2016年5月2日月曜日

GitLab @ OS X 10.11

OS Xはインストールパッケージがないために手動でインストールすることになります。古い記事が多かったのでEl CapitanでのGitLab(8.8)+Apache+サブディレクトリのインストール手順をまとめておきます。間違いや抜けがあるかもしれませんがご了承ください。

基本的には次のリンクの通り(現在は8.7が最新)
https://github.com/WebEntity/Installation-guide-for-GitLab-on-OS-X
https://github.com/gitlabhq/gitlabhq/blob/8-8-stable/doc/install/installation.md

1. homebrew関連のインストール
    brew install icu4c git logrotate libxml2 cmake pkg-config openssl
    brew link openssl --force

2. python
    sudo ln -s /usr/bin/python /usr/bin/python2

3. 依存ファイルのインストール
    sudo easy_install pip
    sudo pip install pygments
    curl -O http://heanet.dl.sourceforge.net/project/docutils/docutils/0.12/docutils-0.12.tar.gz
    gunzip -c docutils-0.12.tar.gz | tar xopf -
    cd docutils-0.12
    sudo python setup.py install

4. gitユーザの作成
    LastUserID=$(dscl . -list /Users UniqueID | awk '{print $2}' | sort -n | tail -1)
    NextUserID=$((LastUserID + 1))
    sudo dscl . create /Users/git
    sudo dscl . create /Users/git RealName "GitLab"
    sudo dscl . create /Users/git hint "Password Hint"
    sudo dscl . create /Users/git UniqueID $NextUserID
    LastGroupID=$(dscl . readall /Groups | grep PrimaryGroupID | awk '{ print $2 }' | sort -n | tail -1)
    NextGroupID=$(($LastGroupID + 1 ))
    sudo dscl . create /Groups/git
    sudo dscl . create /Groups/git RealName "GitLab"
    sudo dscl . create /Groups/git passwd "*"
    sudo dscl . create /Groups/git gid $NextGroupID
    sudo dscl . create /Users/git PrimaryGroupID $NextGroupID
    sudo dscl . create /Users/git UserShell $(which bash)
    sudo dscl . create /Users/git NFSHomeDirectory /Users/git
    sudo cp -R /System/Library/User\ Template/English.lproj /Users/git
    sudo chown -R git:git /Users/git
    sudo defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array-add git

5. Install Ruby 2.1.8
    デフォルトのrubyバージョンは対応していないようなのでrbenvを入れてインストールする。
    brew install rbenv ruby-build

    echo 'export PATH="/usr/local/bin:$PATH"' | sudo -u git tee -a /Users/git/.profile
    echo 'if which rbenv > /dev/null; then eval "$(rbenv init -)"; fi' | sudo -u git tee -a /Users/git/.profile
    sudo -u git cp /Users/git/.profile /Users/git/.bashrc

    sudo -u git -H -i 'rbenv install 2.1.8'
    sudo -u git -H -i 'rbenv global 2.1.8'

6. Install go 1.6.2
    brew install go

7. Setup Database (mysql)
参考はコチラのリンク
https://github.com/WebEntity/Installation-guide-for-GitLab-on-OS-X/blob/master/database_mysql.md

    sudo mysql_secure_installation
    mysql -u root -p
        CREATE USER 'git'@'localhost' IDENTIFIED BY 'xxxxxxxxx';
        CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
        GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, CREATE TEMPORARY TABLES, DROP, INDEX, ALTER, LOCK TABLES ON `gitlabhq_production`.* TO 'git'@'localhost';
テスト
    sudo -u git -H mysql -u git -p -D gitlabhq_production

