Blog Archive

Tuesday, June 19, 2012

Installing GitLab with gitolite on CentOS 6.2 and 6.3

Please leave a comment, to let me know what I can improve/if there are any problems.

Why?


Why would I want to install GitLab on a CentOS Server? Well... Why not? Many people fancy CentOS (me too) and why should't we use GitLab then? Also, many people don't like 
Ubuntu as a Server and CentOS is a pretty common Server OS.


Preperation.


It took me about seven times to get it right. The main problem with installing GitLab on CentOS is that - other than Ubuntu or Fedora - it doesn't have the ICU(lib) installed and
that's why ruby crashes/doesn't run around.

We will work as root most of the time, so make sure you have the permissions to do so. If we work as another user, I will try to point that out.


Let's go!


First of all we need to add the epel repo to yum to get all the packages we want.


1:  rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm  

Then we install all required packages:


1:  yum -y groupinstall 'Development Tools' 'Additional Development'  
2:  yum -y install readline readline-devel ncurses-devel gdbm-devel glibc-devel tcl-devel openssl-devel curl-devel expat-devel db4-devel byacc gitolite sqlite-devel gcc-c++ libyaml libyaml-devel libffi libffi-devel libxml2 libxml2-devel libxslt libxslt-devel libicu libicu-devel system-config-firewall-tui python-devel redis  


Up next: Downloading and extracting ruby:


1:  curl -O http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p0.tar.gz  
2:  tar xzvf ruby-1.9.3-p0.tar.gz  
3:  cd ruby-1.9.3-p0  

Now here are two choices. For most of you number one will be perfectly fine. For those who want to have multiple ruby versions installed side-by-side please use number two.


1) Configure without binary suffix

1:  ./configure --enable-shared --disable-pthread  



2) Configure with binary suffix (for parallel installation of ruby versions)

1:  ./configure --enable-shared --disable-pthread --program-suffix _n  
When choosing this option, the binary ruby will be named ruby_n and gem gem_n. Also you will have to use rake_n.


Now install ruby:


1:  make && make install  

Some may need to install qt-devel qtwebkit-devel by running (Replace the 64 in the path with 32 if you're running on a 32 bit box)


1:  yum install qt-devel qtwebkit-devel
2:  export PATH=$PATH:/usr/lib64/qt4/bin

Now we have to install all the gems GitLab needs to run:


1:  gem update --system  
2:  gem update  
3:  gem install rails  

Now everything is set up and we can start to configure the environment for GitLab. First we create a user, that will run GitLab:


1:  adduser --shell /bin/bash --create-home --home-dir /home/gitlab gitlab  

Because this user will be the Admin of the repos on the server, we need to have a RSA key pair to authenticate:


1:  su gitlab  
2:  ssh-keygen -t rsa # as gitlab user  


Now switch back to your root account. Because GitLab is only a graphical user interface to manage repos, we need a powerfull backend. gitolite will do this for us. 
We also need a user for gitolite.


1:  adduser --system --shell /bin/sh --comment 'gitolite' --create-home --home-dir /home/git git  


Gitolite needs to know one key, that it knows as admin. We will pass the key of GitLab to gitolite. To do so we first copy the private key of our gitlab user to the home 
directory of our gitolite user:


1:  # make sure you do this as root  
2:  cp /home/gitlab/.ssh/id_rsa.pub /home/git/gitlab.pub  


Now we need to initialize gitolite:


1:  su git  
2:  gl-setup ~/gitlab.pub # this passes the admin key to gitolite  

When the prompt appears edit the provided file (it's in a vi-Editor) and set $REPO_UMASK to 0007

Switch back to your root user now.

We now need to give our management software (GitLab) access to the repos:


1:  usermod -a -G git gitlab  
2:  chmod -R g+rwX /home/git/repositories/  
3:  chmod 770 /home/git  


Because the gitlab user will need a password later on, we configure it right now, so we are finished with all the user stuff.


1:  passwd gitlab # please choose a good password :)  


As next step we need to introduce GitLab to gitolite (that is, we let them change their SSH-keys)


1:  su gitlab  
2:  ssh git@localhost  


... and back to the root user, so we don't need to care about permissions.

