简介:
gitlab现用版本为12.10.14由于版本漏洞,需升级为14 版本的gitlab,操作流程如下,通过docker-composer 启动gitlab,实现http,https,ssh访问和拉取代码.由于gitlab不可以直接升级到最新版本,故需要按gitlab官方升级流程进行升级(不可回退版本,回退版本会造成状态码:500报错)12.10.14--->13.0.14--->13.1.11--->13.8.8--->13.12.15--->14.0.12 操作步骤如下
1. 数据备份
进入正在运行的gitlab中备份数据信息。
gitlab-rake gitlab:backup:create
备份位置可在/etc/gitlab.rb中进行配置
2. 编写docker-composer.yaml
version: '3.7'
services:
gitlab:
image: 'gitlab/gitlab-ce:14.0.12-ce.0' #升级修改版本号
restart: always
hostname: 'gitlabs'
container_name: cs-gitlab
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://gitlab.域名.com'
ports:
- '9080:80'
- '9443:443'
- '9022:22'
volumes:
- '/data/cs-gitlab/config:/etc/gitlab'
- '/data/cs-gitlab/logs:/var/log/gitlab'
- '/data/cs-gitlab/data:/var/opt/gitlab'
启动服务
docker-compose up -d
3. 导入数据
sudo mv /data/gitlab/srv/gitlab/data/backups/1649333339_2022_04_07_12.10.14_gitlab_backup.tar /data/cs-gitlab/data/backups
docker exec -it cs-gitlab bash #进入容器
gitlab-rake gitlab:backup:restore #选择yes
备份位置可在/etc/gitlab.rb中进行配置
4. 代理配置
server {
listen 80;
server_name gitlab.域名.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
server{
listen 443;
server_name gitlab.域名.com;
client_max_body_size 10M;
ssl on;
ssl_certificate /etc/nginx/cert/tuyi.crt;
ssl_certificate_key /etc/nginx/cert/tuyi.key;
access_log /etc/nginx/logs/gitlabs/access.log main;
error_log /etc/nginx/logs/gitlabs/error.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass https://10.144.69.25:9443;
}
}
5. 版本升级
docker exec -it cs-gitlab bash #进入容器
gitlab-ctl stop #停止gitlab服务
exit #退出容器
docker stop cs-gitlab #停止容器
docker rm cs-gitlab #删除
修改docker-composer.yaml中的images
每次版本升级需登陆账号查看当前服务是否正确
6. 升级之后迁移原gitlab配置文件
cd /data/cs-gitlab/config
mv gitlab.rb{,.bak}
mv gitlab-secrets.json{,.bak}
cd /data/gitlab/srv/gitlab/config
cp -pr ./gitlab.rb ./gitlab-secrets.json /data/cs-gitlab/config/
7.报错解决
7.1 状态码502
vim /etc/gitlab/gitlab.rb
# 设置服务响应URL
external_url 'http://ip:9080'
unicorn['listen'] = 'localhost'
# 设置监听端口
unicorn['port'] = 8080
重启服务即可
7.2 升级版本后
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:Udn6FJ6raK9NUCOBmHOUON3xiwXpZVgFZobNmMJ6lFg.
Please contact your system administrator.
Add correct host key in /Users/renteng/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/renteng/.ssh/known_hosts:1
ECDSA host key for gitlab.intviu.cn has changed and you have requested strict checking.
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
删除/Users/renteng/.ssh/known_hosts下第一行信息