gitlab迁移到docker与版本升级
服务器是aws的,之前的gitlab是源码安装,升级很不方便,现在迁移到docker,版本从11.7.5升级到12.2.5
一、源数据备份
- 登录线上gitlab
- 执行命令
$ cd /home/git/gitlab
$ sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
备份后数据在/home/git/gitlab/tmp/backups/下,名字为 日期_版本_gitlab_backup.tar
注:/home/git为挂载的硬盘
- 将需要的文件拷贝到/home/git/gitlab下
$ sudo mkdir /home/git/gitlab/gitlab_file
$ sudo cp /etc/nginx/conf.d/default.conf /home/git/gitlab/gitlab_file nginx配置文件
$ sudo cp /etc/nginx/conf.d/gitlab-pages.conf /home/git/gitlab/gitlab_file pages配置文件
$ sudo cp /etc/nginx/fullchain.pem /home/git/gitlab/gitlab_file nginx密钥文件
$ sudo cp /etc/nginx/privkey.pem /home/git/gitlab/gitlab_file nginx密钥文件
注:根据需求,gitlab要开启pages,所以拷贝pages的配置文件;nginx要启用ssl
- 复制gitlab数据盘(/home/git) 卷—>创建快照 快照—>创建卷
二、恢复前准备
- 新启动的gitlab服务器系统为ubuntu18.04,将新建的卷挂载到服务器上
- 2.创建存放相应文件及存放数据的的目录、挂载数据盘
$ mkdir /home/ubuntu/gitlab_file
$ sudo mkdir /data
$ 将数据盘挂载到/data下,可将其他文件删除,只保留备份数据文件,/data作为存放数据的盘。
- 将需要的文件拷贝到gitlab_file中
$ sudo cp /opt/gitlab/gitlab_file/default.conf /home/ubuntu/gitlab_file nginx配置文件
$ sudo cp /opt/gitlab/gitlab_file/gitlab-pages.conf /home/ubuntu/gitlab_file pages配置文件
$ sudo cp /opt/gitlab/gitlab_file/fullchain.pem /home/ubuntu/gitlab_file nginx密钥文件
$ sudo cp /opt/gitlab/gitlab_file/privkey.pem /home/ubuntu/gitlab_file nginx密钥文件
- Docker安装
各系统安装docker 链接 https://zhuanlan.zhihu.com/p/54147784
将ubuntu用户加入docker组
$ sudo gpasswd -a ubuntu docker
- Docker-compose安装
(1) 运行以下命令下载最新版本的 docker-compose:
$ sudo curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
(2) 更改二进制文件的权限,使其能够运行:
$ sudo chmod +x /usr/local/bin/docker-compose
(3) 测试安装
$ docker-compose --version
- 更改本机sshd服务端口为23
注:需要将gitlab容器22端口映射到本机22端口
三、数据恢复
- 启动Postgresql
(1) 拉取数据库镜像
$ docker pull sameersbn/postgresql:10-2
(2) 创建数据目录
$ mkdir -p /data/postgresql/data
(3) 启动数据库
$ bash pg.sh
$ cat pg.sh
docker run --rm --name postgresql -d \
-e 'DB_NAME=gitlabhq_production' \
-e 'DB_USER=gitlab' \
-e 'DB_PASS=123456' \
-e 'DB_EXTENSION=pg_trgm' \
-v /data/postgresql/data:/var/lib/postgresql \
sameersbn/postgresql:10-2
- 启动redis
(1) 拉取redis镜像
$ docker pull sameersbn/redis:4.0.9-3
(2) 创建redis数据目录
$ mkdir -p /data/redis/data
(3) 启动redis
$ bash redis.sh
$ cat redis.sh
docker run --rm --name redis -d \
-v /data/redis/data:/var/lib/redis \
sameersbn/redis:4.0.9-3
- gitlab
(1) 拉取gitlab镜像
$ docker pull sameersbn/gitlab:11.7.5 旧版本
$ docker pull sameersbn/gitlab:11.11.0 中间版本
$ docker pull sameersbn/gitlab:12.2.5 新版本
注:从11.7.5升级到12.2.5版本需要先升级到11.11.0版本
(2) 创建数据目录
$ mkdir -p /data/gitlab/data
(3) 初始化 gitlab
$ bash init.sh
$ cat init.sh
docker run --name gitlab -it --rm \
--link postgresql:postgresql \
--link redis:redisio \
-e "DB_USER=gitlab" \
-e "DB_PASS=123456" \
-e "DB_NAME=gitlabhq_production" \
-e 'GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alpha-numeric-string' \
-e 'GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alpha-numeric-string' \
-e 'GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alpha-numeric-string' \
