1 - GitLab配置文件

GitLab默认的配置文件路径：/etc/gitlab/

/etc/gitlab/gitlab.rb：主配置文件，包含外部URL、仓库目录、备份目录等/etc/gitlab/gitlab-secrets.json：（执行gitlab-ctl reconfigure命令行后生成），包含各类密钥的加密信息

手工备份/etc/gitlab/的所有文件：cp -R /etc/gitlab/ <backup-path>

回到顶部

2 - 备份指令

备份指令不会备份配置文件，需要手动备份配置目录和相关文件。

默认的备份目录为/var/opt/gitlab/backups/

以下是/etc/gitlab/gitlab.rb文件中Backup Settings部分的内容

379 ### Backup Settings380 ###! Docs: /omnibus/settings/backups.html381 382 # gitlab_rails['manage_backup_path'] = true383 # gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"384 385 ###! Docs: /ee/raketasks/backup_restore.html#backup-archive-permissions386 # gitlab_rails['backup_archive_permissions'] = 0644387 388 # gitlab_rails['backup_pg_schema'] = 'public'389 390 ###! The duration in seconds to keep backups before they are allowed to be deleted391 # gitlab_rails['backup_keep_time'] = 604800392 393 # gitlab_rails['backup_upload_connection'] = {394 # 'provider' => 'AWS',395 # 'region' => 'eu-west-1',396 # 'aws_access_key_id' => 'AKIAKIAKI',397 # 'aws_secret_access_key' => 'secret123'398 # }399 # gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'400 # gitlab_rails['backup_multipart_chunk_size'] = 104857600401 402 ###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for403 ###! backups**404 # gitlab_rails['backup_encryption'] = 'AES256'405 ###! The encryption key to use with AWS Server-Side Encryption.406 ###! Setting this value will enable Server-Side Encryption with customer provided keys;407 ###! otherwise S3-managed keys are used.408 # gitlab_rails['backup_encryption_key'] = '<base64-encoded encryption key>'409 410 ###! **Specifies Amazon S3 storage class to use for backups. Valid values411 ###! include 'STANDARD', 'STANDARD_IA', and 'REDUCED_REDUNDANCY'**412 # gitlab_rails['backup_storage_class'] = 'STANDARD'413 414 ###! Skip parts of the backup. Comma separated.415 ###! Docs: /ee/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup416 #gitlab_rails['env'] = {417 # "SKIP" => "db,uploads,repositories,builds,artifacts,lfs,registry,pages"418 #}

2.1 设置备份参数

[root@test102 ~]# vim /etc/gitlab/gitlab.rb[root@test102 ~]# cat /etc/gitlab/gitlab.rb |grep -v "#" |grep -Ev '^$'external_url 'http://192.168.16.102'gitlab_rails['backup_path'] = "/var/opt/gitlab/backups" # 备份的目录gitlab_rails['backup_archive_permissions'] = 0644 # 备份包（tar格式压缩包）的权限gitlab_rails['backup_keep_time'] = 604800 # 备份的保留时间，单位是秒unicorn['listen'] = '192.168.16.102'unicorn['port'] = 8081[root@test102 ~]# gitlab-ctl reconfigure # 重载配置，使之生效..................Running handlers:Running handlers completeChef Client finished, 9/730 resources updated in 46 secondsgitlab Reconfigured![root@test102 ~]#

2.2 执行备份指令

[root@test102 ~]# ll /var/opt/gitlab/backups/total 0[root@test102 ~]# gitlab-rake gitlab:backup:create # 备份数据-11-27 16:12:08 +0800 -- Dumping database ... Dumping PostgreSQL database gitlabhq_production ... [DONE]-11-27 16:12:10 +0800 -- done-11-27 16:12:10 +0800 -- Dumping repositories ...-11-27 16:12:10 +0800 -- done-11-27 16:12:10 +0800 -- Dumping uploads ... -11-27 16:12:10 +0800 -- done-11-27 16:12:10 +0800 -- Dumping builds ... -11-27 16:12:10 +0800 -- done-11-27 16:12:10 +0800 -- Dumping artifacts ... -11-27 16:12:10 +0800 -- done-11-27 16:12:10 +0800 -- Dumping pages ... -11-27 16:12:10 +0800 -- done-11-27 16:12:10 +0800 -- Dumping lfs objects ... -11-27 16:12:10 +0800 -- done-11-27 16:12:10 +0800 -- Dumping container registry images ... -11-27 16:12:10 +0800 -- [DISABLED]Creating backup archive: 1574842330__11_27_12.5.0_gitlab_backup.tar ... doneUploading backup archive to remote storage ... skippedDeleting tmp directories ... donedonedonedonedonedonedonedoneDeleting old backups ... done. (0 removed)Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data and are not included in this backup. You will need these files to restore a backup.Please back them up manually.Backup task is done.[root@test102 ~]# [root@test102 ~]# ll /var/opt/gitlab/backups/total 172-rw-r--r-- 1 git git 174080 Nov 27 16:12 1574842330__11_27_12.5.0_gitlab_backup.tar[root@test102 ~]#

回到顶部

3 - 定时备份

使用Crontab任务进行定时备份。

[root@test102 ~]# crontab -lno crontab for root[root@test102 ~]# [root@test102 ~]# crontab -eno crontab for root - using an empty onecrontab: installing new crontab[root@test102 ~]# [root@test102 ~]# crontab -l0 2 * * * /opt/gitlab/bin/gitlab-rake gitlab:backup:create CRON=10 2 * * * /opt/gitlab/bin/gitlab-rake gitlab:backup:create CRON=1[root@test102 ~]#

