GitLab install/configure and integrate with Domain Controller

Ubuntu 14.04 x64 GITLab installation and configuration

Our goals is install and configure the GitLab server in Ubuntu 14.04 x64 for source code placing and synchronizing. This is WEB server and his control is very easy. Programmers synchronizes source codes with git client. The source code check is working with checksum and diff utilities. We must create the groups in the web portal and add programmers to this group. The differences of code changes is synchronizes incremental. All of this process is logging. In simple words this is for programmers.

GitLab – This is web based wiki event tracking system with GIT repository controller. Program is written by Ukranian Dmitriy Zaporozhets in Ruby.

Firstly look at the domain controller credentials:
port: 636
bind_dn: ‘CN=DCADM,CN=Users,DC=domain,DC=lan’
password: ‘DC_PASSWORD’
user_filter: ‘(memberOf=CN=GITUsers,OU=DOMAINTech Groups,OU=DOMAINTech,DC=domain,DC=lan)’

Resources of Ubuntu 14.04 x64 virtual machine:
1 CPU 2 Core

  1. Packages and dependencies

apt-get update          – Update system repositories
apt-get dist-upgrade    – Update system packages and kernel

Please note, you must install packages just from sudo.
sudo apt-get install -y vim         – install vim
sudo update-alternatives –set editor /usr/bin/vim.basic   – Set VIM as default text editor

Install needed dependencies for Ruby and Ruby GEMS extensions.
sudo apt-get install -y build-essential zlib1g-dev libyaml-dev libssl-dev libgdbm-dev libreadline-dev libncurses5-dev libffi-dev curl openssh-server redis-server checkinstall libxml2-dev libxslt-dev libcurl4-openssl-dev libicu-dev logrotate python-docutils pkg-config cmake libkrb5-dev

sudo apt-get install -y git-core          – Install GIT
git –version     – Look at the GIT version, this must be between 1.7.12 and 2.0.0 or higher.
git version 1.9.1

Or if you want to delete old GIT and install from source codes, then firstly delete GIT and install from source codes with the following steps:

sudo apt-get remove git-core  – Firstly delete installed GIT core

Install needed dependent packages:
sudo apt-get install -y libcurl4-openssl-dev libexpat1-dev gettext libz-dev libssl-dev build-essential

cd /tmp     – For compile and install source codes, go to the /tmp folder

Download and extract the source code
curl -L –progress | tar xz

cd git-2.1.2/           – Go to the GIT code folder
./configure             – Configure for compile
make prefix=/usr/local all    – For destination folder define /usr/local
sudo make prefix=/usr/local install       – GIT installing to the /usr/local/bin path

Note: At the 5th step configurations, don’t forget in the config/gitlab.yml configuration file change the bin_path as floows:
    bin_path: /usr/local/bin/git

sudo apt-get install -y postfix           – Install mail server for email send. Configure as follows. Select Internet site and write domain name.

  1. Install the Ruby

GitLab Shell is calling with OpenSSH and we can prevent existing version manager send and receive with SSH. Version managers is not supporting and for that we must use ruby. If old ruby is exists, delete this first.
sudo apt-get remove ruby1.8         – Delete old Ruby
mkdir /tmp/ruby && cd /tmp/ruby     – For download and install Ruby create the folder and go to this folder.

Download and install in current directory.
curl -L –progress | tar xz
cd ruby-2.1.5/          – Enter the extracted folder
./configure –disable-install-rdoc  – Configure for compile
make                    – Compile
sudo make install       – Install
sudo gem install bundler –no-ri –no-rdoc      – Install the Bundler GEM

  1. Sistem users

sudo adduser –disabled-login –gecos ‘GitLab’ git    – Add user git for GitLab

  1. Databases

GitLAB advices for database PostgreSQL. For purpose extension use, we will use the PostgreSQL9.1. Install PostgreSQL, create database and username.
sudo apt-get install -y postgresql postgresql-client libpq-dev    – Upgrade packages for database
sudo -u postgres psql -d template1              – Login to the PostgreSQL
template1=# CREATE USER git CREATEDB;           – Create database user git (template1=# is console prompt and it is cannot entered as command)

Create GITLAB production database and grant full access to this database:
template1=# CREATE DATABASE gitlabhq_production OWNER git;
template1=# \q          – Exit from database console

sudo -u git -H psql -d gitlabhq_production      – Try to login to database with already created user
gitlabhq_production=> \q      – Exit from database console

  1. Redis

sudo apt-get install redis-server   – Install the redis server package

Give access for use redis sockets:
sudo cp /etc/redis/redis.conf /etc/redis/redis.conf.orig

Change Redis listener TCP port to 0 for stop listening.
sed ‘s/^port .*/port 0/’ /etc/redis/redis.conf.orig | sudo tee /etc/redis/redis.conf

