How To Install GitLab on Rocky Linux 9 / AlmaLinux 9

Version control/source control can be defined as tracking and managing the changes in software code. Version control systems, therefore, help one to track and manage these changes over time. This really helps in development as it allows the DevOps team to work smarter and faster, reducing the development time and increasing productivity. The most popular Version Control Software (VCS) are TFS, Mercurial, ClearCase, SVN, Git, Helix Core (Perforce) e.t.c

Git was first released in 2005 with the intention to help teams use the branches and merge to build a project. The Git version control feature allows multiple developers to work on the same project independently. It enables individuals to add changes separately while keeping track and logs. Git is so distinct from other version control systems in that, it doesn’t rely on a centrally stored database, but instead, uses a distributed system.

GitLab is an open-source web-based tool that provides a distributed version control platform. This tool supports software development using the Continuous Delivery(CD) and Continuous Integration(CI) processes and is therefore preferred by developers and companies to host Git repositories.

The features associated with GitLab are:

• Easy integration with Jenkins, Docker, Slack, Kubernetes, JIRA, LDAP e.t.c
• Integration with IDEs like Eclipse, Visual Studio, Koding, and IntelliJ
• On-premise or cloud-based installations
• Performance monitoring
• Repository mirroring and high availability (HA)
• Hosting static websites (GitLab Pages)
• Development Analytics
• Service Desk (ticketing system)
• ChatOp tool (Mattermost)
• Code Quality (Code Climate)
• Code Review functionality and Review Apps tool
• Issue management, bug tracking, and boards

GitLab offers two main editions:

• GitLab Community Edition (CE): this is a free edition
• GitLab Enterprise Edition (EE): requires a License to use. It builds on top of Git with advanced features that include LDAP group sync, multiple roles, and audit logs. It also provides authorization integration with deeper authentication.

This guide offers a detailed illustration of how to install and configure GitLab on Rocky Linux 9 / AlmaLinux 9

Setup Requirements

For this guide, you will require:

• 1GB or more of available RAM on the host
• A fully Qualified Domain name(For SSL certificates)
• User with sudo privileges

#1: Install Required Packages

We will begin by updating the available packages to their latest available versions:

sudo dnf -y update

Install the required package dependencies;

sudo dnf -y install curl vim policycoreutils python3-policycoreutils git

#2: Add the GitLab CE Repository on Rocky Linux 9 / AlmaLinux 9

GitLab is not provided on the default Rocky Linux 9 / AlmaLinux 9 repositories. To be able to install it, we need to add the official repository to our system.

To add the GitLab CE Repository on Rocky Linux 9 / AlmaLinux 9 use the command:

sudo vim /etc/yum.repos.d/gitlab_gitlab-ce.repo

Add the below lines to the file:

[gitlab_gitlab-ce]
name=gitlab_gitlab-ce
baseurl=https://packages.gitlab.com/gitlab/gitlab-ce/el/8/$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
       https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce-3D645A26AB9FBD22.pub.gpg
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

[gitlab_gitlab-ce-source]
name=gitlab_gitlab-ce-source
baseurl=https://packages.gitlab.com/gitlab/gitlab-ce/el/8/SRPMS
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
       https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce-3D645A26AB9FBD22.pub.gpg
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

Verify if the repository has been added:

$ dnf repolist
repo id                                repo name
appstream                              Rocky Linux 9 - AppStream
baseos                                 Rocky Linux 9 - BaseOS
extras                                 Rocky Linux 9 - Extras
gitlab_gitlab-ce                       gitlab_gitlab-ce
gitlab_gitlab-ce-source                gitlab_gitlab-ce-source

#3: Install GitLab CE on Rocky Linux 9 / AlmaLinux 9

Once the repositories have been added to the system, install GitLab CE on Rocky Linux 9 / AlmaLinux 9 as shown:

sudo dnf install gitlab-ce -y

Dependency Tree:

Transaction Summary
================================================================================
Install  1 Package

Total download size: 1.1 G
Installed size: 16 E
Is this ok [y/N]: y

Once the installation is complete, you will see this:

#4: Configure GitLab CE Rocky Linux 9 / AlmaLinux 9

GitLab stores its configuration file at /etc/gitlab/gitlab.rb, we need to edit the configuration to variables that suit our environment.

Open the file for editing:

sudo vim /etc/gitlab/gitlab.rb

In the file, edit the below variables:

external_url 'http://gitlab.example.com'

Replace gitlab.example.com with your domain name for GitLab. Scroll through and make any other desired configuration. Once complete, save the file and apply the changes using the command:

sudo gitlab-ctl reconfigure

Sample output:

Running handlers:
[2022-08-06T12:30:09+02:00] INFO: Running report handlers
Running handlers complete
[2022-08-06T12:30:09+02:00] INFO: Report handlers complete
Infra Phase complete, 605/1616 resources updated in 05 minutes 02 seconds

Notes:
Default admin account has been configured with following details:
Username: root
Password: You didn't opt-in to print initial root password to STDOUT.
Password stored to /etc/gitlab/initial_root_password. This file will be cleaned up in first reconfigure run after 24 hours.