GitLab needs a few gems, we haven't installed yet:


1:  curl http://python-distribute.org/distribute_setup.py | python  
2:  easy_install pip  
3:  pip install pygments  
4:  gem install bundler  


As mentioned before, the gitlab user will have to do a bit of administration stuff, so we need to give him sudo rights. To do so, we edit the sudoers file with visudo:


1:  visudo  


Add gitlab ALL=(ALL) ALL after root ALL=(ALL) ALL so it looks like this:


1:  ...  
2:  root    ALL=(ALL)    ALL  
3:  gitlab    ALL=(ALL)    ALL  
4:  ...  


Do not edit anything else!!!

After another two gems we are finished with the gem stuff:


1:  gem install ruby-debug19  
2:  gem install charlock_holmes  


We now switch to our gitlab user and we won't use our root account anymore:


1:  su gitlab  


Get the GitLab software:


1:  cd && git clone git://github.com/gitlabhq/gitlabhq.git  
2:  cd gitlabhq  


We're nearly done. Next we bundle our application.


1:  bundle install  


GitLab will use a MySQL database (in our case), which we need to install and start:


1:  yum -y install mysql-server  
2:  /etc/init.d/mysqld start  


To configure the MySQL server easily we use:


1:  mysql_secure_installation  


Remember the password you type in for root!

We now connect to our database server to create a user for GitLab:


1:  mysql -u root -p # when prompted enter the root password you've chosen in mysql_secure_installation  


We now have a mysql shell. Mind the trailing ;!


1:  mysql> CREATE DATABASE gitlab CHARACTER SET UTF8;  
2:  mysql> GRANT ALL PRIVILEGES ON gitlab.* TO 'gitlabusr'@'localhost' IDENTIFIED BY 'supersecret' WITH GRANT OPTION;  
3:  mysql> quit  


Remember the password and username (here: gitlabusr and supersecret)!

To create the database a script is deployed with GitLab. However it needs an additional service to run:


1:  sudo nohup redis-server > /dev/null  


Enter the password you created for the gitlab user and hit CTRL+Z. Then type 


1:  bg  


The service is now running in background.

We now configure GitLab by copying the configurion files from example to real:


1:  cp ~/gitlabhq/config/database.yml.example ~/gitlabhq/config/database.yml  
2:  cp ~/gitlabhq/config/gitlab.yml.example ~/gitlabhq/config/gitlab.yml  

In database.yml you have to edit the production settings of your database (at the very top of the file). You have to change the database-name, username and password.

We will now create the database structure:


1:  RAILS_ENV=production rake db:setup  
2:  RAILS_ENV=production rake db:seed_fu  


To start the server we use


1:  bundle exec rails s -e production



That's it. We're done. All you have to do now, is set up your firewall and navigate to http://your-ip-or-domain:3000/ and log in with 

user: admin@local.host
pass: 5iveL!fe


Known Issues!

Commit message says something like "unknown encoding"

Please see "HTTP 500-Error when viewing "Files" in a repository".

HTTP 500-Error when viewing "Files" in a repository

It's possible, that charlock_holmes didn't install correctly. If this happens, install qt4 and make sure the binary is in your PATH. Then reinstall charlock_holmes and restart GitLab.

What now?

GitLab is now running using Thin. Thin is a web server, that is not recommended to run in production. Therefore it is recommended to use a web server like nginx or Apache!

Thanks!

Thanks to the team of gitlab and @premist!

49 comments:

  1. Nice post, however I'm having problems that I can't seem to resolve. I followed your post from top to bottom (although the difference is i'm installing on centos 5.8).

    1) I can add ssh keys but not remove them: I get "Application cant get access to your gitolite system."

    2) when i try to push a new project repo it asks me for git's password:
    git push origin master
    git@'s password:

    3) Under the resque page it says "0 of 0 workers working" ..what is that?

    Any way you can help me out?

    ReplyDelete
  2. Hi there,

    I'm currently very busy. I'll try to resolve your problem in the evening and will let you know.

