寫(xiě)在開(kāi)始:
公司之前的gitlab服務(wù)器故黑,版本8.10.5宏蛉,是由開(kāi)發(fā)同學(xué)安裝遣臼、部署和維護(hù)。
官方安裝步驟教程好多頁(yè)檐晕,過(guò)程非常繁瑣暑诸。而且如果將來(lái)遷移或者系統(tǒng)損壞,又得重新部署一遍辟灰。
現(xiàn)在交接給運(yùn)維部門(mén)維護(hù)个榕,采用docker方式部署,方便快捷芥喇,而且將來(lái)遷移西采、升級(jí)方便、高效继控。
基本機(jī)器信息:
| 機(jī)器名 | 業(yè)務(wù) | 系統(tǒng) | IP地址 | 配置 |
|---|---|---|---|---|
| O | 舊gitlab(8.10.5) | CentOS 6.5 | 172.16.17.91 | 4c/8G/1.2T |
| A | 新gitlab(9.2.2) | CentOS 7.2 | 172.16.16.147 | 4c/8G/1T |
| B | nginx(1.10.3) postgresql(9.6) redis(2.8.4) haproxy(1.7.6) |
CentOS 7.2 | 172.16.16.148 | 4c/8G/200G |
基本目錄約束:
總目錄:/home/data
docker-compose配置文件:/home/data/docker-compose.yml
docker數(shù)據(jù):/home/data/gitlab/data
nginx:
配置:/home/data/nginx/etc/sites
ssl證書(shū):/home/data/nginx/etc/ssl
logs日志:/home/data/nginx/logs
haproxy配置文件:/home/data/haproxy/etc/haproxy.cfg
postgresql數(shù)據(jù):/home/data/postgresql/data
redis數(shù)據(jù):/home/data/redis/data
一械馆、基本環(huán)境準(zhǔn)備
1.關(guān)閉SELinux和防火墻
機(jī)器A胖眷、B:
#防火墻
#關(guān)閉防火墻
systemctl stop firewalld
#禁止開(kāi)機(jī)啟動(dòng)
systemctl disable firewalld
#SELinux
#關(guān)閉即時(shí)生效
setenforce 0
#永久有效
#修改/etc/selinux/config,“SELINUX=enforcing”修改為“SELINUX=disabled”霹崎,然后重啟珊搀。
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
#重啟生效修改
reboot
2.修改ssh登錄端口
機(jī)器A、B:
#編輯配置文件
vi /etc/ssh/sshd_config
#改成8822端口
Port 8822
#重啟ssh服務(wù)
systemctl restart sshd
二尾菇、安裝
1.docker安裝
#安裝
curl -sSL https://get.daocloud.io/docker | sh
#配置 Docker 加速器
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://26109e56.m.daocloud.io
#啟動(dòng)docker
systemctl start docker
#加入開(kāi)機(jī)啟動(dòng)docker
systemctl enable docker
2.docker-compose安裝
curl -L https://get.daocloud.io/docker/compose/releases/download/1.13.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod a+x /usr/local/bin/docker-compose
3.docker鏡像pull
機(jī)器A:
#因?yàn)檫w移和升級(jí)是兩個(gè)部分境析,所有需要pull兩個(gè)版本,gitlab(https://github.com/sameersbn/docker-gitlab)
docker pull sameersbn/gitlab:8.10.5
docker pull sameersbn/gitlab:9.2.2
機(jī)器B:
#redis(https://github.com/sameersbn/docker-redis)
docker pull sameersbn/redis
#nginx(https://github.com/sameersbn/docker-nginx)
docker pull sameersbn/nginx
#postgresql(https://github.com/sameersbn/docker-postgresql)
docker pull sameersbn/postgresql:9.6-2
#haproxy(for gitlab ssh mode)
docker pull haproxy:1.7.6
三派诬、配置
1.機(jī)器B
docker-compose配置文件
nginx:
restart: always
image: sameersbn/nginx:latest
volumes:
- /home/data/nginx/etc/sites:/etc/nginx/conf.d:Z
- /home/data/nginx/etc/ssl:/etc/nginx/ssl:Z
- /home/data/nginx/logs:/var/log/nginx:Z
ports:
- "80:80"
- "443:443"
postgresql:
restart: always
image: sameersbn/postgresql:9.6-2
environment:
- DB_USER=gitlab
- DB_PASS=hamgua!@#gitlab
- DB_NAME=gitlabhq_production
- DB_EXTENSION=pg_trgm
volumes:
- /home/data/postgresql/data:/var/lib/postgresql:Z
ports:
- "5432:5432"
redis:
restart: always
image: sameersbn/redis:latest
volumes:
- /home/data/redis/data:/var/lib/redis:Z
ports:
- "6379:6379"
haproxy:
restart: always
image: haproxy:1.7.6
volumes:
- /home/data/haproxy/etc:/usr/local/etc/haproxy:Z
ports:
- "22:80"
nginx配置:
upstream git-hamgua {
server 172.16.16.147:10080 max_fails=3 fail_timeout=30s weight=1;
}
server {
listen 80;
listen 443 ssl;
server_name git.hamgua.com;
ssl_certificate /etc/nginx/ssl/git.hamgua.cn.crt;
ssl_certificate_key /etc/nginx/ssl/git.hamgua.cn.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
