1. Requirements
2. References
3. GitLab v8.x installation
On the internet you can find various instructions how to install GitLab on FreeBSD server. This manual is based on references mentioned above and how Charles Newey wrote on his blog, you should read the official GitLab installation guide before.
This installation instructions were successfully tested on FreeBSD server in the jail environment. PostgreSQL server was installed on different machine.
SSH to your FreeBSD, enter the jail, where GitLab going to be installed, (jexec gitlab tcsh) and install basic packages for GitLab installation.
pkg update && pkg upgrade
# Install system packages
pkg install sudo bash icu cmake gmake libxslt libxml2 libgit2 pkgconf git rubygem-bundler rubygem-rake node012 logrotate redis krb5 python2
# Install go compiler for gitlab-git-http-server compilation
pkg install go
# For PostgreSQL server on the different machine install only PostgreSQL client package
pkg install postgresql94-client
# When you install PostgreSQL server on the same machine you have to install these packages
# pkg install postgresql94-server postgresql94-contrib
Update rubygems and install bundler gem system-wide.
gem install bundler --no-ri --no-rdoc
Add/edit this lines to '/etc/rc.conf' to start required servers during start up of the jail.
sshd_enable="YES"
# execute in the shell
echo '# GitLab services' >> /etc/rc.conf
echo 'redis_enable="YES"' >> /etc/rc.conf
echo 'gitlab_enable="YES"' >> /etc/rc.conf
4. Create git user
For GitLab create 'git' user and add 'git' user to 'redis' group (this will come in useful later).
pw user mod git -G redis
5. Set up PostgreSQL database
Create DB user 'git' and create GitLab database. Execute this commands on machine, where PostgreSQL server is installed. First of all we should connect to the template databese.
psql -d template1
When logged into the database, create a user for GitLab, the GitLab production database & grant all privileges on database.
ALTER USER git WITH PASSWORD '<your_password>';
CREATE DATABASE gitlabhq_production OWNER git;
\connect gitlabhq_production
CREATE EXTENSION pg_trgm;
\q
- Note: When you don't want secure database, don't execute command 'ALTER ...'
Then type 'exit' to drop back to the root user and try connecting to the new database as the git user.
su - git
psql -d gitlabhq_production
\q
# exit git user shell
exit
6. Install and set up Redis
Back up the original Redis config file a execute the following commands to get Redis working.
# Disable Redis listening on TCP by setting 'port' to 0
sed 's/^port .*/port 0/' /usr/local/etc/redis.conf.orig | tee /usr/local/etc/redis.conf
# Enable Redis socket
echo 'unixsocket /usr/local/var/run/redis/redis.sock' | tee -a /usr/local/etc/redis.conf
# Grant permission to the socket to all members of the redis group
echo 'unixsocketperm 770' | tee -a /usr/local/etc/redis.conf
# Create the directory which contains the socket
mkdir -p /usr/local/var/run/redis
chown redis:redis /usr/local/var/run/redis
chmod 755 /usr/local/var/run/redis
# Restart redis
service redis restart
7. Install and set up GitLab
Change to git home directory and clone GitLab source (check latest lersion at Gitlab homepage).
sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 8-7-stable gitlab
cd /home/git/gitlab
sudo -u git -H git fetch --all
sudo -u git -H git checkout -- Gemfile.lock db/schema.rb
sudo -u git -H git checkout LATEST_TAG -b LATEST_TAG
- Note:
- Replace LATEST_TAG with the latest GitLab tag you want to update to, for example v8.7.2. Use `git tag -l 'v*.[0-9]' --sort='v:refname'` to see a list of all tags.
- Update '8-7-stable' with the last version of the GitLab
- You can change '8-7-stable' to 'master' if you want the bleeding edge version, but never install 'master' on a production server!
Go to GitLab source folder and configure GitLab.
sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml
GitLab doesn't like symlinks and '/home/' is a symlink to '/usr/home/'. You need to edit it in 2 places in the GitLab config.
sed -i '.bak' 's/home\/git/usr\/home\/git/g' config/gitlab.yml
In the GitLab configuration file set the option 'host'. It should be set to your domain or IP address, e.g. "gitlab.mysite.com". The line 'bin_path' should be set to git binary, e.g. '/usr/local/bin/git'.
Copy the example secrets file.
sudo -u git -H chmod 0600 config/secrets.yml
- Note: Secure secrets.yml. The secrets.yml file stores encryption keys for sessions and secure variables. Backup secrets.yml someplace safe, but don't store it in the same place as your database backups. Otherwise your secrets are exposed if one of your backups is compromised.
