源碼安裝gitlab

GitLab服務構成

GitLab由以下服務構成：

 

nginx：靜態Web服務器

gitlab-shell：用於處理Git命令和修改authorized keys列表

gitlab-workhorse:輕量級的反向代理服務器

logrotate：日志文件管理工具

postgresql：數據庫

redis：緩存數據庫

sidekiq：用於在后台執行隊列任務（異步執行）

unicorn：An HTTP server for Rack applications，GitLab Rails應用是托管在這個服務器上面的。

Gitlab Shell

GitLab Shell有兩個作用：為GitLab處理Git命令、修改authorized keys列表。

 

當通過SSH訪問GitLab Server時，GitLab Shell會：

 

限制執行預定義好的Git命令（git push, git pull, git annex）

調用GitLab Rails API 檢查權限

執行pre-receive鈎子（在GitLab企業版中叫做Git鈎子）

執行你請求的動作

處理GitLab的post-receive動作

處理自定義的post-receive動作

當通過http(s)訪問GitLab Server時，工作流程取決於你是從Git倉庫拉取(pull)代碼還是向git倉庫推送(push)代碼。如果你是從Git倉庫拉取(pull)代碼，GitLab Rails應用會全權負責處理用戶鑒權和執行Git命令的工作；如果你是向Git倉庫推送(push)代碼，GitLab Rails應用既不會進行用戶鑒權也不會執行Git命令，它會把以下工作交由GitLab Shell進行處理：

 

調用GitLab Rails API 檢查權限

執行pre-receive鈎子（在GitLab企業版中叫做Git鈎子）

執行你請求的動作

處理GitLab的post-receive動作

處理自定義的post-receive動作

也許你會奇怪在通過http(s)推送(push)代碼的情況下，GitLab Rails應用為什么不在GitLab Shell之前進行鑒權。這是因為GitLab Rails應用沒有解析git push命令的邏輯。好的方法是將這些解析代碼放在一個地方，這個地方就是GitLab Shell，這樣我們就可以在通過SSH進行訪問時重用這段代碼。實際上，GitLabShell在執行git push命令時根本不會進行權限檢查，它是依賴於pre-receive鈎子進行權限檢查的。而當你執行git pull命令時，權限檢查是在命令執行之前的。對git pull命令的權限檢查要簡單得多，因為你只需要檢查一個用戶是否可以訪問這個倉庫就可以了（不需要檢查分支權限）。

 

好吧，GitLab Shell這段話都是翻譯官網的。鏈接在這里

https://gitlab.com/gitlab-org/gitlab-shell/blob/master/README.md

 

最后一段話有點拗口，我對此還是有一點問題的：既然你把git push的邏輯都放在GitLab Shell里面了，為什么不把git pull的邏輯也都放在里面提供重用呢？

猜想：git pull這段邏輯無法重用，因為通過http(s)方式訪問時，要讀取倉庫的數據並且把這些數據封裝成http包返回給客戶端；而通過ssh方式訪問時，倉庫代碼數據是通過ssh數據包返回的。兩種訪問方式返回數據的封裝方式不一樣，所以也沒有必要提供重用。但是我覺得讀取倉庫數據這段邏輯應該還是重用了的。

GitLab Workhorse

GitLab Workhorse是一個敏捷的反向代理。它會處理一些大的HTTP請求，比如文件上傳、文件下載、Git push/pull和Git包下載。其它請求會反向代理到GitLab Rails應用，即反向代理給后端的unicorn。官網對GitLab Workhorse的介紹在這里： https://gitlab.com/gitlab-org/gitlab-workhorse/

 

六、GitLab工作流程

 

GitLab工作流程圖

Gitlab Shell

GitLab Shell有兩個作用：為GitLab處理Git命令、修改authorized keys列表。

當通過SSH訪問GitLab Server時，GitLab Shell會：

1. 限制執行預定義好的Git命令（git push, git pull, git annex）
2. 調用GitLab Rails API 檢查權限
3. 執行pre-receive鈎子（在GitLab企業版中叫做Git鈎子）
4. 執行你請求的動作
5. 處理GitLab的post-receive動作
6. 處理自定義的post-receive動作

