431.md 9.0 KB
Newer Older
Lab机器人's avatar
readme  
Lab机器人 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163
# Configuring GitLab application (Rails)

> 原文:[https://docs.gitlab.com/ee/administration/high_availability/gitlab.html](https://docs.gitlab.com/ee/administration/high_availability/gitlab.html)

*   [First GitLab application server](#first-gitlab-application-server)
*   [Extra configuration for additional GitLab application servers](#extra-configuration-for-additional-gitlab-application-servers)
*   [Enable Monitoring](#enable-monitoring)
*   [Troubleshooting](#troubleshooting)
*   [Upgrading GitLab HA](#upgrading-gitlab-ha)

# Configuring GitLab application (Rails)[](#configuring-gitlab-application-rails "Permalink")

本节介绍如何配置 GitLab 应用程序(Rails)组件.

**注意:**底部附近还有一些其他配置,用于其他 GitLab 应用程序服务器. 在继续安装 GitLab 之前,阅读并理解这些其他步骤非常重要.**注意:**建议尽可能通过[NFS](nfs.html)使用[Gitaly 的](gitaly.html) [Cloud Object Storage 服务](object_storage.html) ,以提高性能.

1.  如有必要,请使用以下命令安装 NFS 客户端实用程序软件包:

    ```
    # Ubuntu/Debian
    apt-get install nfs-common

    # CentOS/Red Hat
    yum install nfs-utils nfs-utils-lib 
    ```

2.`/etc/fstab`指定必要的 NFS 导出. `/etc/fstab`的确切内容取决于您选择配置 NFS 服务器的方式. 有关示例和各种选项,请参见[NFS 文档](nfs.html#nfs-client-mount-options) .

3.  创建共享目录. 这些可能会有所不同,具体取决于您的 NFS 安装位置.

    ```
    mkdir -p /var/opt/gitlab/.ssh /var/opt/gitlab/gitlab-rails/uploads /var/opt/gitlab/gitlab-rails/shared /var/opt/gitlab/gitlab-ci/builds /var/opt/gitlab/git-data 
    ```

4.  使用[GitLab 下载中的](https://about.gitlab.com/install/) **步骤 1 和 2**下载/安装 Omnibus GitLab. 不要完成下载页面上的其他步骤.
5.  创建/编辑`/etc/gitlab/gitlab.rb`并使用以下配置. 确保更改`external_url`以匹配最终的 GitLab 前端 URL. 根据您的 NFS 配置,您可能需要更改某些 GitLab 数据位置. 有关各种情况的`/etc/gitlab/gitlab.rb`配置值,请参见[NFS 文档](nfs.html) . 下面的示例假定您已在默认数据位置中添加了 NFS 挂载. 此外,给出的 UID 和 GID 只是示例,您应该使用首选值进行配置.

    ```
    external_url 'https://gitlab.example.com'

    # Prevent GitLab from starting if NFS data mounts are not available
    high_availability['mountpoint'] = '/var/opt/gitlab/git-data'

    # Disable components that will not be on the GitLab application server
    roles ['application_role']
    nginx['enable'] = true

    # PostgreSQL connection details
    gitlab_rails['db_adapter'] = 'postgresql'
    gitlab_rails['db_encoding'] = 'unicode'
    gitlab_rails['db_host'] = '10.1.0.5' # IP/hostname of database server
    gitlab_rails['db_password'] = 'DB password'

    # Redis connection details
    gitlab_rails['redis_port'] = '6379'
    gitlab_rails['redis_host'] = '10.1.0.6' # IP/hostname of Redis server
    gitlab_rails['redis_password'] = 'Redis Password'

    # Ensure UIDs and GIDs match between servers for permissions via NFS
    user['uid'] = 9000
    user['gid'] = 9000
    web_server['uid'] = 9001
    web_server['gid'] = 9001
    registry['uid'] = 9002
    registry['gid'] = 9002 
    ```

6.  [Enable monitoring](#enable-monitoring)

    **注意:**为了保持 HA 群集之间链接的统一性,第一个应用程序服务器上的`external_url`以及其他应用程序服务器应指向用户将用来访问 GitLab 的外部 URL. 在典型的 HA 设置中,这将是负载平衡器的 URL,它将把流量路由到 HA 群集中的所有 GitLab 应用程序服务器.**注意:**如上例所示,当在`external_url`指定`https`时,GitLab 会假定您在`/etc/gitlab/ssl/`具有 SSL 证书. 如果没有证书,NGINX 将无法启动. 有关更多信息,请参见[NGINX 文档](https://docs.gitlab.com/omnibus/settings/nginx.html) .**注意:**最好在初始重新配置 GitLab 之前设置`uid`和`gid` . 如果在初始重新配置后设置,Omnibus 将不会递归`chown`目录.

## First GitLab application server[](#first-gitlab-application-server "Permalink")

在第一台应用程序服务器上,运行:

```
sudo gitlab-ctl reconfigure 
```

这应该编译配置并初始化数据库. 在下一步之前,不要在其他应用程序服务器上运行此命令.

## Extra configuration for additional GitLab application servers[](#extra-configuration-for-additional-gitlab-application-servers "Permalink")

其他的 GitLab 服务器( **在**第一个 GitLab 服务器**之后**配置的服务器)需要一些额外的配置.

