本次環境如下
新的gitlab 環境
操作系統:
Centos 7.6 x86_64
4.4.176-1.el7.elrepo.x86_64
# rpm -qa|grep kernel
kernel-lt-4.4.176-1.el7.elrepo.x86_64
kernel-lt-devel-4.4.176-1.el7.elrepo.x86_64
kernel-lt-tools-libs-4.4.176-1.el7.elrepo.x86_64
kernel-lt-headers-4.4.176-1.el7.elrepo.x86_64
kernel-lt-tools-4.4.176-1.el7.elrepo.x86_64
kernel-lt-doc-4.4.176-1.el7.elrepo.noarch
kernel-lt-tools-libs-devel-4.4.176-1.el7.elrepo.x86_64
Docker:
Server: Docker Engine - Community
Engine:
Version: 18.09.3
API version: 1.39 (minimum version 1.12)
Go version: go1.10.8
Git commit: 774a1f4
Built: Thu Feb 28 06:02:24 2019
OS/Arch: linux/amd64
Experimental: false
原始gitlab版本
# cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
11.3.0
部署在傳統物理機
升級遷移流程
舊gitlab備份 > 恢復至新環境的同版本gitlab > 驗證 > 升級新環境的gitlab > 驗證
找到相應gitlabt的docker版本
https://hub.docker.com
查找gitlab/gitlab-ce的官方製作版本11.3.0
docker pull gitlab/gitlab-ce:11.3.0-ce.0
創建相關目錄和docker數據卷
# mkdir -p /data/gitlab-backup
# mkdir -p /data/docker
# docker network create net_A
# docker volume create gitlab_config
# docker volume create gitlab_logs
# docker volume create gitlab_data
數據卷 | 容器位置 | 作用 |
---|---|---|
gitlab_data | /var/opt/gitlab | gitlab的數據存放,包括nginx,postgresql這些 |
gitlab_logs | /var/log/gitlab | 日誌存放 |
gitlab_config | /etc/gitlab | gitlab的主配置文件 |
/data/gitlab-backup | /data/gitlab-backup | 備份指令gitlab-rake gitlab:backup:create生成備份文件存放的目錄 |
docker-compose文件
version: "2.4"
networks:
net_A:
external: true
volumes:
gitlab_config:
external: true
gitlab_logs:
external: true
gitlab_data:
external: true
services:
ol-gitlab:
image: gitlab/gitlab-ce:11.3.0-ce.0
container_name: ol-gitlab
hostname: ol-gitlab
ports:
- "80:80"
- "443:443"
- "22:22"
networks:
- net_A
volumes:
- "/etc/localtime:/etc/localtime"
- "gitlab_config:/etc/gitlab"
- "gitlab_logs:/var/log/gitlab"
- "gitlab_data:/var/opt/gitlab"
- "/data/gitlab-backup:/data/gitlab-backup"
environment:
GITLAB_OMNIBUS_CONFIG: |
unicorn['worker_timeout'] = 60
unicorn['worker_processes'] = 3
unicorn['worker_memory_limit_min'] = "200 * 1 << 20"
unicorn['worker_memory_limit_max'] = "300 * 1 << 20"
sidekiq['concurrency'] = 10
external_url 'https://你的域名'
gitlab_rails['backup_path'] = "/data/gitlab-backup"
gitlab_rails['backup_keep_time'] = 1296000
gitlab_rails['time_zone'] = 'Asia/Shanghai'
gitlab_rails['backup_archive_permissions'] = 0644
gitlab_rails['gitlab_shell_ssh_port'] = 22
nginx['enable'] = true
nginx['client_max_body_size'] = '250m'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "你的公鑰"
nginx['ssl_certificate_key'] = "你的私鑰"
nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
nginx['ssl_prefer_server_ciphers'] = "on"
nginx['ssl_protocols'] = "TLSv1.1 TLSv1.2"
nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m"
nginx['listen_addresses'] = ["0.0.0.0"]
nginx['http2_enabled'] = true
postgresql['max_worker_processes'] = 8
postgresql['shared_buffers'] = "256MB"
mem_limit: 3096m
restart: always
user: root
相關說明:
官方建議unicorn['worker_processes']該值是等於CPU核心數+1,可以提高服務器的響應速度,如果內存只有4G,或者服務器上有其它業務,就不要改了,以免內存不足。另外,這個參數最小值是2,設爲1服務器可能會卡死,但如果您的內存已消耗過高,請根據業務自行調整,比如8G內存建議您調整4左右,優化是持續性的工作。
以下是官方翻譯過來的內容:
CPU
1核心CPU最多支持100個用戶,所有的workers和後臺任務都在同一個核心工作這將導致GitLab服務響應會有點緩慢。
2核心 支持500用戶,這也是官方推薦的最低標準。
4 核心支持2,000用戶。
8 核心支持5,000用戶。
16 核心支持10,000用戶。
32 核心支持20,000用戶。
64 核心支持40,000用戶。
如果想支持更多用戶,可以使用集羣式架構
Memory
安裝使用GitLab需要至少4GB可用內存(RAM + Swap)! 由於操作系統和其他正在運行的應用也會使用內存, 所以安裝GitLab前一定要注意當前服務器至少有4GB的可用內存. 少於4GB內存會導致在reconfigure的時候出現各種詭異的問題, 而且在使用過程中也經常會出現500錯誤.