Start default Debian/Ubuntu socket for Redis:
echo ‘unixsocket /var/run/redis/redis.sock’ | sudo tee -a /etc/redis/redis.conf

Give access to this socket for all Redis members:
echo ‘unixsocketperm 770’ | sudo tee -a /etc/redis/redis.conf

Create folder for socket, give access for user and group:
sudo mkdir /var/run/redis
sudo chown redis:redis /var/run/redis
sudo chmod 755 /var/run/redis/

If socket tempfiles folder exists, then add line to redis.conf file:
if [ -d /etc/tmpfiles.d ]; then
   echo ‘d  /var/run/redis  0755  redis  redis  10d  -‘ | sudo tee -a /etc/tmpfiles.d/redis.conf

After changes in redis.conf, restart the service:
sudo service redis-server restart
sudo usermod -aG redis git          – Add git user to redis group

  1. GitLab Install and configure

cd /home/git      # We will install GitLab to the git user home folder. For that go to this folder.

Clone the gitlab source code to the local folder:
sudo -u git -H git clone -b 7-6-stable gitlab

cd /home/git/gitlab           – Go to the GitLab installation folder
sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml – Copy configuration from example file
sudo -u git -H editor config/gitlab.yml         – Change the starting lines in the configuration file as follows. Note, we will configure HTTPS for nginx soon.
    host: git.domain.lan
    port: 443
    https: true
    email_from: [email protected]

Be sure you have access to write to the log/ and tmp/ folders:
sudo chown -R git log/
sudo chown -R git tmp/
sudo chmod -R u+rwX,go-w log/
sudo chmod -R u+rwX tmp/

Create folder and give access for Satellite:
sudo -u git -H mkdir /home/git/gitlab-satellites
sudo chmod u+rwx,g=rx,o-rwx /home/git/gitlab-satellites

Be sure GitLab have access to write to tmp/pids/ and tmp/sockets/ folders:
sudo chmod -R u+rwX tmp/pids/
sudo chmod -R u+rwX tmp/sockets/

Be sure GitLab have access to write to public/uploads/ folder:
sudo chmod -R u+rwX  public/uploads

Copy unicorn configuration file:
sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb

nproc       – Find the CPU core counts

If you have a lot of loads then, activate cluster mode. If your RAM is 4GB then, set worker_processes count is equal to CORE count:
sudo -u git -H editor config/unicorn.rb

Copy the rack_attack configuration file:
sudo -u git -H cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb 

Configure Git global configuration for user git. This needed when you will configure through web browser. Change, how we did in the gitlab.yml configuration file:
sudo -u git -H git config –global “GitLab”
sudo -u git -H git config –global “[email protected]
sudo -u git -H git config –global core.autocrlf input

Configure redis connection:
sudo -u git -H cp config/resque.yml.example config/resque.yml

If you are not using socket default in Debian/Ubuntu-da you can change path in the following file.
Important note: Be sure gitlab.yml and unicorn.rb configurations are the same.

Configuration GitLab DB
Copy configuration file for PostgreSQL
sudo -u git cp config/database.yml.postgresql config/database.yml

For PostgreSQL and MySQL change the configuration in the following file:
configure username/password in the config/database.yml configuration file. We must write database, username and password which talked about in the first step. If you changed the password then write new pass in password directive. You can write between single quotes
sudo -u git -H editor config/database.yml

For PostgreSQL and MySQL. Change access for read for git user to config/database.yml file:
sudo -u git -H chmod o-rwx config/database.yml 

Install GEMS
Note: For Bundler 1.5.2 you can use bundle install -jN command (N – number of you CPU cores. You can find cores with nproc command). This is doing our job for 60% fastest. But be sure you bundler newer than 1.5.2 version. You can check this with bundle -v command.
bundle -v                     – My version was
Bundler version 1.7.9

# For PostgreSQL (this option tells install without MySQL)
sudo -u git -H bundle install –deployment –without development test mysql aws

Install GitLab Shell
GitLab Shell is specially program written for GitLab which is using for grant access to SSH and control repository. For install gitlab-shell use the following command(If you changed `redis path` you must change here). Write command in one line
sudo -u git -H bundle exec rake gitlab:shell:install[v2.4.0] REDIS_URL=unix:/var/run/redis/redis.sock RAILS_ENV=production

By default gitlab-shell configuration is generated from main Gitlab configuration. You can see your GitLab-shell configuration with the following command.
sudo -u git -H editor /home/git/gitlab-shell/config.yml  – Output of command
user: git
gitlab_url: https://git.domain.lan/
self_signed_cert: true
repos_path: “/home/git/repositories/”
auth_file: “/home/git/.ssh/authorized_keys”
bin: “/usr/bin/redis-cli”
namespace: resque:gitlab
socket: “/var/run/redis/redis.sock”
log_level: INFO
audit_usernames: false

