You are currently viewing GitLab 安裝、設定及備份

GitLab 安裝、設定及備份

安裝 GitLab

GitLab 架構及組建

架構

gitlab_Arch

組建介紹

  1. GitLab Workhorse:輕量級別代理服務器,用來處理大的 HTTP 請求,比如文件上傳下載如 Git Push/Pull ,其它請求會反向代理到 GitLab Rails 應用,即反向代理給後端的 unicorn
  2. Nginx:提供網頁服務( Web Service )
  3. PostgreSQL:資料庫 ( SQL Server )
  4. Redis
  5. Sidekiq:Sidekiq 使用多線程處理後台任務(異步)。這個進程啟動的時候會使用整個 Rails 堆棧(200MB+),但是它會在內存泄漏的情況下增加。一個用戶非常活躍的服務器上(10,000個活躍用戶),Sidekiq 進程會占用 1GB+ 的內存
  6. Unicorn( GitLab Rails ):GitLab自身的 WEB 服務器:Ruby Web Server,托管 GitLab Rails 服務。增加 unicorn 的 workers 數量,可以減少應用的響應時間並提高處理並发請求的能力。對於大部分實例,建議的配置:CPU 核心數 + 1 = unicorn workers 數
  7. GitLab Shell:從 shell 而不是網頁前台( http )接受命令
  8. Gitaly:提供高層次的 Git RPC 服務已訪問 Git 倉庫

安裝方法

yum install -y curl policycoreutils-python openssh-server
systemctl enable sshd
systemctl start sshd
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
systemctl reload firewalld

yum install postfix
systemctl enable postfix
systemctl start postfix

curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | bash

EXTERNAL_URL="https://gitlab.beckyeh.com" yum install -y gitlab-ce

設定 GitLab

GitLab 設定檔以及 CLI 指令

/opt/gitlab # GitLab 安裝位置
/etc/gitlab/gitlab.rb # GitLab 主要配置文件
/var/opt/gitlab/git-data/repositories/ # 代碼倉庫保存位置
/var/opt/gitlab/backups/ # 代碼倉庫備份位置
/var/log/gitlab/ # 日志位置
/var/opt/gitlab/postgresql/data/ # postgresql 數據及設定目錄
/var/opt/gitlab/redis # Redis 配置目錄
/var/opt/gitlab/gitlab-rails/etc/unicorn.rb  # unicorn 配置文件
/opt/gitlab/bin/gitlab-ctl status # 查看狀態
/opt/gitlab/bin/gitlab-ctl stop
/opt/gitlab/bin/gitlab-ctl start
#/opt/gitlab/bin/gitlab-ctl show-config #查看當前配置
/opt/gitlab/bin/gitlab-ctl help # 獲取命令行幫助
cat /opt/gitlab/version-manifest.json | grep build_version # 查看版本

GitLab 設定檔

# domain 設定
external_url 'https://awoogitlab.awoo.org'

# nginx 設定
nginx['redirect_http_to_https'] = true
nginx['redirect_http_to_https_port'] = 8888
nginx['ssl_certificate'] = "/etc/gitlab/ssl/awoogitlab.awoo.org.pem"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/awoogitlab.awoo.org.key"

# time_zone
gitlab_rails['time_zone'] = 'Asia/Taipei'

### Email Settings
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = '[email protected]'
gitlab_rails['gitlab_email_display_name'] = 'GitLab system'
gitlab_rails['gitlab_email_reply_to'] = '[email protected]'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "mail.beckyeh.com"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "[email protected]"
gitlab_rails['smtp_password'] = ",hS+v6,LQUG7y-gm"
gitlab_rails['smtp_domain'] = "mail.beckyeh.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
# gitlab_rails['smtp_tls'] = true

