# Gitlab单机
# 关键字说明
- 绿色字体代表已完成
- 红色字体代表待完成
# 实验明细
- 配置
- 运行
- 极致优化,>14版本通用
- 集成
# docker-compose.yaml
# 可参考 https://hub.docker.com/r/gitlab/gitlab-ce
# 内置变量,可参考 https://blog.csdn.net/weixin_44749269/article/details/134937579
version: '3'
networks:
gitlab-network:
driver: bridge
volumes:
gitlab-runner-data:
services:
redis:
image: registry.cn-shanghai.aliyuncs.com/odboy/ops:redis-7.4.0-alpine3.20
container_name: gitlab-redis
hostname: gitlab-redis.odboy.local
restart: unless-stopped
command: redis-server --requirepass redisadmin --appendonly yes --protected-mode yes --loglevel notice --databases 100 --always-show-logo no --rdbcompression yes --rdbchecksum yes --replica-serve-stale-data yes --replica-read-only yes --jemalloc-bg-thread yes
environment:
TZ: Asia/Shanghai
LANG: en_US.UTF-8
volumes:
- "./gitlab-redis:/data"
networks:
- gitlab-network
ports:
- "16379:6379"
healthcheck:
test: [ "CMD", "redis-cli", "ping" ]
interval: 1s
timeout: 3s
retries: 30
gitlab:
image: registry.cn-shanghai.aliyuncs.com/odboy/ops:gitlab-ce-14.8.2
#image: registry.cn-shanghai.aliyuncs.com/odboy/ops:gitlab-ce-16.11.3
#image: registry.cn-shanghai.aliyuncs.com/odboy/ops:gitlab-ce-17.2.2
#image: registry.cn-shanghai.aliyuncs.com/odboy/ops:gitlab-ce-17.3.1
restart: unless-stopped
container_name: gitlab-core
environment:
TZ: Asia/Shanghai
# 这个环境变量千万不能加, 为什么呢?因为它会影响数据库, 留着是为了警示自己
# LANG: en_US.UTF-8
CI_REGISTRY: 192.168.235.100:22250
CI_REGISTRY_USER: gitlabadmin
CI_REGISTRY_PASSWORD: gitlabadmin
GITLAB_OMNIBUS_CONFIG: |
# ================ 主服务 ================
# 设置url地址, web站点访问地址
external_url 'http://192.168.235.100:20080'
# 设置ssh地址, ssh访问地址
gitlab_rails['gitlab_shell_ssh_port'] = 20022
# 设置时区
gitlab_rails['time_zone'] = 'Asia/Shanghai'
# 开启大文件存储
gitlab_rails['lfs_enabled'] = true
# ================ Nginx配置 ================
# Gitlab默认用这个端口号作为其Nginx的监听端口
nginx['listen_port'] = 20080
nginx['client_max_body_size'] = '1024m'
# nginx进程数
nginx['worker_processes'] = 4
# 设置是否监听https
nginx['listen_https'] = false
# ================ http服务器 ================
# http服务器, worker=cpu核数+1
puma['worker_processes'] = 4
puma['worker_timeout'] = 90
# ================ Sidekip是Gitlab的异步任务队列 ================
# 设置sidekiq并发数, 默认值25。
sidekiq['concurrency'] = 5
sidekiq['max_concurrency'] = 5
# ================ API限流 ================
# 关闭速率限制
gitlab_rails['api_rate_limit_enabled'] = false
# 每个周期内请求限制(例如,每分钟请求数)
gitlab_rails['api_rate_limit_requests_per_period'] = 100
# 周期时间(秒)
gitlab_rails['api_rate_limit_period'] = 60
gitlab_rails['api_rate_limit_cache_key'] = 'api_rate_limit'
# ================ 数据库 ================
# 使用内置的postgresql
postgresql['enable'] = true
# 设置数据库缓存, 默认256MB, 这里设置为1GB
postgresql['shared_buffers'] = "1GB"
# 设置数据库并发数
postgresql['max_worker_processes'] = 4
# 设置数据库连接池大小
gitlab_rails['db_pool'] = 10
# 使用外置的redis(单实例、或主从集群)
redis['enable'] = false
gitlab_rails['redis_host'] = "gitlab-redis.odboy.local"
gitlab_rails['redis_port'] = 6379
gitlab_rails['redis_password'] = "redisadmin"
gitlab_rails['redis_database'] = 1
# ================ 禁用 容器仓库 ================
registry['enable'] = false
registry_nginx['enable'] = false
#registry_nginx['listen_port'] = 22250
#registry_external_url 'http://192.168.235.100:22250'
gitlab_rails['gitlab_default_projects_features_container_registry'] = false
gitlab_rails['registry_enabled'] = false
# ================ 关闭 包仓库、依赖管理 ================
gitlab_rails['packages_enabled'] = false
gitlab_rails['dependency_proxy_enabled'] = false
# ================ 关闭 GitLab Pages ================
gitlab_pages['enable'] = false
pages_nginx['enable'] = false
# ================ 关闭 邮箱 ================
gitlab_rails['smtp_enable'] = false
gitlab_rails['smtp_address'] = "smtp.qq.com"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "tianjun@odboy.cn"
gitlab_rails['smtp_password'] = "xxxxxxxxxxxx"
