关于IT运维技术的
最佳实践博客网站

使用 docker-compose 编排 gitlab 服务同时进行备份与恢复

持续集成、部署、交付似乎是让开发团队走上标准化开发路线的不错选择,docker、gitlab、jenkins又是这线路中的普遍采用的工具链。笔者把过往内部部署 gitlab 的过程整理成笔记发出来。

docker-compose.yml

web:
  image: 'gitlab/gitlab-ce:latest'
  restart: always
  hostname: 'gitlab.cnhzz.com'
  environment:
    GITLAB_OMNIBUS_CONFIG: |
      external_url 'https://gitlab.cnhzz.com'
      gitlab_rails['gitlab_shell_ssh_port'] = 2224
      gitlab_rails['backup_upload_connection'] = {
        'provider' => 'AWS',
        'region' => 'us-east-1',
        'aws_access_key_id' => 'AKIXXXXXXIHVANZA',
        'aws_secret_access_key' => 'PW3AqTXXXXXXXXX5/o8XbfGMq02GO'
      }
      gitlab_rails['backup_upload_remote_directory'] = 'cnhzz-gitlab-backup'
  ports:
    - '9443:443'
    - '9980:80'
    - '2224:22'
  volumes:
    - '/data/gitlab-data/config:/etc/gitlab'
    - '/data/gitlab-data/logs:/var/log/gitlab'
    - '/data/gitlab-data/data:/var/opt/gitlab'

使用 acme.sh 来颁发 gitlab 证书

参考:https://www.cnhzz.com/shi-yong-acmesh-jiao-ben-zi-dong-sheng-cheng-letse/

acme.sh  --installcert  -d  gitlab.cnhzz.com  --key-file  /home/apps/nginx/conf/cert/gitlab.cnhzz.com.key  --fullchain-file /home/apps/nginx/conf/cert/gitlab.cnhzz.com.cer --reloadcmd  "cd /home/apps/nginx/ && docker-compose restart"

nginx 代理 docker 中的 gitlab 服务

server {
    listen 80;
    listen 443 ssl http2;
    ssl_certificate cert/gitlab.cnhzz.com.cer;
    ssl_certificate_key cert/gitlab.cnhzz.com.key;
    ssl_session_timeout 30m;
    ssl_session_cache shared:SSL:10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    ssl_prefer_server_ciphers on;
    ssl_stapling on;
    ssl_stapling_verify on;
    server_name gitlab.cnhzz.com;
    access_log off;
    error_log /var/log/nginx/error.log;
    index index.html;
    if ($ssl_protocol = "") { return 301 https://$host$request_uri; }

    location / {
        proxy_pass      https://10.0.0.114:9443;
        proxy_redirect  https://10.0.0.114:9443 https://gitlab.cnhzz.com;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_max_temp_file_size 0;
        client_max_body_size       10m;
        client_body_buffer_size    128k;
        proxy_connect_timeout      90;
        proxy_send_timeout         90;
        proxy_read_timeout         90;
        proxy_buffer_size          4k;
        proxy_buffers              4 32k;
        proxy_busy_buffers_size    64k;
        proxy_temp_file_write_size 64k;
    }
}

在 gitlab 在 docker 中进行备份

# 手工备份
docker exec -it gitlab_web_1 gitlab-rake gitlab:backup:create
# 宿主机定时任务备份 crontab -l
0 2 * * *  docker exec -it gitlab_web_1 gitlab-rake gitlab:backup:create CRON=1

环境变量CRON=1的作用是如果没有任何错误发生时, 抑制备份脚本的所有进度输出。

gitlab 故障恢复

# 停止数据连接
gitlab-ctl stop unicorn
gitlab-ctl stop sidekiq
# 验证是全部停止
gitlab-ctl status
# 按照备份路径下的文件名前缀进行恢复
gitlab-rake gitlab:backup:restore BACKUP=1539335873_2018_10_12_11.3.4 
gitlab-ctl start 
gitlab-rake gitlab:check SANITIZE=true
赞(0)
未经允许不得转载:菜鸟HOW站长 » 使用 docker-compose 编排 gitlab 服务同时进行备份与恢复
分享到: 更多 (0)

留下你的脚印

  订阅  
关注动态