GitLab Package install - HVboom/HowTo-DigitalOcean GitHub Wiki

GitLab - Package install

sudo pkg install gitlab

...

===> Creating groups.
Using existing group 'git'.
===> Creating users
Using existing user 'git'.
Extracting gitlab-10.1.6: 100%
Message from libinotify-20170711_1:

============================================================================

Libinotify functionality on FreeBSD is missing support for

  - detecting a file being moved into or out of a directory within the
    same filesystem
  - certain modifications to a symbolic link (rather than the
    file it points to.)

in addition to the known limitations on all platforms using kqueue(2)
where various open and close notifications are unimplemented.

This means the following regression tests will fail:

Directory notifications:
   IN_MOVED_FROM
   IN_MOVED_TO

Open/close notifications:
   IN_OPEN
   IN_CLOSE_NOWRITE
   IN_CLOSE_WRITE

Symbolic Link notifications:
   IN_DONT_FOLLOW
   IN_ATTRIB
   IN_MOVE_SELF
   IN_DELETE_SELF

Kernel patches to address the missing directory and symbolic link
notifications are available from:

https://github.com/libinotify-kqueue/libinotify-kqueue/tree/master/patches

=============================================================================
You might want to consider increasing the kern.maxfiles tunable if you plan
to use this library for applications that need to monitor activity of a lot
of files.

If the default on your system is too low, add the following line to
/boot/loader.conf, then reboot the system:

    kern.maxfiles="25000"
=============================================================================
Message from postgresql95-client-9.5.10:

The PostgreSQL port has a collection of "side orders":

postgresql-docs
  For all of the html documentation

p5-Pg
  A perl5 API for client access to PostgreSQL databases.

postgresql-tcltk
  If you want tcl/tk client support.

postgresql-jdbc
  For Java JDBC support.

postgresql-odbc
  For client access from unix applications using ODBC as access
  method. Not needed to access unix PostgreSQL servers from Win32
  using ODBC. See below.

ruby-postgres, py-psycopg2
  For client access to PostgreSQL databases using the ruby & python
  languages.

postgresql-plperl, postgresql-pltcl & postgresql-plruby
  For using perl5, tcl & ruby as procedural languages.

postgresql-contrib
  Lots of contributed utilities, postgresql functions and
  datatypes. There you find pg_standby, pgcrypto and many other cool
  things.

etc...
Message from rubygem-webpack-rails-0.9.11:

===>   NOTICE:

This port is deprecated; you may wish to reconsider installing it:

Upstream no longer maintained, use devel/rubygem-webpacker-rails* instead.

It is scheduled to be removed on or after 2018-01-31.
Message from gitlab-10.1.6:

Gitlab was installed successfully.

You now need to set up the various components of Gitlab, so please
follow the instructions in the guide at:

http://gitlab.toco-domains.de/FreeBSD/GitLab-docu/blob/master/install/10.1-freebsd.md

If you just installed an minor upgrade of GitLab please follow
the instructions in the guide at:

http://gitlab.toco-domains.de/FreeBSD/GitLab-docu/blob/master/update/freebsd_patch_versions.md

If you just installed an major upgrade of GitLab, for example you
switched from 9.4.x to 10.1.x, please follow the instructions in the guide at:

http://gitlab.toco-domains.de/FreeBSD/GitLab-docu/blob/master/update/9.4-to-10.1-freebsd.md

GitLab

  • Installed in /usr/local/www/gitlab

Attention GitLab does not support MySQL

PostgreSQL

  • Setup GitLab database
# ATTENTION: for first installation superuser rights are needed; after installation this should be removed!
psql -d template1 -U postgres -c "CREATE USER git CREATEDB SUPERUSER PASSWORD '<secure password>';"

# Create the GitLab production database & grant all privileges on database
psql -d template1 -U postgres -c "CREATE DATABASE gitlab OWNER git;"

# Connect as superuser to gitlab db and enable pg_trgm extension if not installed
psql -U pgsql -d gitlab -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
  • Adjust config/database.yml 
production:
  adapter: postgresql
  encoding: utf8
  database: gitlab
  pool: 10
  username: git
  password: <secure password>