8. Install redis 3.2.0
    brew install redis
rootになって
    ln -sfv /usr/local/opt/redis/*.plist /Library/LaunchDaemons/
    cp /usr/local/etc/redis.conf /usr/local/etc/redis.conf.orig
    sed 's/^port .*/port 0/' /usr/local/etc/redis.conf.orig | sudo tee /usr/local/etc/redis.conf
/usr/local/etc/redis.confを修正。コメントアウトされている次の行のコメントを外す
    unixsocket /tmp/redis.sock
    unixsocketperm 777
起動時設定
    launchctl load /Library/LaunchDaemons/homebrew.mxcl.redis.plist
Path had bad ownership/permissionsと言われたので次に従って変更してみる
http://blog.sarabande.jp/post/85908617473
    sudo chmod -R 600 /usr/local/Cellar/redis/3.2.0/
    sudo chown -R root /usr/local/Cellar/redis/3.2.0/
再度実行

9. GItLab 8.8(6/12更新)
    cd /Users/git
    sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 8-8-stable gitlab
設定ファイルの修正(任意のパスに書き換える)
    sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml
    sudo -u git sed -i "" "s/\/usr\/bin\/git/\/usr\/local\/bin\/git/g" config/gitlab.yml
    sudo -u git sed -i "" "s/\/home/\/Users/g" config/gitlab.yml

    sudo -u git -H cp config/secrets.yml.example config/secrets.yml
    sudo -u git -H chmod 0600 config/secrets.yml

    sudo chown -R git log/
    sudo chown -R git tmp/
    sudo chmod -R u+rwX,go-w log/
    sudo chmod -R u+rwX tmp/

    sudo chmod -R u+rwX tmp/pids/
    sudo chmod -R u+rwX tmp/sockets/

    sudo chmod 0700 public/uploads # 失敗

    # 適当なところに作成
    mkdir repositories
    sudo chmod -R ug+rwX,o-rwx /Users/git/repositories/
    sudo chmod -R ug-s /Users/git/repositories/
    sudo find /Users/git/repositories/ -type d -print0 | sudo xargs -0 chmod g+s

    sudo chmod -R u+rwX builds/

    sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb
    sudo -u git sed -i "" "s/\/home/\/Users/g" config/unicorn.rb

設定ファイルを修正
    sysctl -n hw.ncpu
結果のCPU数を記載。
    vi config/unicorn.rb
        worker_processes xxxx

    sudo -u git -H cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb
    sudo -u git -H git config --global core.autocrlf input
    sudo -u git -H cp config/resque.yml.example config/resque.yml

redisのソケットパスを修正
    vi config/resque.yml
        /tmp/redis.socket
mysqlのDB設定
    sudo -u git cp config/database.yml.mysql config/database.yml
    vi config/database.yml
        passwordを先に設定したものに修正
    sudo -u git -H chmod o-rwx config/database.yml

10. Install Gems

    sudo su git
    . ~/.profile
    gem install bundler --no-ri --no-rdoc
    rbenv rehash
    cd ~/gitlab/
    bundle install --deployment --without development test postgres was kerberos
    bundle exec rake gitlab:shell:install[v2.7.2] REDIS_URL=unix:/tmp/redis.sock RAILS_ENV=production

11. Install gitlab-workhorse
    cd /Users/git
    sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-workhorse.git
    cd gitlab-workhorse
    sudo -u git -H git checkout 0.7.1 # 最新でいいかもしれない
    sudo -u git -H make

12. 初期化
    bundle exec rake gitlab:setup RAILS_ENV=production

13. 初期化用のスクリプト
    cd /Users/git/gitlab
    sudo mkdir -p /etc/init.d/
    sudo mkdir -p /etc/default/
    sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab

    curl -O https://raw.githubusercontent.com/WebEntity/Installation-guide-for-GitLab-on-OS-X/master/gitlab.default.osx
    sudo cp gitlab.default.osx /etc/default/gitlab.default

homeの所を適当なパスに修正する
    vi /etc/init.d/gitlab

14. ログ設定
    sudo cp lib/support/logrotate/gitlab /usr/local/etc/logrotate.d/gitlab
    # パスを修正
    sudo sed -i "" "s/\/home/\/Users/g" /usr/local/etc/logrotate.d/gitlab
    ln -sfv /usr/local/opt/logrotate/*.plist /Library/LaunchDaemons
    chmod -R 600 /usr/local/Cellar/logrotate/3.9.1/
    chown -R root /usr/local/Cellar/logrotate/3.9.1/
    launchctl load /Library/LaunchDaemons/homebrew.mxcl.logrotate.plist