Set up directory and file with appropriate permissions.
cd /home/git/gitlab
chown -R git log/
chown -R git tmp/
chmod -R u+rwX,go-w log/
chmod -R u+rwX tmp/
# Make sure GitLab can write to the tmp/pids/ and tmp/sockets/ directories
chmod -R u+rwX tmp/pids/
chmod -R u+rwX tmp/sockets/
# Make sure GitLab can write to the public/uploads/ directory
mkdir -p -m 700 public/uploads
mkdir -p -m 755 public/uploads/tmp
chown -R git public/uploads/
Copy the example Unicorn config and configure the Unicorn. Enable cluster mode if you expect to have a high load instance, eg. change amount of workers to 3 for 2GB RAM server. Set the number of workers to at least the number of cores.
# set listen IP and port of GitLab (choose different port as Redmine)
# listen 127.0.0.1:8080
vi config/unicorn.rb
Copy the example Rack attack config.
Configure Git global settings for git user, useful when editing via web. Edit 'user.email' according to what is set in 'gitlab.yml'.
#sudo -u git -H git config --global user.email "example@example.com"
sudo -u git -H git config --global core.autocrlf input
Copy Redis connection settings and configure Redis to use the modified socket path.
# Change 'production' line to 'unix:/usr/local/var/run/redis/redis.sock'
sed -i '.bak' "s/production:.*$/production: unix:\/usr\/local\/var\/run\/redis\/redis.sock/g" config/resque.yml
- Important Note:
- Make sure to edit both 'gitlab.ym'l and 'unicorn.rb' to match your setup.
- If you want to git repository located outside the jail, update 'repos_path' in 'config/gitlab.yml', create this directory and set owner to git by commands:
mkdir -p /mnt/git/repositories/
chown -R git:git /mnt/git/repositories
8. Configure GitLab DB settings
Copy and update GitLab postgreSQL database configuration file. Set the database password and name to the one you picked for the 'git' PostgreSQL user from step the step 5).
# Make config/database.yml readable to git only
sudo -u git -H chmod o-rwx config/database.yml
# Update database connection. Use section 'production' for changes
#sed -i '.bak' "s/password/\$<your_password>/g" config/database.yml
9. Configure GitLab shell
GitLab Shell is an SSH access and repository management software developed specially for GitLab. First of all we have to install Ruby Gems.
sudo -u git -H bundle install --deployment --without development test mysql aws
- Note:
- Add line below to '.bundle/config' when timfel-krb5-auth-0.8.3 failed
BUNDLE_BUILD__TIMFEL-KRB5-AUTH: --with-ldflags=-L. -Wl,-O1 -Wl,--as-needed -fstack-protector -rdynamic -Wl,-export-dynamic -Wl,--no-undefined -lcom_err
- If you get an SSL error edit the 'Gemfile' to source http and run it again.
sed -i '' "s/https/http/g" Gemfile
- Add line below to '.bundle/config' when timfel-krb5-auth-0.8.3 failed
Run the rake task for installing gitlab-shell.
sudo -u git -H sed -i '.bak' 's/: \/home\/git/: \/usr\/home\/git/g' /home/git/gitlab-shell/config.yml
cd /home/git/gitlab-shell
sudo -u git -H git fetch
sudo -u git -H git checkout v`cat /home/git/gitlab/GITLAB_SHELL_VERSION` -b v`cat /home/git/gitlab/GITLAB_SHELL_VERSION`
cd /home/git/gitlab
- Note: shell version [2.6.5] can be the same as in the file '/home/git/gitlab/GITLAB_SHELL_VERSION'.
Edit the gitlab-shell config file. Change the 'socket' option to '/usr/local/var/run/redis/redis.sock'. Change the 'gitlab_url' option to 'http://127.0.0.1:8080/' (IP address and port must be the same as in 'config/unicorn.rb'). Don't bother configuring any SSL stuff in here because it's used internally.
#gitlab_url: http://127.0.0.1:8080/
#socket: "/usr/local/var/run/redis/redis.sock"
# exit git user shell
exit
10. Install gitlab-git-http-server - OBSOLETE
Replaced by Gitlab-Workhorse.sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-git-http-server.git
cd gitlab-git-http-server
sudo -u git -H make
10. Install gitlab-workhorse
Gitlab-workhorse is a small deamon to handle Git HTTP traffic from unicorn, coded in Go. Gitlab-workhorse was designed to unload Git HTTP traffic from the GitLab Rails app (Unicorn) to a separate daemon. It also serves 'git archive' downloads for GitLab. All authentication and authorization logic is still handled by the GitLab Rails app.sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-workhorse.git
cd gitlab-workhorse
sudo -u git -H git fetch
sudo -u git -H git checkout v`cat /home/git/gitlab/GITLAB_WORKHORSE_VERSION` -b v`cat /home/git/gitlab/GITLAB_WORKHORSE_VERSION`
sudo -u git -H make
11. Initialization and activation of the database
Execute following commands to initialise Database. Type 'yes' to create the database tables. When it is done you see 'Administrator account created:'.
sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD="your_password"
- Note: You can set the initial Administrator password by supplying it in the environmental variable GITLAB_ROOT_PASSWORD. If you don't set the password (and it is set to the default one) please don't expose GitLab to the public internet until the installation is complete and you have changed the default password.