-v /data/gitlab/data:/home/git/data \
sameersbn/gitlab:11.7.5 \
app:rake gitlab:setup
注:会遇到报错:
Failed to connect to Gitaly... Error: 14:Connect Failed
解决:先启动gitlab 拷贝/home/git/gitlab/lib/tasks/gitlab/setup.rake到本地 注释第四行
注:GITLAB_SECRETS_DB_KEY_BASE GITLAB_SECRETS_SECRET_KEY_BASE GITLAB_SECRETS_OTP_KEY_BASE这三个参数的值要和老版本的一样(/home/git/gitlab/config/secrets.yml),否则会出现“项目–>设置–>集成”页面500报错。
启动:
$ docker run --name gitlab -itd --rm \
--link postgresql:postgresql \
--link redis:redisio \
-e "DB_USER=gitlab" \
-e "DB_PASS=123456" \
-e "DB_NAME=gitlabhq_production" \
-e 'GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alpha-numeric-string' \
-e 'GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alpha-numeric-string' \
-e 'GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alpha-numeric-string' \
-v /data/gitlab/data:/home/git/data \
sameersbn/gitlab:11.7.5
挂载、修改配置文件:
$ docker cp gitlab:/home/git/gitlab/lib/tasks/gitlab/setup.rake /home/ubuntu/gitlab_file/setup.rake
$ vim /home/ubuntu/gitlab_file/setup.rake 把第四行注释掉 # check_gitaly_connection
初始化时把修改后的文件挂载进容器:
$ docker stop gitlab
$ docker run --name gitlab -it --rm \
--link postgresql:postgresql \
--link redis:redisio \
-e "DB_USER=gitlab" \
-e "DB_PASS=123456" \
-e "DB_NAME=gitlabhq_production" \
-e 'GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alpha-numeric-string' \
-e 'GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alpha-numeric-string' \
-e 'GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alpha-numeric-string' \
-v /data/gitlab/data:/home/git/data \
-v /home/ubuntu/gitlab_file/setup.rake:/home/git/gitlab/lib/tasks/gitlab/setup.rake \
sameersbn/gitlab:11.7.5 \
app:rake gitlab:setup
输入一次yes
注:最后会出现报错:
Database 'gitlabhq_production' already exists
rake aborted!
ActiveRecord::ProtectedEnvironmentError: You are attempting to run a destructive action against your 'production' database.
因为运行数据库时已经创建gitlabhq_production数据库,所以报错正常,初始化结束后自动退出容器。
(4) 恢复数据
把备份数据放在/data/gitlab/data/backups 下面,执行:
$ sudo chmod 777 备份文件
注:加可写权限,否者恢复时会报错:
Unpacking backup ... tar: 1568898165_2019_09_19_11.7.5_gitlab_backup.tar: Cannot open: Permission denied
tar: Error is not recoverable: exiting now
unpacking backup failed
启动gitlab
$ bash up.sh
$ cat up.sh
docker run --name gitlab -itd --rm \
--link postgresql:postgresql \
--link redis:redisio \
-e "DB_USER=gitlab" \
-e "DB_PASS=123456" \
-e "DB_NAME=gitlabhq_production" \
-e 'GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alpha-numeric-string' \
-e 'GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alpha-numeric-string' \
-e 'GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alpha-numeric-string' \
-v /data/gitlab/data:/home/git/data \
-v /home/ubuntu/gitlab_file/setup.rake:/home/git/gitlab/lib/tasks/gitlab/setup.rake \
sameersbn/gitlab:11.7.5
进入容器
$ docker exec -it gitlab /bin/bash
执行命令
$ /sbin/entrypoint.sh app:rake gitlab:backup:restore to restore a backup
输入备份数据文件名 回车 进入恢复状态
期间会输入两次yes,恢复时间较长
注:最后会报错退出:
rake aborted!