15. 確認
    sudo su git
    cd gitlab
    bundle exec rake gitlab:env:info RAILS_ENV=production

16. Compile Assets
    bundle exec rake assets:precompile RAILS_ENV=production

    redis.socketができていないくて失敗。plistの内容の通りに実行してみるとPermission Deniedと言われたので/usr/local/opt/redis/bin以下に実行権を与えて再起動

    redis.socketは作られていたけど
    Errno::EACCES: Permission denied - connect(2) for /tmp/redis.sock
    /usr/local/etc/redis.confの権限設定が777じゃなくて700になっていたので修正

    とりあえずは/usr/loca/var/log/redis.logを確認してみるのがいい

17. テスト
    sudo sh /etc/init.d/gitlab start

    localhost:8080をブラウザでアクセスして確認
    とりあえずrootのパスを変えておく。初期パスワードは5iveL!fe

18. Gitリポジトリの設定
    vi gitlab-shell/config.yml
        repo_path "xxxxxxx"
    vi gitlab.yml
        repo_pathを修正
          ## GitLab Shell settings
          gitlab_shell:
            path: /Users/git/gitlab-shell/

            # REPOS_PATH MUST NOT BE A SYMLINK!!!
            repos_path: /Users/git/repositories/
            hooks_path: /Users/git/gitlab-shell/hooks/

        もう一つ。必要に応じて
          gitlab_shell:
            path: tmp/tests/gitlab-shell/
            repos_path: tmp/tests/repositories/
            hooks_path: tmp/tests/gitlab-shell/hooks/

    create empty bare repositoryを選択してもno repositoryになる場合はgitlab.ymlのrepos_pathの        パスが違うとか権限がない可能性がある。
        chown -R git:git repositories
   とかしておくといいかもしれない

19a. Apacheの設定(Relative URL)
    https://gitlab.com/gitlab-org/gitlab-workhorse/issues/22
    http://spacekey.info/blog/archives/1306

    8181で転送する。まずは以下のファイルを修正

    ① relative_url.rb
        cp /home/git/gitlab/config/initializers/relative_url.rb.sample /home/git/gitlab/config/initializers/relative_url.rb

    ② vi /home/git/gitlab-shell/config.yml
        gitlab_url: http://localhost/
        gitlab_url: https://127.0.0.1:8080/gitlab/

    ③ vi /home/git/gitlab/config/gitlab.yml
        # relative_url_root: /gitlab
        relative_url_root: /gitlab

    ④ vi /home/git/gitlab/config/unicorn.rb
        # ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab"
        ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab"

    ⑤ vi /etc/init.d/gitlab
        # gitlab_workhorse_options="-listenUmask 0 -listenNetwork unix -listenAddr $socket_path/gitlab-workhorse.socket -authBackend http://127.0.0.1:8080 -authSocket $rails_socket -documentRoot $app_root/public"
        gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080/gitlab"

    ⑥ http.confを修正。以下のproxy設定を追加
        ServerSignature Off
        ProxyPreserveHost On

        AllowEncodedSlashes NoDecode
        RewriteEngine on
        RewriteCond /gitlab%{REQUEST_URI} ^/api/v3/.*
        RewriteRule /gitlab/.* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
        RewriteCond /home/git/gitlab/public/%{REQUEST_FILENAME} !-f [OR]
        RewriteCond /gitlab%{REQUEST_URI} ^/uploads/.*
        RewriteRule /gitlab/.* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]

        RequestHeader set X_FORWARDED_PROTO 'https'
        RequestHeader set X-Forwarded-Ssl on

