https://about.gitlab.cn/install/?version=ce

备份-1天

安装

docker安装

# mkdir /data/server/gitlab/{config,logs,data} -p
# docker pull gitlab/gitlab-ce
# docker run -d --hostname gitlab --restart=always -p 7080:80 -p 22:22 -p 8443:443 --name gitlab -v /data/server/gitlab/config:/etc/gitlab -v /data/server/gitlab/logs:/var/log/gitlab -v /data/server/gitlab/data:/var/opt/gitlab gitlab/gitlab-ce:latest

配置gitlab

external_url 'http://git.birenchong.cn'
gitlab_rails['gitlab_ssh_host'] = 'git-ssh.birenchong.cn'
gitlab_rails['time_zone'] = 'Asia/Shanghai'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qiye.aliyun.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "birenchong@birenchong.cn"
gitlab_rails['smtp_password'] = "Yx123456"
gitlab_rails['smtp_domain'] = "birenchong.cn"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = false
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_from'] = 'birenchong@birenchong.cn'
gitlab_rails['gitlab_shell_ssh_port'] = 22

重启gitlab

docker restart gitlab

查看启动日志

docker logs -f gitlab

查看默认的root密码

docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password

注意: 由于gitlab启动耗费时间很长，占用资源较多，经测试，在docker环境下，gitlab需要额外占用140OM，才能正常访问成功，正常运行时候，其内存占用200OM左右。 默认的root密码，会自动消失，需要我们自己来定制密码

k8s安装

配置helm

PersistentVolume

apiVersion: v1
kind: PersistentVolume
metadata:
  name: birenchong-devops-gitlab-ce-pv
  namespace: birenchong-devops
spec:
  capacity:
    storage: 20Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: efs-sc-static
  csi:
    driver: efs.csi.aws.com
    volumeHandle: fs-0xxxxxxxxxxxxx3

PersistentVolumeClaim

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: birenchong-devops-gitlab-ce-pvc
  namespace: birenchong-devops
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: efs-sc-static
  resources:
    requests:
      storage: 20Gi

ConfigMap

kind: ConfigMap
apiVersion: v1
metadata:
  name: birenchong-devops-gitlab-ce-conf
  namespace: birenchong-devops
  annotations:
    kubesphere.io/creator: admin
data:
  gitlab.rb: |-
    external_url 'http://git.birenchong.cn'
    gitlab_rails['gitlab_ssh_host'] = 'git-ssh.birenchong.cn'
    gitlab_rails['time_zone'] = 'Asia/Shanghai'
    gitlab_rails['smtp_enable'] = true
    gitlab_rails['smtp_address'] = "smtp.qiye.aliyun.com"
    gitlab_rails['smtp_port'] = 465
    gitlab_rails['smtp_user_name'] = "birenchong@birenchong.cn"
    gitlab_rails['smtp_password'] = "Yx123456"
    gitlab_rails['smtp_domain'] = "birenchong.cn"
    gitlab_rails['smtp_authentication'] = "login"
    gitlab_rails['smtp_enable_starttls_auto'] = false
    gitlab_rails['smtp_tls'] = true
    gitlab_rails['gitlab_email_from'] = 'birenchong@birenchong.cn'
    gitlab_rails['gitlab_shell_ssh_port'] = 22

Service

kind: Service
apiVersion: v1
metadata:
  name: birenchong-devops-tool-gitlab-ce
  namespace: birenchong-devops
  labels:
    app: birenchong-devops-tool-gitlab-ce
    version: v1
  annotations:
    kubesphere.io/creator: admin
    kubesphere.io/serviceType: statefulservice
spec:
  ports:
    - name: tcp-22
      protocol: TCP
      port: 22
      targetPort: 22
    - name: tcp-443
      protocol: TCP
      port: 443
      targetPort: 443
    - name: tcp-80
      protocol: TCP
      port: 80
      targetPort: 80
  selector:
    app: birenchong-devops-tool-gitlab-ce
  clusterIP: None
  clusterIPs:
    - None
  type: ClusterIP
  sessionAffinity: None
  ipFamilies:
    - IPv4
  ipFamilyPolicy: SingleStack
  internalTrafficPolicy: Cluster

