GitLab

1 - GitLab配置文件

GitLab默认的配置文件路径：/etc/gitlab/

• /etc/gitlab/gitlab.rb：主配置文件，包含外部URL、仓库目录、备份目录等
• /etc/gitlab/gitlab-secrets.json：（执行gitlab-ctl reconfigure命令行后生成），包含各类密钥的加密信息

手工备份/etc/gitlab/的所有文件：cp -R /etc/gitlab/ <backup-path>

2 - 备份指令

备份指令不会备份配置文件，需要手动备份配置目录和相关文件。
默认的备份目录为 /var/opt/gitlab/backups/
以下是/etc/gitlab/gitlab.rb文件中Backup Settings部分的内容

   379  ### Backup Settings
   380  ###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html
   381  
   382  # gitlab_rails['manage_backup_path'] = true
   383  # gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
   384  
   385  ###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#backup-archive-permissions
   386  # gitlab_rails['backup_archive_permissions'] = 0644
   387  
   388  # gitlab_rails['backup_pg_schema'] = 'public'
   389  
   390  ###! The duration in seconds to keep backups before they are allowed to be deleted
   391  # gitlab_rails['backup_keep_time'] = 604800
   392  
   393  # gitlab_rails['backup_upload_connection'] = {
   394  #   'provider' => 'AWS',
   395  #   'region' => 'eu-west-1',
   396  #   'aws_access_key_id' => 'AKIAKIAKI',
   397  #   'aws_secret_access_key' => 'secret123'
   398  # }
   399  # gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
   400  # gitlab_rails['backup_multipart_chunk_size'] = 104857600
   401  
   402  ###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for
   403  ###!   backups**
   404  # gitlab_rails['backup_encryption'] = 'AES256'
   405  ###! The encryption key to use with AWS Server-Side Encryption.
   406  ###! Setting this value will enable Server-Side Encryption with customer provided keys;
   407  ###!   otherwise S3-managed keys are used.
   408  # gitlab_rails['backup_encryption_key'] = '<base64-encoded encryption key>'
   409  
   410  ###! **Specifies Amazon S3 storage class to use for backups. Valid values
   411  ###!   include 'STANDARD', 'STANDARD_IA', and 'REDUCED_REDUNDANCY'**
   412  # gitlab_rails['backup_storage_class'] = 'STANDARD'
   413  
   414  ###! Skip parts of the backup. Comma separated.
   415  ###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup
   416  #gitlab_rails['env'] = {
   417  #    "SKIP" => "db,uploads,repositories,builds,artifacts,lfs,registry,pages"
   418  #}

2.1 设置备份参数

[root@test102 ~]# vim /etc/gitlab/gitlab.rb
[root@test102 ~]# cat /etc/gitlab/gitlab.rb |grep -v "#" |grep -Ev '^$'
external_url 'http://192.168.16.102'
gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"  # 备份的目录
gitlab_rails['backup_archive_permissions'] = 0644  # 备份包（tar格式压缩包）的权限
gitlab_rails['backup_keep_time'] = 604800  # 备份的保留时间，单位是秒
unicorn['listen'] = '192.168.16.102'
unicorn['port'] = 8081
[root@test102 ~]# gitlab-ctl reconfigure  # 重载配置，使之生效
......
......
......
Running handlers:
Running handlers complete
Chef Client finished, 9/730 resources updated in 46 seconds
gitlab Reconfigured!
[root@test102 ~]# 
​