當通過http(s)訪問GitLab Server時，工作流程取決於你是從Git倉庫拉取(pull)代碼還是向git倉庫推送(push)代碼。如果你是從Git倉庫拉取(pull)代碼，GitLab Rails應用會全權負責處理用戶鑒權和執行Git命令的工作；如果你是向Git倉庫推送(push)代碼，GitLab Rails應用既不會進行用戶鑒權也不會執行Git命令，它會把以下工作交由GitLab Shell進行處理：

1. 調用GitLab Rails API 檢查權限
2. 執行pre-receive鈎子（在GitLab企業版中叫做Git鈎子）
3. 執行你請求的動作
4. 處理GitLab的post-receive動作
5. 處理自定義的post-receive動作

也許你會奇怪在通過http(s)推送(push)代碼的情況下，GitLab Rails應用為什么不在GitLab Shell之前進行鑒權。這是因為GitLab Rails應用沒有解析git push命令的邏輯。好的方法是將這些解析代碼放在一個地方，這個地方就是GitLab Shell，這樣我們就可以在通過SSH進行訪問時重用這段代碼。實際上，GitLabShell在執行git push命令時根本不會進行權限檢查，它是依賴於pre-receive鈎子進行權限檢查的。而當你執行git pull命令時，權限檢查是在命令執行之前的。對git pull命令的權限檢查要簡單得多，因為你只需要檢查一個用戶是否可以訪問這個倉庫就可以了（不需要檢查分支權限）。

好吧，GitLab Shell這段話都是翻譯官網的。鏈接在這里

https://gitlab.com/gitlab-org/gitlab-shell/blob/master/README.md

最后一段話有點拗口，我對此還是有一點問題的：既然你把git push的邏輯都放在GitLab Shell里面了，為什么不把git pull的邏輯也都放在里面提供重用呢？

猜想：git pull這段邏輯無法重用，因為通過http(s)方式訪問時，要讀取倉庫的數據並且把這些數據封裝成http包返回給客戶端；而通過ssh方式訪問時，倉庫代碼數據是通過ssh數據包返回的。兩種訪問方式返回數據的封裝方式不一樣，所以也沒有必要提供重用。但是我覺得讀取倉庫數據這段邏輯應該還是重用了的。

GitLab Workhorse

GitLab Workhorse是一個敏捷的反向代理。它會處理一些大的HTTP請求，比如文件上傳、文件下載、Git push/pull和Git包下載。其它請求會反向代理到GitLab Rails應用，即反向代理給后端的unicorn。官網對GitLab Workhorse的介紹在這里： https://gitlab.com/gitlab-org/gitlab-workhorse/

六、GitLab工作流程

 

# https://gitlab.com/gitlab-org/gitlab-ce/blob/8-9-stable/doc/install/installation.md

# http://www. fanzicai.com/blog_hexo/Program/20160520-CentOS7%E4%B8%8A%E5%AE%89%E8%A3%85GitLab%EF%BC%88SRC%EF%BC%89.html

# https://segmentfault.com/a/1190000002729796

 

 

#1.安裝軟件包及解決依賴項,升級系統

yum -y update

#2.安裝必須的軟件

yum -y install gcc autoconf cmake unzip vim libcurl-devel zlib-devel curl-devel expat-devel gettext-devel openssl-devel perl-devel nodejs libicu-devel wget curl

 