Don't know how to build task 'to' (See the list of available tasks with `rake --tasks`)
/home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/rake-12.3.2/exe/rake:27:in `<top (required)>'
(See full trace by running task with --trace)
恢复结束后 关闭之前的postgresql redis gitlab容器 通过docker-compose重启新的容器
$ docker stop postgresql
$ docker stop redis
$ docker stop gitlab
启动容器:
$ docker-compose up -d
docker-compose.yml文件在文末,docker-compose.yml文件中的gitlab版本11.7.5
启动成功后,登录gitlab 测试各部分功能
注:测试页面admin/runner时 可能会出现500报错
解决:进入gitlab容器
执行:
$ cd /home/git/gitlab
$ sudo -u git -H bundle exec rails console production
在交互界面执行:
ApplicationSetting.current.reset_runners_registration_token!
成功后exit退出,刷新runner页面。
此步骤可以不用操作,等升级到12.2.5版本后统一解决。
四、gitlab升级
- 升级gitlab到11.11.0版本
将docker-compose.yml文件中gitlab版本改为11.11.0
关闭gitlab容器:
$ docker stop gitlab&&docker rm gitlab
用中间版本镜像启动gitlab:
$ docker-compose up -d --no-recreate
启动成功后,登录gitlab 测试各部分功能
注:可能会出现admin/runner及项目ci/cd页面 500报错
解决:进入postgresql容器 登录数据库
执行:
$ sudo su postgres
$ psql
postgres=# \c gitlabhq_production
gitlabhq_production=# UPDATE projects SET runners_token = null, runners_token_encrypted = null;
gitlabhq_production=# UPDATE namespaces SET runners_token = null, runners_token_encrypted = null;
gitlabhq_production=# UPDATE application_settings SET runners_registration_token_encrypted = null;
gitlabhq_production=# UPDATE ci_runners SET token = null, token_encrypted = null;
成功后\q退出,刷新runner页面。
此步骤可以不用操作,等升级到12.2.5版本后统一解决。
- 升级gitlab到12.2.5版本
将docker-compose.yml文件中gitlab版本改为12.2.5
关闭gitlab容器
$ docker stop gitlab&&docker rm gitlab
用新版本镜像启动gitlab
$ docker-compose up -d --no-recreate
启动成功后,登录gitlab 测试各部分功能
注:可能会出现admin/runner及项目ci/cd页面 500报错
解决:
(1) 进入postgresql容器 登录数据库
执行:
$ sudo su postgres
$ psql
postgres=# \c gitlabhq_production
gitlabhq_production=# UPDATE projects SET runners_token = null, runners_token_encrypted = null;
gitlabhq_production=# UPDATE namespaces SET runners_token = null, runners_token_encrypted = null;
gitlabhq_production=# UPDATE application_settings SET runners_registration_token_encrypted = null;
gitlabhq_production=# UPDATE ci_runners SET token = null, token_encrypted = null;
成功后\q退出。
(2) 进入gitlab容器
执行:
$ cd /home/git/gitlab
$ sudo -u git -H bundle exec rails console production
在交互界面执行:
ApplicationSetting.current.reset_runners_registration_token!
