wget crontabs logwatch logrotate perl-Time-HiRes git patch - - // TODO: FIX PACKAGE NAMES + pacman -S base-devel vim readline ncurses gdbm glibc tcl openssl curl expat python2 bison sqlite \ + gcc libyaml libffi libxml2 libxslt redis sudo wget logwatch logrotate perl git patch openssh ### Configure redis Make sure redis is started on boot: @@ -90,7 +89,15 @@ To remove this alias in the future: The use of ruby version managers such as [RVM](http://rvm.io/), [rbenv](https://github.com/sstephenson/rbenv) or [chruby](https://github.com/postmodern/chruby) with GitLab in production frequently leads to hard to diagnose problems. Version managers are not supported and we stronly advise everyone to follow the instructions below to use a system ruby. -Gitlab 6.7 currently supports Ruby 2.0, available in the AUR at `https://aur.archlinux.org/packages/ruby2.0/` + mkdir /tmp/ruby + cd /tmp/ruby + wget https://aur.archlinux.org/packages/ru/ruby2.0-headless/ruby2.0-headless.tar.gz + pacman -S gdbm libffi libyaml openssl + cd ruby2.0-headless + makepkg --asroot + ln -s /usr/bin/ruby-2.0 /usr/bin/ruby + ruby --version + # ruby 2.0.0p456 (2014-03-03) [x86_64-linux] ---------- @@ -98,7 +105,7 @@ Gitlab 6.7 currently supports Ruby 2.0, available in the AUR at `https://aur.arc Create a `git` user for Gitlab: - adduser --system --shell /sbin/nologin --comment 'GitLab' --create-home --home-dir /home/git/ git + adduser --system --shell /sbin/nologin --comment 'GitLab User' --create-home --home-dir /home/git/ git For extra security, the shell we use for this user does not allow logins via a terminal. @@ -148,7 +155,7 @@ GitLab Shell is a ssh access and repository management application developed spe Install `postgresql-server` and the `postgreqsql-devel` libraries: - yum install postgresql-server postgresql-devel + pacman -S postgresql91 Initialize the database: From 4d01201880b4d74c5311e66ef69774dd46d91060 Mon Sep 17 00:00:00 2001 From: Adam Gradzki Date: Wed, 26 Mar 2014 19:49:26 -0400 Subject: [PATCH 4/8] More updates --- install/archlinux/README.md | 92 +++++++++++++++++++------------------ 1 file changed, 47 insertions(+), 45 deletions(-) diff --git a/install/archlinux/README.md b/install/archlinux/README.md index 6d4790e..ee946ab 100644 --- a/install/archlinux/README.md +++ b/install/archlinux/README.md @@ -95,9 +95,23 @@ The use of ruby version managers such as [RVM](http://rvm.io/), [rbenv](https:// pacman -S gdbm libffi libyaml openssl cd ruby2.0-headless makepkg --asroot + pacman -U ruby2.0-headless-2.0.0_p451-2-x86_64.pkg.tar.xz ln -s /usr/bin/ruby-2.0 /usr/bin/ruby ruby --version # ruby 2.0.0p456 (2014-03-03) [x86_64-linux] + +Install the Bundler Ruby Gem: + + mkdir /tmp/bundler + cd /tmp/bundler + wget https://aur.archlinux.org/packages/ru/ruby2.0-bundler/ruby2.0-bundler.tar.gz + tar -zxf ruby2.0-bundler.tar.gz + cd ruby2.0-bundler + makepkg --asroot + pacman -U ruby2.0-bundler-1.5.3-1-any.pkg.tar.xz + ln -s /usr/bin/bundle-2.0 /usr/bin/bundle + bundle --version + # Bundler version 1.5.3 ---------- @@ -105,24 +119,11 @@ The use of ruby version managers such as [RVM](http://rvm.io/), [rbenv](https:// Create a `git` user for Gitlab: - adduser --system --shell /sbin/nologin --comment 'GitLab User' --create-home --home-dir /home/git/ git + userdel git + useradd --system --shell /sbin/nologin --comment 'GitLab User' --create-home --home-dir /home/git/ git For extra security, the shell we use for this user does not allow logins via a terminal. -**Important:** In order to include `/usr/local/bin` to git user's PATH, one way is to edit the sudoers file. As root run: - - visudo - -Then search for this line: - - Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin - -and append `/usr/local/bin` like so: - - Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin - -Save and exit. - ---------- ## 4. GitLab shell @@ -145,7 +146,7 @@ GitLab Shell is a ssh access and