2.2 执行备份指令

[root@test102 ~]# ll /var/opt/gitlab/backups/
total 0
[root@test102 ~]# gitlab-rake gitlab:backup:create  # 备份数据
2019-11-27 16:12:08 +0800 -- Dumping database ... 
Dumping PostgreSQL database gitlabhq_production ... [DONE]
2019-11-27 16:12:10 +0800 -- done
2019-11-27 16:12:10 +0800 -- Dumping repositories ...
2019-11-27 16:12:10 +0800 -- done
2019-11-27 16:12:10 +0800 -- Dumping uploads ... 
2019-11-27 16:12:10 +0800 -- done
2019-11-27 16:12:10 +0800 -- Dumping builds ... 
2019-11-27 16:12:10 +0800 -- done
2019-11-27 16:12:10 +0800 -- Dumping artifacts ... 
2019-11-27 16:12:10 +0800 -- done
2019-11-27 16:12:10 +0800 -- Dumping pages ... 
2019-11-27 16:12:10 +0800 -- done
2019-11-27 16:12:10 +0800 -- Dumping lfs objects ... 
2019-11-27 16:12:10 +0800 -- done
2019-11-27 16:12:10 +0800 -- Dumping container registry images ... 
2019-11-27 16:12:10 +0800 -- [DISABLED]
Creating backup archive: 1574842330_2019_11_27_12.5.0_gitlab_backup.tar ... done
Uploading backup archive to remote storage  ... skipped
Deleting tmp directories ... done
done
done
done
done
done
done
done
Deleting old backups ... done. (0 removed)
Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data 
and are not included in this backup. You will need these files to restore a backup.
Please back them up manually.
Backup task is done.
[root@test102 ~]# 
[root@test102 ~]# ll /var/opt/gitlab/backups/
total 172
-rw-r--r-- 1 git git 174080 Nov 27 16:12 1574842330_2019_11_27_12.5.0_gitlab_backup.tar
[root@test102 ~]# 

3 - 定时备份

使用Crontab任务进行定时备份。

[root@test102 ~]# crontab -l
no crontab for root
[root@test102 ~]# 
[root@test102 ~]# crontab -e
no crontab for root - using an empty one
crontab: installing new crontab
[root@test102 ~]# 
[root@test102 ~]# crontab -l
0 2 * * * /opt/gitlab/bin/gitlab-rake gitlab:backup:create CRON=10 2 * * * /opt/gitlab/bin/gitlab-rake gitlab:backup:create CRON=1
[root@test102 ~]# 

4 - 备份到云存储

从GitLab7.4开始，可以将备份文件上传到远端云存储上。
具体配置和操作，可查看官方文档：

涉及的配置项如下：
   393  # gitlab_rails['backup_upload_connection'] = {
   394  #   'provider' => 'AWS',
   395  #   'region' => 'eu-west-1',
   396  #   'aws_access_key_id' => 'AKIAKIAKI',
   397  #   'aws_secret_access_key' => 'secret123'
   398  # }
   399  # gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
   400  # gitlab_rails['backup_multipart_chunk_size'] = 104857600

