2017年6月14日 星期三

在 CentOS / RHEL 7 上架設 GitLab 服務(一)

學習目標:
  • 安裝 GitLab 套件,以利程式開發的版本控制!
操作流程:
  1. 安裝 GitLab 相關套件:
    # yum install curl openssh-server
    # systemctl enable sshd
    # systemctl start sshd
    # yum install postfix
    # systemctl enable postfix
    # systemctl start postfix
    # rpm -ivh https://packages.endpoint.com/rhel/7/os/x86_64/endpoint-repo-1.7-1.x86_64.rpm
    # yum install git
    # yum groupinstall "Development Tools"
    # yum install readline-devel zlib-devel libffi-devel libyaml-devel openssl-devel sqlite-devellibicu-devel
    # curl -sSL https://rvm.io/mpapis.asc | gpg --import -
    # curl -L get.rvm.io | bash -s stable
    # source /etc/profile.d/rvm.sh
    # rvm reload
    # rvm requirements run
    # rvm list known
    # rvm install 2.3.3
    # rvm use 2.3.3 --default
    # wget https://dl.yarnpkg.com/rpm/yarn.repo -O /etc/yum.repos.d/yarn.repo
    # yum install yarn
    # rpm --import https://mirror.go-repo.io/centos/RPM-GPG-KEY-GO-REPO
    # curl -s https://mirror.go-repo.io/centos/go-repo.repo | tee /etc/yum.repos.d/go-repo.repo
    # yum install golang
    # yum install nodejs
    # firewall-cmd --permanent --add-service=http
    # firewall-cmd --permanent --add-service=smtp
    # firewall-cmd --permanent --add-service=ssh
    # systemctl reload firewalld
    
  2. 新增 git 使用者:
    #useradd -s /sbin/nologin -c "GitLab" git
    
  3. 安裝資料庫,並且設定資料庫內容:
    # yum install postgresql postgresql-server postgresql-devel postgresql-contrib
    (其餘細節,請參考...)
    # su - postgres
    $psql
    postgres=# CREATE USER git CREATEDB;
    postgres=# ALTER USER git WITH PASSWORD 'git';
    postgres=# CREATE DATABASE gitlabhq_production OWNER git;
    postgres=# \c gitlabhq_production;
    gitlabhq_production=# CREATE EXTENSION IF NOT EXISTS pg_trgm;
    gitlabhq_production=#\q
    $ psql -U git -h 127.0.0.1 -d gitlabhq_production
    gitlabhq_production=> SELECT true AS enabled
    FROM pg_available_extensions
    WHERE name = 'pg_trgm'
    AND installed_version IS NOT NULL;
    
    PS:如果是自行安裝的 postgreSQL 套件,請記得製作超連結:ln -s /usr/pgsql-9.4/bin/p* /usr/local/bin
  4. 取得 GitLab 套件:
    # mkdir /opt/git
    # cd /opt/git
    # git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 9-2-stable gitlab
    # chown -R git /opt/git
    
  5. 編修相關設定檔:
    # cd /opt/git/gitlab
    # rvm install ruby-2.4.0
    # rvm use ruby-2.4.0 --default
    # cp config/gitlab.yml.example config/gitlab.yml
    # vim config/gitlab.yml
    (修改下列設定...)
    host: test.example.com
    email_enabled: false
    (存檔離開...)
    # cp config/secrets.yml.example config/secrets.yml
    # chmod 0600 config/secrets.yml
    # chown -R git log/
    # chown -R git tmp/
    # chmod -R u+rwX,go-w log/
    # chmod -R u+rwX tmp/
    # chmod -R u+rwX tmp/pids/
    # chmod -R u+rwX tmp/sockets/
    # sudo -u git -H mkdir public/uploads/
    # chmod 0700 public/uploads
    # chmod -R u+rwX builds/
    # chmod -R u+rwX shared/artifacts/
    # chmod -R ug+rwX shared/pages/
    # sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb
    # nproc
    # vim config/unicorn.rb
    (修改相對應的路徑,以及下列參數...)
    worker_processes 4
    # sudo -u git -H cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb
    # sudo -u git -H git config --global core.autocrlf input
    # sudo -u git -H git config --global gc.auto 0
    # sudo -u git -H git config --global repack.writeBitmaps true
    # sudo -u git -H cp config/resque.yml.example config/resque.yml
    # vim config/resque.yml
    (修改 redis server 相關設定,請參考...)
    # chmod 777 /tmp/redis.socket
    #sudo -u git cp config/database.yml.postgresql config/database.yml
    #vim config/database.yml
    (修改連線帳密資料...)
    sudo -u git -H chmod o-rwx config/database.yml
    
