Gitlab配置
大约 1 分钟
gitlab 修改用户密码
# 等待进入数据库
gitlab-rails console -e production
# 查询用户
irb(main):009:0> user = User.where(id: 1).first
# 设置密码
irb(main):009:0> user.password = '123456'
irb(main):009:0> user.password_confirmation = '123456'
# 保存数据
irb(main):009:0> user.save!
gitlab 邮箱配置
# 修改配置
$ cat >> /etc/gitlab/gitlab.rb <<EOF
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.163.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "发件箱名.163.com"
gitlab_rails['smtp_password'] = "授权码"
gitlab_rails['smtp_domain'] = "163.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_from'] = '发件箱名.163.com'
user['git_user_email'] = "发件箱名.163.com"
EOF
# 更新配置
gitlab-ctl reconfigure
# 重启服务
gitlab-ctl restart
# 邮件测试
gitlab-rails console
# Notify.test_email('zhanghaijun_java@163.com','test Gitlab Email','Test').deliver_now
ldap 登录配置
cat >> /etc/gitlab/gitlab.rb < EOF
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
label: 'LDAP'
host: '192.168.60.8'
port: 389
uid: 'cn'
bind_dn: 'cn=admin,dc=txra,dc=com'
password: '123456'
verify_certificates: true
smartcard_auth: false
active_directory: true
allow_username_or_email_login: false
lowercase_usernames: false
block_auto_created_users: false
base: 'cn=dev,ou=txra,dc=txra,dc=com'
user_filter: ''
# ## EE only
# group_base: ''
# admin_group: ''
# sync_ssh_keys: false
EOS
EOF
# 使配置生效
gitlab-ctl reconfigure
# 重启服务
gitlab-ctl restart
# 效验能否正常获取ldap用户信息
gitlab-rake gitlab:ldap:check
CAS 单点登录
- https://docs.gitlab.com/ee/integration/cas.html
- https://gitlab.com/gitlab-org/gitlab-foss/-/issues/52251
cat >> /etc/gitlab/gitlab.rb < EOF
## SSO登录配置
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['cas3']
gitlab_rails['omniauth_sync_email_from_provider'] = 'cas3'
gitlab_rails['omniauth_sync_profile_from_provider'] = ['cas3']
gitlab_rails['omniauth_sync_profile_attributes'] = ['email','name']
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'cas3'
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_ldap_user'] = true
gitlab_rails['omniauth_external_providers'] = ['cas3']
gitlab_rails['omniauth_allow_bypass_two_factor'] = ['cas3']
gitlab_rails['omniauth_providers'] = [
{
"name" => "cas3",
"label"=> "CAS登录",
"args" => {
"url" => "http://192.168.60.101:8888",
"login_url" => "/cas/login",
"service_validate_url" => "/cas/p3/serviceValidate",
"logout_url" => "/cas/logout"
}
}
]
EOF
# 使配置生效
gitlab-ctl reconfigure
# 重启服务
gitlab-ctl restart