proxy_pass http://git-hamgua;
proxy_redirect off;
#proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_next_upstream off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header Accept-Encoding "";
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 64k;
proxy_buffers 16 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
proxy_redirect default;
proxy_ignore_client_abort on;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
haproxy配置:
global
pidfile /var/run/haproxy.pid
maxconn 81920
nbproc 10
daemon
quiet
defaults
log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
maxconn 10240
timeout connect 5000ms
timeout client 60000ms
timeout server 60000ms
frontend git
bind 0.0.0.0:80
mode tcp
default_backend gitlab-ssh
backend gitlab-ssh
option tcpka
balance roundrobin
mode tcp
server gitlab-ssh1 172.16.16.147:10022 weight 1 check port 10022 inter 1s rise 2 fall 2
2.機(jī)器A
docker-compose配置文件(8.10.5版本)
gitlab:
restart: always
image: sameersbn/gitlab:8.10.5
ports:
- "10080:80"
- "10022:22"
environment:
#postgresql
- DB_ADAPTER=postgresql
- DB_HOST=172.16.16.148
- DB_PORT=5432
- DB_USER=gitlab
- DB_PASS=hamgua!@#gitlab
- DB_NAME=gitlabhq_production
#redis
- REDIS_HOST=172.16.16.148
- REDIS_PORT=6379
#global config
- DEBUG=false
- TZ=Asia/Shanghai
- GITLAB_TIMEZONE=Shanghai
- GITLAB_ROOT_EMAIL=hamgua@hamgua.com
- GITLAB_SECRETS_DB_KEY_BASE=mjztzlfksTvRz5wNXjVDstTJZklGKDWsHX6Q9s55ZVc9v7TdGvDs3DHzFLxsKWsT
- GITLAB_HOST=git.hamgua.com
#ssl port
- GITLAB_PORT=443
#ssh port
- GITLAB_SSH_PORT=22
- GITLAB_HTTPS=true
- GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
- GITLAB_NOTIFY_PUSHER=false
- GITLAB_PAGES_ENABLED=true
- GITLAB_PAGES_DOMAIN=git.hamgua.com
- GITLAB_EMAIL=hamgua@hamgua.com
- GITLAB_EMAIL_REPLY_TO=hamgua@hamgua.com
- GITLAB_INCOMING_EMAIL_ADDRESS=hamgua@hamgua.com
#backup
#every day
- GITLAB_BACKUP_SCHEDULE=daily
- GITLAB_BACKUP_TIME=01:00
#7 days
- GITLAB_BACKUP_EXPIRY=604800
#smtp
- SMTP_ENABLED=true
- SMTP_DOMAIN=hamgua.com
- SMTP_HOST=smtp.exmail.qq.com
- SMTP_PORT=587
- SMTP_USER=hamgua@hamgua.com
- SMTP_PASS=hamgua
- SMTP_STARTTLS=true
- SMTP_AUTHENTICATION=plain
- IMAP_ENABLED=false
volumes:
- /home/data/gitlab/data:/home/git/data:Z
四劳淆、初始化和啟動(dòng)
1.docker初始化
機(jī)器B:
cd /home/data
docker-compose create nginx redis postgresql
機(jī)器A:
cd /home/data
docker-compose create gitlab
2.docker啟動(dòng)
(注意必須先啟動(dòng)機(jī)器B的redis、postgresql服務(wù))
機(jī)器B:
cd /home/data
docker-compose start nginx redis postgresql
機(jī)器A:
cd /home/data
docker-compose start gitlab
五默赂、備份和恢復(fù)
1.備份(機(jī)器O)
#登錄機(jī)器O沛鸵,執(zhí)行備份,會(huì)生成類(lèi)似1497291058_gitlab_backup.tar的備份文件
cd /var/opt/gitlab/backups/
gitlab-rake gitlab:backup:create RAILS_ENV=production
#發(fā)送到docker gitlab服務(wù)器的備份目錄
scp 1497291058_gitlab_backup.tar root@172.16.16.147:/home/data/gitlab/data/backups/
2.恢復(fù)(機(jī)器A)
#登錄gitlab容器
docker exec -ti data_gitlab_1 bash
#執(zhí)行恢復(fù)
sudo -u git -H bundle exec rake gitlab:backup:restore RAILS_ENV=production
恢復(fù)輸入確認(rèn)
#一共有兩個(gè)部分需要確認(rèn)
1.恢復(fù)git數(shù)據(jù)
Before restoring the database we recommend removing all existing
tables to avoid future upgrade problems. Be aware that if you have
custom tables in the GitLab database these tables and all data will be
removed.
Do you want to continue (yes/no)? 輸入yes
2.恢復(fù)authorized_keys文件
This will rebuild an authorized_keys file.
