gitlab 服务器迁移

1 在新服务器安装相同版本的gitlab

1.1 安装gitlab

下载安装包并安装

rpm -ivh gitlab-ce-13.8.8-ce.0.el8.x86_64.rpm

提示少了个工具，安装一下

yum install -y policycoreutils-python

1.2 配置gitlab

修改配置文件 /etc/gitlab/gitlab.rb，也可以从旧服务器copy过来，我的简单，就修改4个地方：

域名，备份保存时间（单位秒），禁用letsencrypt，指定ssl证书

external_url 'https://xxx.com'

gitlab_rails[ backup_keep_time ] = 1209600

nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/xxx.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/xxx.key

letsencrypt['enable'] = false

启动配置，配置完成后，启动gitlab，即可访问

gitlab-ctl reconfigure
gitlab-ctl restart

2 在旧服务器备份文件

运行指令备份，结束后会提醒你有两个敏感文件没备份，需要手动处理： /etc/gitlab/gitlab.rb 和 /etc/gitlab/gitlab-secrets.json

gitlab-rake gitlab:backup:create

备份完成后文件在 /var/opt/gitlab/backup/ 目录下。

3 在新服务器恢复数据

3.1 停止gitlab的一些服务

gitlab-ctl stop nginx 
gitlab-ctl stop puma 
gitlab-ctl stop unicorn 
gitlab-ctl stop sidekiq

3.2 恢复数据

开始恢复，过程中需要有2次输入yes，修改文件权限是必须的

chmod 777 1719151987_2024_06_23_13.8.8_gitlab_backup.tar
gitlab-rake gitlab:backup:restore BACKUP=1719151987_2024_06_23_13.8.8

最后显示恢复成功

2024-06-24 13:25:36 +0800 -- done
2024-06-24 13:25:36 +0800 -- Restoring uploads ...
2024-06-24 13:25:37 +0800 -- done
2024-06-24 13:25:37 +0800 -- Restoring builds ...
2024-06-24 13:25:37 +0800 -- done
2024-06-24 13:25:37 +0800 -- Restoring artifacts ...
2024-06-24 13:25:37 +0800 -- done
2024-06-24 13:25:37 +0800 -- Restoring pages ...
2024-06-24 13:25:37 +0800 -- done
2024-06-24 13:25:37 +0800 -- Restoring lfs objects ...
2024-06-24 13:25:37 +0800 -- done
This task will now rebuild the authorized_keys file.
You will lose any data stored in the authorized_keys file.
Do you want to continue (yes/no)? yes

Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data
and are not included in this backup. You will need to restore these files manually.
Restore task is done.

3.3 恢复gitlab-secrets.json文件

将旧服务器的 /etc/gitlab/gitlab-secrets.json 文件替换到新服务器相同目录下。

gitlab-ctl reconfigure
gitlab-ctl restart

等待启动完成，即可在新的服务器上运行了。

3.4 设置自动备份

略

4 后遗症

4.1 本地要更新git服务器的公钥

当git服务器迁移成功后，网页访问完全没问题。迁移后从服务器拉取代码，提示公钥有误

$ git pull origin master
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:111111111111111111111111111111111111111.
Please contact your system administrator.
Add correct host key in /c/Users/xx/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /c/Users/xx/.ssh/known_hosts:2
Host key for git.safemarket.com.cn has changed and you have requested strict checking.
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

目前只能简单粗暴删除在 .ssh/knownhosts 保存的原来的公钥，然后接收新的公钥，就可以正常使用了。

$ git pull origin master
The authenticity of host 'git.xxx.com (11.114.13.5)' can't be established.
ED25519 key fingerprint is SHA256:111111111111111111111111111111111111111111.
This host key is known by the following other names/addresses:
    ~/.ssh/known_hosts:4: 11.114.13.5
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'git.xxx.com' (ED25519) to the list of known hosts.
remote: Enumerating objects: 13, done.
remote: Counting objects: 100% (13/13), done.
remote: Compressing objects: 100% (7/7), done.
remote: Total 8 (delta 5), reused 4 (delta 1), pack-reused 0
Unpacking objects: 100% (8/8), 900 bytes | 23.00 KiB/s, done.
From git.xxx.com:name/prj
 * branch            master     -> FETCH_HEAD
   f2ffe38..f69d181  master     -> origin/master
Updating f2ffe38..f69d181
Fast-forward
 Inc/app.h     | 2 +-
 Src/src.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)