Warning Livedoc is no longer being updated and will be deprecated shortly. Please refer to https://documentation.tjhsst.edu.

Gitlab Install

From Livedoc - The Documentation Repository
Jump to: navigation, search
Gitlab Logo

How to Use This Guide

Full install instructions are at the Gentoo Install Guide and Official Install Guides

Take note that these two guides have similar content, but in a different order. I recommend following the Gentoo Install Guide to the end, and then switch over to the Official Guide for the advanced portion.

This guide will provide my notes, caveats, necessary additional steps, and the like. Read it along side the main install guides.

Initial Package Installation

Make sure ssmtp is installed. Install bundler with gem install bundler -N The documentation lists out of date options for removing documentation, -N should work instead.

I highly recommend using a separate partition for /home/git/repositories, so get the drive in place for later.

Database Installation

Use Postgresql, it's very easy and the only official supported database. After you emerge it, run emerge --config =dev-db/postgresql-server-<version> That command will probably be given to you at the end of the emerge anyway.

Make sure you use su - git when switching user, otherwise you'll have and error about a directory (/root in my case) being unassailable.

Installing Bundles

Assuming you're using postgre, you want this command: bundle install --deployment --without development test mysql The gentoo guide is oddly formatted and makes that non-obvious.

Finish Installing

Do NOT set the git user's shell to /sbin/nologin. This will result in the error git fatal: protocol error: bad line length character: This when pushing using ssh. This is because nologin prints "This user is currently unavailable" on attempted logins, which git tries to intemperate as part of the git data, which causes it to crash.

Advanced Features/Post-Install

LDAP

You're almost certainly going to want LDAP auth against the TJ local (windows) domain. To do this, edit /home/git/gitlab/config/gitlab.yml and make the LDAP section look like:

ldap:
enabled: true
host: 'tj04.local.tjhsst.edu'
#base: '_the_base_where_you_search_for_users'
base: 'dc=local,dc=tjhsst,dc=edu'
port: 389
uid: 'samAccountName'
method: 'plain' # "tls" or "ssl" or "plain"
#bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
bind_dn: 'cn=Syslab Access,ou=Users,ou=UNIX,dc=local,dc=tjhsst,dc=edu'
password: <censored, ask andrew>
# If allow_username_or_email_login is enabled, GitLab will ignore everything
# after the first '@' in the LDAP username submitted by the user on login.
# Example:
# - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
# - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
#
# If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
# disable this setting, because the userPrincipalName contains an '@'.
allow_username_or_email_login: true

Obviously you'll have to get the password from an administrator. After updating this config, run bundle exec rake gitlab:ldap:check RAILS_ENV=production. This should produce a very long list of users.

If it says it connected to the LDAP server but doesn't list any users, you have the port and server right but the wrong password or bind_dn or uid. If it can't connect to the ldap server at all, you probably have the wrong port or host.

SSL

This file is both the correct gitlab-ssl config file for nginx and a mini-tutorial on reconfiguring gitlab to work over ssl.

You'll want to get the crt and key files from /etc/apache2/ssl on a server already running https (www or bugs most likely). You can just drop them in /etc/nginx.

This method is depreciated! Use "ssl_trusted_certificate /etc/nginx/VERISIGN-BUNDLE.crt" in the site config instead

Unlike apache, nginx handles chained certs by adding them on the end of the main file. This means you'll have to run

cat VERISIGN-BUNDLE.crt >> tjhsst_<year>.crt


Sendmail

Ssmtp should already be installed from earlier, but if it isn't, go ahead and install it. Edit /etc/ssmtp/ssmtp.conf and ensure the values match those below:

root=postmaster
mailhub=mail.tjhsst.edu:465
rewriteDomain=tjhsst.edu
FromLineOverride=YES
UseTLS=YES

Last but not least, edit /home/git/gitlab/config/environments/production.rb and uncomment the sendmail settings section. Remove the "-t" argument from the arguments list, our sendmail version doesn't support that flag.

Redis Memory Limit

Unless we bump Redis' memory limit, it will fairly quickly hit its maxmemory and cause Gitlab to return 500 Internal Server Error.

gitlab ~ # redis-cli
redis 127.0.0.1:6379> config set maxmemory 256000000
OK
redis 127.0.0.1:6379> exit
gitlab ~ #