You will lose any data stored in authorized_keys file.
Do you want to continue (yes/no)? 輸入no
3.清除緩存
#登錄gitlab容器
docker exec -ti data_gitlab_1 bash
#清除緩存
sudo -u git -H bundle exec rake cache:clear RAILS_ENV=production
六缆八、升級(jí)gitlab
1.關(guān)閉和刪除8.10.5版本的gitlab docker容器(機(jī)器A)
docker-compose stop gitlab
docker-compose rm gitlab
2.啟動(dòng)9.2.2版本gitlab docker容器(機(jī)器A)
9.2.2的docker-compose配置文件:
gitlab:
restart: always
image: sameersbn/gitlab:9.2.2
ports:
- "10080:80"
- "10022:22"
environment:
#postgresql
- DB_ADAPTER=postgresql
- DB_HOST=172.16.16.148
- DB_PORT=5432
- DB_USER=gitlab
- DB_PASS=hamgua!@#gitlab
- DB_NAME=gitlabhq_production
#redis
- REDIS_HOST=172.16.16.148
- REDIS_PORT=6379
#global config
- DEBUG=false
- TZ=Asia/Shanghai
- GITLAB_TIMEZONE=Shanghai
- GITLAB_HOST=git.hamgua.com
#ssl port
- GITLAB_PORT=443
#ssh port
- GITLAB_SSH_PORT=22
- GITLAB_HTTPS=true
- GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
- GITLAB_NOTIFY_PUSHER=false
- GITLAB_PAGES_ENABLED=true
- GITLAB_PAGES_DOMAIN=git.hamgua.com
- GITLAB_RELATIVE_URL_ROOT=
- GITLAB_SECRETS_DB_KEY_BASE=mjztzlfksTvRz5wNXjVDstTJZklGKDWsHX6Q9s55ZVc9v7TdGvDs3DHzFLxsKWsT
- GITLAB_SECRETS_SECRET_KEY_BASE=RWNLdwXfsGHdGGjwSw678sWxztJ3sPJbfVm2BRrHq5Ql9XCZVXVLTHN7vpSdWmKF2DJ4qV2s5NJgZwcxPjZw5wJ9PwvdhjsQ99dWjmLDXvwBsWV3K227573vVQCmwZ5R
- GITLAB_SECRETS_OTP_KEY_BASE=LrC872vHQ5bnjB6m7xBHPF99H9NPvqcFJlbf47TVZN835FnGG5kJvFtRwQQVRmBfcW96TJtJF5sxWKBKmm6QWf2RNddScLXMnwmmtGcDptRclZ97GLx8SxVSjdgm88WG
- GITLAB_ROOT_EMAIL=hamgua@hamgua.com
- GITLAB_EMAIL=hamgua@hamgua.com
- GITLAB_EMAIL_REPLY_TO=hamgua@hamgua.com
- GITLAB_INCOMING_EMAIL_ADDRESS=hamgua@hamgua.com
#backup
#every day
- GITLAB_BACKUP_SCHEDULE=daily
- GITLAB_BACKUP_TIME=01:00
#7 days
- GITLAB_BACKUP_EXPIRY=604800
#smtp
- SMTP_ENABLED=true
- SMTP_DOMAIN=hamgua.com
- SMTP_HOST=smtp.exmail.qq.com
- SMTP_PORT=587
- SMTP_USER=hamgua@hamgua.com
- SMTP_PASS=hamgua
- SMTP_STARTTLS=true
- SMTP_AUTHENTICATION=plain
- IMAP_ENABLED=false
volumes:
- /home/data/gitlab/data:/home/git/data:Z
初始化(機(jī)器A)
cd /home/data
docker-compose create gitlab
啟動(dòng)(機(jī)器A)
cd /home/data
docker-compose start gitlab
清除緩存
#登錄gitlab容器
docker exec -ti data_gitlab_1 bash
#清除緩存
sudo -u git -H bundle exec rake cache:clear RAILS_ENV=production
七曲掰、登錄驗(yàn)證
登錄驗(yàn)證,確保數(shù)據(jù)遷移完整誤和版本升級(jí)完成奈辰。
八蜈缤、git高可用方案
gitlab:inotify+unison雙向文件同步,實(shí)現(xiàn)git提交倉(cāng)庫(kù)自動(dòng)同步到另一臺(tái)git服務(wù)器冯挎。參考:http://leanote.com/blog/post/591d50b4ab64412be900163d
postgresql:主從流復(fù)制底哥。參考:http://www.reibang.com/p/2d07339774c0
總結(jié):
1.gitlab遷移必須要跟原版本保持一致,否則備份恢復(fù)會(huì)提醒版本不兼容房官。
2.遷移完畢趾徽,需要先簡(jiǎn)單驗(yàn)證數(shù)據(jù),然后再進(jìn)行升級(jí)翰守,防止數(shù)據(jù)丟失孵奶。
3.高可用方案機(jī)器A、B都需要double部署蜡峰。
4.萬(wàn)事小心了袁,想好遷移回滾方案。