Initialize the database and activate functionalities
sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production

For create database tables write yes and ENTER button. After you will see the following lines:
Administrator account created:

Note: You can change the Administrator password from the GITLAB_ROOT_PASSWORD path variable. Of course it is possible from web too.

sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD=newpassword   

Install the init script
sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab        – Copy the Init script to the startup scripts path

If you install from different folder than default, then copy from this folder. But we installed from default folder.
sudo cp lib/support/init.d/gitlab.default.example /etc/default/gitlab

If you install GitLab from different user and different folder than default then, you must change this configurations in /etc/default/gitlab file. Please note, in then /etc/init.d/gitlab file don’t change anything because this file will change automatically.
sudo update-rc.d gitlab defaults 21       – Add GitLab to startup

LogRotasiyasini ishe saliriq:
sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab – Copy logrotate file

Check program status. Check GitLab and his environment:
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production

Compile the actives:
sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production

Start the GitLab service:
sudo service gitlab start

sudo /etc/init.d/gitlab restart

  1. Install and configure nGinx

nginx is officially supported by GitLab. If you want to use dffierent web server than nginx then, check GitLab portal about this web server.

sudo apt-get install -y nginx

Site configuration:
Copy the site configuration template to the path and link to him(gitlab for HTTP and gitlab-ssl for HTTPS)

sudo cp lib/support/nginx/gitlab /etc/nginx/sites-available/gitlab
sudo ln -s /etc/nginx/sites-available/gitlab /etc/nginx/sites-enabled/gitlab

sudo cp lib/support/nginx/gitlab-ssl /etc/nginx/sites-available/gitlab-ssl
sudo ln -s /etc/nginx/sites-available/gitlab-ssl /etc/nginx/sites-enabled/gitlab-ssl

Edit configuration files which of them you choosen:
sudo editor /etc/nginx/sites-available/gitlab         – Fot HTTP this file
sudo editor /etc/nginx/sites-available/gitlab-ssl     – I has choose HTTPS

Important configuration lines must be correctly configured to your DNS A record name:
upstream gitlab {
server unix:/home/git/gitlab/tmp/sockets/gitlab.socket fail_timeout=0;
server {
server_name git.domain.lan;
server_tokens off;
return 301 https://$server_name$request_uri;
access_log  /var/log/nginx/gitlab_access.log;
error_log   /var/log/nginx/gitlab_error.log;
server {
listen ssl;
server_name git.domain.lan;
server_tokens off;  root /home/git/gitlab/public;
client_max_body_size 20m;
ssl on;
# We will create SSL certificates
  ssl_certificate /etc/nginx/ssl/gitlab.crt;
  ssl_certificate_key /etc/nginx/ssl/gitlab.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
access_log  /var/log/nginx/gitlab_access.log;
error_log   /var/log/nginx/gitlab_error.log;
location / {
try_files $uri $uri/index.html $uri.html @gitlab;
location @gitlab {
gzip off;
proxy_read_timeout      300;
proxy_connect_timeout   300;
proxy_redirect          off;
proxy_set_header    Host                $http_host;
proxy_set_header    X-Real-IP           $remote_addr;
proxy_set_header    X-Forwarded-Ssl     on;
proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
proxy_set_header    X-Forwarded-Proto   $scheme;
proxy_set_header    X-Frame-Options     SAMEORIGIN;
proxy_pass http://gitlab;
location ~ ^/(assets)/ {
root /home/git/gitlab/public;
gzip_static on;
expires max;
add_header Cache-Control public;
error_page 502 /502.html;

When you created certificates in the right address, check nginx status with the following command . You must see the same answer:
sudo nginx  -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Restart the nGinx service:
sudo service nginx restart

Create certificate for HTTPS:
Do the following steps exactly.

  1. In theyml file
    1. change the port to 443
    2. In the first section change https to true
  2. In theyml file
    1. Option for gitlab_url set as https (https://git.domain.lan)
    2. For using certificates you can set ca_file and ca_path
  3. In the nGinx configuration file change gitlab to gitlab-ssl
    1. Write right server FQDN
    2. Write right path for ssl_certificate and ssl_certificate_key
    3. See the configuration file and change other security configurations.
  1. Generate the Self-Signed certificate:

sudo mkdir -p /etc/nginx/ssl/
cd /etc/nginx/ssl/
sudo openssl req -newkey rsa:2048 -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key
Country Name (2 letter code) [AU]:AZ
State or Province Name (full name) [Some-State]:Baku
Locality Name (eg, city) []:YeniYasamal
Organization Name (eg, company) [Internet Widgits Pty Ltd]:DOMAIN
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:git.domain.lan
Email Address []:[email protected]

sudo chmod o-r gitlab.key

  1. In the gitlab-shell for file yml change self_signed_cert option to true.

Check the program state again
Check all configuration status again:
cd /home/git/gitlab
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production

