Jenkins+Ansible+Gitlab自动化部署三剑客

systemctl stop firewalld
systemctl disable firewalld

vim /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

改为SELINUX=disabled，然后重启服务器，使用getenforce进行验证

yum install curl policycoreutils openssh-server openssh-clients postfix

curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash

systemctl start postfix
systemctl enable postfix

yum install -y gitlab-ce

mkdir /etc/gitlab/ssl
cd /etc/gitlab/ssl
openssl genrsa -out /etc/gitlab/ssl/gitlab.example.com.key 2048
openssl req -new -key "gitlab.example.com.key" -out "gitlab.example.com.csr"
openssl x509 -req -days 3650 -in "gitlab.example.com.csr" -signkey "gitlab.example.com.key" -out "gitlab.example.com.crt"
openssl dhparam -out dhparams.pem 2048
chmod 600 *

vim /etc/gitlab/gitlab.rb

external_url ‘https://gitlab.example.com‘
//external_url ‘https://192.168.71.128‘

nginx[‘redirect_http_to_https‘] = true nginx[‘ssl_certificate‘] = "/etc/gitlab/ssl/gitlab.example.com.crt" nginx[‘ssl_certificate_key‘] = "/etc/gitlab/ssl/gitlab.example.com.key" nginx[‘ssl_dhparam‘] = "/etc/gitlab/ssl/dhparams.pem" # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem

gitlab-ctl reconfigure

server {
  listen *:80;
  server_name gitlab.example.com;
  //server_name 192.168.71.128;

  rewrite ^(.*)$ https://$host$1 permanent;

  server_tokens off; ## Don‘t show the nginx version number, a security best practice