回到顶部

4 - 备份到云存储

从GitLab7.4开始，可以将备份文件上传到远端云存储上。

具体配置和操作，可查看官方文档：

涉及的配置项如下：393 # gitlab_rails['backup_upload_connection'] = {394 # 'provider' => 'AWS',395 # 'region' => 'eu-west-1',396 # 'aws_access_key_id' => 'AKIAKIAKI',397 # 'aws_secret_access_key' => 'secret123'398 # }399 # gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'400 # gitlab_rails['backup_multipart_chunk_size'] = 104857600

回到顶部

5 - 还原数据

特别注意：

备份目录和gitlab.rb中定义的备份目录必须一致GitLab的版本和备份文件中的版本必须一致，否则还原时会报错。

[root@test102 ~]# cat /etc/gitlab/gitlab.rb |grep "backup_path" |grep -Ev "^$" # 确认备份目录gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"[root@test102 ~]# [root@test102 ~]# ll /var/opt/gitlab/backups/ # 确认备份文件total 172-rw-r--r-- 1 git git 174080 Nov 27 16:12 1574842330__11_27_12.5.0_gitlab_backup.tar[root@test102 ~]# [root@test102 ~]# gitlab-rake gitlab:backup:restore BACKUP=1574842330__11_27_12.5.0 # 还原Unpacking backup ... doneBefore restoring the database, we will remove all existingtables to avoid future upgrade problems. Be aware that if you havecustom tables in the GitLab database these tables and all data will beremoved.Do you want to continue (yes/no)? yesRemoving all tables. Press `Ctrl-C` within 5 seconds to abort-11-27 16:40:03 +0800 -- Cleaning the database ... -11-27 16:40:05 +0800 -- done-11-27 16:40:05 +0800 -- Restoring database ... ..................[DONE]-11-27 16:40:19 +0800 -- done-11-27 16:40:19 +0800 -- Restoring repositories ...-11-27 16:40:19 +0800 -- done-11-27 16:40:19 +0800 -- Restoring uploads ... -11-27 16:40:19 +0800 -- done-11-27 16:40:19 +0800 -- Restoring builds ... -11-27 16:40:19 +0800 -- done-11-27 16:40:19 +0800 -- Restoring artifacts ... -11-27 16:40:19 +0800 -- done-11-27 16:40:19 +0800 -- Restoring pages ... -11-27 16:40:19 +0800 -- done-11-27 16:40:19 +0800 -- Restoring lfs objects ... -11-27 16:40:19 +0800 -- doneThis task will now rebuild the authorized_keys file.You will lose any data stored in the authorized_keys file.Do you want to continue (yes/no)? yesDeleting tmp directories ... donedonedonedonedonedonedonedoneWarning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data and are not included in this backup. You will need to restore these files manually.Restore task is done.[root@test102 ~]# [root@test102 ~]# gitlab-ctl restart # 重启服务ok: run: alertmanager: (pid 26150) 1sok: run: gitaly: (pid 26163) 0sok: run: gitlab-exporter: (pid 26182) 1sok: run: gitlab-workhorse: (pid 26184) 0sok: run: grafana: (pid 26204) 1sok: run: logrotate: (pid 26216) 0sok: run: nginx: (pid 26223) 1sok: run: node-exporter: (pid 26229) 0sok: run: postgres-exporter: (pid 26235) 0sok: run: postgresql: (pid 26321) 1sok: run: prometheus: (pid 26330) 0sok: run: redis: (pid 26341) 1sok: run: redis-exporter: (pid 26345) 0sok: run: sidekiq: (pid 26353) 0sok: run: unicorn: (pid 26364) 0s[root@test102 ~]# [root@test102 ~]# gitlab-rake gitlab:check SANITZE=true # 检查GitLab所有组件是否运行正常Checking GitLab subtasks ...Checking GitLab Shell ...GitLab Shell: ... GitLab Shell version >= 10.2.0 ? ... OK (10.2.0)Running /opt/gitlab/embedded/service/gitlab-shell/bin/checkInternal API available: OKRedis available via internal API: OKgitlab-shell self-check successfulChecking GitLab Shell ... FinishedChecking Gitaly ...Gitaly: ... default ... OKChecking Gitaly ... FinishedChecking Sidekiq ...Sidekiq: ... Running? ... yesNumber of Sidekiq processes ... 1Checking Sidekiq ... FinishedChecking Incoming Email ...Incoming Email: ... Reply by email is disabled in config/gitlab.ymlChecking Incoming Email ... FinishedChecking LDAP ...LDAP: ... LDAP is disabled in config/gitlab.ymlChecking LDAP ... FinishedChecking GitLab App ...Git configured correctly? ... yesDatabase config exists? ... yesAll migrations up? ... yesDatabase contains orphaned GroupMembers? ... noGitLab config exists? ... yesGitLab config up to date? ... yesLog directory writable? ... yesTmp directory writable? ... yesUploads directory exists? ... yesUploads directory has correct permissions? ... yesUploads directory tmp has correct permissions? ... yesInit script exists? ... skipped (omnibus-gitlab has no init script)Init script up-to-date? ... skipped (omnibus-gitlab has no init script)Projects have namespace: ... can't check, you have no projectsRedis version >= 2.8.0? ... yesRuby version >= 2.5.3 ? ... yes (2.6.3)Git version >= 2.22.0 ? ... yes (2.22.0)Git user has default SSH configuration? ... yesActive users: ... 3Is authorized keys file accessible? ... yesChecking GitLab App ... FinishedChecking GitLab subtasks ... Finished[root@test102 ~]#

​

参考链接：/anliven/p/11954964.html