#安裝git

wget https://www.kernel.org/pub/software/scm/git/git-2.9.0.tar.gz
 
[root@t1 ~]# tar xf git-2.9.0.tar.gz
[root@t1 ~]# cd git-2.9.0
[root@t1 git-2.9.0]# ./configure
[root@t1 git-2.9.0]# make prefix=/usr/local all
# 安裝到/usr/local/bin
[root@t1 git-2.9.0]# make prefix=/usr/local install
[root@t1 git-2.9.0]# source /etc/profile
# 驗證git版本號
[root@t1 git-2.9.0]# git --version
#查看git安裝路徑
[root@t1 git-2.9.0]# which git

# 編輯 config/gitlab.yml (第7步中gitlab), 修改 git 路徑為 /usr/local/bin/git ！！！

#2.添加系統用戶

#我們添加一個用來管理運行Gitlab的用戶git

[root@t1 ~]# useradd -c 'Gitlab' -s /bin/bash git

#為了包含/usr/local/bin到git用戶的$PATH，一個方法是編輯超級用戶文件。以管理員身份運行：

$ visudo
 
#然后搜索：
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
#將其改成：
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin

#3.安裝postfix

yum -y install postfix

#4. Ruby

#Note: The current supported Ruby version is 2.1.x. Ruby 2.2 and 2.3 are currently not supported.
 
[root@t1 ~]# yum -y remove ruby*
 
[root@t1 ~]# curl -O --progress https://cache.ruby-lang.org/pub/ruby/2.1/ruby-2.1.8.tar.gz
[root@t1 ~]# tar xf ruby-2.1.8.tar.gz
[root@t1 ~]# cd ruby-2.1.8
[root@t1 ~]# ./configure --disable-install-rdoc
[root@t1 ~]# make
[root@t1 ~]# make install
 
#Install the Bundler Gem:
[root@t1 ~]# sudo gem install bundler --no-ri --no-rdoc

#5. Go

#Since GitLab 8.0, Git HTTP requests are handled by gitlab-workhorse (formerly gitlab-git-http-server). This is a small daemon written in Go. To install gitlab-workhorse we need a Go compiler. The instructions below assume you use 64-bit Linux. You can find downloads for other platforms at the Go download page.
 
[root@t1 ~]# curl -O --progress https://storage.googleapis.com/golang/go1.5.3.linux-amd64.tar.gz
[root@t1 ~]# tar -C /usr/local -xzf go1.5.3.linux-amd64.tar.gz
[root@t1 ~]# ln -sf /usr/local/go/bin/{go,godoc,gofmt} /usr/local/bin/
[root@t1 ~]# rm go1.5.3.linux-amd64.tar.gz

修改數據庫 

#創建數據庫，用戶，添加權限
MariaDB [(none)]> CREATE USER 'git'@'localhost' IDENTIFIED BY 'gitlab';
mysql> SET storage_engine=INNODB;
mysql> CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, CREATE TEMPORARY TABLES, DROP, INDEX, ALTER, LOCK TABLES, REFERENCES ON `gitlabhq_production`.* TO 'git'@'localhost';

#安裝Redis

yum install redis -y
cp /etc/redis.conf /etc/redis.conf.orig
#sed 's/^port .*/port 0/' /etc/redis.conf.orig |tee /etc/redis.conf #不需要執行
echo 'unixsocket /var/run/redis/redis.sock' | sudo tee -a /etc/redis.conf
echo 'unixsocketperm 770' | sudo tee -a /etc/redis.conf
mkdir /var/run/redis
chown redis:redis /var/run/redis
chmod 755 /var/run/redis
 
# Persist the directory which contains the socket, if applicable
if [ -d /etc/tmpfiles.d ]; then
echo 'd /var/run/redis 0755 redis redis 10d -' | sudo tee -a /etc/tmpfiles.d/redis.conf
fi
 
systemctl start redis
chkconfig redis on
usermod -aG redis git

#7. GitLab

# We'll install GitLab into home directory of the user "git"
cd /home/git
 
#Clone the Source
# Clone GitLab repository
sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 8-9-stable gitlab #注意gitlab的版本
 