Result must be as following:
Redis version >= 2.0.0? … yes
Ruby version >= 2.0.0 ? … yes (2.1.5)
Your git bin path is “/usr/bin/git”
Git version >= 1.7.10 ? … yes (1.9.1)
Checking GitLab … Finished

Note: With the set of SANITIZE=true environment variable you will block of output about projects when you will use the gitlab:check command. Open https://git.domain.lan link in your browser with the following login and password and change the password.
login: root
pass: 5iveL!fe

Then click the Sign in button and change the password as follows:

You can restart, stop or start the services with the following commands.
sudo service gitlab restart
[sudo] password for jamal:
Shutting down both Unicorn and Sidekiq.
GitLab is not running.
Starting both the GitLab Unicorn and Sidekiq.
The GitLab Unicorn web server with pid 28862 is running.
The GitLab Sidekiq job dispatcher with pid 28904 is running.
GitLab and all its components are up and running.

You can change Redis connections for you requirements:
If you want connect to Redis with different host and port then, change the configuration in the config/resque.yml file.
# Example
production: redis://redis.example.tld:6379

If you want to connect to the redis with “unix:” socket then, change the  config/resque.yml configuration file as follows:
# Copy
production: unix:/path/to/redis/socket

Different SSH connection
If you changed SSH listen port then, you must change the SSH configuration for GitLab user.
Add the following lines in the /home/git/.ssh/config file
host localhost          # hostname
user git            # remote git username
port 2222           # SSH port number
hostname; # Server name or IP

Of course you must change right configurations in the config/gitlab.yml file for ssh_user, ssh_host, admin_uri options

MSLDAP registration
If we want authenticate GitLAB users in our company domain controller then, we must change in the config/gitlab.yml file right configurations for connect to DC and check for users.
cd /home/git/gitlab                       – Go to the configuration folder
sudo -u git editor config/gitlab.yml      – Change LDAP configuration as follows.
enabled: true
label: ‘LDAP
host: ‘domain.lan
port: 636
uid: ‘sAMAccountName
method: ‘ssl‘ # “tls” or “ssl” or “plain”
bind_dn: ‘CN=DCADM,CN=Users,DC=domain,DC=lan
password: ‘DC_PASSWORD
active_directory: true
allow_username_or_email_login: false
base: ‘DC=domain,DC=lan
user_filter: ‘(memberOf=CN=GITUsers,OU=DOMAINTech Groups,OU=DOMAINTech,DC=domain,DC=lan)

sudo /etc/init.d/gitlab restart           – Restart the Gitlab service
Check the LDAP configurations. We must see the users.
sudo -u git -H bundle exec rake gitlab:ldap:check RAILS_ENV=production       
Checking LDAP …
LDAP users with access to your GitLab server (only showing the first 100 results)
Server: ldapmain
DN: CN=Eldaniz Ibrahimov,OU=DOMAINTech Users,OU=DOMAINTech,DC=domain,DC=lan       sAMAccountName: eldaniz
DN: CN=Jamal Shahverdiyev,OU=DOMAINTech Users,OU=DOMAINTech,DC=domain,DC=lan      sAMAccountName: jamal
DN: CN=Sukur Rzayev,OU=DOMAINTech Users,OU=DOMAINTech,DC=domain,DC=lan            sAMAccountName: SukurR
DN: CN=Musaqil Musabeyli,OU=DOMAINTech Users,OU=DOMAINTech,DC=domain,DC=lan       sAMAccountName: MusaqilM
DN: CN=Hidayat Soltanzade,OU=DOMAINTech Users,OU=DOMAINTech,DC=domain,DC=lan      sAMAccountName: HidayatS
DN: CN=Alakbar Velizade,OU=DOMAINTech Users,OU=DOMAINTech,DC=domain,DC=lan        sAMAccountName: AlakbarV
DN: CN=Rufat Babakishiyev,OU=DOMAINTech Users,OU=DOMAINTech,DC=domain,DC=lan      sAMAccountName: RufatBa
DN: CN=Javid Ismayilzade,OU=DOMAINTech Users,OU=DOMAINTech,DC=domain,DC=lan       sAMAccountName: JavidI
DN: CN=Yunis Babayev,OU=DOMAINTech Users,OU=DOMAINTech,DC=domain,DC=lan         sAMAccountName: YunisB
DN: CN=Rovshan Baghirov,OU=DOMAINTech Users,OU=DOMAINTech,DC=domain,DC=lan        sAMAccountName: RovshanB

Checking LDAP … Finished

At the end go to the https://git.domain.lan link and login with DC username as following:

Now programmers can synchronize theirs source codes from selected folder to our server.

At the end I will note again. In the /home/git/gitlab/config/gitlab.yml configuration file option for bin_path the binary path must be correct to your system git(/usr/local/bin/git) path.