        ProxyPassReverse /gitlab http://127.0.0.1:8181
        ProxyPassReverse /gitlab http://xxxxx.xxxxxxx.xx/gitlab/

       Locationタグを/gitlabで追加。内容は次の通り
                Require all granted

    その他として以下も修正しています。必要ないかもしれません。
        config/environments/production.rb
            config.serve_static_files = false
            config.serve_static_files = true
       
19b. NGINX
    http://qiita.com/yorumiru/items/ee073ed7f918e8882e00
    以下はhttpsの例
        location /gitlab {
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_pass http://127.0.0.1:8181;
        }
20. LDAP設定
    gitlab/config/gitlab.ymlを修正。赤字の部分を修正する。

    #
    # 3. Auth settings
    # ==========================

    ## LDAP settings
    # You can inspect a sample of the LDAP users with login access by running:
    #   bundle exec rake gitlab:ldap:check RAILS_ENV=production
    ldap:
      enabled: true
      servers:
        ##########################################################################
        #
        # Since GitLab 7.4, LDAP servers get ID's (below the ID is 'main'). GitLab
        # Enterprise Edition now supports connecting to multiple LDAP servers.
        #
        # If you are updating from the old (pre-7.4) syntax, you MUST give your
        # old server the ID 'main'.
        #
        ##########################################################################
        main: # 'main' is the GitLab 'provider ID' of this LDAP server
          ## label
          #
          # A human-friendly name for your LDAP server. It is OK to change the label later,
          # for instance if you find out it is too large to fit on the web page.
          #
          # Example: 'Paris' or 'Acme, Ltd.'
          label: 'LDAP'

          host: 'xxxxx.xx'
          port: 389
          uid: 'uid'
          method: 'plain' # "tls" or "ssl" or "plain"
          bind_dn: 'cn=users,dc=xxxxx,dc=xx'
          password: ''

          # Set a timeout, in seconds, for LDAP queries. This helps avoid blocking
          # a request if the LDAP server becomes unresponsive.
          # A value of 0 means there is no timeout.
          timeout: 10

          # This setting specifies if LDAP server is Active Directory LDAP server.
          # For non AD servers it skips the AD specific queries.
          # If your LDAP server is not AD, set this to false.
          active_directory: false

          # If allow_username_or_email_login is enabled, GitLab will ignore everything
          # after the first '@' in the LDAP username submitted by the user on login.
          #
          # Example:
          # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
          # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
          #
          # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
          # disable this setting, because the userPrincipalName contains an '@'.
          allow_username_or_email_login: false

          # To maintain tight control over the number of active users on your GitLab installation,
          # enable this setting to keep new users blocked until they have been cleared by the admin
          # (default: false).
          block_auto_created_users: false

          # Base where we can search for users
          #
          #   Ex. ou=People,dc=gitlab,dc=example
          #
          base: 'cn=users,dc=xxxxx,dc=xx'

          # Filter LDAP users
          #
          #   Format: RFC 4515 http://tools.ietf.org/search/rfc4515
          #   Ex. (employeeType=developer)
          #
          #   Note: GitLab does not support omniauth-ldap's custom filter syntax.
          #
          user_filter: ''

21. その他修正箇所
    確認用メールのリンクの修正や443対応などで以下を修正する。以下は443にした例
    vi gitlab.yml

      #
      # 1. GitLab app settings
      # ==========================

      ## GitLab settings
      gitlab:
        ## Web server settings (note: host is the FQDN, do not include http://)
        host: xxxxx.xx
        port: 443 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS   configuration details
        https: true # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details

22. httpsでgit pushで失敗する場合
    push時に自己証明書などを利用しているとうまくいかないケースがある
        remote: GitLab: Failed to authorize your Git request: internal API unreachable
    gitlab-shell/config.yml
        self_signed_cert: false
        self_signed_cert: true
    に変更する


0 件のコメント:

コメントを投稿