 
#Configure It
# Go to GitLab installation folder
cd /home/git/gitlab
 
# Copy the example GitLab config
sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml
 
# Update GitLab config file, follow the directions at top of file
sudo -u git -H vim config/gitlab.yml
 
gitlab:
## Web server settings (note: host is the FQDN, do not include http://)
host: gitlabtest.ptmind.com
port: 443 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
https: true # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
 
bin_path: /usr/local/bin/git
 
# Copy the example secrets file #注意：如果將備份文件在異地恢復，需要將老版的secrets.yml拷貝到新版的對應目錄下
sudo -u git -H cp config/secrets.yml.example config/secrets.yml
sudo -u git -H chmod 0600 config/secrets.yml
 
# Make sure GitLab can write to the log/ and tmp/ directories
sudo chown -R git log/
sudo chown -R git tmp/
sudo chmod -R u+rwX,go-w log/
sudo chmod -R u+rwX tmp/
 
# Make sure GitLab can write to the tmp/pids/ and tmp/sockets/ directories
sudo chmod -R u+rwX tmp/pids/
sudo chmod -R u+rwX tmp/sockets/
 
# Create the public/uploads/ directory
sudo -u git -H mkdir public/uploads/
 
# Make sure only the GitLab user has access to the public/uploads/ directory
# now that files in public/uploads are served by gitlab-workhorse
sudo chmod 0700 public/uploads
 
# Change the permissions of the directory where CI build traces are stored
sudo chmod -R u+rwX builds/
 
# Change the permissions of the directory where CI artifacts are stored
sudo chmod -R u+rwX shared/artifacts/
 
# Copy the example Unicorn config
sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb
 
# Find number of cores
nproc
 
# Enable cluster mode if you expect to have a high load instance
# Set the number of workers to at least the number of cores
# Ex. change amount of workers to 3 for 2GB RAM server
sudo -u git -H vim config/unicorn.rb
worker_processes 10
listen "127.0.0.1:8030", :tcp_nopush => true
 
# Copy the example Rack attack config
sudo -u git -H cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb
 
# Configure Git global settings for git user
# 'autocrlf' is needed for the web editor
sudo -u git -H git config --global core.autocrlf input
 
# Disable 'git gc --auto' because GitLab already runs 'git gc' when needed
sudo -u git -H git config --global gc.auto 0
 
# Configure Redis connection settings
sudo -u git -H cp config/resque.yml.example config/resque.yml
 
# Change the Redis socket path if you are not using the default Debian / Ubuntu configuration
# 修改Redis訪問路徑
sudo -u git -H vim config/resque.yml
 
#Important Note: Make sure to edit both gitlab.yml and unicorn.rb to match your setup.
#Note: If you want to use HTTPS, see Using HTTPS for the additional steps.
 
 
##Configure GitLab DB Settings
# MySQL only:
sudo -u git cp config/database.yml.mysql config/database.yml
 
# Change 'secure password' with the value you have given to $password
# You can keep the double quotes around the password
sudo -u git -H vim config/database.yml
 
# MySQL:
# Make config/database.yml readable to git only
sudo -u git -H chmod o-rwx config/database.yml

 

安裝 Gems

cd /home/git/gitlab
 
# For users from China mainland only
# 僅限中國大陸用戶
# vim /home/git/gitlab/Gemfile
# source "https://ruby.taobao.org" // 原始 source "https://rubygems.org/"
 
# For MySQL (note, the option says "without ... postgres")
 
#修改ruby路徑
vim /usr/local/bin/bundle
#!/usr/local/bin/ruby
 
 
# Or if you use MySQL (note, the option says "without ... postgres")
sudo -u git -H bundle install -j5 --deployment --without development test postgres aws
 
報錯：
Installing org-ruby 0.9.12
Gem::Ext::BuildError: ERROR: Failed to build gem native extension.
 