Email 設定驗證方法

[root@gitlab ~]# gitlab-rails console
--------------------------------------------------------------------------------
 GitLab:       13.3.4 (aebc07f48e8) FOSS
 GitLab Shell: 13.6.0
 PostgreSQL:   11.7
--------------------------------------------------------------------------------
Loading production environment (Rails 6.0.3.1)
irb(main):001:0> Notify.test_email('[email protected]', 'test', 'test').deliver_now
Notify#test_email: processed outbound mail in 0.9ms
Delivered mail [email protected] (2363.5ms)
Date: Thu, 03 Sep 2020 16:35:35 +0800
From: GitLab system 
Reply-To: GitLab system 
To: [email protected]
Message-ID: <[email protected]>
Subject: test
Mime-Version: 1.0
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit
Auto-Submitted: auto-generated
X-Auto-Response-Suppress: All


test

=> #, >, >, , >, , , , , , > irb(main):002:0> exit

LDAP 驗證:

gitlab-rake gitlab:ldap:check

備份及還原

備份

備份設定檔

因為備份指令並不會備份設定檔,所以需要手動另行備份,所有的設定預設都在 /etc/gitlab/ 底下。
其中最重要的就是 /etc/gitlab/gitlab.rb 以及 /etc/gitlab/gitlab-secrets.json 這兩個檔案。
/etc/gitlab/gitlab-secrets.json 包含了資料庫的加密金鑰、二次驗證的金鑰、GitLab CI 的金鑰等訊息。

備份指令

使用備份指令時會依照 /etc/gitlab/gitlab.rb 中的設定執行

# gitlab_rails['manage_backup_path'] = true
gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"

###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#backup-archive-permissions
gitlab_rails['backup_archive_permissions'] = 0644

###! The duration in seconds to keep backups before they are allowed to be deleted
gitlab_rails['backup_keep_time'] = 604800

備份指令:

gitlab-rake gitlab:backup:create

2020-09-03 20:02:27 +0800 -- Dumping database ...
Dumping PostgreSQL database gitlabhq_production ... [DONE]
2020-09-03 20:02:28 +0800 -- done
2020-09-03 20:02:28 +0800 -- Dumping repositories ...
2020-09-03 20:02:28 +0800 -- done
2020-09-03 20:02:28 +0800 -- Dumping uploads ...
2020-09-03 20:02:28 +0800 -- done
2020-09-03 20:02:28 +0800 -- Dumping builds ...
2020-09-03 20:02:28 +0800 -- done
2020-09-03 20:02:28 +0800 -- Dumping artifacts ...
2020-09-03 20:02:28 +0800 -- done
2020-09-03 20:02:28 +0800 -- Dumping pages ...
2020-09-03 20:02:28 +0800 -- done
2020-09-03 20:02:28 +0800 -- Dumping lfs objects ...
2020-09-03 20:02:28 +0800 -- done
2020-09-03 20:02:28 +0800 -- Dumping container registry images ...
2020-09-03 20:02:28 +0800 -- done
Creating backup archive: 1599134548_2020_09_03_13.3.4_gitlab_backup.tar ... done
Uploading backup archive to remote storage  ... skipped
Deleting tmp directories ... done
done
done
done
done
done
done
done
done
Deleting old backups ... skipping
Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data
and are not included in this backup. You will need these files to restore a backup.
Please back them up manually.
Backup task is done.

設定到 cronjob:

0 2 * * * /opt/gitlab/bin/gitlab-rake gitlab:backup:create CRON=1

備份到遠端雲空間的方法請參考此連結 :https://docs.gitlab.com/ee/raketasks/backup_restore.html

還原

  1. 備份前先暫停 GitLab 服務

    gitlab-ctl stop
  2. 如果是新安裝的 GitLab,把 /etc/gitlab/ 內的檔案還原後,需執行以下指令

    gitlab-ctl reconfigure
  3. 將指令的備份檔放入 /etc/gitlab/gitlab.rb 中所設定的備份目錄

  4. 執行以下還原指令:

    gitlab-ctl start postgresql
    gitlab-ctl start redis
    gitlab-ctl start  gitlab-workhorse
    gitlab-ctl start gitaly
    [root@gitlab backups]# ll /var/opt/gitlab/backups/
    total 276
    -rw-------. 1 git git 235520 Sep  3 20:02 1599134548_2020_09_03_13.3.4_gitlab_backup.tar
    
    gitlab-rake gitlab:backup:restore BACKUP=1599134548_2020_09_03_13.3.4
    [root@gitlab ~]# gitlab-backup restore BACKUP=1599134548_2020_09_03_13.3.4
    Unpacking backup ... done
    Before restoring the database, we will remove all existing
    tables to avoid future upgrade problems. Be aware that if you have
    custom tables in the GitLab database these tables and all data will be
    removed.
    