NOTE: Because these credentials might be present in your log files in plain text, it is highly recommended to reset the password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.

gitlab Reconfigured!

Verify if GitLab is running:

$ sudo gitlab-ctl status
run: alertmanager: (pid 35396) 72s; run: log: (pid 35072) 168s
run: gitaly: (pid 35425) 67s; run: log: (pid 34222) 341s
run: gitlab-exporter: (pid 35373) 74s; run: log: (pid 34861) 201s
run: gitlab-kas: (pid 35350) 76s; run: log: (pid 34540) 308s
run: gitlab-workhorse: (pid 35362) 75s; run: log: (pid 34711) 230s
run: grafana: (pid 35408) 71s; run: log: (pid 35260) 105s
run: logrotate: (pid 34114) 355s; run: log: (pid 34122) 354s
run: nginx: (pid 34754) 226s; run: log: (pid 34764) 222s
run: node-exporter: (pid 35369) 75s; run: log: (pid 34825) 212s
run: postgres-exporter: (pid 35402) 71s; run: log: (pid 35120) 161s
run: postgresql: (pid 34376) 321s; run: log: (pid 34397) 319s
run: prometheus: (pid 35380) 74s; run: log: (pid 35019) 178s
run: puma: (pid 34618) 249s; run: log: (pid 34626) 246s
run: redis: (pid 34160) 349s; run: log: (pid 34169) 347s
run: redis-exporter: (pid 35375) 74s; run: log: (pid 34890) 189s
run: sidekiq: (pid 34646) 243s; run: log: (pid 34662) 240s

You can stop and start Gitlab using the commands:

sudo gitlab-ctl stop
sudo gitlab-ctl start

Allow the HTTP/HTTPS and SSH services through the firewall:

sudo firewall-cmd --permanent --add-service={ssh,http,https} --permanent
sudo firewall-cmd --reload

#5: Access GitLab Web Console

Gitlab can now be accessed using the provided URL http://gitlab.example.com. Obtain the root password using the command:

$ sudo cat /etc/gitlab/initial_root_password
# WARNING: This value is valid only in the following conditions
#          1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run).
#          2. Password hasn't been changed manually, either via UI or via command line.
#
#          If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.

Password: w5hNDOCgqHmv+ZNMdfeOcgzNAEXlh39bbloli3jVpBA=

# NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.

Now sign in as shown:

On successful login, you will see the below dashboard. Set if you want the account to be used by everyone or for personal use by disabling/enabling user sign up

Now change the root password to a preferred password in the Admin Area.

Once set, create a new project by clicking on “New Project“.

There are 3 options provided, create a blank project, import, or create using a template.

For this guide, I will use a template;

Once the project has been created, It will appear as shown below:

From the command-line, you can clone into the repo using SSH keys or HTTP/HTTPS. For example, using HTTP:

#6: Secure GitLab with SSL Certificates

Securing GitLab with SSL prevents unauthorized access to your data. This can be done by generating self-signed or Let’s Encrypt certificates as shown.

Option 1 – Generate Self-Signed Certificates

Using OpenSSL, generate the private key:

openssl genrsa -out gitlab.key 2048

Create a certificate signing request(CSR);

openssl req -new -key gitlab.key -out gitlab.csr

Now sign the certificate:

openssl x509 -req -days 3650 -in gitlab.csr -signkey gitlab.key -out gitlab.crt

Now you will have a key pair generated, copy the keys to /etc/gitlab/trusted-certs

sudo mkdir /etc/gitlab/ssl/
sudo cp gitlab.crt gitlab.key /etc/gitlab/ssl/

Option 2 – Generate Let’s Encrypt certificates

If you have a Fully Qualified Domain Name, you can use Let’s Encrypt for free. By default this is disabled as seen in screenshot below.

Edit your GitLab configuration file.

sudo vim /etc/gitlab/gitlab.rb

Around line 2481, uncomment Let’s Encrypt lines.

letsencrypt['enable'] = true
letsencrypt['contact_emails'] = ['[email protected]'] # This should be an array of email addresses to add as contacts
letsencrypt['auto_renew'] = true

Generate the Trusted SSL certificates for the domain name:

sudo gitlab-ctl reconfigure

Configure GitLab to use the SSL Certificates

For GitLab to use the generated certificates, edit the config file:

sudo vim /etc/gitlab/gitlab.rb

Make the below changes and provide the certificate paths appropriately:

external_url 'https://gitlab.example.com'

################################################################################
## GitLab NGINX
##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
################################################################################

nginx['enable'] = true
nginx['redirect_http_to_https'] = true

For Self-signed certificates, provide certs path:

nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.key"

Save the file and reconfigure the GitLab;

sudo gitlab-ctl reconfigure

Access GitLab using HTTPS

Voilà!

That marks the end of this detailed guide on how to install and configure GitLab on Rocky Linux 9 / AlmaLinux 9. I hope this was important to you.

See more:

• Resolve “Url is blocked: Requests to the local network are not allowed” GitLab Error
• Migrating GitLab from RHEL 6 TO RHEL 7/CentOS 7
• Install and Configure GitLab CE on Debian
• Install GitLab on Rocky Linux 8 With Let’s Encrypt