gitlab☞安装及备份

阅读量: zyh 2018-07-24 16:24:12
Categories: > Tags:

https://docs.gitlab.com/omnibus/docker/

https://hub.docker.com/r/gitlab/gitlab-ce

Upgrading GitLab | GitLab

安装

# 确保 /export 存在
mkdir -p /export/docker-data-gitlab/{config, logs, data}
gitlabtag=
# create
domainName=
docker pull gitlab/gitlab-ce:${gitlabtag}
docker run --detach   --hostname ${domainName}   --publish 443:443 --publish 80:80 --publish 2222:22   --name gitlab   --restart always   --volume /export/docker-data-gitlab/config:/etc/gitlab   --volume /export/docker-data-gitlab/logs:/var/log/gitlab   --volume /export/docker-data-gitlab/data:/var/opt/gitlab   gitlab/gitlab-ce:${gitlabtag}

# start
docker start gitlab

# stop
docker stop gitlab

基本配置

# configure
# https://docs.gitlab.com/omnibus/settings/README.html
cp /export/docker-data-gitlab/config/gitlab.rb /export/docker-data-gitlab/config/gitlab.rb.bak
## /export/docker-data-gitlab/config/gitlab.rb
# 决定各个位置 url 链接内容
external_url 'http://${domainName}'
# 决定各个位置 ssh 链接内容
gitlab_rails['gitlab_shell_ssh_port'] = 2222

gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'ew@xxx.com'
gitlab_rails['gitlab_email_display_name'] = 'GitLab Admin'
gitlab_rails['gitlab_email_reply_to'] = 'ew@xxx.com'
gitlab_rails['gitlab_email_subject_suffix'] = 'GitLab'

gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.gmail.com"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "ew@xxx.com"
gitlab_rails['smtp_password'] = ""
gitlab_rails['smtp_domain'] = "smtp.gmail.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = false
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'

备份配置

备份到AWS-S3,role 授权

## /export/docker-data-gitlab/config/gitlab.rb
gitlab_rails['backup_upload_connection'] = {
  'provider' => 'AWS',
  'region' => '<region-id>',
  #'aws_access_key_id' => 'AKIAKIAKI',
  #'aws_secret_access_key' => 'secret123'
  # If using an IAM Profile, don't configure aws_access_key_id & aws_secret_access_key
  'use_iam_profile' => true
}
# 备份到S3上的根路径 bucket/Path 
gitlab_rails['backup_upload_remote_directory'] = '<桶名>/backup/gitlab'
# s3策略
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::<桶名>",
                "arn:aws:s3:::<桶名>/backup/gitlab/*"
            ]
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "*"
        }
    ]
}

备份到阿里云-OSS,AK授权,暂不支持 role 授权

## /export/docker-data-gitlab/config/gitlab.rb
gitlab_rails['backup_upload_connection'] = {
'provider' => 'aliyun',
'aliyun_accesskey_id' => 'AK123',
'aliyun_accesskey_secret' => 'secret123',
'aliyun_oss_bucket' => '<桶名>',
'aliyun_region_id' => '<region-id>',
'aliyun_oss_endpoint' => 'http://oss-<region-id>-internal.aliyuncs.com'
}
gitlab_rails['backup_upload_remote_directory'] = 'backup/gitlab'

⚠️

需要注意的是,截止 fog-aliyun: 0.3.19 版本,aliyun_oss_endpoint 指定内网地址的时候,依然走的是公网的 endpoint,会消耗公网流量

https://gitlab.com/gitlab-org/gitlab/-/blob/da46c9655962df7d49caef0e2b9f6bbe88462a02/Gemfile#L122
https://rubygems.org/gems/fog-aliyun

{
    "Version": "1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "oss:*"
            ],
            "Resource": [
                "acs:oss:*:*:<桶名>/backup/gitlab/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "oss:Get*",
                "oss:List*"
            ],
            "Resource": "*"
        }
    ]
}

备份计划,触发备份

  1. 阿里云 (role授权)
# 配置 role 到服务器上
cat > /etc/profile.d/ecs_role.sh << EOF
Region=`curl -sq http://100.100.100.200/latest/meta-data/region-id`
ramRoleName=`curl -sq http://100.100.100.200/latest/meta-data/ram/security-credentials/`
aliyun configure set --profile ecsRamRoleProfile  --mode EcsRamRole --ram-role-name ${ramRoleName} --region ${Region}
EOF

添加脚本到crontab

#!/bin/bash
source /etc/profile.d/ecs_role.sh
Region=`curl -sq http://100.100.100.200/latest/meta-data/region-id`
Endpoint="http://oss-${Region}-internal.aliyuncs.com"

basedir=`cd "$(dirname "$0")"; pwd`
cd $basedir
Time=`date +%Y%m%d`

docker exec -t gitlab gitlab-backup create
tar zcf ${Time}.config.tar.gz /export/docker-data-gitlab/config
aliyun oss cp ${Time}.config.tar.gz oss://桶名/backup/gitlab/ -e ${Endpoint} --force

  1. aws (role授权)

    添加脚本到crontab

#!/bin/bash
basedir=`cd "$(dirname "$0")"; pwd`
cd $basedir
Time=`date +%Y%m%d`

docker exec -t gitlab gitlab-backup create
tar zcf ${Time}.config.tar.gz /export/docker-data-gitlab/config
aws s3 cp ${Time}.config.tar.gz s3://桶名/backup/gitlab/

重载配置服务

docker exec -it gitlab gitlab-ctl reconfigure

升级

大版本升级可能失败,特别是数据库也升级的情况下

docker stop gitlab
docker rm gitlab
gitlabtag=
domainName=
docker pull gitlab/gitlab-ce:${gitlabtag}
docker run --detach --hostname ${domainName}  --publish 443:443 --publish 80:80 --publish 2222:22   --name gitlab   --restart always   --volume /export/docker-data-gitlab/config:/etc/gitlab   --volume /export/docker-data-gitlab/logs:/var/log/gitlab   --volume /export/docker-data-gitlab/data:/var/opt/gitlab   gitlab/gitlab-ce:${gitlabtag}

Oauth

GitLab authentication and authorization | GitLab

大问题

暂无

其它

若没有直接采用oss作为存储路径,即本地压缩后,再用脚本上传

#!/bin/bash
basedir=`cd "$(dirname "$0")"; pwd`

# 确定gitlab备份文件地址
mv /path/to/backup/*backup.tar ${basedir}/

ls ${basedir}/*.tar | awk -F '/|_' '{print $4}' | while read line;do
        Old7day=`date -d "-7 days" "+%s"`
        if [ $line -lt $Old7day ];then
              rm -rf ${basedir}/${line}*.tar && echo "Delete old7day file ${basedir}/${line}*.tar"
        fi
done
cd ~ && source ${basedir}/role.conf

Region=`curl -sq http://100.100.100.200/latest/meta-data/region-id`
Endpoint="http://oss-${Region}-internal.aliyuncs.com"
BucketName=<存储桶>

echo "Start: `date "+%Y%m%d %H%M%S"` --> oss://${BucketName}/backup/"
aliyun oss sync ${basedir}/ oss://${BucketName}/backup/ --exclude='*.log' --update --delete --force -e ${Endpoint} --checkpoint-dir=/tmp/ossutil_checkpoint --output-dir=/tmp/ossutil_output
echo "End: `date "+%Y%m%d %H%M%S"` --> oss://${BucketName}/backup/"