Service-np

kind: Service
apiVersion: v1
metadata:
  name: birenchong-devops-tool-gitlab-ce-np
  namespace: birenchong-devops
  labels:
    app: birenchong-devops-tool-gitlab-ce-np
  annotations:
    kubesphere.io/creator: admin
spec:
  ports:
    - name: http-80
      protocol: TCP
      port: 80
      targetPort: 80
      nodePort: 31149
    - name: tcp-22
      protocol: TCP
      port: 22
      targetPort: 22
      nodePort: 30577
  selector:
    app: birenchong-devops-tool-gitlab-ce
    version: v1
  clusterIP: 10.100.184.252
  clusterIPs:
    - 10.100.184.252
  type: NodePort
  sessionAffinity: None
  externalTrafficPolicy: Cluster
  ipFamilies:
    - IPv4
  ipFamilyPolicy: SingleStack
  internalTrafficPolicy: Cluster

StatefulSet

kind: StatefulSet
apiVersion: apps/v1
metadata:
  name: birenchong-devops-tool-gitlab-ce-v1
  namespace: birenchong-devops
  labels:
    app: birenchong-devops-tool-gitlab-ce
    version: v1
  annotations:
    kubesphere.io/creator: admin
spec:
  replicas: 1
  selector:
    matchLabels:
      app: birenchong-devops-tool-gitlab-ce
      version: v1
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: birenchong-devops-tool-gitlab-ce
        version: v1
      annotations:
        logging.kubesphere.io/logsidecar-config: '{}'
    spec:
      volumes:
        - name: gitlab-ce-pvc
          persistentVolumeClaim:
            claimName: birenchong-devops-gitlab-ce-pvc
      containers:
        - name: gitlab
          image: 'gitlab/gitlab-ce:14.10.2-ce.0'
          ports:
            - name: tcp-22
              containerPort: 22
              protocol: TCP
            - name: tcp-443
              containerPort: 443
              protocol: TCP
            - name: tcp-80
              containerPort: 80
              protocol: TCP
          envFrom:
            - prefix: GITLAB_OMNIBUS_CONFIG
              configMapRef:
                name: birenchong-devops-gitlab-ce-conf
          resources: {}
          volumeMounts:
            - name: gitlab-ce-pvc
              mountPath: /etc/gitlab
              subPath: gitlab-ce/config
            - name: gitlab-ce-pvc
              mountPath: /var/log/gitlab
              subPath: gitlab-ce/logs
            - name: gitlab-ce-pvc
              mountPath: /var/opt/gitlab
              subPath: gitlab-ce/data
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          imagePullPolicy: IfNotPresent
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      dnsPolicy: ClusterFirst
      nodeSelector:
        env: devops
      serviceAccountName: default
      serviceAccount: default
      securityContext: {}
      schedulerName: default-scheduler
  serviceName: birenchong-devops-tool-gitlab-ce
  podManagementPolicy: OrderedReady
  updateStrategy:
    type: RollingUpdate
    rollingUpdate:
      partition: 0
  revisionHistoryLimit: 10

配置

关闭注册

管理中心-通用-注册限制

关闭http模式的clone

管理中心-通用-可见性与访问控制-启用 Git 访问协议

配置邮件服务器

配置qq邮箱发邮箱

# cat /data/server/gitlab/config/gitlab.rb
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qq.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "2411776061@qq.com"
gitlab_rails['smtp_password'] = "xxxxx"
gitlab_rails['smtp_domain'] = "qq.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_from'] = '2411776061@qq.com'
user['git_user_email'] = "2411776061@qq.com"

# docker restart gitlab

配置阿里企业邮箱发邮箱

# cat /data/server/gitlab/config/gitlab.rb
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qiye.aliyun.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "birenchong@birenchong.cn"
gitlab_rails['smtp_password'] = "xxxxx"
gitlab_rails['smtp_domain'] = "birenchong.cn"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = false
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_from'] = 'birenchong@birenchong.cn'