  6. 整合 Ruby 的設定,並進行安裝:
    # su - git
    $ cd /opt/git/gitlab
    $ gem uninstall bundler
    $ gem install bundler:1.14.6
    $ bundle install -j4 --deployment --without development test mysql aws kerberos
    
  7. 安裝與檢查 git-shell 設定:
    $ bundle exec rake gitlab:shell:install REDIS_URL=unix:/tmp/redis.sock RAILS_ENV=production SKIP_STORAGE_VALIDATION=true
    
    or
    $ bundle exec rake gitlab:shell:install REDIS_URL=redis://127.0.0.1:6379 AUTH=xxxxxx RAILS_ENV=production SKIP_STORAGE_VALIDATION=true
    
    $ vim /opt/git/gitlab-shell/config.yml
    
  8. 安裝與檢查 gitlab-workhorse 設定:
    $ bundle exec rake "gitlab:workhorse:install[/opt/git/gitlab-workhorse]" RAILS_ENV=production
    
  9. 初始化資料庫設定:
    $ vim /opt/git/gitlab/vendor/bundle/ruby/2.3.0/gems/redis-3.3.3/lib/redis/client.rb
    (修改 redis 的連線 ip , db , 以及密碼!)
    $ bundle exec rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD=git GITLAB_ROOT_EMAIL=root@localhost
    (記得回答 yes)
    
  10. 保存重要的密碼設定:
    $ cp config/secrets.yml /home/git/
    
  11. 部署重要的初始設定:
    # cp /opt/git/gitlab/lib/support/init.d/gitlab /etc/init.d/gitlab
    # vim /etc/init.d/gitlab
    (修改路徑目錄)
    # cp /opt/git/gitlab/lib/support/init.d/gitlab.default.example /etc/default/gitlab
    # vim /etc/default/gitlab
    (修改路徑目錄)
    # chkconfig --add gitlab
    # chkconfig --list gitlab
    
  12. 安裝 Gitaly:
    # su - git
    $ bundle exec rake "gitlab:gitaly:install[/opt/git/gitaly]" RAILS_ENV=production
    $ chmod 0700 /opt/git/gitlab/tmp/sockets/private
    $ chown git /opt/git/gitlab/tmp/sockets/private
    $ cd /opt/git/gitaly
    $ vim config.toml
    
  13. 設定轉檔功能:
    $ exit
    # cp /opt/git/gitlab/lib/support/logrotate/gitlab /etc/logrotate.d/gitlab
    # vim /etc/logrotate.d/gitlab
    (修改路徑目錄)
    
  14. 確認應用程式目前的狀態:
    # su - git
    $ bundle exec rake gitlab:env:info RAILS_ENV=production
    
  15. 其它設定:
    $ yarn install --production --pure-lockfile
    $ bundle exec rake gitlab:assets:compile RAILS_ENV=production NODE_ENV=production
    bundle exec rake gettext:compile RAILS_ENV=production
    
  16. 啟動 GitLab 服務:
    # service gitlab start
    
  17. 使用 Nginx 服務:
    # yum install -y nginx
    # cp /opt/git/gitlab/lib/support/nginx/gitlab /etc/nginx/conf.d/gitlab.conf
    # vim /etc/nginx/conf.d/gitlab.conf
    (修改至符合的項目...)
    

    參考文獻:
  • https://about.gitlab.com/installation/
  • https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md
  • https://docs.gitlab.com/ce/install/installation.html
  • https://www.theshell.guru/install-ruby-2-4-centos-7-3/
  • https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/install/installation.md

2017年6月7日 星期三

在 CentOS 7 / RHEL 7上,安裝 LibreNMS 服務

學習目標:
  • 安裝 LibreNMS 套件,以利監控系統狀況!
操作流程:
  1. 安裝 DataBase 相關套件:
    # yum install mariadb-server mariadb
    # systemctl start mariadb
    # firewall-cmd --permanent --add-service=mysql
    # firewall-cmd --reload
    # mysql_secure_installation
    
  2. 建立 DataBase 內容:
    # mysql -uroot -p
    MariaDB [(none)]> CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;
    MariaDB [(none)]> CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'password';
    MariaDB [(none)]> GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
    MariaDB [(none)]> FLUSH PRIVILEGES;
    MariaDB [(none)]> exit;
    
  3. 設定 DataBase 相關參數內容:
    # vim /etc/my.cnf.d/server.cnf
    (只新增必要的..)
    [mysqld]
    innodb_file_per_table=1
    sql-mode=""
    :
    
