一、说明
系统版本:Centos7.5
Gitlab版本:10.8.7
#查看gitlab版本号:
cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
二、安装Gitlab
2.1 配置安装源
vim /etc/yum.repos.d/gitlab-ce.repo [gitlab-ce] name=gitlab-ce baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/ Repo_gpgcheck=0 Enabled=1 Gpgkey=https://packages.gitlab.com/gpg.ke
2.2 安装gitlab
yum makecache yum install -y gitlab-ce-10.8.7 --nogpgcheck
说明:配置文件路径:/etc/gitlab,主程序路径:/opt/gitlab
三、迁移Gitlab数据
3.1 复制配置文件
把原主机的数据配置文件复制到新服务器相对应的位置。
/etc/gitlab/gitlab.rb
/etc/gitlab/gitlab-secrets.json
说明:
gitlab.rb:该文件存储了配置(域名、邮件、LDAP、备份、白名单等)相关信息。
gitlab-secrets.json:该文件存储了 gitlab 的 db secret 信息
3.2 复制nginx证书
复制ssl证书到ssl目录下,需要新建该目录,保持和原服务器一样。
/etc/gitlab/ssl
3.3 备份数据
1)在原服务器上执行下面命令进行备份
gitlab-rake gitlab:backup:create
查看 /etc/gitlab/gitlab.rb 配置中对应的 gitlab_rails['backup_path'] 选项所指定的目录下,生成了类似 1567063064_2019_08_29_10.8.7_gitlab_backup.tar 文件。
2)复制该tar文件到新服务器的相同目录下
#新服务创建目录 mkdir -p /opt/data/gitlab/{backups,git-data}
#复制 tar 包文件到 backups 目录,并赋予权限 cd /opt/data/gitlab/backups chmod 777 1567063064_2019_08_29_10.8.7_gitlab_backup.tar
3.4 导入数据
在新服务器重新进行gitlab配置,同时进行数据恢复
1)先重新加载配置文件
gitlab-ctl reconfigure
2)导入数据
gitlab-rake gitlab:backup:restore BACKUP=1567063064_2019_08_29_10.8.7
BACKUP 对应的为gitlab备份tar包的版本号,其中需要输入两次 yes 进行确认。
3)重启服务
gitlab-ctl restart
既可以看到数据(项目、权限等)已经同步好了。
四、备份到阿里云OSS
4.1 编辑配置文件
gitlab内部集成了fog,可以当执行备份到本地完成后自动上传到阿里云OSS存储中。
编辑 /etc/gitlab/gitlab.rb 文件,添加如下内容:
gitlab_rails['backup_upload_connection'] = { 'provider' => 'aliyun', 'aliyun_accesskey_id' => 'LTAIif*******Mi8', 'aliyun_accesskey_secret' => 'lLuR9Bf*********f51v', 'aliyun_oss_endpoint' => 'http://oss-cn-zhangjiakou-internal.aliyuncs.com', 'aliyun_oss_bucket' => 'gitlab-backup', 'aliyun_oss_location' => 'oss-cn-zhangjiakou' } gitlab_rails['backup_upload_remote_directory'] = 'gitlab-backup'
说明:
fog有个bug,即使是 endpoint 为内网地址,仍旧走的是外网,并且 aliyun_oss_location 参数的值也无效;因为fog会用 ?location 方法调用OSS的api获取location,不会用这里指定的值,而且endpoint也是采用 endpoint = 'http://' + location + '.aliyuncs.com' 方式进行获取,所以走的还是外网。详情见文末链接。
解决:
手动拼接 location 值添加"-internal",走内网url。
vim /root/gitlab-patch/get_bucket_patch.rb 30c30 < location = XmlSimple.xml_in(ret.data[:body]) --- > location = XmlSimple.xml_in(ret.data[:body]) + "-internal"
vim /root/gitlab-patch/run-patch.sh #!/bin/bash patch /opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/fog-aliyun-0.2.0/lib/fog/aliyun/requests/storage/get_bucket.rb -i get_bucket_patch.rb
手动执行run-patch.sh脚本,会修改location值,强制走内网url。
4.2 验证备份
重载配置
gitlab-ctl reconfigure
执行备份
gitlab-rake gitlab:backup:create
等命令成功结束后,到阿里云的OSS桶中检查,就会发现备份文件已经自动上传了。
4.3 定时备份脚本
1)脚本
vim /opt/data/gitlab/backups/gitlab_backup.sh #!/bin/bash gitlab-rake gitlab:backup:create
#赋予执行权限
chmod +x /opt/data/gitlab/backups/gitlab_backup.sh
2)计划任务
