Table of Contents
安裝 GitLab
GitLab 架構及組建
架構
組建介紹
GitLab Workhorse
:輕量級別代理服務器,用來處理大的 HTTP 請求,比如文件上傳下載如 Git Push/Pull ,其它請求會反向代理到 GitLab Rails 應用,即反向代理給後端的 unicornNginx
:提供網頁服務( Web Service )PostgreSQL
:資料庫 ( SQL Server )Redis
:Sidekiq
:Sidekiq 使用多線程處理後台任務(異步)。這個進程啟動的時候會使用整個 Rails 堆棧(200MB+),但是它會在內存泄漏的情況下增加。一個用戶非常活躍的服務器上(10,000個活躍用戶),Sidekiq 進程會占用 1GB+ 的內存Unicorn( GitLab Rails )
:GitLab自身的 WEB 服務器:Ruby Web Server,托管 GitLab Rails 服務。增加 unicorn 的 workers 數量,可以減少應用的響應時間並提高處理並发請求的能力。對於大部分實例,建議的配置:CPU 核心數 + 1 = unicorn workers 數GitLab Shell
:從 shell 而不是網頁前台( http )接受命令Gitaly
:提供高層次的 Git RPC 服務已訪問 Git 倉庫
安裝方法
yum install -y curl policycoreutils-python openssh-server
systemctl enable sshd
systemctl start sshd
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
systemctl reload firewalld
yum install postfix
systemctl enable postfix
systemctl start postfix
curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | bash
EXTERNAL_URL="https://gitlab.beckyeh.com" yum install -y gitlab-ce
設定 GitLab
GitLab 設定檔以及 CLI 指令
/opt/gitlab # GitLab 安裝位置
/etc/gitlab/gitlab.rb # GitLab 主要配置文件
/var/opt/gitlab/git-data/repositories/ # 代碼倉庫保存位置
/var/opt/gitlab/backups/ # 代碼倉庫備份位置
/var/log/gitlab/ # 日志位置
/var/opt/gitlab/postgresql/data/ # postgresql 數據及設定目錄
/var/opt/gitlab/redis # Redis 配置目錄
/var/opt/gitlab/gitlab-rails/etc/unicorn.rb # unicorn 配置文件
/opt/gitlab/bin/gitlab-ctl status # 查看狀態
/opt/gitlab/bin/gitlab-ctl stop
/opt/gitlab/bin/gitlab-ctl start
#/opt/gitlab/bin/gitlab-ctl show-config #查看當前配置
/opt/gitlab/bin/gitlab-ctl help # 獲取命令行幫助
cat /opt/gitlab/version-manifest.json | grep build_version # 查看版本
GitLab 設定檔
# domain 設定
external_url 'https://awoogitlab.awoo.org'
# nginx 設定
nginx['redirect_http_to_https'] = true
nginx['redirect_http_to_https_port'] = 8888
nginx['ssl_certificate'] = "/etc/gitlab/ssl/awoogitlab.awoo.org.pem"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/awoogitlab.awoo.org.key"
# time_zone
gitlab_rails['time_zone'] = 'Asia/Taipei'
### Email Settings
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = '[email protected]'
gitlab_rails['gitlab_email_display_name'] = 'GitLab system'
gitlab_rails['gitlab_email_reply_to'] = '[email protected]'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "mail.beckyeh.com"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "[email protected]"
gitlab_rails['smtp_password'] = ",hS+v6,LQUG7y-gm"
gitlab_rails['smtp_domain'] = "mail.beckyeh.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
# gitlab_rails['smtp_tls'] = true
Email 設定驗證方法
[root@gitlab ~]# gitlab-rails console
--------------------------------------------------------------------------------
GitLab: 13.3.4 (aebc07f48e8) FOSS
GitLab Shell: 13.6.0
PostgreSQL: 11.7
--------------------------------------------------------------------------------
Loading production environment (Rails 6.0.3.1)
irb(main):001:0> Notify.test_email('[email protected]', 'test', 'test').deliver_now
Notify#test_email: processed outbound mail in 0.9ms
Delivered mail [email protected] (2363.5ms)
Date: Thu, 03 Sep 2020 16:35:35 +0800
From: GitLab system
Reply-To: GitLab system
To: [email protected]
Message-ID: <[email protected]>
Subject: test
Mime-Version: 1.0
Content-Type: text/html;
charset=UTF-8
Content-Transfer-Encoding: 7bit
Auto-Submitted: auto-generated
X-Auto-Response-Suppress: All
test
=> #, >, >, , >, , , , , , >
irb(main):002:0> exit
LDAP 驗證:
gitlab-rake gitlab:ldap:check
備份及還原
備份
備份設定檔
因為備份指令並不會備份設定檔,所以需要手動另行備份,所有的設定預設都在 /etc/gitlab/
底下。
其中最重要的就是 /etc/gitlab/gitlab.rb
以及 /etc/gitlab/gitlab-secrets.json
這兩個檔案。
/etc/gitlab/gitlab-secrets.json
包含了資料庫的加密金鑰、二次驗證的金鑰、GitLab CI 的金鑰等訊息。
備份指令
使用備份指令時會依照 /etc/gitlab/gitlab.rb
中的設定執行
# gitlab_rails['manage_backup_path'] = true
gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#backup-archive-permissions
gitlab_rails['backup_archive_permissions'] = 0644
###! The duration in seconds to keep backups before they are allowed to be deleted
gitlab_rails['backup_keep_time'] = 604800
備份指令:
gitlab-rake gitlab:backup:create
2020-09-03 20:02:27 +0800 -- Dumping database ...