    Thanks for reading,
    dlaxar

    ReplyDelete
  3. Hi again!

    1) Unfortunatly i can not reproduce this. Maybe you try to change the REPE_UMASK flag from 0077 to 0007.
    2) This probably solves when you can solve 1)
    3) Beats me. I'm not a ruby dev or gitlab dev. But I have the same and it works here...

    Greetings,
    dlaxar

    ReplyDelete
  4. Nice post, I managed to install everything and its all up and running!

    I've created several repositories through the interface, and also pushed an existing github repository to my new private server to test.

    I can clone, checkout, commit. Basically do everything with git.
    The only problem I'm facing is that I can't browse the repository through the admin.. it keeps telling me I need to push the repos first.

    Do you have any idea what I did wrong?

    ReplyDelete
    Replies
    1. hi

      the problem are the permissions. I forgot to mention them but I will do so as soon as I have time to do so. The permissions to the repo path of gitolite arent correctly set for giltlab. I think it fixes by changing the permissions of /home/git to 775.

      Delete
    2. Hey,

      have to ask this... You're sure about those permissions? Setting the dir permissions of /home/git to something less restrictive that 750 breaks passwordless ssh authentication.

      Delete
    3. Hi aaki!

      First of all thanks for contributing. I'm not very familiar with passwordless authentication. Maybe you can explain this to me, so I can correct any mistakes?

      Thanks in advance
      dlaxar

      Delete
  5. I figured out that I could fix it by doing this setting in /home/git/.gitolite.rc : $REPO_UMASK = 0007;

    ReplyDelete
    Replies
    1. Is this regarding the problem Jeroen mentioned?

      Delete
  6. [gitlab@vps gitlabhq]$ sudo bundle install
    Fetching gem metadata from http://rubygems.org/.......
    Fetching gem metadata from http://rubygems.org/..
    Fetching https://github.com/ctran/annotate_models.git
    error: SSL certificate problem, verify that the CA cert is OK. Details:
    error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://github.com/ctran/annotate_models.git/info/refs

    fatal: HTTP request failed
    Git error: command `git clone 'https://github.com/ctran/annotate_models.git' "/usr/local/lib/ruby/gems/1.9.1/cache/bundler/git/annotate_models-401833706b826d4490a7f6ad6c6c6b9bcbc85bd7" --bare --no-hardlinks` in directory /home/gitlab/gitlabhq has failed.



    any ideas? :)

    ReplyDelete
    Replies
    1. Hi Kevin!

      Sorry! I'm not very familiar with ruby and it's components so I've pretty much no idea what the problem here is. Seems like there is a problem establishing a HTTPS connection. Maybe try to clone from a https repo e.g. git clone https://github.com/dlaxar/jsFTP.git . If this does not work, you may need to install https packages on your machine.

      Delete
  7. Also you need qmake from qt-devel package to install capybara-webkit-0.10.1.gem

    ReplyDelete
    Replies
    1. Hi!

      Talking of 6.2 or 6.3? I installed exactly like this on 6.2 and installed neither the package nor the gem manually.

      Thanks for your help.
      dlaxar

      Delete
    2. It's possible you have to uninstall qt3

      Delete
    3. Hi tino!

      Hasn't happened to me but could be possible.

      Cheers

      Delete
    4. Hey guys,

      my statement was not precise.
      If you have your qt4 binaries in PATH all is fine. You don't have to unsinstall qt3!

      sorry

      Delete
    5. Hi there,

      Yes, I recently discovered this issue myself. I will update the post to reflect this issue. Thanks for reporting!

      Delete
  8. Installing qt-47-devel from the http://atrpms.net/ repositories worked on CentOS 6.3.

    -DA

    ReplyDelete
    Replies
    1. Hi!

      As the blog title says, this is for 6.2. I will refresh this post for 6.3 as soon as possible. Is this the only modification you had to make? If so at which point did you install it?

