https://docs.gitlab.com/omnibus/docker/
安装
# 确保 /export 存在
mkdir -p /export/docker-data-gitlab/{config, logs, data}
gitlabtag=
# create
domainName=
docker pull gitlab/gitlab-ce:${gitlabtag}
docker run --detach --hostname ${domainName} --publish 443:443 --publish 80:80 --publish 2222:22 --name gitlab --restart always --volume /export/docker-data-gitlab/config:/etc/gitlab --volume /export/docker-data-gitlab/logs:/var/log/gitlab --volume /export/docker-data-gitlab/data:/var/opt/gitlab gitlab/gitlab-ce:${gitlabtag}
# start
docker start gitlab
# stop
docker stop gitlab
基本配置
# configure
# https://docs.gitlab.com/omnibus/settings/README.html
cp /export/docker-data-gitlab/config/gitlab.rb /export/docker-data-gitlab/config/gitlab.rb.bak
## /export/docker-data-gitlab/config/gitlab.rb
# 决定各个位置 url 链接内容
external_url 'http://${domainName}'
# 决定各个位置 ssh 链接内容
gitlab_rails['gitlab_shell_ssh_port'] = 2222
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = '[email protected]'
gitlab_rails['gitlab_email_display_name'] = 'GitLab Admin'
gitlab_rails['gitlab_email_reply_to'] = '[email protected]'
gitlab_rails['gitlab_email_subject_suffix'] = 'GitLab'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.gmail.com"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "[email protected]"
gitlab_rails['smtp_password'] = ""
gitlab_rails['smtp_domain'] = "smtp.gmail.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = false
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
备份配置
备份到AWS-S3,role 授权
## /export/docker-data-gitlab/config/gitlab.rb
gitlab_rails['backup_upload_connection'] = {
'provider' => 'AWS',
'region' => '<region-id>',
#'aws_access_key_id' => 'AKIAKIAKI',
#'aws_secret_access_key' => 'secret123'
# If using an IAM Profile, don't configure aws_access_key_id & aws_secret_access_key
'use_iam_profile' => true
}
# 备份到S3上的根路径 bucket/Path
gitlab_rails['backup_upload_remote_directory'] = '<桶名>/backup/gitlab'
# s3策略
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::<桶名>",
"arn:aws:s3:::<桶名>/backup/gitlab/*"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*"
}
]
}
备份到阿里云-OSS,AK授权,暂不支持 role 授权
## /export/docker-data-gitlab/config/gitlab.rb
gitlab_rails['backup_upload_connection'] = {
'provider' => 'aliyun',
'aliyun_accesskey_id' => 'AK123',
'aliyun_accesskey_secret' => 'secret123',
'aliyun_oss_bucket' => '<桶名>',
'aliyun_region_id' => '<region-id>',
'aliyun_oss_endpoint' => 'http://oss-<region-id>-internal.aliyuncs.com'
}
gitlab_rails['backup_upload_remote_directory'] = 'backup/gitlab'
⚠️
需要注意的是,截止 fog-aliyun: 0.3.19 版本,aliyun_oss_endpoint 指定内网地址的时候,依然走的是公网的 endpoint,会消耗公网流量
https://gitlab.com/gitlab-org/gitlab/-/blob/da46c9655962df7d49caef0e2b9f6bbe88462a02/Gemfile#L122
https://rubygems.org/gems/fog-aliyun
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"oss:*"
],
"Resource": [
"acs:oss:*:*:<桶名>/backup/gitlab/*"
]
},
{
"Effect": "Allow",
"Action": [
"oss:Get*",
"oss:List*"
],
"Resource": "*"
}
]
}
备份计划,触发备份
- 阿里云 (role授权)
# 配置 role 到服务器上
cat > /etc/profile.d/ecs_role.sh << EOF
Region=`curl -sq http://100.100.100.200/latest/meta-data/region-id`
ramRoleName=`curl -sq http://100.100.100.200/latest/meta-data/ram/security-credentials/`
aliyun configure set --profile ecsRamRoleProfile --mode EcsRamRole --ram-role-name ${ramRoleName} --region ${Region}
EOF
添加脚本到crontab
#!/bin/bash
source /etc/profile.d/ecs_role.sh
Region=`curl -sq http://100.100.100.200/latest/meta-data/region-id`
Endpoint="http://oss-${Region}-internal.aliyuncs.com"
basedir=`cd "$(dirname "$0")"; pwd`
cd $basedir
Time=`date +%Y%m%d`
docker exec -t gitlab gitlab-backup create
tar zcf ${Time}.config.tar.gz /export/docker-data-gitlab/config
aliyun oss cp ${Time}.config.tar.gz oss://桶名/backup/gitlab/ -e ${Endpoint} --force
-
aws (role授权)
添加脚本到crontab
#!/bin/bash
basedir=`cd "$(dirname "$0")"; pwd`
cd $basedir
Time=`date +%Y%m%d`
docker exec -t gitlab gitlab-backup create
tar zcf ${Time}.config.tar.gz /export/docker-data-gitlab/config
aws s3 cp ${Time}.config.tar.gz s3://桶名/backup/gitlab/
重载配置服务
docker exec -it gitlab gitlab-ctl reconfigure
升级
大版本升级可能失败,特别是数据库也升级的情况下
docker stop gitlab
docker rm gitlab
gitlabtag=
domainName=
docker pull gitlab/gitlab-ce:${gitlabtag}
docker run --detach --hostname ${domainName} --publish 443:443 --publish 80:80 --publish 2222:22 --name gitlab --restart always --volume /export/docker-data-gitlab/config:/etc/gitlab --volume /export/docker-data-gitlab/logs:/var/log/gitlab --volume /export/docker-data-gitlab/data:/var/opt/gitlab gitlab/gitlab-ce:${gitlabtag}
Oauth
GitLab authentication and authorization | GitLab
大问题
暂无
其它
若没有直接采用oss作为存储路径,即本地压缩后,再用脚本上传
#!/bin/bash
basedir=`cd "$(dirname "$0")"; pwd`
# 确定gitlab备份文件地址
mv /path/to/backup/*backup.tar ${basedir}/
ls ${basedir}/*.tar | awk -F '/|_' '{print $4}' | while read line;do
Old7day=`date -d "-7 days" "+%s"`
if [ $line -lt $Old7day ];then
rm -rf ${basedir}/${line}*.tar && echo "Delete old7day file ${basedir}/${line}*.tar"
fi
done
cd ~ && source ${basedir}/role.conf
Region=`curl -sq http://100.100.100.200/latest/meta-data/region-id`
Endpoint="http://oss-${Region}-internal.aliyuncs.com"
BucketName=<存储桶>
echo "Start: `date "+%Y%m%d %H%M%S"` --> oss://${BucketName}/backup/"
aliyun oss sync ${basedir}/ oss://${BucketName}/backup/ --exclude='*.log' --update --delete --force -e ${Endpoint} --checkpoint-dir=/tmp/ossutil_checkpoint --output-dir=/tmp/ossutil_output
echo "End: `date "+%Y%m%d %H%M%S"` --> oss://${BucketName}/backup/"