Dumping PostgreSQL database gitlabhq_production ... [DONE]
2020-09-03 20:02:28 +0800 -- done
2020-09-03 20:02:28 +0800 -- Dumping repositories ...
2020-09-03 20:02:28 +0800 -- done
2020-09-03 20:02:28 +0800 -- Dumping uploads ...
2020-09-03 20:02:28 +0800 -- done
2020-09-03 20:02:28 +0800 -- Dumping builds ...
2020-09-03 20:02:28 +0800 -- done
2020-09-03 20:02:28 +0800 -- Dumping artifacts ...
2020-09-03 20:02:28 +0800 -- done
2020-09-03 20:02:28 +0800 -- Dumping pages ...
2020-09-03 20:02:28 +0800 -- done
2020-09-03 20:02:28 +0800 -- Dumping lfs objects ...
2020-09-03 20:02:28 +0800 -- done
2020-09-03 20:02:28 +0800 -- Dumping container registry images ...
2020-09-03 20:02:28 +0800 -- done
Creating backup archive: 1599134548_2020_09_03_13.3.4_gitlab_backup.tar ... done
Uploading backup archive to remote storage ... skipped
Deleting tmp directories ... done
done
done
done
done
done
done
done
done
Deleting old backups ... skipping
Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data
and are not included in this backup. You will need these files to restore a backup.
Please back them up manually.
Backup task is done.
設定到 cronjob:
0 2 * * * /opt/gitlab/bin/gitlab-rake gitlab:backup:create CRON=1
備份到遠端雲空間的方法請參考此連結 :https://docs.gitlab.com/ee/raketasks/backup_restore.html
還原
備份前先暫停 GitLab 服務
gitlab-ctl stop
如果是新安裝的 GitLab,把
/etc/gitlab/
內的檔案還原後,需執行以下指令gitlab-ctl reconfigure
將指令的備份檔放入
/etc/gitlab/gitlab.rb
中所設定的備份目錄執行以下還原指令:
gitlab-ctl start postgresql gitlab-ctl start redis gitlab-ctl start gitlab-workhorse gitlab-ctl start gitaly [root@gitlab backups]# ll /var/opt/gitlab/backups/ total 276 -rw-------. 1 git git 235520 Sep 3 20:02 1599134548_2020_09_03_13.3.4_gitlab_backup.tar gitlab-rake gitlab:backup:restore BACKUP=1599134548_2020_09_03_13.3.4
[root@gitlab ~]# gitlab-backup restore BACKUP=1599134548_2020_09_03_13.3.4 Unpacking backup ... done Before restoring the database, we will remove all existing tables to avoid future upgrade problems. Be aware that if you have custom tables in the GitLab database these tables and all data will be removed. Do you want to continue (yes/no)? yes Removing all tables. Press
Ctrl-C
within 5 seconds to abort 2020-09-03 21:17:23 +0800 -- Cleaning the database ... ... ... ... ... ALTER TABLE ALTER TABLE ALTER TABLE [DONE] 2020-09-03 21:19:24 +0800 -- done 2020-09-03 21:19:24 +0800 -- Restoring repositories ... 2020-09-03 21:19:24 +0800 -- done 2020-09-03 21:19:24 +0800 -- Restoring uploads ... 2020-09-03 21:19:24 +0800 -- done 2020-09-03 21:19:24 +0800 -- Restoring builds ... 2020-09-03 21:19:24 +0800 -- done 2020-09-03 21:19:24 +0800 -- Restoring artifacts ... 2020-09-03 21:19:24 +0800 -- done 2020-09-03 21:19:24 +0800 -- Restoring pages ... 2020-09-03 21:19:24 +0800 -- done 2020-09-03 21:19:24 +0800 -- Restoring lfs objects ... 2020-09-03 21:19:24 +0800 -- done 2020-09-03 21:19:24 +0800 -- Restoring container registry images ... 2020-09-03 21:19:24 +0800 -- done This task will now rebuild the authorized_keys file. You will lose any data stored in the authorized_keys file. Do you want to continue (yes/no)? yes Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data and are not included in this backup. You will need to restore these files manually. Restore task is done.重新執行所有服務:
gitlab-ctl restart
檢查各組件運作是否正常
gitlab-rake gitlab:check SANITIZE=true Checking GitLab subtasks ... Checking GitLab Shell ... GitLab Shell: ... GitLab Shell version >= 13.6.0 ? ... OK (13.6.0) Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Internal API available: OK Redis available via internal API: OK gitlab-shell self-check successful Checking GitLab Shell ... Finished Checking Gitaly ... Gitaly: ... default ... OK Checking Gitaly ... Finished Checking Sidekiq ... Sidekiq: ... Running? ... yes Number of Sidekiq processes ... 1 Checking Sidekiq ... Finished Checking Incoming Email ... Incoming Email: ... Reply by email is disabled in config/gitlab.yml Checking Incoming Email ... Finished Checking LDAP ... LDAP: ... LDAP is disabled in config/gitlab.yml Checking LDAP ... Finished Checking GitLab App ... Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... skipped (no tmp uploads folder yet) Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... can't check, you have no projects Redis version >= 4.0.0? ... yes Ruby version >= 2.5.3 ? ... yes (2.6.6) Git version >= 2.24.0 ? ... yes (2.28.0) Git user has default SSH configuration? ... yes Active users: ... 1 Is authorized keys file accessible? ... yes GitLab configured to store new projects in hashed storage? ... yes All projects are in hashed storage? ... yes Checking GitLab App ... Finished Checking GitLab subtasks ... Finished