今天给Gitlab做了一个备份,并且设置了每天自动备份,记录一下。

一、导出全部项目

由于Gitlab Web页面并没有自动备份的相关设置,只有各个项目有一个“导出项目”功能。为了保证安全,先把所有项目全部使用“导出项目”功能导出一遍,并复制出来。通过笔者之前的博文《 gitlab迁移记》,可以知道Gitlab导出的项目是存储在/var/opt/gitlab/gitlab-rails/uploads/-/system/import_export_upload/export_file的。

二、设置备份配置

如果是在容器中运行的Gitlab,使用podman exec -it gitlab /bin/bash命令进入容器,修改/etc/gitlab/gitlab.rb,如果是在宿主机直接安装的Gitlab,则直接修改/etc/gitlab/gitlab.rb,打开如下配置:

 1### Backup Settings
 2###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html
 3
 4gitlab_rails['manage_backup_path'] = true 
 5gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
 6# gitlab_rails['backup_gitaly_backup_path'] = "/opt/gitlab/embedded/bin/gitaly-backup"
 7
 8###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#backup-archive-permissions
 9gitlab_rails['backup_archive_permissions'] = 0644 
10
11# gitlab_rails['backup_pg_schema'] = 'public'
12
13###! The duration in seconds to keep backups before they are allowed to be deleted
14gitlab_rails['backup_keep_time'] = 604800

其中gitlab_rails['backup_keep_time']是设置备份保存时间,以秒为单位,6048007天。

修改好配置后,使用gitlab-ctl reconfigure重新生成配置,再使用gitlab-ctl restart重启gitlab。

三、手动备份

官方的说法,GitLab 12.2 及之后版本执行 gitlab-rake gitlab:backup:create;GitLab 12.1及之前版本执行gitlab-backup create。不过笔者14.5.0的Gitlab执行的gitlab-rake gitlab:backup:create,也是可以的。

通过帮助可以看出gitlab-backup create就是gitlab-rake gitlab:backup:create的包装命令。

 1# gitlab-backup create --help
 2Usage: gitlab-backup create [OPTIONS]
 3
 4  Create a new backup. Wrapper for `gitlab-rake gitlab:backup:create`.
 5
 6OPTIONS:
 7
 8  -h, --help    Display this help message and exits,
 9
10  Additional OPTIONS are passed to the underlying command.

也可以直接在宿主机中使用命令podman exec -it gitlab gitlab-backup create或者podman exec -it gitlab gitlab-rake gitlab:backup:create直接备份,不用进入容器中执行。

备份时大概输出情况:

 1root@10:/# gitlab-rake gitlab:backup:create
 2
 32023-06-13 03:34:02 +0000 -- Dumping database ... 
 4Dumping PostgreSQL database gitlabhq_production ... [DONE]
 52023-06-13 03:34:06 +0000 -- done
 62023-06-13 03:34:06 +0000 -- Dumping repositories ...
 7
 82023-06-13 03:37:04 +0000 -- done
 92023-06-13 03:37:04 +0000 -- Dumping uploads ... 
102023-06-13 03:51:10 +0000 -- done
112023-06-13 03:51:10 +0000 -- Dumping builds ... 
122023-06-13 03:51:10 +0000 -- done
132023-06-13 03:51:10 +0000 -- Dumping artifacts ... 
142023-06-13 03:51:10 +0000 -- done
152023-06-13 03:51:10 +0000 -- Dumping pages ... 
162023-06-13 03:51:10 +0000 -- done
172023-06-13 03:51:10 +0000 -- Dumping lfs objects ... 
182023-06-13 03:51:11 +0000 -- done
192023-06-13 03:51:11 +0000 -- Dumping container registry images ... 
202023-06-13 03:51:11 +0000 -- done
21Creating backup archive: 1686628281_2023_06_13_14.5.0-ee_gitlab_backup.tar ... done
22Uploading backup archive to remote storage  ... skipped
23Deleting tmp directories ... done
24done
25done
26done
27done
28done
29done
30done
31done
32Deleting old backups ... done. (0 removed)
33Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data 
34and are not included in this backup. You will need these files to restore a backup.
35Please back them up manually.
36Backup task is done.