gitlab_rails['smtp_domain'] = "smtp.qq.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['gitlab_email_from'] = "tianjun@odboy.cn"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
# ================ 关闭 监控和性能基准相关功能 ================
prometheus_monitoring['enable'] = false
prometheus['enable'] = false
alertmanager['enable'] = false
node_exporter['enable'] = false
redis_exporter['enable'] = false
postgres_exporter['enable'] = false
pgbouncer_exporter['enable'] = false
gitlab_exporter['enable'] = false
grafana['enable'] = false
sidekiq['metrics_enabled'] = false
# ================ 设置gitlab_rails组件的内存消耗 ================
# dirty_decay_ms 脏页延迟回收时间(已使用过的)
# muzzy_decay_ms 脏页延迟回收时间(未使用过的)
gitlab_rails['env'] = {
'MALLOC_CONF' => 'dirty_decay_ms:250,muzzy_decay_ms:250'
}
# ================ 应用性能分析和上报 Usage Statistics ================
gitlab_rails['usage_ping_enabled'] = false
gitlab_rails['sentry_enabled'] = false
grafana['reporting_enabled'] = false
# ================ 关闭对k8s的cd功能 ================
# GitLab-KAS And Terraform
gitlab_kas['enable'] = false
gitlab_rails['gitlab_kas_enabled'] = false
gitlab_rails['terraform_state_enabled'] = false
# ================ 关闭Kerberos和sentinel ================
gitlab_rails['kerberos_enabled'] = false
sentinel['enable'] = false
# ================ 关闭自带聊天Mattermost ================
mattermost['enable'] = false
mattermost_nginx['enable'] = false
networks:
- gitlab-network
ports:
- '20080:20080' # 注意宿主机和容器内部的端口要一致,否则external_url无法访问
- '20443:443'
- '20022:20022'
- '22250:22250'
volumes:
- './gitlab-core/config:/etc/gitlab'
- './gitlab-core/logs:/var/log/gitlab'
- './gitlab-core/data:/var/opt/gitlab'
# - './gitlab-core/registry:/var/opt/gitlab/gitlab-rails/shared/registry'
shm_size: 256mb # set shared memory limit when using docker-compose
privileged: true
depends_on:
- redis
gitlab-runner:
image: registry.cn-shanghai.aliyuncs.com/odboy/ops:gitlab-runner-v14.8.2
#image: registry.cn-shanghai.aliyuncs.com/odboy/ops:gitlab-runner-v16.11.3
#image: registry.cn-shanghai.aliyuncs.com/odboy/ops:gitlab-runner-v17.2.1
#image: registry.cn-shanghai.aliyuncs.com/odboy/ops:gitlab-runner-v17.3.1
container_name: gitlab-runner
hostname: gitlab-runner.odboy.local
restart: unless-stopped
privileged: true
networks:
- gitlab-network
volumes:
# - ./gitlab-runner:/etc/gitlab-runner # 如果要使用这种写法,需要当前的gitlab-runner目录有和容器内/etc/gitlab-runner一样的内容
- gitlab-runner-data:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
- gitlab
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
# docker-compose.yaml(无外部依赖版)
# 可参考 https://hub.docker.com/r/gitlab/gitlab-ce
# 内置变量,可参考 https://blog.csdn.net/weixin_44749269/article/details/134937579
version: '3'
networks:
network-dev:
driver: bridge
volumes:
gitlab-runner-data:
services:
gitlab:
image: registry.cn-shanghai.aliyuncs.com/odboy/ops:gitlab-ce-14.8.2
restart: unless-stopped
container_name: gitlab-core
environment:
TZ: Asia/Shanghai
GITLAB_OMNIBUS_CONFIG: |
# ================ 主服务 ================
# 设置url地址, web站点访问地址
external_url 'http://192.168.235.100:20080'
# 设置ssh地址, ssh访问地址
gitlab_rails['gitlab_shell_ssh_port'] = 20022
# 设置时区
gitlab_rails['time_zone'] = 'Asia/Shanghai'
# 开启大文件存储
gitlab_rails['lfs_enabled'] = true
# ================ Nginx配置 ================
# Gitlab默认用这个端口号作为其Nginx的监听端口
nginx['listen_port'] = 20080
nginx['client_max_body_size'] = '1024m'
# nginx进程数
nginx['worker_processes'] = 4
# 设置是否监听https
nginx['listen_https'] = false
# ================ http服务器 ================
# http服务器, worker=cpu核数+1
puma['worker_processes'] = 4
puma['worker_timeout'] = 90
# ================ Sidekip是Gitlab的异步任务队列 ================
# 设置sidekiq并发数, 默认值25。
sidekiq['concurrency'] = 5
sidekiq['max_concurrency'] = 5
# ================ API限流 ================
# 关闭速率限制
gitlab_rails['api_rate_limit_enabled'] = false
# 每个周期内请求限制(例如,每分钟请求数)
gitlab_rails['api_rate_limit_requests_per_period'] = 100
# 周期时间(秒)
gitlab_rails['api_rate_limit_period'] = 60
gitlab_rails['api_rate_limit_cache_key'] = 'api_rate_limit'
