Skip to content

GitLab Install

  • OS: Ubuntu 22.04
  • Gitlab: v17.10.5

1. Install gitlab

  • 1.1 Use the following command to install related dependent components
apt update
apt install -y openssh-server perl

image-20250430092443712

  • 1.2 Download gitlab installation package to the tmp directory

gitlab-ce download url: https://packages.gitlab.com/gitlab/gitlab-ce/packages/ubuntu/jammy/gitlab-ce_17.10.5-ce.0_amd64.deb

image-20250430093704586

  • 1.3 Install gitlab
apt install /tmp/gitlab-ce_17.10.5-ce.0_amd64.deb

image-20250503181336440

2. Create gitlab certificate

2.1 Create CSR file

create private key, and CSR (Certificate Signing Request) file

mkdir /etc/gitlab/ssl && cd /etc/gitlab/ssl
openssl genrsa -out wzs-sat-poc-gitlab.wistron.com.key 2048
openssl req -new -key ./wzs-sat-poc-gitlab.wistron.com.key -out wzs-sat-poc-gitlab.wistron.com.csr

Common Name: wzs-sat-poc-gitlab.wistron.com

image-20250430100050170

2.2 Create SSL certificate

2.2.1 login wistron ADCA, and click Request a certificate

image-20250304150455352

2.2.2 click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file

image-20250304150642288

2.2.3 view and copy gitlab CSR file content

cat wzs-sat-poc-gitlab.wistron.com.csr

image-20250430100129759

2.2.4 paste gitlab CSR file content to Saved Request, select Certificate Template with Wistron Client and Server Authentication, and entry Additional Attributes -> san:dns=wzs-sat-poc-gitlab.wistron.com

image-20250424163040132

2.2.5 download certificate, and rename to wzs-sat-poc-gitlab.wistron.com.cer

image-20250304151628710

2.3 Download CA cert

2.3.1 login wistron ADCA, and click Download a CA certificate, certificate chain, or CRL

image-20250424164020577

2.3.2 select Base 64, and click Download CA certificate

save CA certificate with named: cacerts.crt

image-20250424164114550

2.3.3 upload certificate and CA certificate to gitlab server

image-20250430100327049

3. Modify config file

  • 3.1 Prepare gitlab config file
vim /etc/gitlab/gitlab.rb
  • change gitlab url -> https://wzs-sat-poc-gitlab.wistron.com

image-20250424164635626

  • change gitlab time zone -> gitlab_rails['time_zone'] = 'Asia/Shanghai'

image-20250424164908291

  • config LDAPs
gitlab_rails['ldap_enabled'] = true

gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
  main: # 'main' is the GitLab 'provider ID' of this LDAP server
    label: 'LDAP'
    host: 'cnzhsdc2.wzs.wistron'
    port: 3269
    uid: 'sAMAccountName'
    bind_dn: 'wzsse@wzs.wistron'
    password: 'password'
    encryption: 'simple_tls' # "start_tls" or "simple_tls" or "plain"
    verify_certificates: false
    smartcard_auth: false
    active_directory: true
    allow_username_or_email_login: true
    lowercase_usernames: false
    block_auto_created_users: false
    base: 'dc=wistron'
    user_filter: '(objectCategory=Person)(sAMAccountName=*)'
EOS

image-20250506102355304

  • enable Nginx https
nginx['enable'] = true
nginx['redirect_http_to_https'] = true
nginx['redirect_http_to_https_port'] = 80
nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/cacerts.crt"
nginx['ssl_certificate'] = "/etc/gitlab/ssl/wzs-sat-poc-gitlab.wistron.com.cer"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/wzs-sat-poc-gitlab.wistron.com.key"

image-20250424170227178

  • 3.2 Reload gitlab, and start gitlab
gitlab-ctl reconfigure
gitlab-ctl status

image-20250430100749253

get initial password

cat /etc/gitlab/initial_root_password

image-20250430101144932

4. Config gitlab

  • 4.1 Login gitlab web UI

use initial password

image-20250304162700528

  • 4.2 Deactivate system sign-up restrictions

click Deactivate

image-20250304163134063

un-select Sign-up enabled & Require admin approval for new sign-ups

then click Save changes

image-20250304163215214

  • 4.3 Re-set root password

Click user icon -> Preferences -> Password, and input Current passwordNew passwordPassword confirmation, then click Save password

image-20250330201609794

5. Setup gitlab

5.1 Create project

  • create group

re-login gitlab and go to the gitlab homepage, and click Create a group -> Create group

image-20250304163712416

click Creat group

image-20250511105538023

input group name: CCOE, and select visibility level to Public, then click Create group

image-20250426130621982

  • Create project

click New project

image-20250424173609800

click Create blank project

image-20250424173710965

input project name: ReleaseManagement, select visibility level to Public, and un-check Initialize repository with a README, then click Create project

image-20250511105926722

5.2 Setup mirror

  • User permission settings

source and target gitlab account must have maintain level permissions

first you need to login to gitlab once with your AD account, then switch back to use admin account

switch project ReleaseManagement, and click Manage -> Members -> Invite members

image-20250304164835309

click username, select your AD account, and select role to Maintainer, then click Ivnite

image-20250304165338112

  • Copy site gitlab project URL

click project ReleaseManagement -> Code -> Copy URL

image-20250511111043578

  • Config mirror on source gitlab (HQ gitlab)

login source gitlab (HQ gitlab) project ReleaseManagement, click Settings -> Repository

and expand Mirroring repositories, then click Add new to input mirror info

image-20250426131334773

  • Waiting HQ gitlab push project CCOE/Releasemanagement to site gitlab

image-20250426131517215

  • Confirm site gitlab was mirror successful

image-20250511113932527