注意后面的警告,需要手动备份gitlab.rbgitlab-secrets.json

备份路径即为前面配置中设定的路径,默认为/var/opt/gitlab/backups

从备份输出日志可以看到有Dumping uploads,即会备份uploads中的内容,而前面导出项目时,导出的文件就在uploads中,为避免把导出的文件也备份,可以先把导出目录/var/opt/gitlab/gitlab-rails/uploads/-/system/import_export_upload/export_file中的文件删除掉,再进行备份。

四、设置自动备份

手动备份还是比较麻烦,可以借助Linux的crontab设置为自动备份,比如可以设置每小时、每天、每月、每年、每周备份。 crontab配置可以分为系统级的配置和用户级的配置,任选一种即可。

1.系统级配置

crontab系统级配置,可以查看/etc/crontab

 1# /etc/crontab: system-wide crontab
 2# Unlike any other crontab you don't have to run the `crontab'
 3# command to install the new version when you edit this file
 4# and files in /etc/cron.d. These files also have username fields,
 5# that none of the other crontabs do.
 6
 7SHELL=/bin/sh
 8# You can also override PATH, but by default, newer versions inherit it from the environment
 9#PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
10
11# Example of job definition:
12# .---------------- minute (0 - 59)
13# |  .------------- hour (0 - 23)
14# |  |  .---------- day of month (1 - 31)
15# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
16# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
17# |  |  |  |  |
18# *  *  *  *  * user-name command to be executed
1917 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
2025 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
2147 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
2252 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )

这个文件分别设置了每小时、每天、每周和每月要执行的任务:

  • /etc/cron.hourly:每小时的17分执行
  • /etc/cron.daily:每天的6点25分执行
  • /etc/cron.weekly:每周周日的6点47分执行
  • /etc/cron.monthly:每月1号的6点52分执行

可以设置Gitlab每天备份,那可以在/etc/cron.daily中添加一个文件gitlab-backup,内容如下:

1#!/bin/sh
2podman exec -it gitlab gitlab-backup create

如果是宿主机则为:

1#!/bin/sh
2gitlab-backup create

然后使用chmod +x gitlab-backup命令为其添加上可执行权限。

还有一个目录/etc/cron.d,是自定义计划任务的,格式同/etc/crontab配置。

2.用户级配置

使用crontab -e设置当前用户的计划任务,默认会在/tmp下创建一个文件,笔者的为/tmp/crontab.0kND4I/crontab

 1# Edit this file to introduce tasks to be run by cron.
 2# 
 3# Each task to run has to be defined through a single line
 4# indicating with different fields when the task will be run
 5# and what command to run for the task
 6# 
 7# To define the time you can provide concrete values for
 8# minute (m), hour (h), day of month (dom), month (mon),
 9# and day of week (dow) or use '*' in these fields (for 'any').
10# 
11# Notice that tasks will be started based on the cron's system
12# daemon's notion of time and timezones.
13# 
14# Output of the crontab jobs (including errors) is sent through
15# email to the user the crontab file belongs to (unless redirected).
16# 
17# For example, you can run a backup of all your user accounts
18# at 5 a.m every week with:
19# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
20# 
21# For more information see the manual pages of crontab(5) and cron(8)
22# 
23# m h  dom mon dow   command

添加如下一行进行测试:

140-50 * * * * echo "测试" >> ~/a.txt

即在每个小时的40~50分钟时,添加“测试”到~/a.txt文件。

查看计划任务crontab -l

如果是要添加root用户的计划任务,使用sudo crontab -e -u root,查看使用sudo crontab -l -u root

回到Gitlab备份,非root用户,有sudo权限,则可以使用:

10 2 * * * sudo podman exec -it gitlab gitlab-backup create

每天凌晨2点备份。

欢迎点赞收藏,转载请注明出处!