# ================ 数据库 ================
# 使用内置的postgresql
postgresql['enable'] = true
# 设置数据库缓存, 默认256MB, 这里设置为1GB
postgresql['shared_buffers'] = "1GB"
# 设置数据库并发数
postgresql['max_worker_processes'] = 4
# 设置数据库连接池大小
gitlab_rails['db_pool'] = 10
# 使用内置的redis
redis['enable'] = true
# ================ 禁用 容器仓库 ================
registry['enable'] = false
registry_nginx['enable'] = false
gitlab_rails['gitlab_default_projects_features_container_registry'] = false
gitlab_rails['registry_enabled'] = false
# ================ 关闭 包仓库、依赖管理 ================
gitlab_rails['packages_enabled'] = false
gitlab_rails['dependency_proxy_enabled'] = false
# ================ 关闭 GitLab Pages ================
gitlab_pages['enable'] = false
pages_nginx['enable'] = false
# ================ 关闭 邮箱 ================
gitlab_rails['smtp_enable'] = false
gitlab_rails['smtp_address'] = "smtp.qq.com"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "tianjun@odboy.cn"
gitlab_rails['smtp_password'] = "xxxxxxxxxxxx"
gitlab_rails['smtp_domain'] = "smtp.qq.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['gitlab_email_from'] = "tianjun@odboy.cn"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
# ================ 关闭 监控和性能基准相关功能 ================
prometheus_monitoring['enable'] = false
prometheus['enable'] = false
alertmanager['enable'] = false
node_exporter['enable'] = false
redis_exporter['enable'] = false
postgres_exporter['enable'] = false
pgbouncer_exporter['enable'] = false
gitlab_exporter['enable'] = false
grafana['enable'] = false
sidekiq['metrics_enabled'] = false
# ================ 设置gitlab_rails组件的内存消耗 ================
# dirty_decay_ms 脏页延迟回收时间(已使用过的)
# muzzy_decay_ms 脏页延迟回收时间(未使用过的)
gitlab_rails['env'] = {
'MALLOC_CONF' => 'dirty_decay_ms:250,muzzy_decay_ms:250'
}
# ================ 应用性能分析和上报 Usage Statistics ================
gitlab_rails['usage_ping_enabled'] = false
gitlab_rails['sentry_enabled'] = false
grafana['reporting_enabled'] = false
# ================ 关闭对k8s的cd功能 ================
# GitLab-KAS And Terraform
gitlab_kas['enable'] = false
gitlab_rails['gitlab_kas_enabled'] = false
gitlab_rails['terraform_state_enabled'] = false
# ================ 关闭Kerberos和sentinel ================
gitlab_rails['kerberos_enabled'] = false
sentinel['enable'] = false
# ================ 关闭自带聊天Mattermost ================
mattermost['enable'] = false
mattermost_nginx['enable'] = false
networks:
- network-dev
ports:
- '20080:20080' # 注意宿主机和容器内部的端口要一致,否则external_url无法访问
- '20443:443'
- '20022:20022'
- '22250:22250'
volumes:
- './gitlab-core/config:/etc/gitlab'
- './gitlab-core/logs:/var/log/gitlab'
- './gitlab-core/data:/var/opt/gitlab'
shm_size: 256mb
privileged: true
gitlab-runner:
image: registry.cn-shanghai.aliyuncs.com/odboy/ops:gitlab-runner-v14.8.2
container_name: gitlab-runner
restart: unless-stopped
privileged: true
networks:
- network-dev
volumes:
- gitlab-runner-data:/etc/gitlab-runner
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
- gitlab
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# 获取密码
# 账号 root
docker ps|grep 'gitlab'|grep -v 'runner'|grep -v 'redis'|awk '{print $1}'|xargs -I{} docker exec {} cat /etc/gitlab/initial_root_password|grep 'Password:'
1
2
2
# 效果图
# 访问地址
http://192.168.235.100:20080
1
# 镜像仓库(优化弃用)
docker login --username=gitlabadmin --password=gitlabadmin 192.168.235.100:22250
1
# 注册runner
# TOKEN从哪来
# 非交互式注册runner
# 参考 https://docs.gitlab.com/runner/register/?tab=Docker
docker ps|grep gitlab|grep -v redis|grep -v gitlab-core|awk '{print $1}'
# 上条命令拿到容器的Id为 4c68527daec4
docker exec -it 4c68527daec4 bash
# 执行命令
gitlab-runner register --non-interactive --url "http://192.168.235.100:20080/" --registration-token "ok8RGwzVkwufekDsfcxz" --executor "shell" --description "shell-runner"
1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
# 注册成功截图
# 注销runner
# 通过名称注销。若有重名,只注销第一个
gitlab-runner unregister --name shell-runner
# 注销所有
gitlab-runner unregister --all-runners
1
2
3
4
2
3
4