    Do you want to continue (yes/no)? yes
    Removing all tables. Press Ctrl-C within 5 seconds to abort
    2020-09-03 21:17:23 +0800 -- Cleaning the database ...
    ...
    ...
    ...
    ...
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    [DONE]
    2020-09-03 21:19:24 +0800 -- done
    2020-09-03 21:19:24 +0800 -- Restoring repositories ...
    2020-09-03 21:19:24 +0800 -- done
    2020-09-03 21:19:24 +0800 -- Restoring uploads ...
    2020-09-03 21:19:24 +0800 -- done
    2020-09-03 21:19:24 +0800 -- Restoring builds ...
    2020-09-03 21:19:24 +0800 -- done
    2020-09-03 21:19:24 +0800 -- Restoring artifacts ...
    2020-09-03 21:19:24 +0800 -- done
    2020-09-03 21:19:24 +0800 -- Restoring pages ...
    2020-09-03 21:19:24 +0800 -- done
    2020-09-03 21:19:24 +0800 -- Restoring lfs objects ...
    2020-09-03 21:19:24 +0800 -- done
    2020-09-03 21:19:24 +0800 -- Restoring container registry images ...
    2020-09-03 21:19:24 +0800 -- done
    This task will now rebuild the authorized_keys file.
    You will lose any data stored in the authorized_keys file.
    Do you want to continue (yes/no)? yes
    
    Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data
    and are not included in this backup. You will need to restore these files manually.
    Restore task is done.
  5. 重新執行所有服務:

    gitlab-ctl restart
  6. 檢查各組件運作是否正常

    gitlab-rake gitlab:check SANITIZE=true
    
    Checking GitLab subtasks ...
    
    Checking GitLab Shell ...
    
    GitLab Shell: ... GitLab Shell version >= 13.6.0 ? ... OK (13.6.0)
    Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
    Internal API available: OK
    Redis available via internal API: OK
    gitlab-shell self-check successful
    
    Checking GitLab Shell ... Finished
    
    Checking Gitaly ...
    
    Gitaly: ... default ... OK
    
    Checking Gitaly ... Finished
    
    Checking Sidekiq ...
    
    Sidekiq: ... Running? ... yes
    Number of Sidekiq processes ... 1
    
    Checking Sidekiq ... Finished
    
    Checking Incoming Email ...
    
    Incoming Email: ... Reply by email is disabled in config/gitlab.yml
    
    Checking Incoming Email ... Finished
    
    Checking LDAP ...
    
    LDAP: ... LDAP is disabled in config/gitlab.yml
    
    Checking LDAP ... Finished
    
    Checking GitLab App ...
    
    Git configured correctly? ... yes
    Database config exists? ... yes
    All migrations up? ... yes
    Database contains orphaned GroupMembers? ... no
    GitLab config exists? ... yes
    GitLab config up to date? ... yes
    Log directory writable? ... yes
    Tmp directory writable? ... yes
    Uploads directory exists? ... yes
    Uploads directory has correct permissions? ... yes
    Uploads directory tmp has correct permissions? ... skipped (no tmp uploads folder yet)
    Init script exists? ... skipped (omnibus-gitlab has no init script)
    Init script up-to-date? ... skipped (omnibus-gitlab has no init script)
    Projects have namespace: ... can't check, you have no projects
    Redis version >= 4.0.0? ... yes
    Ruby version >= 2.5.3 ? ... yes (2.6.6)
    Git version >= 2.24.0 ? ... yes (2.28.0)
    Git user has default SSH configuration? ... yes
    Active users: ... 1
    Is authorized keys file accessible? ... yes
    GitLab configured to store new projects in hashed storage? ... yes
    All projects are in hashed storage? ... yes
    
    Checking GitLab App ... Finished
    
    Checking GitLab subtasks ... Finished

Beck Yeh

熱愛學習於 Linux 與 程式設計 在網站中分享各式各樣學習到的新知識

發佈留言

這個網站採用 Akismet 服務減少垃圾留言。進一步了解 Akismet 如何處理網站訪客的留言資料