1GB 物理內存 + 3GB 交換分區 是最低的要求,但我們 強烈反對 使用這樣的配置。 查看下面unicorn worker章節獲取更多建議。
2GB 物理內存 + 2GB 交換分區 支持100用戶,但服務響應會很慢。
4GB 物理內存 支持100用戶,也是 官方推薦 的配置。
8GB 物理內存 支持 1,000 用戶。
16GB 物理內存 支持 2,000 用戶。
32GB 物理內存 支持 4,000 用戶。
64GB 物理內存 支持 8,000 用戶。
128GB 物理內存 支持 16,000 用戶。
256GB 物理內存 支持 32,000 用戶。
如果想支持更多用戶,可以使用集羣式架構
即使你服務器有足夠多的RAM, 也要給服務器至少分配2GB的交換分區。 因爲使用交換分區可以在你的可用內存波動的時候降低GitLab出錯的機率。
注意: Sidekiq的25個workers在查看進程(top或者htop)的時候會發現它會單獨顯示每個worker,但是它們是共享內存分配的,這是因爲Sidekiq是一個多線程的程序。 詳細內容查看下面關於Unicorn workers 的介紹。
複製ssl證書至容器目錄
證書生成請參考其他文檔
複製到數據卷gitlab_data中
# cp -a ssl/ /data/docker_root_dir/volumes/gitlab_config/_data/
啓動gitlab容器
# docker-compose up -d
訪問全新安裝此版本是否正常
# docker exec ol-gitlab cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
11.3.0
請使用 此配置參數的網址進行訪問 external_url 'https://你的域名'
第一次登錄,會讓你重置密碼,最少8個字符。
默認用戶名爲root
備份原gitlab
查找備份設定的備份路徑
# cat /etc/gitlab/gitlab.rb |grep 'backup_path'
gitlab_rails['backup_path'] = "/data/gitlab-backup"
默認在/var/opt/gitlab/backups
備份指令(建議與開發約定時間,停止使用的情況下備份)
1.停止相關數據連接服務
# gitlab-ctl stop unicorn
ok: down: unicorn: 0s, normally up
# gitlab-ctl stop sidekiq
ok: down: sidekiq: 0s, normally up
2.備份數據
# gitlab-rake gitlab:backup:create
3.安全密鑰文件(重要)
/etc/gitlab/gitlab-secrets.json
否則會出現問題:https://gitlab.com/gitlab-org/gitlab-ce/issues/53465
需要一點時間,最後生成的文件
-rw-r--r-- 1 git git 11M Mar 14 10:41 1552531259_2019_03_14_11.3.0_gitlab_backup.tar
其中1552531259_2019_03_14_11.3.0爲備份的編號,恢復的時候用到。
備份恢復至新環境
1. 將備份好的文件 1552531259_2019_03_14_11.3.0_gitlab_backup.tar 和 gitlab-secrets.json複製至 gitlab_rails['backup_path'] = "/data/gitlab-backup" 設定的目錄中
2.停止相關數據連接服務
# docker exec -it ol-gitlab bash
# gitlab-ctl stop unicorn
ok: down: unicorn: 0s, normally up
# gitlab-ctl stop sidekiq
ok: down: sidekiq: 0s, normally up
3.恢復文件
# ls /data/gitlab-backup/
1552531259_2019_03_14_11.3.0_gitlab_backup.tar
# gitlab-rake gitlab:backup:restore BACKUP=1552531259_2019_03_14_11.3.0
Unpacking backup ... done
Before restoring the database, we will remove all existing
tables to avoid future upgrade problems. Be aware that if you have
custom tables in the GitLab database these tables and all data will be
removed.
