1 - GitLab配置文件
GitLab默認的配置文件路徑:/etc/gitlab/html
/etc/gitlab/gitlab.rb:主配置文件,包含外部URL、倉庫目錄、備份目錄等/etc/gitlab/gitlab-secrets.json:(執行gitlab-ctl reconfigure命令行後生成),包含各種密鑰的加密信息
手工備份/etc/gitlab/的全部文件:cp -R /etc/gitlab/ <backup-path>
2 - 備份指令
備份指令不會備份配置文件,須要手動備份配置目錄和相關文件。 默認的備份目錄爲 /var/opt/gitlab/backups/ 如下是/etc/gitlab/gitlab.rb文件中Backup Settings部分的內容node
379 ### Backup Settings
380 ###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html
381
382 # gitlab_rails['manage_backup_path'] = true
383 # gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
384
385 ###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#backup-archive-permissions
386 # gitlab_rails['backup_archive_permissions'] = 0644
387
388 # gitlab_rails['backup_pg_schema'] = 'public'
389
390 ###! The duration in seconds to keep backups before they are allowed to be deleted
391 # gitlab_rails['backup_keep_time'] = 604800
392
393 # gitlab_rails['backup_upload_connection'] = {
394 # 'provider' => 'AWS',
395 # 'region' => 'eu-west-1',
396 # 'aws_access_key_id' => 'AKIAKIAKI',
397 # 'aws_secret_access_key' => 'secret123'
398 # }
399 # gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
400 # gitlab_rails['backup_multipart_chunk_size'] = 104857600
401
402 ###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for
403 ###! backups**
404 # gitlab_rails['backup_encryption'] = 'AES256'
405 ###! The encryption key to use with AWS Server-Side Encryption.
406 ###! Setting this value will enable Server-Side Encryption with customer provided keys;
407 ###! otherwise S3-managed keys are used.
408 # gitlab_rails['backup_encryption_key'] = '<base64-encoded encryption key>'
409
410 ###! **Specifies Amazon S3 storage class to use for backups. Valid values
411 ###! include 'STANDARD', 'STANDARD_IA', and 'REDUCED_REDUNDANCY'**
412 # gitlab_rails['backup_storage_class'] = 'STANDARD'
413
414 ###! Skip parts of the backup. Comma separated.
415 ###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup
416 #gitlab_rails['env'] = {
417 # "SKIP" => "db,uploads,repositories,builds,artifacts,lfs,registry,pages"
418 #}
2.1 設置備份參數
[root@test102 ~]# vim /etc/gitlab/gitlab.rb [root@test102 ~]# cat /etc/gitlab/gitlab.rb |grep -v "#" |grep -Ev '^$' external_url 'http://192.168.16.102' gitlab_rails['backup_path'] = "/var/opt/gitlab/backups" # 備份的目錄 gitlab_rails['backup_archive_permissions'] = 0644 # 備份包(tar格式壓縮包)的權限 gitlab_rails['backup_keep_time'] = 604800 # 備份的保留時間,單位是秒 unicorn['listen'] = '192.168.16.102' unicorn['port'] = 8081 [root@test102 ~]# gitlab-ctl reconfigure # 重載配置,使之生效 ...... ...... ...... Running handlers: Running handlers complete Chef Client finished, 9/730 resources updated in 46 seconds gitlab Reconfigured! [root@test102 ~]#
2.2 執行備份指令
[root@test102 ~]# ll /var/opt/gitlab/backups/ total 0 [root@test102 ~]# gitlab-rake gitlab:backup:create # 備份數據 2019-11-27 16:12:08 +0800 -- Dumping database ... Dumping PostgreSQL database gitlabhq_production ... [DONE] 2019-11-27 16:12:10 +0800 -- done 2019-11-27 16:12:10 +0800 -- Dumping repositories ... 2019-11-27 16:12:10 +0800 -- done 2019-11-27 16:12:10 +0800 -- Dumping uploads ... 2019-11-27 16:12:10 +0800 -- done 2019-11-27 16:12:10 +0800 -- Dumping builds ... 2019-11-27 16:12:10 +0800 -- done 2019-11-27 16:12:10 +0800 -- Dumping artifacts ... 2019-11-27 16:12:10 +0800 -- done 2019-11-27 16:12:10 +0800 -- Dumping pages ... 2019-11-27 16:12:10 +0800 -- done 2019-11-27 16:12:10 +0800 -- Dumping lfs objects ... 2019-11-27 16:12:10 +0800 -- done 2019-11-27 16:12:10 +0800 -- Dumping container registry images ... 2019-11-27 16:12:10 +0800 -- [DISABLED] Creating backup archive: 1574842330_2019_11_27_12.5.0_gitlab_backup.tar ... done Uploading backup archive to remote storage ... skipped Deleting tmp directories ... done done done done done done done done Deleting old backups ... done. (0 removed) Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data and are not included in this backup. You will need these files to restore a backup. Please back them up manually. Backup task is done. [root@test102 ~]# [root@test102 ~]# ll /var/opt/gitlab/backups/ total 172 -rw-r--r-- 1 git git 174080 Nov 27 16:12 1574842330_2019_11_27_12.5.0_gitlab_backup.tar [root@test102 ~]#
3 - 定時備份
使用Crontab任務進行定時備份。nginx
[root@test102 ~]# crontab -l no crontab for root [root@test102 ~]# [root@test102 ~]# crontab -e no crontab for root - using an empty one crontab: installing new crontab [root@test102 ~]# [root@test102 ~]# crontab -l 0 2 * * * /opt/gitlab/bin/gitlab-rake gitlab:backup:create CRON=10 2 * * * /opt/gitlab/bin/gitlab-rake gitlab:backup:create CRON=1 [root@test102 ~]#