5 - 还原数据

特别注意：

• 备份目录和gitlab.rb中定义的备份目录必须一致
• GitLab的版本和备份文件中的版本必须一致，否则还原时会报错。

[root@test102 ~]# cat /etc/gitlab/gitlab.rb |grep "backup_path" |grep -Ev "^$"  # 确认备份目录
gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
[root@test102 ~]# 
[root@test102 ~]# ll /var/opt/gitlab/backups/  # 确认备份文件
total 172
-rw-r--r-- 1 git git 174080 Nov 27 16:12 1574842330_2019_11_27_12.5.0_gitlab_backup.tar
[root@test102 ~]# 
[root@test102 ~]# gitlab-rake gitlab:backup:restore BACKUP=1574842330_2019_11_27_12.5.0  # 还原
Unpacking backup ... done
Before restoring the database, we will remove all existing
tables to avoid future upgrade problems. Be aware that if you have
custom tables in the GitLab database these tables and all data will be
removed.
​
Do you want to continue (yes/no)? yes
Removing all tables. Press `Ctrl-C` within 5 seconds to abort
2019-11-27 16:40:03 +0800 -- Cleaning the database ... 
2019-11-27 16:40:05 +0800 -- done
2019-11-27 16:40:05 +0800 -- Restoring database ... 
......
......
......
[DONE]
2019-11-27 16:40:19 +0800 -- done
2019-11-27 16:40:19 +0800 -- Restoring repositories ...
2019-11-27 16:40:19 +0800 -- done
2019-11-27 16:40:19 +0800 -- Restoring uploads ... 
2019-11-27 16:40:19 +0800 -- done
2019-11-27 16:40:19 +0800 -- Restoring builds ... 
2019-11-27 16:40:19 +0800 -- done
2019-11-27 16:40:19 +0800 -- Restoring artifacts ... 
2019-11-27 16:40:19 +0800 -- done
2019-11-27 16:40:19 +0800 -- Restoring pages ... 
2019-11-27 16:40:19 +0800 -- done
2019-11-27 16:40:19 +0800 -- Restoring lfs objects ... 
2019-11-27 16:40:19 +0800 -- done
This task will now rebuild the authorized_keys file.
You will lose any data stored in the authorized_keys file.
Do you want to continue (yes/no)? yes
​
Deleting tmp directories ... done
done
done
done
done
done
done
done
Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data 
and are not included in this backup. You will need to restore these files manually.
Restore task is done.
[root@test102 ~]# 
[root@test102 ~]# gitlab-ctl restart  # 重启服务
ok: run: alertmanager: (pid 26150) 1s
ok: run: gitaly: (pid 26163) 0s
ok: run: gitlab-exporter: (pid 26182) 1s
ok: run: gitlab-workhorse: (pid 26184) 0s
ok: run: grafana: (pid 26204) 1s
ok: run: logrotate: (pid 26216) 0s
ok: run: nginx: (pid 26223) 1s
ok: run: node-exporter: (pid 26229) 0s
ok: run: postgres-exporter: (pid 26235) 0s
ok: run: postgresql: (pid 26321) 1s
ok: run: prometheus: (pid 26330) 0s
ok: run: redis: (pid 26341) 1s
ok: run: redis-exporter: (pid 26345) 0s
ok: run: sidekiq: (pid 26353) 0s
ok: run: unicorn: (pid 26364) 0s
[root@test102 ~]# 
[root@test102 ~]# gitlab-rake gitlab:check SANITZE=true  # 检查GitLab所有组件是否运行正常
Checking GitLab subtasks ...
​
Checking GitLab Shell ...
​
GitLab Shell: ... GitLab Shell version >= 10.2.0 ? ... OK (10.2.0)
Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
Internal API available: OK
Redis available via internal API: OK
gitlab-shell self-check successful
​
Checking GitLab Shell ... Finished
​
Checking Gitaly ...
​
Gitaly: ... default ... OK
​
Checking Gitaly ... Finished
​
Checking Sidekiq ...
​
Sidekiq: ... Running? ... yes
Number of Sidekiq processes ... 1
​
Checking Sidekiq ... Finished
​
Checking Incoming Email ...
​
Incoming Email: ... Reply by email is disabled in config/gitlab.yml
​
Checking Incoming Email ... Finished
​
Checking LDAP ...
​
LDAP: ... LDAP is disabled in config/gitlab.yml
​
Checking LDAP ... Finished
​
Checking GitLab App ...
​
Git configured correctly? ... yes
Database config exists? ... yes
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config up to date? ... yes
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory exists? ... yes
Uploads directory has correct permissions? ... yes
Uploads directory tmp has correct permissions? ... yes
Init script exists? ... skipped (omnibus-gitlab has no init script)
Init script up-to-date? ... skipped (omnibus-gitlab has no init script)
Projects have namespace: ... can't check, you have no projects
Redis version >= 2.8.0? ... yes
Ruby version >= 2.5.3 ? ... yes (2.6.3)
Git version >= 2.22.0 ? ... yes (2.22.0)
Git user has default SSH configuration? ... yes
Active users: ... 3
Is authorized keys file accessible? ... yes
​
Checking GitLab App ... Finished
​
​
Checking GitLab subtasks ... Finished
​
[root@test102 ~]# 
​