repository management application developed spe sudo -u git -H editor config.yml # Do setup - sudo -u git -H /usr/local/bin/ruby ./bin/install + sudo -u git -H /usr/bin/ruby ./bin/install ---------- @@ -153,31 +154,43 @@ GitLab Shell is a ssh access and repository management application developed spe ### 5.1 PostgreSQL -Install `postgresql-server` and the `postgreqsql-devel` libraries: +Install Postgresql 9.1: - pacman -S postgresql91 + mkdir /tmp/postgresql + cd /tmp/postgresql + wget https://aur.archlinux.org/packages/po/postgresql-9.1/postgresql-9.1.tar.gz + makepkg --asroot + pacman -U postgres*.tar.xz + + # If you get this message, accept the 'yes' resolution. + # :: postgresql and postgresql-libs are in conflict. Remove postgresql-libs? [y/N] y Initialize the database: - service postgresql initdb - -Start the service and configure service to start on boot: - - service postgresql start - chkconfig postgresql on + mkdir /var/lib/postgres + chown -R postgres:postgres /var/lib/postgres + chmod -R 700 /var/lib/postgres + su - postgres + initdb --locale en_US.UTF-8 -E UTF8 -D '/var/lib/postgres/data' + # return to the root user (from postgres user) + logout + systemctl start postgresql + systemctl enable postgresql Configure the database user and password: su - postgres psql -d template1 - psql (8.4.13) + # psql (9.1.13) template1=# CREATE USER git WITH PASSWORD 'your-password-here'; CREATE ROLE template1=# CREATE DATABASE gitlabhq_production OWNER git; CREATE DATABASE template1=# \q - exit # exit uid=postgres, return to root + + # return to root user (from postgres user) + logout Test the connection as the gitlab (uid=git) user. You should be root to begin this test: @@ -191,8 +204,8 @@ If you see the following: gitlabhq_production=> -Your password has been accepted successfully and you can type \q to quit. - +Your password has been accepted successfully +Type \q to quit. ---------- ## 6. GitLab @@ -256,36 +269,25 @@ Your password has been accepted successfully and you can type \q to quit. sudo -u git -H git config --global core.autocrlf input **Important Note:** -Make sure to edit both `gitlab.yml` and `unicorn.rb` to match your setup. +Make sure to edit both `gitlab.yml` and `unicorn.rb` (above) to match your setup. ### Configure GitLab DB settings - # For MySQL - sudo -u git -H cp config/database.yml{.mysql,} - - # Make sure to update username/password in config/database.yml. - # You only need to adapt the production settings (first part). - # If you followed the database guide then please do as follows: - # Change 'secure password' with the value you have given to $password - # You can keep the double quotes around the password - sudo -u git -H editor config/database.yml - - or - # For PostgreSQL sudo -u git -H cp config/database.yml{.postgresql,} # Make config/database.yml readable to git only sudo -u git -H chmod o-rwx config/database.yml + +Edit the password for the git user in `config/database.yml` + + sudo -u git -H editor config/database.yml ### Install Gems cd /home/git/gitlab - # For MySQL (note, the option says "without ... postgres") - sudo -u git -H /usr/local/bin/bundle install --deployment --without development test postgres aws - - # Or for PostgreSQL (note, the option says "without ... mysql") + # For PostgreSQL (note, the option says "without ... mysql") sudo -u git -H bundle install --deployment --without development test mysql aws ### Initialize Database and Activate Advanced Features From a2c81b7970901094134409d72da23282fef1567c Mon Sep 17 00:00:00 2001 From: Adam Gradzki Date: Wed, 26 Mar 2014 19:51:03 -0400 Subject: [PATCH 5/8] Update README.md --- install/archlinux/README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/install/archlinux/README.md b/install/archlinux/README.md index ee946ab..14acb18 100644 --- a/install/archlinux/README.md +++ b/install/archlinux/README.md @@ -112,7 +112,10 @@ Install the Bundler Ruby