/usr/local/bin/ruby extconf.rb
checking for ruby/thread.h... yes
checking for rb_thread_call_without_gvl() in ruby/thread.h... yes
checking for rb_thread_blocking_region()... yes
checking for rb_wait_for_single_fd()... yes
checking for rb_hash_dup()... yes
checking for rb_intern3()... yes
checking for mysql_query() in -lmysqlclient... no
-----
libmysqlclient is missing. Trying again with extra runtime libraries...
-----
 
解決：
yum -y install mysql-devel
 
 
Install GitLab Shell
#GitLab Shell is an SSH access and repository management software developed specially for GitLab.
# Run the installation task for gitlab-shell (replace `REDIS_URL` if needed):
 
#如果redis在本地，可使用如下方式
sudo -u git -H bundle exec rake gitlab:shell:install REDIS_URL=unix:/var/run/redis/redis.sock RAILS_ENV=production
 
#如果redis在其他服務器，可使用如下方式：
sudo -u git -H bundle exec rake gitlab:shell:install REDIS_URL=redis://172.16.5.101:6379 RAILS_ENV=production
 
# By default, the gitlab-shell config is generated from your main GitLab config.
# You can review (and modify) the gitlab-shell config as follows:
sudo -u git -H vim /home/git/gitlab-shell/config.yml
---
user: git
gitlab_url: http://127.0.0.1:8030/ ######注意修改端口，修改主機名，並在hosts中添加解析！！！！
http_settings:
self_signed_cert: false
repos_path: "/home/git/repositories/"
auth_file: "/home/git/.ssh/authorized_keys"
redis:
bin: "/bin/redis-cli"
namespace: resque:gitlab
socket: "/var/run/redis/redis.sock"
log_level: INFO
audit_usernames: false

Install gitlab-workhorse

cd /home/git
sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-workhorse.git
cd gitlab-workhorse
sudo -u git -H git checkout v0.7.5
sudo -u git -H make
 
 
配置repositories
因為修改了repositories路徑，因此使用下面的/data/repositories/
sudo chmod -R ug+rwX,o-rwx /home/git/repositories/
sudo chmod -R ug-s /home/git/repositories/
sudo find /home/git/repositories/ -type d -print0 | sudo xargs -0 chmod g+s
 
 
sudo chmod -R ug+rwX,o-rwx /data/git/repositories/
sudo chmod -R ug-s /data/git/repositories/
sudo find /data/git/repositories/ -type d -print0 | sudo xargs -0 chmod g+s
 
 
 
Initialize Database and Activate Advanced Features
# Go to GitLab installation folder
 
cd /home/git/gitlab
 
#sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production
sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD=yourpassword GITLAB_ROOT_EMAIL=youremail
 
# Type 'yes' to create the database tables.
 
# When done you see 'Administrator account created:'
 
 
 
 
#Secure secrets.yml
# The secrets.yml file stores encryption keys for sessions and secure variables. Backup secrets.yml someplace safe, but don't store it in the same place as your database backups. Otherwise your secrets are exposed if one of your backups is compromised.
 
ls /home/git/gitlab/config/secrets.yml
 
 
 
 
# Install Init Script
# Download the init script (will be /etc/init.d/gitlab):
 
sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab
 
# 修改workhorse訪問gitlab-shell端口
vim /etc/init.d/gitlab
gitlab_workhorse_options="-listenUmask 0 -listenNetwork unix -listenAddr $socket_path/gitlab-workhorse.socket -authBackend http://127.0.0.1:8030 -authSocket $rails_socket -documentRoot $app_root/public"
 
#And if you are installing with a non-default folder or user copy and edit the defaults file:
 
sudo cp lib/support/init.d/gitlab.default.example /etc/default/gitlab
 
# 修改workhorse訪問gitlab-shell端口
vim /etc/default/gitlab
gitlab_workhorse_options="-listenUmask 0 -listenNetwork unix -listenAddr $socket_path/gitlab-workhorse.socket -authBackend http://127.0.0.1:8030 -authSocket $rails_socket -documentRoot $app_root/public"

#If you installed GitLab in another directory or as a user other than the default you should change these settings in /etc/default/gitlab. Do not edit /etc/init.d/gitlab as it will be changed on upgrade.