      Thanks for reading and your help.
      dlaxar

      Delete
    2. i got through the install on 6.3 by adding in
      yum install qt-devel qtwebkit-devel those can be installed at anytime.

      before running bundle install you must update your path to include the path to qmake

      I ran this on 64bit so it was:
      export PATH=$PATH:/usr/lib64/qt4/bin/
      then
      bundle install

      Delete
    3. Hi!

      Thanks for reading and contributing. I updated the post.

      Cheers,
      dlaxar

      Delete
  9. 1st.
    This is great threat! Thanks a lot dude.


    I have a problem with:

    1: su gitlab
    2: ssh git@localhost

    If i do that git wants a passwort. Are there may problems with the name in the pub file?

    What's up? Auth per publickey is enabled?
    I hope someone can help me on this, I hope ridiculous issue

    bye tino

    ReplyDelete
    Replies
    1. Thanks!

      Do you get an error message at
      gl-setup ~/gitlab.pub # this passes the admin key to gitolite
      ?

      If you get an error, check the permissions of the home folders and files. If this doesn't work try to uninstall selinux (should't be on a production server anyway).

      If you DONT get an error try the ssh-line like

      ssh -v git@localhost

      and email me the output (so we can keep the post clean) to
      i.dlaxar [AT] gmail.com

      Hope it helps

      Delete
    2. [SOLVED] - Thanks too!

      It was a permission problem!

      PS: Do you make some tests with Sparkleshare and GitLab?

      cheers

      Delete
    3. HI tino!

      Great you solved it. Which permissions exactly are you talking of?

      No, I did not test, but I'd love to read an article about it. Maybe you can share your tests if you plan to do some.

      Delete
    4. Hi dlaxar,

      It was a problem with the umask settings on a plain CentOS and allocate the keys for login of gitlab on git@localhost.

      Currently i work on a shell script who makes the hard work. It's surprisingly how different scripts in web are "fade away" on their work. I'm close to finish someone.

      cheers

      Delete
    5. HI tino!
      I have the same problem, can you help me with the details of you solution?
      thanks.

      Delete
    6. Hi Junlong Geng,

      have a look at your secure log file (in /var/log/secure.log).
      I also had a problem with the ssh command and for me it turned out that i had a permission problem on the home directory of the git user. So the solution might be a:
      chmod 700 /home/git

      Delete
  10. hi dlaxar, I am trying to setup gitlahq on centos 6.2 but I am confused when rake database, 1: RAILS_ENV=production rake db:setup this process like not responding .. :( .. can you tell me why? thank..

    ReplyDelete
  11. Thanks. nice post. I have them working fine now with one caveat.
    I have to prefix my repo with word "repositories" after 2 days of struggle with the following error:
    <-------------
    fatal: 'gitolite-admin.git' does not appear to be a git repository
    fatal: Could not read from remote repository.

    Please make sure you have the correct access rights
    and the repository exists.
    <-------------

    So, what i did is to write git clone as the following:

    git clone git@localhost:repositories/gitolite-admin.git

    and works fine.

    Can you help me so that i dont have to add the word 'repositories'?

    Thanks.

    ReplyDelete
    Replies
    1. Hi Hamid!

      Thanks for reading. I'm not a GitLab expert though, I'm just some guy trying to get it up and runnin'. Could you send me a copy of the /home/git/.gitolite.rc file per email (i.dlaxar [AT] gmail.com) so I can have a look where the source of the problem is (this file does not contain any secret data, there's nothing you need to worry about).

      Daniel

      Delete
    2. I have to recap that during writing the above comment I was way overstating it. It is actually 'fine' to git clone from gitolite-admin.git but when I get to the part adding users, I was not able to perform push. I will send you the .gitolite.rc. thanks.