Gem: ln -s /usr/bin/bundle-2.0 /usr/bin/bundle bundle --version # Bundler version 1.5.3 - + ln -s /usr/bin/gem-2.0 /usr/bin/gem + gem --version + # 2.0.14 + ---------- ## 3. System Users From c5d499cd4c05997459748662eeda0dba6f8f33a7 Mon Sep 17 00:00:00 2001 From: Adam Gradzki Date: Wed, 26 Mar 2014 19:51:57 -0400 Subject: [PATCH 6/8] Update README.md --- install/archlinux/README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/install/archlinux/README.md b/install/archlinux/README.md index 14acb18..116beb5 100644 --- a/install/archlinux/README.md +++ b/install/archlinux/README.md @@ -115,6 +115,9 @@ Install the Bundler Ruby Gem: ln -s /usr/bin/gem-2.0 /usr/bin/gem gem --version # 2.0.14 + ln -s /usr/bin/rake-2.0 /usr/bin/rake + rake --version + # rake, version 0.9.6 ---------- From 82fbb048b58a14b35bff3b10efb970a98b423aae Mon Sep 17 00:00:00 2001 From: Adam Gradzki Date: Wed, 26 Mar 2014 20:43:07 -0400 Subject: [PATCH 7/8] Update README.md --- install/archlinux/README.md | 91 ++++++++++++------------------------- 1 file changed, 29 insertions(+), 62 deletions(-) diff --git a/install/archlinux/README.md b/install/archlinux/README.md index 116beb5..3322e43 100644 --- a/install/archlinux/README.md +++ b/install/archlinux/README.md @@ -55,7 +55,7 @@ Install the basic packages needed for Gitlab: pacman -Syu pacman -S base-devel vim readline ncurses gdbm glibc tcl openssl curl expat python2 bison sqlite \ - gcc libyaml libffi libxml2 libxslt redis sudo wget logwatch logrotate perl git patch openssh + gcc libyaml libffi libxml2 libxslt redis sudo wget logwatch logrotate perl git patch openssh icu ### Configure redis Make sure redis is started on boot: @@ -294,6 +294,7 @@ Edit the password for the git user in `config/database.yml` cd /home/git/gitlab # For PostgreSQL (note, the option says "without ... mysql") + sudo -u git -H bundle install --deployment --without development test mysql aws ### Initialize Database and Activate Advanced Features @@ -302,38 +303,50 @@ Edit the password for the git user in `config/database.yml` # Type 'yes' to create the database tables. - # When done you see 'Administrator account created:' + # 'Administrator account created:' will appear when everything is finished. Type 'yes' to create the database. When done you see 'Administrator account created:' ### Install Init Script -Download the init script (will be /etc/init.d/gitlab): +Place `gitlab.target`, `gitlab-sidekiq.service`, and `gitlab-unicorn.service` +into the `/usr/lib/systemd/system/` folder. + + cp -v gitlab-sidekiq.service gitlab-unicorn.service gitlab.target /usr/lib/systemd/system/ - wget -O /etc/init.d/gitlab https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/init/sysvinit/centos/gitlab-unicorn - chmod +x /etc/init.d/gitlab - chkconfig --add gitlab +Place `gitlab.logrotate` into the `/etc/logrotate.d/gitlab` folder. -Make GitLab start on boot: + mkdir -p "/etc/logrotate.d/gitlab" + cp -v gitlab.logrotate /etc/logrotate.d/gitlab - chkconfig gitlab on +Copy `gitlab.tmpfiles.d` into the file `/usr/lib/tmpfiles.d/gitlab.conf`. -### Set up logrotate + mkdir -p "/usr/lib/tmpfiles.d" + cp -v gitlab.tmpfiles.d "/usr/lib/tmpfiles.d/gitlab.conf" - sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab +Start services on startup: + + mkdir -p /var/run/gitlab/ + touch /var/run/gitlab/sidekiq.pid + chmod 777 /var/run/gitlab/sidekiq.pid + + systemctl enable gitlab.target + systemctl enable gitlab-sidekiq.service + systemctl enable gitlab-unicorn.service + + systemctl start gitlab.target + systemctl start gitlab-unicorn.service + systemctl start gitlab-sidekiq.service ### Check Application Status Check if GitLab and its environment are configured correctly: + cd /home/git/gitlab sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production -### Start your GitLab instance: - - service gitlab start - -## Compile assets +## Precompile assets sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production @@ -362,52 +375,6 @@ Finally start nginx with: service nginx start -### Apache - -We will configure apache with module `mod_proxy` which is loaded by default when -installing apache and `mod_ssl` which will provide ssl support: - - yum -y install httpd mod_ssl - chkconfig httpd on - wget -O /etc/httpd/conf.d/gitlab.conf https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/web-server/apache/gitlab-ssl.conf - mv /etc/httpd/conf.d/ssl.conf{,.bak} - mkdir /var/log/httpd/logs/ - -Open `/etc/httpd/conf.d/gitlab.conf` with your editor and replace `git.example.org` with your FQDN. Also make sure the path to your certificates is valid. - -Add `LoadModule ssl_module /etc/httpd/modules/mod_ssl.so` in `/etc/httpd/conf/httpd.conf`. - -#### SELinux - -To configure SELinux read the **SELinux modifications** section in [README](https://gitlab.com/gitlab-org/gitlab-recipes/blob/master/web-server/apache/README.md). - -Finally, start apache: - - service httpd start - -**Note:** -If you want to run other websites on the same system, you'll need to add in `/etc/httpd/conf/httpd.conf`: - - NameVirtualHost *:80 - - # If you add NameVirtualHost *:443 here, you will also have to change - # the VirtualHost statement in /etc/httpd/conf.d/gitlab.conf - # to - NameVirtualHost *:443 - Listen 443 - - -## 8. Configure the firewall - -Poke an iptables hole so users can access the web server (http and https ports) and ssh. - - lokkit -s http -s https -s ssh - -Restart the service for the changes to take effect: - - service iptables restart - - ## Done! ### Double-check Application Status @@ -426,7 +393,7 @@ Now, the output will complain that your init script is not up-to-date as follows doc/install/installation.md in section "Install Init Script" Please fix the error above and rerun the checks. -Do not mind about that error if you are sure that you have downloaded the up-to-date file from https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/init/sysvinit/centos/gitlab-unicorn and saved it to `/etc/init.d/gitlab`. +Do not mind about that error if you are sure that you have the correct systemd rules installed. If all other items are green, then congratulations on successfully installing GitLab! However there are still a few steps left. From 1c939fb5833e001f3d2d53f06830d918b869c3a6 Mon Sep 17 00:00:00 2001 From: Adam Gradzki Date: Wed, 26 Mar 2014 21:02:29 -0400 Subject: [PATCH 8/8] Update README.md --- install/archlinux/README.md | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/install/archlinux/README.md b/install/archlinux/README.md index 3322e43..171a55b 100644 --- a/install/archlinux/README.md +++ b/install/archlinux/README.md @@ -359,21 +359,27 @@ Use either Nginx or Apache, not both. Official installation guide recommends ngi You will need a new version of nginx otherwise you might encounter an issue like [this][issue-nginx]. To do so, follow the instructions provided by the [nginx wiki][nginx-centos] and then install nginx with: - yum update - yum -y install nginx - chkconfig nginx on - wget -O /etc/nginx/conf.d/gitlab.conf https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/web-server/nginx/gitlab-ssl + pacman -S nginx + systemctl enable nginx + mkdir "/etc/nginx/conf.d" + + wget -O /etc/nginx/conf.d/gitlab.conf \ + https://gitlab.com/gitlab-org/gitlab-recipes/raw/master/web-server/nginx/gitlab-ssl + + echo "http { include /etc/nginx/conf.d/gitlab.conf; }" >> /etc/nginx/nginx.conf Edit `/etc/nginx/conf.d/gitlab` and replace `git.example.com` with your FQDN. Make sure to read the comments in order to properly set up ssl. Add `nginx` user to `git` group: - usermod -a -G git nginx + usermod -a -G git http chmod g+rx /home/git/ +Follow the instructions at the top of /etc/nginx/conf.d/gitlab.conf and generaate SSL certificates. + Finally start nginx with: - service nginx start + systemctl start nginx ## Done!