#Make GitLab start on boot:

chkconfig gitlab on

#Setup Logrotate

sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab

#Check Application Status

#Check if GitLab and its environment are configured correctly:

sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production

Compile Assets 編譯靜態文件

sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production

# Start Your GitLab Instance

sudo service gitlab start

 

Nginx配置

yum -y install nginx
 
sudo cp lib/support/nginx/gitlab /etc/nginx/conf.d/gitlab.conf
 
vim /etc/nginx/conf.d/gitlab.conf
## GitLab
 
## See installation.md#using-https for additional HTTPS configuration details.
 
upstream gitlab-workhorse {
server unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket fail_timeout=0;
}
 
## Normal HTTP host
server {
## Either remove "default_server" from the listen line below,
## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
## to be served if you visit any address that your server responds to, eg.
## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
# listen 0.0.0.0:80 default_server;
# listen [::]:80 default_server;
listen 80;
server_name gitlabtest.ptmind.com; ## Replace this with something like gitlab.example.com
server_tokens off; ## Don't show the nginx version number, a security best practice
 
## See app/controllers/application_controller.rb for headers set
 
## Individual nginx logs for this GitLab vhost
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
 
location / {
client_max_body_size 0;
gzip off;
 
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
 
proxy_http_version 1.1;
 
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
 
proxy_pass http://gitlab-workhorse;
}
 
error_page 404 /404.html;
error_page 422 /422.html;
error_page 500 /500.html;
error_page 502 /502.html;
error_page 503 /503.html;
location ~ ^/(404|422|500|502|503)\.html$ {
root /home/git/gitlab/public;
internal;
}
 
}
 
################Nginx ssl 配置文件####################
upstream gitlab-workhorse {
server unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket fail_timeout=0;
}
server {
listen 0.0.0.0:80;
server_name gitlab.ptengine.jp; ## Replace this with something like gitlab.example.com
server_tokens off; ## Don't show the nginx version number, a security best practice
return 301 https://$http_host$request_uri;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
}
server {
listen 0.0.0.0:443 ssl;
server_name gitlab.ptengine.jp; ## Replace this with something like gitlab.example.com
server_tokens off; ## Don't show the nginx version number, a security best practice
ssl on;
ssl_certificate /usr/local/nginx/ssl/www.ptengine.jp.pem;
ssl_certificate_key /usr/local/nginx/ssl/www.ptengine.jp.key;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
client_max_body_size 0;
gzip off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitlab-workhorse;
}
error_page 404 /404.html;
error_page 422 /422.html;
error_page 500 /500.html;
error_page 502 /502.html;
error_page 503 /503.html;
location ~ ^/(404|422|500|502|503)\.html$ {
root /home/git/gitlab/public;
internal;
}
}
##############################################################

# 修改/home/git權限

chmod 755 /home/git

# 檢查安裝

cd /home/git/gitlab
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production

# 備份：

##修改默認的備份目錄
vim /home/git/gitlab/config/gitlab.yml
backup:
path: "/data/git/gitlab-backup/"
 
mkdir -p /data/git/gitlab-backup/
chown -R git.git /data/git/gitlab-backup/
 
#重啟 gitlab
service gitlab restart
 
#執行備份
sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production

 