crontab -e 0 3 * * * sh /opt/data/gitlab/backups/gitlab_backup.sh > /opt/data/gitlab/backups/gitlab_backup.log 2>&1
五、完整gitlab.rb内容
附:完整gitlab.rb内容
external_url 'https://git.wmq.com' gitlab_rails['gitlab_signup_enabled'] = 'true' gitlab_rails['gitlab_ssh_host'] = 'git.wmq.com' gitlab_rails['time_zone'] = 'Asia/Shanghai' gitlab_rails['gitlab_email_enabled'] = true gitlab_rails['gitlab_email_from'] = 'jira@te.cn' gitlab_rails['gitlab_email_display_name'] = 'Git Admin' gitlab_rails['gitlab_email_reply_to'] = 'noreply@tez.cn' gitlab_rails['gitlab_email_subject_suffix'] = '[Git]' gitlab_rails['ldap_enabled'] = true gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' main: # 'main' is the GitLab 'provider ID' of this LDAP server label: 'LDAP' host: '*.*.*.*' port: 389 uid: 'uid' bind_dn: 'cn=manager,dc=tech,dc=te,dc=cn' password: '*******' method: 'plain' # "tls" or "ssl" or "plain" verify_certificates: true active_directory: false allow_username_or_email_login: true lowercase_usernames: false block_auto_created_users: false base: 'ou=员工,dc=tech,dc=te,dc=cn' user_filter: '' attributes: username: ['uid', 'userid', 'sAMAccountName'] email: ['mail', 'email', 'userPrincipalName'] name: 'sn' EOS gitlab_rails['backup_path'] = "/opt/data/gitlab/backups" gitlab_rails['backup_keep_time'] = 108000 gitlab_rails['backup_upload_connection'] = { 'provider' => 'aliyun', 'aliyun_accesskey_id' => 'LTAIi******Mi8', 'aliyun_accesskey_secret' => 'lLuR9Bf*********oAuRf51v', 'aliyun_oss_endpoint' => 'http://oss-cn-zhangjiakou-internal.aliyuncs.com', 'aliyun_oss_bucket' => 'gitlab-backup', 'aliyun_oss_location' => 'oss-cn-zhangjiakou' } gitlab_rails['backup_upload_remote_directory'] = 'gitlab-backup' git_data_dirs({"default" => "/opt/data/gitlab/git-data"}) gitlab_rails['rack_attack_git_basic_auth'] = { 'enabled' => true, 'ip_whitelist' => ["127.0.0.1","172.16.5.84","172.16.1.4"], 'maxretry' => 300, 'findtime' => 5, 'bantime' => 60 } gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "smtp.mxhichina.com" gitlab_rails['smtp_port'] = 465 gitlab_rails['smtp_user_name'] = "jira@te.cn" gitlab_rails['smtp_password'] = "********" gitlab_rails['smtp_domain'] = "mxhichina.com" gitlab_rails['smtp_authentication'] = "login" gitlab_rails['smtp_enable_starttls_auto'] = true gitlab_rails['smtp_tls'] = true nginx['enable'] = true nginx['redirect_http_to_https'] = true nginx['ssl_certificate'] = "/etc/gitlab/ssl/git.wmq.com.pem"
说明:backup_keep_time 为本地备份文件(/opt/data/gitlab/backups)存储的时间
参考:
https://www.jianshu.com/p/bb25ff793000
https://github.com/fog/fog-aliyun
https://github.com/fog/fog-aliyun/pull/49/commits/0d41a79002cb9e31abbe79f2f000b3e32bfa9cc6#diff-8916bdbc10151c173c1caf5d6ddeb17a
https://github.com/fog/fog-aliyun/blob/master/lib/fog/aliyun/requests/storage/get_bucket.rb
265
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