12. Prepare GitLab init script
Copy and update init script.
I had the problem with automatic start of the GitLab service after the reboot of machine so this patch solve this problem.
+++ gitlab 2015-12-09 11:00:56.000000000 +0100
@@ -4,17 +4,11 @@
# Maintainer: @randx
# Authors: rovanion.luckey@gmail.com, @randx
-### BEGIN INIT INFO
-# Provides: gitlab
-# Required-Start: $local_fs $remote_fs $network $syslog redis-server
-# Required-Stop: $local_fs $remote_fs $network $syslog
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: GitLab git repository management
-# Description: GitLab git repository management
-# chkconfig: - 85 14
-### END INIT INFO
-
+### FreeBSD INIT INFO
+# PROVIDE: gitlab
+# REQUIRE: LOGIN redis
+# KEYWORD: shutdown
+### END FreeBSD INIT INFO
###
# DO NOT EDIT THIS FILE!
@@ -23,9 +17,15 @@
# An example defaults file can be found in lib/support/init.d/gitlab.default.example
###
+. /etc/rc.subr
-### Environment variables
-RAILS_ENV="production"
+name="gitlab"
+rcvar=gitlab_enable
+extra_commands="reload status"
+
+load_rc_config $name
+
+: ${gitlab_enable:=NO}
# Script variable names should be lower-case not to conflict with
# internal /bin/sh variables such as PATH, EDITOR or SHELL.
@@ -40,14 +40,20 @@
gitlab_workhorse_pid_path="$pid_path/gitlab-workhorse.pid"
gitlab_workhorse_options="-listenUmask 0 -listenNetwork unix -listenAddr $socket_path/gitlab-workhorse.socket -authBackend http://127.0.0.1:8080"
gitlab_workhorse_log="$app_root/log/gitlab-workhorse.log"
-shell_path="/bin/bash"
+shell_path="/usr/local/bin/bash"
+
+### Environment variables
+RAILS_ENV="production"
+export PATH=$PATH:/usr/local/bin:/usr/local/sbin
# Read configuration variable file if it is present
test -f /etc/default/gitlab && . /etc/default/gitlab
# Switch to the app_user if it is not he/she who is running the script.
if [ `whoami` != "$app_user" ]; then
- eval su - "$app_user" -s $shell_path -c $(echo \")$0 "$@"$(echo \"); exit;
+ eval su - "$app_user" -c $(echo \")service $name "$@"$(echo \"); exit;
+# eval su - "$app_user" -c $(echo \")$0 "$@"$(echo \"); exit;
+# eval su - "$app_user" -s $shell_path -c $(echo \")$0 "$@"$(echo \"); exit;
fi
# Switch to the gitlab path, exit on failure.
@@ -364,30 +370,10 @@
start_gitlab
}
+start_cmd="start_gitlab"
+stop_cmd="stop_gitlab"
+restart_cmd="restart_gitlab"
+reload_cmd="reload_gitlab"
+status_cmd="print_status"
-### Finally the input handling.
-
-case "$1" in
- start)
- start_gitlab
- ;;
- stop)
- stop_gitlab
- ;;
- restart)
- restart_gitlab
- ;;
- reload|force-reload)
- reload_gitlab
- ;;
- status)
- print_status
- exit $gitlab_status
- ;;
- *)
- echo "Usage: service gitlab {start|stop|restart|reload|status}"
- exit 1
- ;;
-esac
-
-exit
+run_rc_command "$1"
13. Check configuration and compile assets
Check if GitLab and its environment are configured correctly.
cd /home/git/gitlab
bundle exec rake gitlab:env:info RAILS_ENV=production
# exit git user shell
exit
If this all passes (all green and/or no errors are reported), then go ahead and compile all of the assets for GitLab. This can take ~10-15 minutes on a smaller machine, so don't panic if it takes a while!
If all of the above steps complete with no errors and everything has gone smoothly, then start the GitLab service.
Check everything with this command just to be sure.
14. Nginx configuration
The officially supported web server in GitLab is nginx. GitLab provide an nginx configuration file in the '/home/git/gitlab/lib/support/nginx/gitlab', so you can copy that if you prefer, and modify their template.
# Tell nginx where to find the gitlab server.
sed -i ".bak" "s/proxy_pass http:\/\/gitlab;/proxy_pass http:\/\/127.0.0.1:8080;/g" /usr/local/etc/nginx/gitlab.conf
# Disable gzip static. If you compile nginx from ports you can enable gzip. pkg comes with it disabled by default.
sed -i ".bak" "s/gzip_static on;/#gzip_static on;/g" /usr/local/etc/nginx/gitlab.conf
# Edit /usr/local/etc/nginx/nginx.conf and add the following line before the last }
include /usr/local/etc/nginx/gitlab.conf;
# SSL seetup
# see file install_gitlab-ssl.txt
# Check nginx setup
nginx -t
# Restart nginx, and you should be up and running.
service nginx restart
Comments