# 遇到的問題，執行備份失敗，原因是讀取config/database.yml文件中的password有問題,需要修改/home/git/gitlab/lib/backup/database.rb

[root@nexus-5-101 gitlab]# sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
Dumping database ...
Dumping MySQL database gitlabhq_production ... mysqldump: Got error: 1045: "Access denied for user 'git'@'172.16.3.65' (using password: YES)" when trying to connect
[FAILED]
Backup failed
 
vim /home/git/gitlab/lib/backup/database.rb
#第23行，將關於mysql的ENV['MYSQL_PWD']注銷
#第75行，mysql_args下面添加'password' => '--password',
#########################################################################
vim /home/git/gitlab/lib/backup/database.rb
 
require 'yaml'
 
module Backup
class Database
attr_reader :config, :db_file_name
 
def initialize
@config = YAML.load_file(File.join(Rails.root,'config','database.yml'))[Rails.env]
@db_file_name = File.join(Gitlab.config.backup.path, 'db', 'database.sql.gz')
end
 
def dump
FileUtils.mkdir_p(File.dirname(db_file_name))
FileUtils.rm_f(db_file_name)
compress_rd, compress_wr = IO.pipe
compress_pid = spawn(*%W(gzip -1 -c), in: compress_rd, out: [db_file_name, 'w', 0600])
compress_rd.close
 
dump_pid = case config["adapter"]
when /^mysql/ then
$progress.print "Dumping MySQL database #{config['database']} ... "
# Workaround warnings from MySQL 5.6 about passwords on cmd line
# ENV['MYSQL_PWD'] = config["password"].to_s if config["password"]
spawn('mysqldump', *mysql_args, config['database'], out: compress_wr)
when "postgresql" then
$progress.print "Dumping PostgreSQL database #{config['database']} ... "
pg_env
pgsql_args = ["--clean"] # Pass '--clean' to include 'DROP TABLE' statements in the DB dump.
if Gitlab.config.backup.pg_schema
pgsql_args << "-n"
pgsql_args << Gitlab.config.backup.pg_schema
end
spawn('pg_dump', *pgsql_args, config['database'], out: compress_wr)
end
compress_wr.close
 
success = [compress_pid, dump_pid].all? { |pid| Process.waitpid(pid); $?.success? }
 
report_success(success)
abort 'Backup failed' unless success
end
 
def restore
decompress_rd, decompress_wr = IO.pipe
decompress_pid = spawn(*%W(gzip -cd), out: decompress_wr, in: db_file_name)
decompress_wr.close
 
restore_pid = case config["adapter"]
when /^mysql/ then
$progress.print "Restoring MySQL database #{config['database']} ... "
# Workaround warnings from MySQL 5.6 about passwords on cmd line
ENV['MYSQL_PWD'] = config["password"].to_s if config["password"]
spawn('mysql', *mysql_args, config['database'], in: decompress_rd)
when "postgresql" then
$progress.print "Restoring PostgreSQL database #{config['database']} ... "
pg_env
spawn('psql', config['database'], in: decompress_rd)
end
decompress_rd.close
 
success = [decompress_pid, restore_pid].all? { |pid| Process.waitpid(pid); $?.success? }
 
report_success(success)
abort 'Restore failed' unless success
end
 
protected
 
def mysql_args
args = {
'host' => '--host',
'port' => '--port',
'socket' => '--socket',
'username' => '--user',
'password' => '--password',
'encoding' => '--default-character-set'
}
args.map { |opt, arg| "#{arg}=#{config[opt]}" if config[opt] }.compact
end
 
def pg_env
ENV['PGUSER'] = config["username"] if config["username"]
ENV['PGHOST'] = config["host"] if config["host"]
ENV['PGPORT'] = config["port"].to_s if config["port"]
ENV['PGPASSWORD'] = config["password"].to_s if config["password"]
end
 
def report_success(success)
if success
$progress.puts '[DONE]'.color(:green)
else
$progress.puts '[FAILED]'.color(:red)
end
end
end
end
#########################################################################

#再次執行備份：

sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production

#恢復

恢復時要確保兩邊的gitlab版本是一樣的

# Stop processes that are connected to the database
sudo service gitlab stop
 
sudo -u git -H bundle exec rake gitlab:backup:restore RAILS_ENV=production BACKUP=1474170453
 
# Options:
BACKUP=timestamp_of_backup (required if more than one backup exists)
force=yes (do not ask if the authorized_keys file should get regenerated)