Configuration

  • Setup permissions for user git 
sudo chgrp -R git .
sudo chmod -R g+rwX .
sudo chmod -R o-rwx .
  • Setup permissions for user www We are using Apache to serve GitLab including static pages
sudo chmod o+rX .
sudo chmod -R o+rX public
  • Setup upload directory
sudo chown -R git public
sudo mkdir -p public/uploads/tmp
sudo chmod go= public/uploads
sudo chmod go= public/uploads/tmp
  • Setup /usr/home/git/repositories 
sudo su -l git -c "mkdir -p /usr/home/git/repositories"
sudo chmod -R ug+rwX,o= /usr/home/git/repositories/
sudo chmod -R ug-s /usr/home/git/repositories/
sudo find /usr/home/git/repositories/ -type d -print0 | xargs -0 chmod g+s
  • Adjust config/gitlab.yml 
 diff gitlab.yml gitlab.yml.sample 
32,34c32,34
<     host: gitlab.hvboom.org
<     port: 443 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
<     https: true # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
---
>     host: localhost
>     port: 80 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
>     https: false # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
70c70
<     email_from: [email protected]
---
>     email_from: [email protected]
72c72
<     email_reply_to: [email protected]
---
>     email_reply_to: [email protected]
85c85
<     # default_theme: 5 # default: 1
---
>     # default_theme: 1 # default: 1
98,101c98,101
<       wiki: false
<       snippets: false
<       builds: false
<       container_registry: false
---
>       wiki: true
>       snippets: true
>       builds: true
>       container_registry: true
164,166c164,166
<     host: hvboom.org
<     port: 443 # Set to 443 if you serve the pages with HTTPS
<     https: true # Set to true if you serve the pages with HTTPS
---
>     host: example.com
>     port: 80 # Set to 443 if you serve the pages with HTTPS
>     https: false # Set to true if you serve the pages with HTTPS
377c377
<     enabled: true
---
>     enabled: false
398c398
<     allow_single_sign_on: ["github"]
---
>     allow_single_sign_on: ["saml"]
445,450c445,450
<       - { name: 'github',
<           app_id: 'YOUR_APP_ID',
<           app_secret: 'YOUR_APP_SECRET',
<           url: "https://github.com/",
<           verify_ssl: true,
<           args: { scope: 'user:email' } }
---
>       # - { name: 'github',
>       #     app_id: 'YOUR_APP_ID',
>       #     app_secret: 'YOUR_APP_SECRET',
>       #     url: "https://github.com/",
>       #     verify_ssl: true,
>       #     args: { scope: 'user:email' } }
619c619
<       enabled: true
---
>       # enabled: true
622c622
<       ip_whitelist: ["127.0.0.1"]
---
>       # ip_whitelist: ["127.0.0.1"]
625c625
<       maxretry: 10
---
>       # maxretry: 10
628c628
<       findtime: 60
---
>       # findtime: 60
631c631
<       bantime: 3600
---
>       # bantime: 3600
  • Setup SMTP settings
cd config/initializers
sudo cp smtp_settings.rb.sample smtp_settings.rb

diff smtp_settings.rb  smtp_settings.rb.sample
15,17c15,22
<     address: "localhost",
<     port: 25,
<     domain: "HVboom.org"
---
>     address: "email.server.com",
>     port: 465,
>     user_name: "smtp",
>     password: "123456",
>     domain: "gitlab.company.com",
>     authentication: :login,
>     enable_starttls_auto: true,
>     openssl_verify_mode: 'peer' # See ActionMailer documentation for other possible options

Gitlab Shell

  • Installed in /usr/local/share/gitlab-shell

  • Setup log directory

sudo mkdir log
sudo chgrp git log
sudo chmod g+rwX log
sudo chmod o+rX log
  • Adjust configuration config.yml 
diff config.yml config.yml.sample 
16c16
< gitlab_url: "https://gitlab.hvboom.org/"
---
> gitlab_url: "http://localhost:8080"
19a20,24
> #  read_timeout: 300
> #  user: someone
> #  password: somepass
> #  ca_file: /etc/ssl/cert.pem
> #  ca_path: /etc/pki/tls/certs
21,22d25
<   ca_file: "/usr/local/etc/letsencrypt/live/hvboom.org/fullchain.pem"
<   ca_path: "/usr/local/etc/letsencrypt/live/hvboom.org"
37c40
<   bin: /usr/local/bin/redis-cli
---
>   bin: /usr/bin/redis-cli
55c58
< log_file: "/usr/local/share/gitlab-shell/log/gitlab-shell.log"
---
> log_file: "/var/log/gitlab-shell/gitlab-shell.log"

Gitaly

  • Installed in /usr/local/share/gitaly

Use Apache web server

Upgrade

  • Before following the instructions mentioned in the package upgrade message ensure proper file permissions
# login as git user

cd /usr/local/www/gitlab
sudo chown -R git:www .
chmod -R g+rX .
chmod -R o-rwx .
chmod -R g+w public log tmp

cd public/uploads
chmod -R g-rwx .