  4. 設定 DataBase 啟動:
    # systemctl enable mariadb  
    # systemctl restart mariadb
    
  5. 安裝與設定 Apache 與相關套件:
    # yum install epel-release
    # rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
    # rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
    
    # yum install php70w php70w-cli php70w-gd php70w-mysql php70w-snmp php70w-pear php70w-curl php70w-common httpd net-snmp mariadb ImageMagick jwhois nmap mtr rrdtool MySQL-python net-snmp-utils cronie php70w-mcrypt fping git
    
    # pear install Net_IPv4-1.3.4
    # pear install Net_IPv6-1.2.2b2
    
  6. 編修 php.ini 時區設定值:
    #vim /etc/php.ini
    date.timezone = "Asia/Taipei"
    
  7. 在系統上新增 LibreNMS 的專屬使用者:
    # useradd librenms -d /opt/librenms -M -r
    # usermod -a -G librenms apache
    
  8. 下載 LibreNMS 套件:
    # cd /opt
    # git clone https://github.com/librenms/librenms.git librenms
    
  9. 設定 Web 站台相關設定:
    #cd /opt/librenms
    #mkdir rrd logs
    #chmod 775 rrd
    # vim /etc/httpd/conf.d/librenms.conf
    <VirtualHost *:80>
      DocumentRoot /opt/librenms/html/
      ServerName  librenms.example.com
      CustomLog /opt/librenms/logs/access_log combined
      ErrorLog /opt/librenms/logs/error_log
      AllowEncodedSlashes NoDecode
      <Directory "/opt/librenms/html/">
        Require all granted
        AllowOverride All
        Options FollowSymLinks MultiViews
      </Directory>
    </VirtualHost>
  10. 更動 SELinux 設定:
    # yum install policycoreutils-python
    # semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/logs(/.*)?'
    # semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/logs(/.*)?'
    # restorecon -RFvv /opt/librenms/logs/
    # setsebool -P httpd_can_sendmail=1
    # setsebool -P httpd_can_network_connect=1
    
  11. 防火牆設定:
    # firewall-cmd --zone=public --add-service=http
    # firewall-cmd --permanent --zone=public --add-service=http
    
  12. 啟動 Apache:
    # systemctl enable httpd
    # systemctl restart httpd
    
  13. 利用 firefox 打開網頁:
    (網址:http://librenms.example.com)

    按下圖中的 Next Stage
  14. 輸入資料庫帳密:

    需要稍等一些時間,讓程式自動建立資料庫內相關表格!

    若無任何錯誤,即可新增使用者!
  15. 使用者新增之後,即可產生設定檔:

  16. 接下來的 config.php 檔案內容,可以手動建立:
    放置目錄 /opt/librenms/

    手動新增檔案後,即可按下 finish !
  17. 接下來即可登入系統:
  18. 登入畫面:

  19. 手動修正 config.php 內容:
    #vim /opt/librenms/config.php
    (加入下列設定...)
    $config['fping'] = "/sbin/fping";
    
  20. 修改 SNMP 設定參數:
    #cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
    #vim /etc/snmp/snmpd.conf
    (把 RANDOMSTRINGGOESHERE 改成你想要的名稱...)
    com2sec readonly  default    public # 原來是 RANDOMSTRINGGOESHERE
    syslocation Taipei, Taiwan # 原來是 Rack, Room, Building, City, Country [GPSX,Y]
    syscontact root@localhost # 原來是 Your Name 
    
  21. LibreNMS 官方很貼心的準備了一支 Shell Scripts 程式,用來偵作業系統平台,可裝可不裝:
    #curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
    #chmod +x /usr/bin/distro
    #systemctl restart snmpd
    #systemctl enable snmpd
    
  22. LibreNMS 官方也很貼心的準備了一個工作排程Shell Scripts 程式:
    #cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms
    
  23. LibreNMS 官方也很貼心的準備了一個轉檔的Shell Scripts 程式,用來轉出 logs 目錄下的記錄檔:
    #cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms
    
  24. 最後一些小動作:
    #chown -R librenms:librenms /opt/librenms
    #systemctl enable httpd mariadb
    #cd /opt/librenms
    #./validate.php
    
  25. 完成後,記得登入,將 localhost 作為你預設的第一個監控的主機!

    參考文獻:
  • http://docs.librenms.org/Installation/Installation-CentOS-7-Apache/#db-server
  • http://jasontools.blogspot.tw/2017/06/librenms-networkmanager-good.html