1.  配置共享机密. 这些值可以从`/etc/gitlab/gitlab-secrets.json`的主要 GitLab 服务器`/etc/gitlab/gitlab-secrets.json` . **在**运行上述步骤中的第一次`reconfigure` **之前,**将此文件复制到辅助服务器.

    ```
    gitlab_shell['secret_token'] = 'fbfb19c355066a9afb030992231c4a363357f77345edd0f2e772359e5be59b02538e1fa6cae8f93f7d23355341cea2b93600dab6d6c3edcdced558fc6d739860'
    gitlab_rails['otp_key_base'] = 'b719fe119132c7810908bba18315259ed12888d4f5ee5430c42a776d840a396799b0a5ef0a801348c8a357f07aa72bbd58e25a84b8f247a25c72f539c7a6c5fa'
    gitlab_rails['secret_key_base'] = '6e657410d57c71b4fc3ed0d694e7842b1895a8b401d812c17fe61caf95b48a6d703cb53c112bc01ebd197a85da81b18e29682040e99b4f26594772a4a2c98c6d'
    gitlab_rails['db_key_base'] = 'bf2e47b68d6cafaef1d767e628b619365becf27571e10f196f98dc85e7771042b9203199d39aff91fcb6837c8ed83f2a912b278da50999bb11a2fbc0fba52964' 
    ```

2.  运行`touch /etc/gitlab/skip-auto-reconfigure`以防止数据库迁移在升级时运行. 只有主 GitLab 应用程序服务器才能处理迁移.

3.  **推荐**配置主机密钥. 将主应用程序服务器上`/etc/ssh/`的内容(私钥和公钥)复制到所有辅助服务器上的`/etc/ssh` . 这样可以防止访问负载平衡器后面的高可用性群集中的服务器时出现虚假的中间人攻击警报.

4.  运行`sudo gitlab-ctl reconfigure`来编译配置.

**注意:**发生更新并执行数据库迁移后,您将需要重新启动 GitLab 应用程序节点.

## Enable Monitoring[](#enable-monitoring "Permalink")

在 GitLab 12.0 中[引入](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/3786) .

如果启用了监视,则必须在**所有** GitLab 服务器上将其启用.

1.  Make sure to collect [`CONSUL_SERVER_NODES`](../postgresql/replication_and_failover.html#consul-information), which are the IP addresses or DNS records of the Consul server nodes, for the next step. Note they are presented as `Y.Y.Y.Y consul1.gitlab.example.com Z.Z.Z.Z`

2.  创建/编辑`/etc/gitlab/gitlab.rb`并添加以下配置:

    ```
    # Enable service discovery for Prometheus
    consul['enable'] = true
    consul['monitoring_service_discovery'] =  true

    # Replace placeholders
    # Y.Y.Y.Y consul1.gitlab.example.com Z.Z.Z.Z
    # with the addresses of the Consul server nodes
    consul['configuration'] = {
       retry_join: %w(Y.Y.Y.Y consul1.gitlab.example.com Z.Z.Z.Z),
    }

    # Set the network addresses that the exporters will listen on
    node_exporter['listen_address'] = '0.0.0.0:9100'
    gitlab_workhorse['prometheus_listen_addr'] = '0.0.0.0:9229'
    sidekiq['listen_address'] = "0.0.0.0"
    puma['listen'] = '0.0.0.0'

    # Add the monitoring node's IP address to the monitoring list that allows it to
    # scrape the NGINX metrics. Replace placeholder `monitoring.gitlab.example.com` with
    # the address and/or subnets gathered from the monitoring node(s).
    gitlab_rails['monitoring_whitelist'] = ['monitoring.gitlab.example.com', '127.0.0.0/8']
    nginx['status']['options']['allow'] = ['monitoring.gitlab.example.com', '127.0.0.0/8'] 
    ```

3.  运行`sudo gitlab-ctl reconfigure`来编译配置.

    **警告:**如果运行 Unicorn,则在`gitlab.rb`更改`unicorn['listen']`并运行`sudo gitlab-ctl reconfigure`后,收到`HUP`后,Unicorn 可能需要较长的时间才能完成重新加载. 有关更多信息,请参见[问题](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/4401) .

## Troubleshooting[](#troubleshooting "Permalink")

*   `mount: wrong fs type, bad option, bad superblock on`

您尚未安装必要的 NFS 客户端实用程序. 请参阅上面的步骤 1.

*   `mount: mount point /var/opt/gitlab/... does not exist`

NFS 服务器上不存在此特定目录. 确保共享已导出并且存在于 NFS 服务器上,然后尝试重新安装.

* * *

## Upgrading GitLab HA[](#upgrading-gitlab-ha "Permalink")

可以在不停机的情况下升级 GitLab HA 安装,但是必须仔细协调升级过程,以免发生故障. 有关更多详细信息,请参见[Omnibus GitLab 多节点升级文档](https://docs.gitlab.com/omnibus/update/) .

阅读更多有关高可用性配置的信息:

1.  [Configure the database](../postgresql/replication_and_failover.html)
2.  [Configure Redis](redis.html)
3.  [Configure NFS](nfs.html)
4.  [Configure the load balancers](load_balancer.html)