4 - 備份到雲存儲
從GitLab7.4開始,能夠將備份文件上傳到遠端雲存儲上。 具體配置和操做,可查看官方文檔:git
涉及的配置項以下:
393 # gitlab_rails['backup_upload_connection'] = {
394 # 'provider' => 'AWS',
395 # 'region' => 'eu-west-1',
396 # 'aws_access_key_id' => 'AKIAKIAKI',
397 # 'aws_secret_access_key' => 'secret123'
398 # }
399 # gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
400 # gitlab_rails['backup_multipart_chunk_size'] = 104857600
5 - 還原數據
特別注意:redis
- 備份目錄和gitlab.rb中定義的備份目錄必須一致
- GitLab的版本和備份文件中的版本必須一致,不然還原時會報錯。
[root@test102 ~]# cat /etc/gitlab/gitlab.rb |grep "backup_path" |grep -Ev "^$" # 確認備份目錄 gitlab_rails['backup_path'] = "/var/opt/gitlab/backups" [root@test102 ~]# [root@test102 ~]# ll /var/opt/gitlab/backups/ # 確認備份文件 total 172 -rw-r--r-- 1 git git 174080 Nov 27 16:12 1574842330_2019_11_27_12.5.0_gitlab_backup.tar [root@test102 ~]# [root@test102 ~]# gitlab-rake gitlab:backup:restore BACKUP=1574842330_2019_11_27_12.5.0 # 還原 Unpacking backup ... done Before restoring the database, we will remove all existing tables to avoid future upgrade problems. Be aware that if you have custom tables in the GitLab database these tables and all data will be removed. Do you want to continue (yes/no)? yes Removing all tables. Press `Ctrl-C` within 5 seconds to abort 2019-11-27 16:40:03 +0800 -- Cleaning the database ... 2019-11-27 16:40:05 +0800 -- done 2019-11-27 16:40:05 +0800 -- Restoring database ... ...... ...... ...... [DONE] 2019-11-27 16:40:19 +0800 -- done 2019-11-27 16:40:19 +0800 -- Restoring repositories ... 2019-11-27 16:40:19 +0800 -- done 2019-11-27 16:40:19 +0800 -- Restoring uploads ... 2019-11-27 16:40:19 +0800 -- done 2019-11-27 16:40:19 +0800 -- Restoring builds ... 2019-11-27 16:40:19 +0800 -- done 2019-11-27 16:40:19 +0800 -- Restoring artifacts ... 2019-11-27 16:40:19 +0800 -- done 2019-11-27 16:40:19 +0800 -- Restoring pages ... 2019-11-27 16:40:19 +0800 -- done 2019-11-27 16:40:19 +0800 -- Restoring lfs objects ... 2019-11-27 16:40:19 +0800 -- done This task will now rebuild the authorized_keys file. You will lose any data stored in the authorized_keys file. Do you want to continue (yes/no)? yes Deleting tmp directories ... done done done done done done done done Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data and are not included in this backup. You will need to restore these files manually. Restore task is done. [root@test102 ~]# [root@test102 ~]# gitlab-ctl restart # 重啓服務 ok: run: alertmanager: (pid 26150) 1s ok: run: gitaly: (pid 26163) 0s ok: run: gitlab-exporter: (pid 26182) 1s ok: run: gitlab-workhorse: (pid 26184) 0s ok: run: grafana: (pid 26204) 1s ok: run: logrotate: (pid 26216) 0s ok: run: nginx: (pid 26223) 1s ok: run: node-exporter: (pid 26229) 0s ok: run: postgres-exporter: (pid 26235) 0s ok: run: postgresql: (pid 26321) 1s ok: run: prometheus: (pid 26330) 0s ok: run: redis: (pid 26341) 1s ok: run: redis-exporter: (pid 26345) 0s ok: run: sidekiq: (pid 26353) 0s ok: run: unicorn: (pid 26364) 0s [root@test102 ~]# [root@test102 ~]# gitlab-rake gitlab:check SANITZE=true # 檢查GitLab全部組件是否運行正常 Checking GitLab subtasks ... Checking GitLab Shell ... GitLab Shell: ... GitLab Shell version >= 10.2.0 ? ... OK (10.2.0) Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Internal API available: OK Redis available via internal API: OK gitlab-shell self-check successful Checking GitLab Shell ... Finished Checking Gitaly ... Gitaly: ... default ... OK Checking Gitaly ... Finished Checking Sidekiq ... Sidekiq: ... Running? ... yes Number of Sidekiq processes ... 1 Checking Sidekiq ... Finished Checking Incoming Email ... Incoming Email: ... Reply by email is disabled in config/gitlab.yml Checking Incoming Email ... Finished Checking LDAP ... LDAP: ... LDAP is disabled in config/gitlab.yml Checking LDAP ... Finished Checking GitLab App ... Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... yes Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... can't check, you have no projects Redis version >= 2.8.0? ... yes Ruby version >= 2.5.3 ? ... yes (2.6.3) Git version >= 2.22.0 ? ... yes (2.22.0) Git user has default SSH configuration? ... yes Active users: ... 3 Is authorized keys file accessible? ... yes Checking GitLab App ... Finished Checking GitLab subtasks ... Finished [root@test102 ~]#