成功后exit退出,刷新runner页面。
Docker-compose文件
$ cat docker-compose.yml
redis:
restart: always
container_name: redis
image: sameersbn/redis:4.0.9-3
volumes:
- /data/redis/data:/var/lib/redis
postgresql:
restart: always
container_name: postgresql
image: sameersbn/postgresql:10-2
volumes:
- /data/postgresql/data:/var/lib/postgresql
gitlab:
restart: always
container_name: gitlab
image: sameersbn/gitlab:11.7.5
ports:
- "80:80"
- "22:22"
- "443:443"
links:
- redis:redisio
- postgresql:postgresql
volumes:
- /data/gitlab/data:/home/git/data
- /home/ubuntu/gitlab_file/default.conf:/etc/nginx/conf.d/default.conf
- /home/ubuntu/gitlab_file/gitlab-pages.conf:/etc/nginx/conf.d/gitlab-pages.conf
- /home/ubuntu/gitlab_file/fullchain.pem:/etc/nginx/fullchain.pem
- /home/ubuntu/gitlab_file/privkey.pem:/etc/nginx/privkey.pem
- /home/ubuntu/gitlab_file/setup.rake:/home/git/gitlab/lib/tasks/gitlab/setup.rake
environment:
- DEBUG=false
- DB_ADAPTER=postgresql
- DB_HOST=postgresql
- DB_PORT=5432
- DB_USER=gitlab
- DB_PASS=123456
- DB_NAME=gitlabhq_production
- REDIS_HOST=redisio
- REDIS_PORT=6379
- GITLAB_HOST=gitlab-test.com
- [email protected]
- GITLAB_EMAIL_ENABLED=true
- SMTP_ENABLED=true
- SMTP_DOMAIN=qq.com
- SMTP_HOST=smtp.exmail.qq.com
- SMTP_PORT=465
- SMTP_STARTTLS=true
- SMTP_TLS=true
- [email protected]
- SMTP_PASS=xxxxxxxxxx
- SMTP_AUTHENTICATION=login
- RACK_ATTACK_WHITELIST=127.0.0.1,xxxxxx
- GITLAB_PAGES_ENABLED=true
- GITLAB_PAGES_ACCESS_CONTROL=false
- GITLAB_PAGES_DOMAIN=pages-test.com
- GITLAB_PAGES_PORT=80
- GITLAB_PAGES_ARTIFACTS_SERVER=true
- GITLAB_PAGES_HTTPS=false
- GITLAB_MATTERMOST_ENABLED=true
- GITLAB_TIMEZONE=Beijing
- GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alpha-numeric-string
- GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alpha-numeric-string
- GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alpha-numeric-string
FAQ
-
link后redis名为redisio。
-
启动gitlab时连接不上数据库和redis 解决:docker-compose.yml 中变量DB_HOST=postgresql REDIS_HOST=redisio 为link后的名字。
-
启动gitlab时连接不上数据库 解决:通过docker-compose.yml启动postgresql时不需要指定DB_NAME DB_USER DB_PASS(第一次启动时已经指定)。
-
gitlab启动成功后“项目的设置”界面500 解决:变量GITLAB_HOST=gitlab-test.fenda.io:80 指定了端口 把端口去掉。
-
gitlab启动成功后 gitlab-pages启动失败 报错:auth-secret must be defined if authentication is supported 解决:指定变量GITLAB_PAGES_ACCESS_CONTROL=false。
-
设置允许来自列入白名单的主机的请求。默认为127.0.0.1 解决:指定变量RACK_ATTACK_WHITELIST=127.0.0.1,xxxxxxxx(ip)。
-
邮件发送失败 解决:指定变量SMTP_TLS=true 默认为false。
-
初始化失败 报错Failed to connect to Gitaly… Error: 14:Connect Failed 解决:先启动gitlab 拷贝/home/git/gitlab/lib/tasks/gitlab/setup.rake到本地 注释第四行 # check_gitaly_connection 初始化时把修改后的文件挂载进容器。
-
从11.7.5本版升级到12.2.5版本时要先升级到11.11.0 (更新数据库内数据)。
-
11.7.5版本gitlab启动成功后 amdin/runner页面500 报错:
Completed 500 Internal Server Error in 175ms (ActiveRecord: 10.2ms)
ActionView::Template::Error ():
37:
38: .col-sm-6
39: .bs-callout
40: = render partial: 'ci/runner/how_to_setup_runner',
41: locals: { registration_token: Gitlab::CurrentSettings.runners_registration_token,
42: type: 'shared',
43: reset_token_url: reset_registration_token_admin_application_settings_path }
lib/gitlab/crypto_helper.rb:27:in `aes256_gcm_decrypt'
app/models/concerns/token_authenticatable_strategies/encrypted.rb:55:in `get_token'
app/models/concerns/token_authenticatable_strategies/base.rb:33:in `ensure_token!'