# docker restart gitlab

将主分支main修改为master

管理中心-设置-仓库-默认分支

备份

备份和恢复注意事项

1. 默认情况下，gitlab的备份不包括gitlab软件本身的敏感数据

   比如gitlab.rb、 nginx.conf等

2. 为了避免在备份和恢复的时候，对现有的业务有影响，所以我们需要提前断开数据相关的操作

备份实践

# docker exec -it gitlab gitlab-backup create

# 查看备份–因为docker做了数据卷，所以可以在本地查看
# cd /data/server/gitlab/data
# ls backups/
1652334310_2022_05_12_14.10.2_gitlab_backup.tar

注意：

​ 备份的文件格式:时间戳_日期_gitlab版本_gitlab_backup.tar

# crontab
0 1 * * * /srv/gitlab/backup.sh > /srv/gitlab/backlog.log


# /srv/gitlab/backup.sh
#!/bin/bash
# 删除3天的文件
find /data/server/gitlab/data/backups/ -atime +2 -exec rm -f {} \;
# 备份数据
docker exec gitlab gitlab-backup create
# 备份配置
cd /data/server/gitlab
tar -czf /data/server/gitlab/data/backups/gitlab-config-`date +%Y-%m-%d`.tar.gz config

还原

还原文件前，确保代码的权限

# ll backups/1652334310_2022_05_12_14.10.2_gitlab_backup.tar
-rw------- 1 lxd docker 389120 May 12 05:45 backups/1652334310_2022_05_12_14.10.2_gitlab_backup.tar

停止相关数据连接服务

# docker exec -it gitlab gitlab-ctl stop puma
# docker exec -it gitlab gitlab-ctl stop sidekiq
注意：虽然用puma替代了unicorn，但是老的服务名仍然可以使用

还原备份文件，必须指定备份文件中的时间戳_日期_gitlab版本内容

# docker exec -it gitlab gitlab-rake gitlab:backup:restore BACKUP=1652334310_2022_05_12_14.10.2
注意:还原的时候有两次确认步骤
Do you want to continue (yes/no)? yes开始还原
Do you want to continue (yes/no)? yes重写恢复时会丢失这些敏感数据

重载配置

# docker exec -it gitlab gitlab-ctl reconfigure
	注意:如果配置文件没有做任何变动的时候，可以自由的忽略了

重启环境

# docker restart gitlab
注意:
	如果看到gitlab页面是502，稍等几分钟后，再来查看即可

docker exec -it gitlab gitlab-backup create

cd /data/server/gitlab/data/backups
scp -i /root/.ssh/birenchong_aws.pem 1678796101_2023_03_14_14.10.2_gitlab_backup.tar root@3.71.81.134:/root/gitlab-bak/
scp -i /root/.ssh/birenchong_aws.pem gitlab-config-2023-03-14.tar.gz root@3.71.81.134:/root/gitlab-bak/

cd /data/efs_dir/gitlab-ce/data/backups/
cp ~/gitlab-bak/1678796101_2023_03_14_14.10.2_gitlab_backup.tar .
chown lxd.root 1678796101_2023_03_14_14.10.2_gitlab_backup.tar
kubectl exec -it birenchong-devops-tool-gitlab-ce-v1-0 -c gitlab -n birenchong-devops gitlab-rake gitlab:backup:restore BACKUP=1678796101_2023_03_14_14.10.2

使用LFS

服务端LFS默认已启用，配置客户端即可

git lfs install

不使用lfs提交

git add .
git commit -m "test no lfs"
git push origin master

使用lfs提交

git lfs track "*.zip"
cat .gitattributes
git add .
git commit -m "test with lfs"
git push origin master

项目配置

关闭DevOps自动触发功能

默认情况下，gitlab在接收代码提交的时候，会自动进行代码的一系列附加动作，为了避免影响后续的代码提交，我们一般会将默认的DevOps的自动化功能撤销掉。方法如下∶

进入到项目界面，然后点击左边栏的Settings，再点击子菜单中的"CI/CD"

然后在新界面中，勾选掉"Auto Devops"，点击Save即可