Gitlab配置

• gitlab 修改用户密码
• gitlab 邮箱配置
• ldap 登录配置
• CAS 单点登录

gitlab 修改用户密码

# 等待进入数据库
gitlab-rails console -e production
# 查询用户
irb(main):009:0> user = User.where(id: 1).first
# 设置密码
irb(main):009:0> user.password = '123456'
irb(main):009:0> user.password_confirmation = '123456'
# 保存数据
irb(main):009:0> user.save!

gitlab 邮箱配置

# 修改配置
$ cat >> /etc/gitlab/gitlab.rb <<EOF
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.163.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "发件箱名.163.com"
gitlab_rails['smtp_password'] = "授权码"
gitlab_rails['smtp_domain'] = "163.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_from'] = '发件箱名.163.com'
user['git_user_email'] = "发件箱名.163.com"
EOF
# 更新配置
gitlab-ctl reconfigure
# 重启服务
gitlab-ctl restart
# 邮件测试
gitlab-rails console
# Notify.test_email('zhanghaijun_java@163.com','test Gitlab Email','Test').deliver_now

ldap 登录配置

• https://docs.gitlab.com/ee/integration/omniauth.html

cat >> /etc/gitlab/gitlab.rb < EOF
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
     label: 'LDAP'
     host: '192.168.60.8'
     port: 389
     uid: 'cn'
     bind_dn: 'cn=admin,dc=txra,dc=com'
     password: '123456'
     verify_certificates: true
     smartcard_auth: false
     active_directory: true
     allow_username_or_email_login: false
     lowercase_usernames: false
     block_auto_created_users: false
     base: 'cn=dev,ou=txra,dc=txra,dc=com'
     user_filter: ''
#     ## EE only
#     group_base: ''
#     admin_group: ''
#     sync_ssh_keys: false
EOS
EOF
# 使配置生效
gitlab-ctl reconfigure
# 重启服务
gitlab-ctl restart
# 效验能否正常获取ldap用户信息
gitlab-rake gitlab:ldap:check

CAS 单点登录

• https://docs.gitlab.com/ee/integration/cas.html
• https://gitlab.com/gitlab-org/gitlab-foss/-/issues/52251

cat >> /etc/gitlab/gitlab.rb < EOF
## SSO登录配置
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['cas3']
gitlab_rails['omniauth_sync_email_from_provider'] = 'cas3'
gitlab_rails['omniauth_sync_profile_from_provider'] = ['cas3']
gitlab_rails['omniauth_sync_profile_attributes'] = ['email','name']
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'cas3'
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_ldap_user'] = true
gitlab_rails['omniauth_external_providers'] = ['cas3']
gitlab_rails['omniauth_allow_bypass_two_factor'] = ['cas3']
gitlab_rails['omniauth_providers'] = [
   {
     "name" => "cas3",
     "label"=> "CAS登录",
     "args" => {
        "url" => "http://192.168.60.101:8888",
        "login_url" => "/cas/login",
        "service_validate_url" => "/cas/p3/serviceValidate",
        "logout_url" => "/cas/logout"
     }
   }
]
EOF
# 使配置生效
gitlab-ctl reconfigure
# 重启服务
gitlab-ctl restart