Troubleshooting

DB migration fails

  • If you face an issue like the following after applying a bigger package upgrade, try to reboot your system 
    ActiveRecord::StatementInvalid: PG::InvalidParameterValue: ERROR:  invalid value for parameter "TimeZone": "UTC"
: SET SESSION timezone TO 'UTC'
  • If you face an issue with a library which cannot be loaded just reinstall the Gem with sudo gem pristine charlock_holmes 
    rake aborted!
LoadError: Shared object "libicudata.so.66" not found, required by "charlock_holmes.so" - /usr/local/lib/ruby/gems/2.6/gems/charlock_holmes-0.7.7/lib/charlock_holmes/charlock_holmes.so
/usr/local/www/gitlab-ce/config/application.rb:14:in `<top (required)>'
/usr/local/www/gitlab-ce/Rakefile:5:in `<top (required)>'
(See full trace by running task with --trace)

Sidekiq not started

If Sidekiq is not running and you find following entries in /usr/local/www/gitlab-ce/log/sidekiq.log:

bundler: command not found: sidekiq
Install missing gem executables with `bundle install`

the executable cannot be found anymore.

Solution

Create symbolic links towards the current sidekiq version

cd /usr/local/bin
sudo ln -s sidekiq5 sidekiq
sudo ln -s sidekiqctl5 sidekiqctl
sudo chmod -h o+rw sidekiq sidekiqctl

Apache configuration

Attention misleading error Can't verify CSRF token authenticity can occur due to a template error

Started POST "/users/sign_in" for 80.218.160.176 at 2018-02-18 08:36:10 +0100
Processing by SessionsController#create as HTML
  Parameters: {"utf8"=>"", "authenticity_token"=>"[FILTERED]", "user"=>{"login"=>"root", "password"=>"[FILTERED]", "remember_me"=>"0"}}
Can't verify CSRF token authenticity
Completed 401 Unauthorized in 1606ms (ActiveRecord: 33.2ms)

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
  lib/gitlab/middleware/multipart.rb:93:in `call'
  lib/gitlab/request_profiler/middleware.rb:14:in `call'
  lib/gitlab/middleware/go.rb:17:in `call'
  lib/gitlab/etag_caching/middleware.rb:11:in `call'
  lib/gitlab/middleware/read_only.rb:30:in `call'
  lib/gitlab/request_context.rb:18:in `call'
  lib/gitlab/metrics/requests_rack_middleware.rb:27:in `call'

Solution

Change the second ProxyPassReverse to use https instead of http

  <Location />
    # New authorization commands for apache 2.4 and up
    # http://httpd.apache.org/docs/2.4/upgrading.html#access
    Require all granted

    #Allow forwarding to gitlab-workhorse
    ProxyPassReverse http://127.0.0.1:8080
    ProxyPassReverse https://YOUR_SERVER_FQDN/
  </Location>

Gitlab Shell check failed

...
Running /usr/local/share/gitlab-shell/bin/check
Check GitLab API access: FAILED: Failed to connect to internal API
gitlab-shell self-check failed
  Try fixing it:
  Make sure GitLab is running;
  Check the gitlab-shell configuration file:
  sudo -u git -H editor /usr/local/share/gitlab-shell/config.yml
  Please fix the error above and rerun the checks.

Checking GitLab Shell ... Finished
...

Solution

  • Set the correct GitLab user in /usr/local/share/gitlab-shell/config.yml
  • Check the proxy port used in the Apache configuration and in the unicorn.rb configuration file are the same

Permission denied (publickey).

If check to login via ssh -Tv [email protected] results in a Permission denied (publickey) you have to ensure following settings:

  • The home directory has 755 as permission and is owned by the user: drwxr-xr-x 13 git git 21 May 26 23:19 git/
  • The .ssh directory has 700 as permission and is owned by the user: drwx------ 2 git git 4 May 26 23:19 .ssh/
  • The authorized_keys file has 600 as permission and is owned by the user: -rw------- 1 git git 1550 Mar 31 00:02 authorized_keys

Cannot compile assets

The rake task to compile the assets get's killed due to missing memory

Solution

Enhance temporarily the Swap space and run RAILS_ENV=production NODE_ENV=production USE_DB=false SKIP_STORAGE_VALIDATION=true NODE_OPTIONS='--max_old_space_size=8192' bundle exec rake gitlab:assets:compile

Add additional swap space:

sudo swapinfo -g
cat /etc/fstab 
sudo truncate -s 4G /tmp_swapfile
sudo chmod 0600 /tmp_swapfile 
sudo sh -c 'echo "md98 none swap sw,file=/tmp_swapfile,late 0 0" >> /etc/fstab'
sudo swapon -aqL
sudo swapinfo -g

Reset the swap space:

sudo swapoff -a
sudo vi /etc/fstab 
sudo rm /tmp_swapfile 
sudo swapon -aqL
sudo swapinfo -g
Add a custom footer
⚠️ **GitHub.com Fallback** ⚠️