Outils pour utilisateurs

Outils du site


instance_git

Présentation Gitlab

La solution choisie a été Gitlab. Elle se décline en 2 versions, Community Edition et Enterprise Edition (avec des fonctionnalités supplémentaire, par exemple un support inclus).

Ce système comporte une intégration native de LDAP , il pourra donc s'y connecter facilement quand notre serveur LDAP sera mis en place et simplifiera donc la gestion des membres.

C'est une solution 100% libre et open source, sous licence MIT Expat license, utilisée par plusieurs associations, telle que Framasoft

Langage

Le langage principalement utilisé est Ruby

Prérequis

Stockage

  • 5 - 10 GB pour la base de données
  • Dépend de la taille des dépôts stockés
  • LVM conseillé
  • Possibilité de monter des répertoires en NFS

CPU

  • 2 coeurs jusqu'à 500 utilisateurs

Mémoire

  • 4 GB pour une installation > 100 utilisateurs
  • 2 GB + 2 GB swap minimum mais peut être relativement lent

Base de données

  • PostgreSQL (extension pg_trm activée)
  • MySQL déconseillé Issue

Configuration

Cette partie définit ce qui a été activé et désactivé.

L'installation de Gitlab comprend tout ce dont elle a besoin pour fonctionner mais tout cela en interne, c'est à dire que sa base de donnée est installé dans son répertoire. Afin de pouvoir facilement moduler, recréer et gérer une instance, la décision a été prise d'externaliser le plus de chose.

Configuration Gitlab

Version des éléments utilisés

  • Gitlab: 9.2
  • PostgreSQL: 9.4
  • NGINX: 1.10
  • Git: 2.11

Ont été externalisés:

  • PostgreSQL
  • NGINX

Ont été désactivés:

  • Gravatar

Configuration générale

 gitlab_rails['gitlab_ssh_host'] = '__GITLAB_HOST_SSH__'
 gitlab_rails['time_zone'] = 'Bern'

### Default Theme
 gitlab_rails['gitlab_default_theme'] = 2

### Gravatar Settings
  gitlab_rails['gravatar_enabled'] = false

Configuration mails

### Email Settings
 gitlab_rails['gitlab_email_enabled'] = true
 gitlab_rails['gitlab_email_from'] = '__EMAIL_FROM__'
 gitlab_rails['gitlab_email_display_name'] = '__EMAIL_DN__'
 gitlab_rails['gitlab_email_reply_to'] = '__EMAIL_REPLY'
 gitlab_rails['gitlab_email_subject_suffix'] = '__EMAIL_SUFFIX__'


### GitLab email server settings
###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
###! **Use smtp instead of sendmail/postfix.**
 gitlab_rails['smtp_enable'] = true
 gitlab_rails['smtp_address'] = "__SMTP_SERVER__"
 gitlab_rails['smtp_port'] = 465
 gitlab_rails['smtp_user_name'] = "__SMTP_USER__"
 gitlab_rails['smtp_password'] = "__SMTP_PASSWORD__"
 gitlab_rails['smtp_domain'] = "__SMTP_DOMAIN__"
 gitlab_rails['smtp_authentication'] = "login"
 gitlab_rails['smtp_enable_starttls_auto'] = true
 gitlab_rails['smtp_tls'] = true

Configuration PostgreSQL

### GitLab database settings
###! Docs: https://docs.gitlab.com/omnibus/settings/database.html
###! **Only needed if you use an external database.**
  postgresql['enable'] = false
 gitlab_rails['db_adapter'] = "postgresql"
 gitlab_rails['db_encoding'] = "utf8"
 gitlab_rails['db_database'] = "__GITLAB_DB__"
 gitlab_rails['db_username'] = "__GITLAB_USER__"
 gitlab_rails['db_password'] = '__GITLAB_PASSWORD__'
 gitlab_rails['db_host'] = '__HOST__'
 gitlab_rails['db_port'] = '5432'