      Delete
    3. Hi dlaxar,
      I have further fixed my problem. Now I am able to add user and clone testing.git with a newly added user. The problem arised because I had interchangebly refer your guide with installation guide in github.com/sitaramc/gitolite/README.txt which says

      gitolite/install -to $HOME/bin
      gitolite setup -pk YourName.pub

      Now reverted back and used the command you stated in the guide that is:

      gl-setup ~/gitlab.pub

      Now gitolite seems to work fine, except I am keep getting warning when cloning or pushing to gitolite, that is:

      Cloning into 'testing'...
      perl: warning: Setting locale failed.
      perl: warning: Please check that your locale settings:
      LANGUAGE = (unset),
      LC_ALL = (unset),
      LC_CTYPE = "UTF-8",
      LANG = (unset)
      are supported and installed on your system.
      perl: warning: Falling back to the standard locale ("C").
      warning: You appear to have cloned an empty repository.

      Appreciate if you could guide me further more. Thanks.

      Delete
    4. Hi!

      Thanks for reporting that issue and solving the other one! I looked around a bit and found this here: http://txzone.net/2011/10/fixing-perl-errors-when-using-gitolite-ssh-custom-locales/ Could this be your issue? Your .gitolite.rc seems to be correct.

      Hope this helps,
      Daniel

      Delete
  12. Hi dlaxar,

    Thanks for this post and I actually got gitlab working as pretty much a Linux noop. Took me a bit, because not all the necessary packages were installed. But I finally got there. Thanks to Google.:)

    One thing I can't get though. How do I start gitlab as a service under centos 6? The only way it will run right now is if I start "bundle exec rails s -e production" in a shell, then it works. But I'd like to run the whole thing when the server reboots. Is there a way to do this?

    Thanks!

    ReplyDelete
    Replies
    1. Hi there,

      First, sorry for my late reply. I'm pretty busy at the moment.

      Unfortunately, I never was able to accomplish that. If you find a way, please let me know so I can make it available for everybody.

      Thank you for commenting and contributing,
      Daniel

      Delete
  13. Hi dlaxar,

    Have you been able to push new repo by a new user your created via the admin user?
    I've spent a couple of days looking at this but to no success.

    ReplyDelete
  14. the line:

    bundle install

    should read

    sudo bundle install

    Otherwise the gitlab user might not have permission to write the gems

    ReplyDelete
  15. Last command , I think it's better to create a screen to do it. Other wise ,you can't close you SSH connection with your VPS. And you will get many log on the screen

    ReplyDelete
  16. I cannot use http method . When I use git remote add origin http://DOMAIN.COM/root/test2-project.git I see following error

    error: The requested URL returned error: 403 while accessing http://DOMAIN.COM/root/test2-project.git/info/refs?service=git-receive-pack
    fatal: HTTP request failed

    I added proper host entries . Is there anything to be done on the apache server ?

    ReplyDelete
    Replies
    1. Hi Aneesh,

      Unfortunately, I'm not an expert regarding git, gitolite or even apache.

      All I can tell you is that if I follow the setup above there was no need to configure an apache server.

      Most of the time HTTP 403 (http://en.wikipedia.org/wiki/HTTP_403) error problems are an issue with the permissions on the folder. Since your project lies in /root, a directory with originally very restrictive permissions this seems pretty likely to me.

      I hope I could help,
      Daniel

      Delete
  17. Hi Daniel,

    Thank you for the faster reply. When I changed the port number to 3000 I can connect and I can enter the user name and password. But seeing the following error message

    fatal: http://DOMAIN.COM:3000/root/test3.git/info/refs?service=git-receive-pack not found: did you run git update-server-info on the server?

    Do you have any idea what might be the problem ?

    Many Thanks
    Aneesh

    ReplyDelete
    Replies
    1. Hi Aneesh,

      Have you tried running git update-server-info

      That was my last guess, unfortunately.

      Good luck,
      Daniel

      Delete
  18. My folder structure is as below

    /home/gitlab/gitlabhq/
    /home/git/repositories

    ReplyDelete
  19. I need start bundle exec rails s -e production with service. Anyone?
    Thanks

    ReplyDelete
  20. can you please setup Gitlab on server? Let how much it will cost me? I am just tried to trying to install it.

    ReplyDelete
    Replies
    1. Hi there,

      unfortunately I don't have the resources to do so (I would if I had them...)

      Maybe try this: http://www.gitlab.com/cloud/

      Hope it helps,
      Daniel

      Delete