在還原數據庫之前,我們將刪除所有現有的表以避免將來的升級問題。注意如果你有
Gitlab數據庫中的自定義表這些表和所有數據將被移除的。
Do you want to continue (yes/no)? yes
Removing all tables. Press `Ctrl-C` within 5 seconds to abort
Cleaning the database ...
done
Restoring database ...
...中間省略...
This will rebuild an authorized_keys file.
You will lose any data stored in authorized_keys file.
這將重建授權authorized_keys密鑰文件。您將丟失任何存儲在授權密鑰文件中的數據
Do you want to continue (yes/no)? yes
Deleting tmp directories ... done
done
done
done
done
done
done
done
4.恢復安全文件
# cp /data/gitlab-backup/gitlab-secrets.json /etc/gitlab/
5.重新啓動相關服務
# gitlab-ctl start unicorn
ok: run: unicorn: (pid 2711) 0s
# gitlab-ctl start sidekiq
ok: run: sidekiq: (pid 2803) 0s
6.登陸WEB頁面查看代碼是否存在
7. 帶驗證
重啓服務
# gitlab-ctl restart
ok: run: alertmanager: (pid 4983) 1s
ok: run: crond: (pid 4993) 0s
ok: run: gitaly: (pid 5001) 1s
ok: run: gitlab-monitor: (pid 5014) 0s
ok: run: gitlab-workhorse: (pid 5027) 0s
ok: run: logrotate: (pid 5039) 0s
ok: run: nginx: (pid 5045) 0s
ok: run: node-exporter: (pid 5053) 1s
ok: run: postgres-exporter: (pid 5058) 0s
ok: run: postgresql: (pid 5141) 1s
ok: run: prometheus: (pid 5150) 0s
ok: run: redis: (pid 5161) 0s
ok: run: redis-exporter: (pid 5166) 1s
ok: run: sidekiq: (pid 5173) 1s
ok: run: sshd: (pid 5180) 1s
ok: run: unicorn: (pid 5188) 0s
驗證指令
# gitlab-rake gitlab:check SANITIZE=true
Checking GitLab Shell ...
GitLab Shell version >= 8.3.3 ? ... OK (8.3.3)
Repo base directory exists?
default... yes
Repo storage directories are symlinks?
default... no
Repo paths owned by git:root, or git:git?
default... yes
Repo paths access is drwxrws---?
default... yes
hooks directories in repos are links: ...
3/1 ... repository is empty
5/2 ... ok
5/3 ... ok
5/6 ... ok
5/9 ... ok
5/10 ... ok
Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
Check GitLab API access: OK
Redis available via internal API: OK
Access to /var/opt/gitlab/.ssh/authorized_keys: OK
gitlab-shell self-check successful
Checking GitLab Shell ... Finished
Checking Sidekiq ...
Running? ... yes
Number of Sidekiq processes ... 1
Checking Sidekiq ... Finished
Reply by email is disabled in config/gitlab.yml
Checking LDAP ...
LDAP is disabled in config/gitlab.yml
Checking LDAP ... Finished
Checking GitLab ...
Git configured correctly? ... yes
Database config exists? ... yes
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config up to date? ... yes
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory exists? ... yes
Uploads directory has correct permissions? ... yes
Uploads directory tmp has correct permissions? ... yes
Init script exists? ... skipped (omnibus-gitlab has no init script)
Init script up-to-date? ... skipped (omnibus-gitlab has no init script)
Projects have namespace: ...
3/1 ... yes
5/2 ... yes
5/3 ... yes
5/6 ... yes
5/9 ... yes
5/10 ... yes
Redis version >= 2.8.0? ... yes
Ruby version >= 2.3.5 ? ... yes (2.4.4)
Git version >= 2.9.5 ? ... yes (2.18.0)
Git user has default SSH configuration? ... yes
Active users: ... 17
Checking GitLab ... Finished
升級gitlab至最新版本
停止容器
# docker container stop ol-gitlab
刪除容器
docker rm ol-gitlab
把docker-compose文件中
image: gitlab/gitlab-ce:11.3.0-ce.0
修改爲
image: gitlab/gitlab-ce
啓動容器
# docker-compose up -d
Creating ol-gitlab ... done