Configuration NGINX

 web_server['external_users'] = ['www-data']
 nginx['enable'] = false
 unicorn['enable'] = false
gitlab_rails['internal_api_url'] ='__GITLAB_FQDN__'

Configuration virtualhost sur le serveur NGINX

Pour que Gitlab puisse utiliser correctement NGINX, il faut:

  • Installer Passenger
  • Ajouter le chemin de passenger dans nginx.conf
  • www-data fasse partie du groupe gitlab-www

La redirection de HTTP vers HTTPS se fait automatiquent.

gitlab_vhost
upstream gitlab-workhorse {
  server unix://var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;
}

server {
  listen *:80;
  server_name __SERVER_NAME__
  return 301 https://$host$request_uri;
}

server {
  listen *:443;
  server_name __SERVER_NAME__
  server_tokens off;
  root /opt/gitlab/embedded/service/gitlab-rails/public;

  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
  client_max_body_size 250m;

  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;

  ssl on;
  ssl_certificate  "/etc/ssl/private/gitlab.crt";
  ssl_certificate_key  "/etc/ssl/private/gitlab.key";

  # Ensure Passenger uses the bundled Ruby version
  passenger_ruby /opt/gitlab/embedded/bin/ruby;

  # Correct the $PATH variable to included packaged executables
  passenger_env_var PATH "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/usr/local/bin:/usr/bin:/bin";

  # Make sure Passenger runs as the correct user and group to
  # prevent permission issues
  passenger_user git;
  passenger_group git;

  # Enable Passenger & keep at least one instance running at all times
  passenger_enabled on;
  passenger_min_instances 1;

  location ~ ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$ {
    # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
    error_page 418 = @gitlab-workhorse;
    return 418;
  }

  location ~ ^/[\w\.-]+/[\w\.-]+/repository/archive {
    # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
    error_page 418 = @gitlab-workhorse;
    return 418;
  }

  location ~ ^/api/v3/projects/.*/repository/archive {
    # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
    error_page 418 = @gitlab-workhorse;
    return 418;
  }

  # Build artifacts should be submitted to this location
  location ~ ^/[\w\.-]+/[\w\.-]+/builds/download {
      client_max_body_size 0;
      # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
      error_page 418 = @gitlab-workhorse;
      return 418;
  }

  # Build artifacts should be submitted to this location
  location ~ /ci/api/v1/builds/[0-9]+/artifacts {
      client_max_body_size 0;
      # 'Error' 418 is a hack to re-use the @gitlab-workhorse block
      error_page 418 = @gitlab-workhorse;
      return 418;
  }

  # For protocol upgrades from HTTP/1.0 to HTTP/1.1 we need to provide Host header if its missing
  if ($http_host = "") {
  # use one of values defined in server_name
    set $http_host_with_default "git.example.com";
  }

  if ($http_host != "") {
    set $http_host_with_default $http_host;
  }

  location @gitlab-workhorse {

    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      3600;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    # Do not buffer Git HTTP responses
    proxy_buffering off;

    proxy_set_header    Host                $http_host_with_default;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;

    proxy_pass http://gitlab-workhorse;

    ## The following settings only work with NGINX 1.7.11 or newer
    #
    ## Pass chunked request bodies to gitlab-workhorse as-is
    # proxy_request_buffering off;
    # proxy_http_version 1.1;
  }

  ## Enable gzip compression as per rails guide:
  ## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
  ## WARNING: If you are using relative urls remove the block below
  ## See config/application.rb under "Relative url support" for the list of
  ## other files that need to be changed for relative url support
  location ~ ^/(assets)/ {
    root /opt/gitlab/embedded/service/gitlab-rails/public;
    gzip_static on; # to serve pre-gzipped version
    expires max;
    add_header Cache-Control public;
  }

  error_page 502 /502.html;
}

Liens

instance_git.txt · Dernière modification: 2017/06/05 16:47 par sven