app/models/concerns/token_authenticatable.rb:43:in `block in add_authentication_token_field'
解决:进去gitlab容器 执行 cd /home/git/gitlab/gitlab sudo -u git -H bundle exec rails console production
在交互界面执行 ApplicationSetting.current.reset_runners_registration_token! 成功后exit退出,刷新runner页面。
相关文档链接:https://blog.csdn.net/weixin_43952432/article/details/89642418
11.11.0版本gitlab启动成功后 amdin/runner及项目下ci/cd页面500 报错:
Completed 500 Internal Server Error in 133ms (ActiveRecord: 19.8ms)
ActionView::Template::Error ():
16: .table-section.section-10
17: .table-mobile-header{ role: 'rowheader' }= _('Runner token')
18: .table-mobile-content
19: = link_to runner.short_sha, admin_runner_path(runner)
20:
21: .table-section.section-20
22: .table-mobile-header{ role: 'rowheader' }= _('Description')
lib/gitlab/crypto_helper.rb:27:in `aes256_gcm_decrypt'
Completed 500 Internal Server Error in 221ms (ActiveRecord: 46.1ms)
ActionView::Template::Error ():
25: project_clusters_path(@project),
26: class: 'btn btn-info'
27: %hr
28: = render partial: 'ci/runner/how_to_setup_runner',
29: locals: { registration_token: @project.runners_token,
30: type: 'specific',
31: reset_token_url: reset_registration_token_namespace_project_settings_ci_cd_path }
lib/gitlab/crypto_helper.rb:27:in `aes256_gcm_decrypt'
解决:进入postgresql 登录数据库 执行:
$ sudo su postgres
$ psql
postgres=# \c gitlabhq_production
gitlabhq_production=# UPDATE projects SET runners_token = null, runners_token_encrypted = null;
gitlabhq_production=# UPDATE namespaces SET runners_token = null, runners_token_encrypted = null;
gitlabhq_production=# UPDATE application_settings SET runners_registration_token_encrypted = null;
gitlabhq_production=# UPDATE ci_runners SET token = null, token_encrypted = null;
成功后退出,刷新runner页面。
相关文档链接:https://docs.gitlab.com/ee/raketasks/backup_restore.html#when-the-secrets-file-is-lost
- 恢复数据报错:
Unpacking backup ... tar: 1568898165_2019_09_19_11.7.5_gitlab_backup.tar: Cannot open: Permission denied
tar: Error is not recoverable: exiting now
unpacking backup failed
解决: chmod 777 备份文件
- 初始化时报错:
Database 'gitlabhq_production' already exists
rake aborted!
ActiveRecord::ProtectedEnvironmentError: You are attempting to run a destructive action against your 'production' database.
正常现象,启动数据库时已经创建过库。
- “项目–>设置–>集成”页面500报错:
ActionView::Template::Error ():
1: %li
2: .row
3: .col-md-8.col-lg-7
4: %strong.light-header= hook.url
5: %div
6: - ProjectHook.triggers.each_value do |event|
7: - if hook.public_send(event)
app/models/hooks/web_hook.rb:62:in `url'
解决:启动时把GITLAB_SECRETS_DB_KEY_BASE GITLAB_SECRETS_SECRET_KEY_BASE GITLAB_SECRETS_OTP_KEY_BASE这三个参数设置成和老版本一样;/home/git/gitlab/config/secrets.yml文件中的值。