How to Use This Guide
Take note that these two guides have similar content, but in a different order. I recommend following the Gentoo Install Guide to the end, and then switch over to the Official Guide for the advanced portion.
This guide will provide my notes, caveats, necessary additional steps, and the like. Read it along side the main install guides.
Initial Package Installation
Make sure ssmtp is installed. Install bundler with
gem install bundler -N
The documentation lists out of date options for removing documentation, -N should work instead.
I highly recommend using a separate partition for /home/git/repositories, so get the drive in place for later.
Use Postgresql, it's very easy and the only official supported database. After you emerge it, run
emerge --config =dev-db/postgresql-server-<version>
That command will probably be given to you at the end of the emerge anyway.
Make sure you use
su - git when switching user, otherwise you'll have and error about a directory (/root in my case) being unassailable.
Assuming you're using postgre, you want this command:
bundle install --deployment --without development test mysql
The gentoo guide is oddly formatted and makes that non-obvious.
Do NOT set the git user's shell to /sbin/nologin. This will result in the error
git fatal: protocol error: bad line length character: This when pushing using ssh. This is because nologin prints "This user is currently unavailable" on attempted logins, which git tries to intemperate as part of the git data, which causes it to crash.
You're almost certainly going to want LDAP auth against the TJ local (windows) domain. To do this, edit
/home/git/gitlab/config/gitlab.yml and make the LDAP section look like:
ldap: enabled: true host: 'tj04.local.tjhsst.edu' #base: '_the_base_where_you_search_for_users' base: 'dc=local,dc=tjhsst,dc=edu' port: 389 uid: 'samAccountName' method: 'plain' # "tls" or "ssl" or "plain" #bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' bind_dn: 'cn=Syslab Access,ou=Users,ou=UNIX,dc=local,dc=tjhsst,dc=edu' password: <censored, ask andrew> # If allow_username_or_email_login is enabled, GitLab will ignore everything # after the first '@' in the LDAP username submitted by the user on login. # Example: # - the user enters 'email@example.com' and 'p@ssw0rd' as LDAP credentials; # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'. # # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to # disable this setting, because the userPrincipalName contains an '@'. allow_username_or_email_login: true
Obviously you'll have to get the password from an administrator.
After updating this config, run
bundle exec rake gitlab:ldap:check RAILS_ENV=production. This should produce a very long list of users.
If it says it connected to the LDAP server but doesn't list any users, you have the port and server right but the wrong password or bind_dn or uid. If it can't connect to the ldap server at all, you probably have the wrong port or host.
This file is both the correct gitlab-ssl config file for nginx and a mini-tutorial on reconfiguring gitlab to work over ssl.
You'll want to get the crt and key files from
/etc/apache2/ssl on a server already running https (www or bugs most likely). You can just drop them in
This method is depreciated! Use "ssl_trusted_certificate /etc/nginx/VERISIGN-BUNDLE.crt" in the site config instead
Unlike apache, nginx handles chained certs by adding them on the end of the main file. This means you'll have to run
cat VERISIGN-BUNDLE.crt >> tjhsst_<year>.crt
Ssmtp should already be installed from earlier, but if it isn't, go ahead and install it. Edit
/etc/ssmtp/ssmtp.conf and ensure the values match those below:
root=postmaster mailhub=mail.tjhsst.edu:465 rewriteDomain=tjhsst.edu FromLineOverride=YES UseTLS=YES
Last but not least, edit
/home/git/gitlab/config/environments/production.rb and uncomment the sendmail settings section. Remove the "-t" argument from the arguments list, our sendmail version doesn't support that flag.
Redis Memory Limit
Unless we bump Redis' memory limit, it will fairly quickly hit its maxmemory and cause Gitlab to return 500 Internal Server Error.
gitlab ~ # redis-cli redis 127.0.0.1:6379> config set maxmemory 256000000 OK redis 127.0.0.1:6379> exit gitlab ~ #